SEC453 Study Guide
Chapter 3 – Authentication, Authorization, and Accounting
1. Define and compare each of the three concepts of Authentication, Authorization, and
Accounting.
2. Describe the basic vulnerability
...
SEC453 Study Guide
Chapter 3 – Authentication, Authorization, and Accounting
1. Define and compare each of the three concepts of Authentication, Authorization, and
Accounting.
2. Describe the basic vulnerability of using router-based authentication.
3. Within a network, describe a basic difference between router-based authentication and
network server-based authentication.
4. Describe both character and packet modes of user access. Identify at least one router or
switch access method that uses each access method.
5. Of the three “A”s, which one requires a server for its support?
6. Describe the operations involved when creating a router or switch-based local AAA service.
7. Given a typical router or switch, identify the access methods to that device. Should all access
methods require some form of authentication?
8. Describe two ways to “fine-tune” authentication.
9. Describe and be able to draw a network showing the use of centralized server-based AAA.
10. Name and describe the differentiating characteristics of the two predominant protocols
used between network components and an AAA server.
11. List two authentication protocols.
12. Given the CONSole, AUXiliary, and regular Ethernet interfaces of a router, which ones use
character-based and which use packet-based access methods?
13. What is the name of the new password encryption standard available with the Cisco IOS 15
operating system?
14. What are adaptive security appliances? How do they differ from routers?
15. When a user accesses a network router, what happens first, authentication or
authorization?
16. In local mode, can a router provide all authentication, authorization and accounting
operations?
17. Which AAA server type, TACACS+ or RADIUS, has the most extensive accounting resources?
18. Can a router, using local authentication methods, provide for more than a single
administrative user name?
19. If multiple user names are allowed on a router using local authentication methods, can the
different users be delegated different levels of administrative access?
20. Can different authentication methods be applied to specific interfaces or lines?
21. What is the purpose of the “login delay” command?
22. Name two access protocols that can be configured on the serial interface of a router.
23. What information is displayed when the “show aaa sessions” command is executed?
24. What is the GUI-based application that can be used to enable or disable AAA on a router?
25. Name two database types that can work with Cisco’s AAA.
26. Is “RADIUS” the name of a server, or is it the protocol used for communication between
routers and a central AAA server?
27. Which centralized AAA protocol is an open IETF standard AAA protocol?
28. Can a Cisco Secure ACS work with both IPv4 and IPv6 networks?
29. What is “TrustSec”?
30. What are the three advantages of the Cisco Secure ACS?
[Show More]
