AAA Questions 3
Question 1
Question 2
Question 3
Question 4
Question 5
Question 6
Question 7
Explanation
The LDAP is an open, vendor-neutral, industry standard application protocol to access and maintain distributed directory information services over an Internet Protocol (IP) network. Directory services play an important role in the development of intranet and Internet applications as they allow the sharing of information about users, systems, networks, services, and applications throughout the network.
On Cisco IOS headends, the “memberOf” AD attribute is mapped to the Authentication, Authorization, and Accounting (AAA) attribute supplicant-group.
Reference: https://www.cisco.com/c/en/us/support/docs/security/ios-sslvpn/118695-config-sslvpn-00.html
Question 8
Explanation
To configure the network access server to recognize and use vendor- specific attributes, use the radius-server vsa send command in global configuration mode. With additional “authentication” keyword, we limits the set of recognized vendor-specific attributes to only authentication attributes.
Question 9
Question 10
Question 11
Explanation
With TACACS+, authentication, authorization and accouting are separated while with RADIUS authentication and authorization are combined in one function
Question 12 (maybe same question as Q.9 https://www.certprepare.com/aaa-questions-2)
Explanation
Authentication with a remote security database:
You must first populate the remote security database with user profiles for each remote user who might log in. You must also configure the network access server (or other network equipment) to interoperate with the remote security database for AAA services. The AAA process with a remote security database is as follows:
1. User establishes a PPP connection with the network access server.
2. The network access server prompts the user for the username and password, and the user responds.
3. The network access server passes the username and password to the security server.
4. The remote security database authenticates and authorizes the user to access the network. The database in effect configures the network access server with authentication parameters by downloading commands and activating access lists in the network access server.
5. The network access server compiles accounting records as specified in the remote security database and sends the records to the security server. The security server may also compile accounting records.
Reference: http://www.ciscopress.com/articles/article.asp?p=25471&seqNum=6
Q8 says about configuring “radius server”.
I think this question is poorly state.
The question should ask about the command Network access server to recognize and use vendor-specific attributes.
then the answer would be correct.