A1:
| Answer: The Cisco PIX Firewall acts as the AAA client to the Cisco Secure ACS (AAA Server). Although the PIX Firewall acts as the AAA client, it is referred to as the network access server (NAS) when configuring the Cisco Secure ACS. |
A2:
| Answer: HTTP, Telnet, and FTP are the three methods used to authenticate to the Cisco PIX Firewall. |
A3:
| Answer: The user connects to the PIX Firewall using HTTP, FTP, or Telnet, and the PIX Firewall either authenticates to a local database or forwards the authentication request to the AAA server. After the authentication is completed, the PIX Firewall allows whatever connection is authorized by the rulebase for that user. |
A4:
| Answer: RADIUS is connectionless and combines the authentication components. TACACS+ is connection-oriented and sends the authentication and authorization separately. |
A5:
| Answer: Trick question . . . Cisco Secure ACS must be installed on Windows 2000 Server. |
A6:
| Answer: Permissions can be assigned only after the user account has been authenticated. |
A7:
| Answer: The three layers of authentication are something you know (password), something you have (token), and something you are (biometrics). |
A8:
| Answer: Clicking the Explain button opens a window that explains the possible configuration options for the window in which the button appears. |
A9:
| Answer: You need to verify that the systems are up to date, meet the minimum hardware/ browser requirements, and have connectivity with the PIX Firewall (NAS). |
A10:
| Answer: Cisco Secure ACS is managed via a browser-based web interface and has specific minimum browser requirements. |
A11:
| Answer: False. Cut-through proxy allows users to access only resources to which they have been authorized access. |
A12:
| Answer: True. The Cisco Secure ACS installation uses an installation wizard. |