Implement basic AAA using Cisco routers

Posted on
Like what you see? Share it.Share on Google+Share on LinkedInShare on FacebookShare on RedditTweet about this on TwitterEmail this to someone

Questions derived from the 642-552 – Securing Cisco Network Devices Exam Cisco Self-Test Software Practice Test.

 

Objective: Implement basic AAA using Cisco routers
SubObjective: Describe the features of TACACS+ and RADIUS AAA protocols

 

Item Number: 642-552.3.2.2
Single Answer, Multiple Choice

 

Which statement is true regarding Remote Authentication Dial-In User Service (RADIUS)?

 

 

  1. RADIUS uses TCP packet delivery.
  2. RADIUS encrypts only the password in the access-request.
  3. RADIUS separates authentication, authorization and accounting.
  4. RADIUS allows control over individual commands that can be executed on a router.

 

Answer:
B. RADIUS encrypts only the password in the access-request.

 

Tutorial:
The option stating that RADIUS encrypts only the password in the access-request is correct. The access request packet is initiated from the authentication, authorization, and accounting (AAA) client to the server.

 

On the contrary, Terminal Access Controller Access Control System Plus (TACACS+) encrypts the entire body of the packet, except the standard TACACS+ header.

 

A RADIUS server is a device that has the RADIUS daemon or application installed. It is used with AAA to enable the authentication, authorization, and accounting of remote users when using Cisco devices.

 

The option stating that RADIUS uses TCP packet delivery is incorrect because RADIUS uses User Datagram Protocol (UDP) packet delivery mechanism. It is connection less and provides best effort delivery.

 

The option stating that RADIUS separates authentication, authorization, and accounting is incorrect. This is because RADIUS combines authentication and authorization services into one. It provides strong accounting capabilities.

 

The option stating that RADIUS allows control over individual commands that can be executed on a router is incorrect. This is because RADIUS does not allow network administrators to control individual commands that can be executed on a router.

 

Reference:
http://www.cisco.com/univercd/cc/td/doc/cisintwk/intsolns/secsols/aaasols/c262c1.htm#xtocid5

Like what you see? Share it.Share on Google+Share on LinkedInShare on FacebookShare on RedditTweet about this on TwitterEmail this to someone
cmadmin

ABOUT THE AUTHOR

Posted in Archive|

Comment: