The goal of self-assessment is to gauge your mastery of the topics in this chapter. If you do not know the answer to a question or are only partially sure of the answer, you should mark this question wrong for purposes of the self-assessment. Giving yourself credit for an answer you correctly guess skews your self-assessment results and might provide you with a false sense of security.

1. Which of the following points do you have to consider before deploying Cisco Secure ACS?

a. Dialup topology b. Number of users c. Remote access policy d. Number of Linux servers

2. Which of the following is the minimum CPU requirement for a Cisco Secure ACS?

a. At least a Pentium II 330 MHz b. At least a Pentium III 550 MHz c. Will work on any Pentium platform d. Both items, including at least a Pentium II 330 MHz and at least a Pentium III 550 MHz

3. Which of the following are task buttons that are present on the web administrative interface of Cisco Secure ACS?

a. User Setup b. Group Setup c. Network Configuration d. System Configuration

4. Which of the following are checklist items that come up during the installation of Cisco Secure ACS? (Select two.)

a. Microsoft Windows server can successfully ping AAA clients.

b. End users can successfully connect to AAA clients.

c. Users have at least Netscape version 6.02.

d. Users have a T1 connection.

5. What is the minimum browser version that is supported by Cisco ACS version 3.3?

a. Netscape 6.02 and Microsoft Internet Explorer 6.0

b. Mosaic 3.0 and Microsoft Internet Explorer 5.5

c. Netscape 7.1 and Microsoft Internet Explorer 6.0 with SP1

d. Mosaic 3.0 and Netscape 7.02

6. What are the default ports RADIUS uses for authentication?

b. UDP 1646, 1813

c. UDP 1645, 1812

d. TCP 1645, 1812

7. What is the maximum number of AAA devices Cisco Secure ACS can support?

a. 1500 network devices running AAA client b. 2000 network devices running AAA client c. 10,000 network devices running AAA client d. 80,000 network devices running AAA client

8. How would network latency affect the deployment of Cisco Secure ACS?

a. It would not affect anything.

b. It would cause the ACS installation to abort.

c. It would cause authentication problems if the tacacs-server timeout is set too low for the environment.

d. It would cause RADIUS authentication failure.

9. Which of the following is not a troubleshooting step for ACS authentication failure?

a. Verify whether Cisco Secure ACS is configured to authenticate to the Windows 2000 user database.

b. Verify whether the correct username and password is being used.

c. Confirm the existence of the username.

d. Verify the proper network services checked in the group settings.

10. Which of the following debug command is best suited to troubleshooting unsuccessful TACACS login commands to the router?

a. debug ip access b. debug tacacs c. debug ip tacacs d. debug aaa authentication

The answers to the "Do I Know This Already?" quiz are found in the appendix. The suggested choices for your next step are as follows:

• 8 or less overall score Read the entire chapter. This includes the "Foundation Topics" and "Foundation Summary" sections and the "Q&A" section.

• 9 or 10 overall score If you want more review on these topics, skip to the "Foundation Summary" section and then go to the "Q&A" section. Otherwise, move on to Chapter 11, "Securing Networks with Cisco Routers."


0 0

Post a comment