Network Access & Device Administration

Question 1

Difference between AuthC & AuthZ

Answer 1

Authentication verifies User Identity, Authorization determines what user is allowed to do

Question 2

Which protocol is best suited for granular command-level control

Answer 2

TACACS+ separates authentication & authorization.

Suitable for authenticating users access to network devices and performing command-level authorization

Question 3

Which protocol is best suited for authenticating and authorizing a user on the network

Answer 3

RADIUS combines authentication and authorization.

Suitable for network access control of users

Question 4

Which protocol can be used for Device Administration AAA

Answer 4

TACACS+

Question 5

What port is used by TACACS+

Answer 5

TCP/49

Question 6

What port is used by RADIUS

Answer 6

UDP/1812 (AuthC, AuthZ)

UDP/1813 (Acct)

Question 7

Which TACACS messages are sent from AAA client to server

Answer 7

START

REQUEST

Question 8

What needs to match between ISE and NAD to successfully authenticate endpoints

Answer 8

Shared secret

Question 9

Which command allows a switch to send accounting info to ISE

Answer 9

radius-server vsa send-accounting

Question 10

Benefits of TACACS+ over RADIUS

Answer 10

Entire payload encrypted

Separates authentication and authorization

Question 11

Which task types are included in ISE for TACACS+

Answer 11

WLC & Shell

Question 12

RADIUS responses to Authenticator during Authentication

Answer 12

Access-Accept
Access-Reject
Access-Challenge

Question 13

Global command to turn on 802.1x

Answer 13

dot1x system-auth-control

Question 14

Interface command to turn on 802.1x

Answer 14

dot1x pae authenticator

Question 15

Which features must be used on ISE for TACACS+

Answer 15

Device Administration License

Device Admin service