Foundation Summary

The "Foundation Summary" section of each chapter lists the most important facts from the chapter. Although this section does not list every fact from the chapter that will be on your SNRS exam, a well-prepared candidate should at a minimum know all the details in each "Foundation Summary" before going to take the exam.

• Authentication methods vary from strong to weak:

- One-time passwords using token cards

- The session key OTP systems

- Expiring or aging username and passwords

- Static username and password

- No username and password

• TACACS+ separates AAA services. RADIUS combines authentication and authorization but separates accounting services.

• CHAP periodically verifies the identity of the peer using a three-way handshake.

• PAP involves a two-way handshake with the username and password sent across the link in clear text. PAP provides no protection from playback and password attacks.

• MS-CHAP is primarily used in Microsoft client remote PPP access authentication.

• EAP is a data link layer authentication protocol used in wireless and Layer 2 environments.




As mentioned in the section "How to Use This Book" in the Introduction, you have two choices for review questions: the Q&A questions here or the exam simulation questions on the CD-ROM. The questions that follow present a bigger challenge than the exam itself because they use an open-ended question format. By using this more difficult format, you can exercise your memory better and prove your conceptual and factual knowledge of this chapter. You can find the answers to these questions in the appendix.

1. Which port is reserved for TACACS+ use?

2. Which versions of the TACACS protocol in Cisco IOS Software have officially reached end-of-maintenance?

3. In the RADIUS security architecture, what is the network access server?

4. Which method of strong authentication for client/server applications utilizes secret-key cryptography.

5. Who developed and designed the Kerberos authentication protocol?

6. Which two popular authentication methods does PPP support?

7. Why is PAP considered insecure compared to other authentication protocols, such CHAP and MS-CHAP?

8. Which type of encryption algorithm does CHAP uses during the three-way handshake?

9. Give one difference between CHAP and MS-CHAP?

10. Where is EAP used in Cisco devices?


0 0

Post a comment