keywords:
Bookmark and Share



Front Back
Which of the following is an advantage of WPA over WEP?
  • Simplified administration
  • Supports client roaming
  • Dynamic keys
  • Less processor overhead
 
WPA improves upon WEP by using dynamic keys for encryption and a stronger method of encryption.  Both WPA and WEP are for wireless network security, so the biggest advantages of WPA over WEP is to improve security.  
Chapter 8

You need to secure your wireless network.  Which security protocols could you implement?  (Select two)
  • BitLocker
  • WEP
  • WPA
  • 802.11n
  • EFS
WEP, WPA and WPA2 are all security protocols for wireless networks.  Each security protocols protects the wireless data through the use of association keys and encryption protocols.   Chapter 8
Which of the following measures will make your wireless network invisible to the casual attacker performing war driving?
  • Change the default SSID
  • Disable SSID broadcast
  • Implement WPA2 Personal
  • Use a form of authentication other than Open authentication
Wireless access points are tranceivers which transmit and receive information on a wireless network.  Each access point has a service set ID (SSID) which identifies the wireless network.  By default, access points broadcast the SSID to announce their presence and make it easy for clients to find and connect to the wireless network.  Turn off the SSID broadcast to keep a wireless 802.11x network from being authomatically discovered.  When SSID broadcasting is turned off, users must know the SSID to connect to the wireless network.  This helps to prevent casual attackers from connecting to the network, but any serious hacker with the right tools can still connect to the wireless network.
Chapter 8
Which of the following are typically used for encrytping data? (Select two)
  • TKIP
  • Diffie-Hellman
  • MD-5
  • AES
  • EIGamal
TKIP and AES are used for encrpting data.  TKIP is used with WPA wireless standards, while AES is used with WPA2 and other encrytpion applications. EIGamal and Diffie-Hellman are asymmentric emcrytpion methods.  They are both used for key exchange and digital signatures.  MD-5 is a hashing algorithm.
Chapter 8
On a wireless network that is employing WEP, which type of users are allowed to authenticate through the access points?
  • Users withn the 80% strength radius
  • Users wth the correct WEP key
  • Only users with remote access priveleges
  • User with proper company IDs
On a wireless network that is employing WEP (Wired Equivalent Privacy), only users with the correct WEP key are allowed to authenticate through the WAP (Wireless Application Protocol) access points.  That's the whole point of WEP, prevent unauthorized users by employing a wireless session key for access.
Chapter 8
You have a small wireless network that uses multiple access points.  The network uses WPA and broadcasts the SSID.  WPA2 is not supported by the wireless acces points.  You want to connect a laptop computer to the wireless network.  Which of the following parameters will you need to configure on the laptop?  (Select two)
  • Channel
  • TKIP encryption
  • BSSID
  • Preshared key
  • AES encryption
 
To connect to the wireless network using WPA, you will need to use a preshared key and TKIP encryption.  When using a preshared key with WPA, it is knows as WPA-PSK or WPA Personal. AES encryption is used by WPA2.  The channel is automatically detected by the client.  The Basic Service Set Identifier (BSSID) is a 48-bit value that identifies an AP in an infrastructure network or a STP in an ad hoc network.  The client automatically reads this and uses it to keep track of APs when roaming between cells.  
Chapter 8
You need to place a wireless access point in your two-story building.  While trying avoid interference, which of the following is the best location for the access point?
  • In the kitchen area
  • In the basement
  • In the top floor
  • Near the backup generators
In general, place access points higher up to avoid interference problems caused by going through building foundations.  Do not place the access point next to sources of interference such as other wireless transmitting devices (cordless phones or microwaves) or other sources of interference (motors or generators)
Chapter 8
What is the least secure place to locate the access point when creating a wireless cell?
  • In the center of the building
  • Above the 3rd floor
  • Near a window
  • In a common or community work areas
The least secure location for a wireless cell access points against a perimeter wall.  So, placement near a window would be the worst option from list of selection.
Chapter 8
Which of the following recommendations should you follow when placing access points to provide wireless access for users within your company building?
  • Place access points in the basement.
  • Place access points near outside walls
  • Place multiple access points in the same area.
  • Place access points above where most clients are.
When placing wireless access points:
  • Devices often get better reception from access points that are above or below.
  • If possible, place access points higher up to avoid interference problems caused by going through building foundations.
  • For security reasons, do not palace APs near outside walls
  • Placing the AP in the center of the building decreases the range of the signals available outside of the building.

Chapter 8
You need to configure a wireless network.  You want to use WPA Enterprise.  Which of the following components will be part of your design? (Select two)
  • TKIP encryption
  • AES encryption
  • WEP encryption
  • Open authentication
  • Preshared keys
  • 802.1x
Answer:  TKIP encryption,  802.1x To configure WPA Enterprise, you will need a RADIUS server to support 802.1 x authentication. WPA uses TKIP for encryption.   WPA-PSK also called WPA Personal, uses prehared keys for authentication.  WPA2supports AES encryption. 
Chapter 8
You need to add security for your wireless network.  You would like to use the most secure method.  Which method should you implement?
  • WEP
  • Kerberos
  • WPA2
  • WPA
   
Wi-Fi Protected Access 2 (WPA2) is currently the most secure wireless security specification.  WPA2 includes specifications for both encryption and authentication WPA was an earlier implementation of security specified by the 802.11i committee.  WEP was the original security method for wireless networks.  WPA is more secure than WEP, but less secure than WPA2. Kerberos is an authentication method, not a wireless security method Chapter 8
You have physically added a mireless access point to your network and installed a wireless networing card in two laptops running Windows XP.  Neither laptop can find the network and you have come to the conclusion that  you must manually confgure the wireless access point (AP).  Which of the following values uniquely identifies the network AP?
  • PS
  • SSID
  • Channel
  • WEP
The SSID (service set identifier) identifies the wireless network.  All PCs and access points in a LAN share the same SSID.
Chapter 8
RADIUS is primarily used for what purpose?
  • Managing RAID fault-tolerant drive configurations
  • Managing access to a network over a VPN
  • Controling entry gate access using proximity sensors.
  • Pre-authenticating remote clients before access to the network is granted.
RADIUS (Remote Authentication Dial-In User Service) is primarily used for pre-authenticating remote clients before access to the network is granted.  RADIUS is based on RFC 2865.  RADIUS  maintains client profiles in a centralized database.  RADIUS offloads the authentication burden for dial-in users from the normal authentication of local network clients. 
Which of the following is a characteristics of TACACS+?
  • Uses UDP ports 1812 and 1813
  • Supports only TCP/IP
  • Encrypts the entire packet, not just authentication packets.
  • Requires that authetication and authorization are combined in a single server.


TACACS+:
  • Encrypts the entire packet contents and not just authentication packets
  • Encrypts the entire contents and not just authetication packets
  • Uses TCP port 49
  • Supports more protocol suites than RADIUS


Chapter 9_3.7
Which of the following protocols can be used to centralized remote access authentication?
  • SESAME
  • Kerberos
  • TACACS
  • EAP
  • CHAP
Centralized remote access authentication protocols include:
  • RADIUS (Remote Authentication & Dial-in User Service)
  • TACACS (Terminal Access Controller Access Control System)

Chapter 9
You have a network with 3 romte access servers, a RADIUS server used for authentication and authorization, an a secund RADIUS server used for accounting. Wher should you configure remote access policies?
  • On the RADIUS server used for accounting
  • On one of the remote access servers
  • On each of th remote access servers
  • On the RADIUS server used for authentication and authorization


Remote access policies are used for authorization for remote access clients.  For larger deployments with multiple remote access servers, you can centralize the administration of remote access policies by using an AAA server (authentication, authorization, and accounting).  Configure remote  access policies on the AAA server that is used for authorization.  
Chapter 9
Which ports does LDAP use by default? (Select two)
  • 110
  • 69
  • 636
  • 161
  • 389
LDAP (Lightweight Directory Access Protocol) uses ports 389 and 636 by default  Port 636 is used for LDAP over SSL.  This is the secue form or mode of LDAP Unsecured LDAP uses port 389. Port 69 is used by TFTP.  Port 110 is used by POP3.  Port 161 is used by SNMP.  
Chapter 9
A user has just authenticated using Kerberos.  What object is issued to the user immediately following logon?
  • Client-to-server ticket
  • Digital certificate
  • Digital signature
  • Ticket granting ticket
Kerberos works as follows:
  • The client sends an authentication request to the authentication server
  • The authentication server validates the user identity and grants a ticket granting ticket (TGT).  The TGT validates the user identity and is good for a specific ticket granting server.
  • When the client needs to access a resource, it submits its TGT to the TGS.  
  • The client connects to the service server and submits the client-to-server ticket as proof of access.
  • The SS accepts the ticket and allows access.

Chapter 9
Which of the following are used when implementing Kerberos for authentication and authorization? (Select tow)
  • RADIUS or TACACS + server
  • PPPoE
  • Ticket granting server
  • Time server
  • PPP
Keberos grants tickets (also called a security token) to authenticated users and to authorized resources.  A ticket granting server (TGS) grants tickets that are valid for  specific resources on specific servers.  Kerberos requires that all servers whithin the process have synchronized clocks to validate tickets, so a centralized time server or other method for time synchronization is required.
Chapter 9
Your LDAP directory services solution uses simple authentication.  What should you always do when using simple authentication?
  • Add SASL and use TLS.
  • Use Kerberos
  • Use IPSec and certificates
  • Use SSL
Protect LDAP simple authentication by using SSL to protect authentication traffic.  LDAP simple authentication uses clear text for username and password exchange. While you can protect authentication using SASL, this requires changing the authentication mode of LDAP from simple to SASL.  When using SASL, you can use a wide range of solutions such as TLS, Kerberos, IPSec, or certificates.

Chapter 9
Which of the following are requirements to deploy Kerberos on a network? (Select two)
  • A directory service
  • Use of token devices and one-time passwords
  • A centralized database of users and passwords
  • Blocking of remote connectivity
  • Time synchronization between devices
Keberos requires that there be a centralized database of users and passwords and time synchronization. The user database is usually maintained of the KDC itself or on a separate pre=authentication server system.  Time sychronization is required to stamp a consistent expiration date within the Ticket Granting Ticket (TGT).
Chapter 9
When using Kerberos authentication, which of the following terms is used to describe the token that verifies the identity of the user to the target system?
  • Hashkey
  • Voucher
  • Ticket
  • Coupon
The tokens used in Kerberos authentication are know as tickets.  Thes tickets perform a number of function including notifying the network service of the user who hasbeen granted access, and authenticating the identity of the person when they attempt to use the network service.
Chapter 9
You want to use Kerberos to protect LDAP authentication.  Which authentication mode should you choose?
  • Mutual
  • EAP
  • Simple
  • SASL


Choose SASL (Simple Authentication & Security Layer) authentication mode to use Kerberos with LDAP.  SASL is extensible and lets you use a wide variety of  protection methods. LDAP authentication modes include Anonymous, Simple , and SASL.  EAP is an extensible authentication protocol for remote access, not LDAP.
Chapter 9
You want to deploy SSL to protect authentication traffic with your LDAP-based directory service.  Which port would this use?
  • 60
  • 80
  • 389
  • 443
  • 636
  • 2208
To use SSL for LDAP authentication, use port 636.
Port 80 is used to HTTP while port 443 is used for HTTPS (HTTP with SSL).  Simple LDAP authentication uses port 389.
Chapter 9
Which fo the following protocols uses port 88?
  • LDAP
  • Kerberos
  • TACACS
  • L2TP
  • PPTP
Kerberos uses port 88 TACACS uses port 49. LDAP uses TCP and UDP ports 389.  Secure LDAP uses SSL/TLS over port 636.  L2TP uses port 1701. PPTP uses port 1723.
Chapter 9
Which of the following protocols uses ports 389 and 636?
  • Kerberos
  • RDP
  • LDAP
  • L2TP
  • TACACS
LDAP uses TCP and UDP 389.  Secure LDAP uses SSL/TLS over port 636.  

Chapter 9
In what form of access control environment is access controlled by rules rather than by identity?
  • Most client-server environments
  • DAC
  • ACL
  • MAC
A MAC environment controls access based on rules rather than by identity. DAC environments use identity to control acces. ACLs are a specific example of an identity-based access control mechanism used in DAC environments.  Most client-server environments use ACLs and thus use DAC solutions.


Chapter 9_1.1
You have a system that allows the owner of a file to identify users and their permissions to the file.  Which type of access control model is implemented?
  • DAC
  • MAC
  • RBAC (based on roles)
  • RBAC (based on rules)
This is an example of a discretionary access control list (DACL) which uses the Discretionary Access Control  (DAC) model.  With DAC, individuals use ther own discretion (decisions or preferences) for assigning permissions and allowing or denying access.
Chapter 9_1.1
Which access control model manages rights and permissions based on job descriptions and responsibilities?
  • Mandatory Access Control (MAC)
  • Discretionary Access Control (DAC)
  • Task Based Access Control (TBAC)
  • Role Based Access Control (RBAC)
Role Based Access Control (RBAC) is the access control model that manages rights and permissions based on job descriptions.  RBAC focuses on job descriptions or work tasks, instead of employing user accounts to define access.  RBAC are best suited for environments that have high rate of employee turnover.  By defining access based on roles rather than individuals, it simplifies administration when granting a new person access to common activities.
Chapter 9_1.1
Which form of access control enforces security based on user indentities and allows individual users to define access controls over owned resources?
  • RBAC
  • MAC
  • DAC
  • TBAC
DAC (Discretionary Access Control) uses identities to control resources access.  Users can make their own decisions about the access to grant to other users. RBAC (job descriptions) , MAC (classifications), TBAC (work tasks) enforce security based on rules.
Chapter 9_1.1
What does the MAC method use to control access?
  • Geographic location
  • Sensitivity label
  • User accounts
  • Job descriptions
Mandatory Access Control (MAC) is based on sensitivy labels (a.k.a classifications or clearance levels).  A sensitivity label is descriptive tag that indicates haw important, valuable, volatile, or classified a resource is.  Common sensitivity labels in military computing environment are:  Top Secret, Secret, Classified, Sensitive but Unclassified, Common Sensitivy labes in private sector computing environment include Proprietary, Confidential, Private and Public.
Chapter 9_1.1
Which type of access control focuses on assigning privileges based on security clearance and data sensitivity?
  • TBAC
  • RBAC
  • DAC
  • MAC
MAC (Mandatory ccess Control) uses classifications to assign privileges based on a security clearances and data sensitivity. RBAC (Role-based Access Control) is a form of  access control that assigns privileges based on job descriptions.  New users are simply assigned a job label. TABC (Task-based Access Control) defines individual work tasks to assign privileges.  DAC (Discretionary Access Control), an administrator or owner defines user and resource access.
Chapter 9_1.1
Which of the following defines an object as used in access control?

  • Data, applications, systems, networks, and physical space

  • Policies, procedures, and technologies that are implemented within a system.

  • Users, applications, or processes that need to be given access.

  • Resources, policies, and systems.

Objects are the data, applications, systems, networks and physical space. Subjects are the users, applications, or processes that need access to objects.  The access control system includes the policies, procedures, and technologies that are implemented to control a subject's access to an object.
Chapter 9_1.1
Which of the following principles is implemented in a mandatory access control model to determine access to an object using classification levels?
  • Need to know
  • Clearance
  • Ownership
  • Separation of duties
  • Least privelege
Need to know is used with mandatory access control environments to implement granular control over access to segmented classified data. Separation of duties is the security principle that states no single user is granted sufficient priveleges to compromise the security of an entire environment.  Clearance is the subject classification label that grants a user access to a specific security domain in a MAC environment.  Ownership is the access right in a DAC environment where a user has complete control over an object usually because they created it.
Chapter 9_1.1
The router access control list uses information in a packet such as the destination IP address and port number to make allow or deny forwarding decisions. This is an example of wich kind of access control model?
  • RBAC (based on rules)
  • MAC
  • DAC
  • RBAC (based on roles)
Rule-based access control (RBAC) uses characteristics of objects or subjects along with rules, to restrict access.  Access control entries identify a set of characteristics that will be examined for a match.  If all characteristics match, access is either allowed or denied based on the rule.  An example of rule-based access control implementation is a router access control list that allows or denies traffic based on characteristics within the packet (such as IP accress or port number).
Chapter 9_1.1
You have implemented an access control method that allows only users who are managers to access specific data.  Which type of access control model is used?
  • RBAC
  • DACL
  • MAC
  • DAC
Role-based access control (RBAC) allows access based on a role in an organization, not individual users.  Roles are defined based on job description or a security access level.  Users are made members of a role, and receive the permissions assigned to the role.  Mandatory Access Control (MAN) uses labels for both subjects (user who need access) and objects (resources with controlled access).  When a subject's clearance lines up with an object's classification, and when the user has a need to know (referred to as a category), the user is granted access. Discretiaonary Access Control (DAC) assigns access directly to subjects based on the discretion (or decission) of the owner.  Objects have a dicretionary access control list (DACL) with entries for each subject.  Owners add subjects to the DACL and assign rights or permissions.  The permissions identify the actions the subject can perfor on the object.
Chapter 9_1.1
For users who are members of the Sales team, you want to force their computers to use a specific desktop background and remove access to administrative tools from the Start menu.  Which solution should you use?
  • Group Policy
  • File screens
  • Account policies
  • Account restrictions
Use Group Policy to control the desktop for groups of users or computers.  For example, ou can prevent access to specific desktop or Start Menu features.  Account policies are specific Group Policy settings that control user passwords.  Account restrictions are settings applied in the user account that restrict logon hours or computers.  Use file screens to control the types of files that can be saved within a folder.
Chapter 9_1.4
You have multiple users who are compute administrators.  You want each administrator to be able to shut down systems and install drivers.  What should you do?  (Select two)
  • Add the group to the DACL
  • Add the group to the SACL
  • Create a distribution group for the administrators;  add all user accounts to the group.
  • Create a securitu group for the administrators; add all user accounts to the group.
  • Grant the group the necessary user rights.
Answer:  D & E
Creat a security group for the users and grant the group
the necessary user rights.  On a Microsoft system,  user right is a privilege or action that can be taken on the system, such as logging on, shutting down the system, backing up the system, or modifying the system data and time.  Permissions apply to objects (files, folders, printers, etc), while user ights apply to the entire system (computer). A group is  an object that identifies a set of users with similar access needs.  Microsoft systems have two kinds of groups:  distribution and security groups.  Only security groups can be used for controlling access to objects.  As manager roles change, add or remove user accounts from the group.
Chapter 9_1.4
You want to give all managers the ability to view and edit a certain file.  To do so, you need to edit the discretionary access control list (DACL) associated with the file.  You want to be able to easily add and remove managers as their job positions change.  What is the best way to accomplish this?
  • Create a distribution group for the managers.  Add all users as members of the group.  Add the group to the file's DACL.
  • Creat a security group for the managers.  Add all users as memebers of the group.  Add the group to the file's DACL.
  • Add one manager to the DACL granting all permissions.  Have this user add  other managers as required.
  • Add each user account to the file's DACL
Amswer:  B Create a security group for the users and add the users to the DACL.  A group is an object that identifies a set of users with similar access needs.  Microsoft systems have two kinds of groups:  distribution and security groups.  Only security groups can be used for controlling access to objects.  As manager roles change, add a remove user accounts from the group.  Assigning permissions t a group grants those same permissions to all members of the group.  Adding individual user accounts instead of groups to the ACL would require more work as you add or remove managers.
Chapter 9_1.4

What security mechanism uses a unique list for each object embedded directly in the object itself that defines which subjects have access to certain objects and the level or type of access allowed?

  • Kerberos

  • User ACL

  • Hashing

  • Mandatory access control

A user ACL (Access Control list) is a security mechanism that defines which subjects have access to certain objects and the level or type of access allowed.  This security mechanism is unique for each object and is embedded directly in the object itself.
Chapter 9_1.4
You have two folders that contain documents used by various departments:
  • The Development group has been given the Write permission to the Design folder,
  • The Sales group has been given the Write permission to the Products folder.

No other permission has been given to either group. 
Usser Mark Tillman needs to have the Read permission to the Design folder and the Wite permission to the Products folder.  You want to use groups as much as possible.  What should you do?
  • Add Mark's user account directly to the ACL for both the Design & Products folder.
  • Mae Mark a member of the Development group.  add Mark's user account directly to the ACL for the Products folder.
  • Make Mark a member of the Sales group  add Mark's user account directly to the ACL for the Design folder.
  • Make Mark a member of the Development  & Sales groups.
Answer:  C Make Mark a member of the Sales group to give him the Wriet permission to the Products folder.  add Mark's user account to the ACL for the Design folder and grant the Read permission. Adding Mark as a member of the Development group would give him too much permission (Write) to the Design folder.  Adding Mark to the ACL for both folders would not use groups where possible.

Chapter 9_1.4
Marcus White has just been promoted to a manager.  To give him access to the files that he needs, you make this user account a member of the Managers group which has access to a special shared folder. Later that afternoon, Marcus tells you that he is still unable to access the files reserved for the Managers group.  What should you do?
  • Have Marcus log off and log back on
  • Add his user account to the ACL for the shared folder
  • Manually refresh Group Policy settings on the file server
  • Manually refresh Goup Policy settings on his computer.


Answer:  A
On a Microsoft system, the access token is only generatd during authentication.  Changes made to group memberships or user rights do not take effect until the user logs on again and a new access token is created.
Use NTFS and share permissions, not Group Policy, to control access to files.  In addition, Group Policy is periodically refreshed, with new settings being applied on a regular basis.   Chapter 9_1.4
Which of the following terms describes the component that is generated following authentication and which is used to gain access to resources followinng logon?
  • Account policy
  • Access token
  • Proxy
  • Cookie
When a security principal logs on, an access token is generated.  The access token is used for controlling access to resources.
Chapter 9_1.4
Which of the following protocols can be used to centralized remote access authentication?
  • TACACS
  • EAP
  • CHAP
  • SESAME
  • Kerberos
Centralized remote access authentication include: Remote Authentication & Dial-In User Service (RADIUS) and Terminal Access Controller Access Control System (TACACS) Chapter 9_3.7

You have a network with 3 remote access servers, a RADIUS server used for authentication and authorization, nd a second RADIUS serve used for accounting.  Where should you configure remote access policies?
  • On one of the remote access servers
  • On the RADIUS server used for authentication and authorization
  • On each of the remote access servers
  • On the RADIUS server used for accounting

Remote access policies are used for authorization for remote access clients.  For larger deployments with multiple remote access servers, you can centralize the administration of remote access policies by using an AAA server (authentication, authorization, and accounting server).  Configure remote access policies on the AAA server that is used for authorization.

Chapter 9_3.7   
Which of the following authentication methods uses tickets to provide single sign-on?
  • Kerberos
  • 802.1x
  • MS-CHAP
  • PKI
Kerberos grants tickets (also called a security token) to authenticated users and to autorized resources.  Kerberos uses the following components:  
  • An authentication server (AS) accepts and processes authentication requests
  • A service server (SS) is a server that provides or holds network resources
  • A ticket granting server (TGS) grants tickets that are valid for specific resources on specific servers.

Chapter 9_3.7
Which of the following are differences between RADIUS and TACACS+?
  • RADIUS supports more protocols than TACACS+?
  • RADIUS uses TCP; TACACS+ uses UDP
  • RADIUS combines authentication and authorization into a single function;  TACACS+ allows these services to be split between different servers
  • RADIUS encrypts the entire packet contents;  TACACS+ only encrypts the password.
Answer:  C TACACS+ provides three protocols, one each for authentication, authorization and accounting.  This allows each services to be provided by a different server, in addition:
  • TACACS+ uses TCP.  
  • Encrypts the entire packet contents.
  • Supports more protocol suites than RADIUS

Chapter 9_ 3.7
Which of the following are methods for providing centralized authentication, authorization, and accounting for remote access?
  • 802.1x
  • RADIUS
  • EAP
  • PKI
  • TACACS+
  • AAA
Both RADIUS and TACACS+ are protocols used for centralized authentication, authorization, and accounting used with remote access.  Remote access clients sends authentication credentials to remote access servers.  Remote access servers are configured as clients to the RADIUS or TACACS+ server and forward the authentication credentials to the servers.  The servers maintain a database of users and policies that control access for multiple remote access servers.
Chapter 9_3.7
Which of the following are characteristics of TACACS+ ? (Select two)
  •  Allows for a possible of two different servers, one for authentication and authorization, and another for accounting.
  •  Uses TCP
  •  Uses UDP
  •  Allows for a possible of three different servers, one each for authentication, authorization, and accounting.
 
TACACS+ was originally developed by Cisco for centralized remote access administration.  TACACS+:
  • Provides three protocols, one each for authentication, authorization, and accounting.  This allows each service to be provided by a different server
  • Uses TCP
  • Encrypts the entire packet contents
  • Supports more protocol suites than RADIUS.

Chapter 9_3.7
You have decided to implement a remote access solution that uses multiple remote access servers.  You want to implement RADIUS to centralize remote access authentication and authorization.  Which of the following would be a required part of your configuration?
  • Configure remote access clients as RADIUS clients.
  • Configure the remote access servers as RADIUS servers
  • Configure the remote access servers as RADIUS clients.
  • Obtain certification from a public or private PKI>


When configuring a RADIUS solution, configure a single server as a RADIUS server.  Then configure all remote access servers as RADIUS clients.  Certificate-based authentication can be used with a RADIUS solution, but is not a requirement.
|< < Previous x of y cards Next >|