Posts Tagged ‘radius server’
September 8th, 2009 | 
Author: In today’s article, I’m going to quickly inform you about the Cisco IOS local RADIUS server group configuration mode command named “block count”.
Network administrators (like you) use the “block count” command to lock out group members for a length of time after a set number of incorrect passwords are entered.
Below is the command’s syntax:
block count count time {seconds | infinite}
As you can see, the command can use the count and seconds arguments and the “time” and “infinite” keywords.
count—This argument is used to indicate the number of failed passwords before a lockout is trigged; the lockout range is from 1 to 4294967295.
time —This keyword is used to specify the time to block the account.
seconds—This argument is used to indicate the number of seconds that the lockout should (will) last; the range is from 1 to 4294967295.
infinite –This keyword is used to indicate that the lockout should be indefinite (infinite).
Note: If you use the “infinite” keyword, an administrator must manually unblock the locked username.
Below is an example of the command being used:
router#configure terminal
router(config)#radius-server local
router(config-radsrv)#group ittechtips
router(config-radsrv-group)#block count 3 time 120
router(config-radsrv-group)#exit
router(config-radsrv)#user cross password baseball74 group ittechtips
router(config-radsrv)#end
router#copy run start
In the example above, the user named “cross” which belongs to the ittechtip group; will be locked out for 120 seconds if he fails three incorrect password attempts.
And, like with mostly all Cisco IOS commands; you can use the word “no” in front of the command to remove (disable) the configured command; like you see below:
router(config-radsrv-group)#no block count 3 time 120
By the way, if you decide to use the command, make sure your router(s) is running Cisco IOS 12.3(11)T or higher.
I hope this article was very informative and helped you quickly understand the usage of the block count command. If you need to learn more; I suggest you visit my website, were you’ll find the latest information regarding the Cisco CCNA (640-553) Security exam techniques.
To your success,
Charles Ross, CCNP #CSCO10444244 is the owner of Ittechtips.com; where you’ll find free comprehensive information and videos on how to pass the CCNA (640-553) security exam.
Sign-Up for “100 Free Videos” and, also learn more about the new “Cisco CCNA (640-553) Video Accelerated Training Course” at his website. http://www.ittechtips.com
Article Source: Cisco CCNA (640-553) Security Exam Training: Using the “block count” command
In today’s article, I’m going to inform you about the Cisco IOS global configuration mode command named “aaa group server diameter”.
Network administrators (like you) use the “aaa group server diameter” command to group different Diameter server hosts into distinct lists and distinct methods.
In other words, CCNA’s (like you) use this command to select a subset of the configured server hosts and use them for a particular service.
Cisco, calls supported server hosts “Diameter server hosts”; and currently there are two types RADIUS server hosts, and TACACS+ server hosts; both types belong to a “group server”, and a “group server” is a list of RADIUS or TACACS+ server hosts. The router uses a “group server” and a “global server list”; a “global server list” is a “group server” of IP addresses, which are the IP addresses of the selected server hosts.
Below is the command’s syntax:
aaa group server diameter group-name
As you can see, the command is pretty straight forward; the group-name argument is used to name the group of servers.
Below is an example of the command being used:
Router>enable
Router#configure terminal
Router(config)#aaa new-model
Router(config)#aaa group server diameter diameter_group_1
Router(config-sg-radius)#server diameter_peer_1
Router(config-sg-radius)#server diameter_peer_2
Router(config-sg-radius)#end
Router#copy run start
In the example above, the Diameter server group named diameter_group_1 has two member servers (diameter_peer_1 and diameter_peer_2) configured as Diameter peers.
Note: If you don’t specify a value for the peer port, it will default to 3868.
And, just like mostly all Cisco IOS commands; you can use the word “no” in front of the command to remove (disable) the configured command; like you see below:
Router(config)#no aaa group server diameter diameter_group_1
By the way, if you decide to use the command, make sure your router(s) is running Cisco IOS 12.4(9)T or higher.
I hope this article was very informative and helped you quickly understand the usage of the aaa group server diameter command. If you need to learn more; I suggest you visit my website, were you’ll find the latest information regarding the Cisco CCNA (640-553) Security exam techniques.
To your success,
Charles Ross, CCNP #CSCO10444244 is the owner of Ittechtips.com; where you’ll find free comprehensive information and videos on how to pass the CCNA (640-553) security exam.
Sign-Up for “100 Free Videos” and, also learn more about the new “Cisco CCNA (640-553) Video Accelerated Training Course” at his website. http://www.ccnaittechtips.com
Article Source: Cisco CCNA (640-553) Security Exam Training: Using the aaa group server diameter command
In today’s article, I’m going to quickly inform you about the Cisco IOS global configuration mode command named “aaa processes”.
CCNA’s (like you) use the “aaa processes” command, to allocate a specific number of background processes to be used to process AAA authentication and authorization requests for PPP.
In other words, network administrators use the command to allocate a specific number of background processes to simultaneously handle multiple AAA authentication and authorization requests for PPP. This simply means a router configured with the command will be able to authenticate or authorize more than one PPP user at a time.
Below is the command’s syntax:
aaa processes number
As you can see this command is very easy to implement, the number argument is used to define the number (from 1 to 2147483647) of background processes allocated to process AAA authentication and authorization requests for PPP users. Basically with the number argument you are defining how many new users can be simultaneously authenticated, the number can be increased or decreased at any time.
Note: If you don’t use the command the default is one, which means only one PPP user can be authenticated (authorized) at a time.
Below is an example of the command being used:
Router>enable
Router#configure terminal
Router(config)#aaa new-model
Router(config)#aaa authentication ppp dialins group radius local
Router(config)#aaa processes 11
Router(config)#exit
Router#copy run start
In the example above, the authentication method list named “dialins” is specifying RADIUS as the method of authentication, then (if the RADIUS server does not respond) local authentication will be used on serial lines using PPP. And, eleven background processes have been allocated to handle AAA requests for PPP users.
And, just like mostly all Cisco IOS commands; you can use the word “no” in front of the command to remove (disable) the configured command; like you see below:
Router(config)#no aaa processes 11
By the way, if you decide to use the command, make sure your router(s) is running Cisco IOS 11.3(2)T or higher.
I hope this article was very informative and helped you quickly understand the usage of the aaa processes command. If you need to learn more; I suggest you visit my website, were you’ll find the latest information regarding the Cisco CCNA (640-553) Security exam techniques.
To your success,
Charles Ross, CCNP #CSCO10444244 is the owner of Ittechtips.com; where you’ll find free comprehensive information and videos on how to pass the CCNA (640-553) security exam.
Sign-Up for “100 Free Videos” and, also learn more about the new “Cisco CCNA (640-553) Video Accelerated Training Course” at his website. http://www.ccnaittechtips.com
Article Source: Cisco CCNA (640-553) Security Exam Training: Using the aaa processes command
In today’s article, I’m going to quickly inform you about the Cisco IOS global configuration mode command named “aaa user profile”.
CCNA’s (like you) use the “aaa user profile” command to create an AAA “named” user profile.
Most network administrators use the “aaa user profile” command in conjunction with the “aaa attribute” command; the “aaa attribute” command adds the calling line identification (CLID) and dialed number identification service (DNIS) attribute values to the user profile.
And, the user profile is then associated with a record, that record is then sent to a RADIUS server.
Below is the command’s syntax:
aaa user profile profile-name
The “name” of the user profile or you can say the profile-name argument, has a maximum length of 63 characters. Any names longer than 63 characters will be truncated.
Below is an example of the command being used:
Router>enable
Router#configure terminal
Router(config)#aaa new-model
Router(config)#aaa user profile profile_1
Router(config)#aaa attribute dnis
Router(config)#aaa attribute dnis dnisvalue
Router(config)#exit
Router#copy run start
In the example above, the user profile named “profile_1” is being created; and, the dialed number identification service (dnis) attribute value will be “dnisvalue”.
And, just like mostly all Cisco IOS commands; you can use the word “no” in front of the command to remove (disable) the configured command; like you see below:
Router(config)#no aaa user profile profile_1
By the way, if you decide to use the command, make sure your router(s) is running Cisco IOS 12.3(3.8) or higher.
I hope this article was very informative and helped you quickly understand the usage of the aaa user profile command. If you need to learn more; I suggest you visit my website, were you’ll find the latest information regarding the Cisco CCNA (640-553) Security exam techniques.
To your success,
Charles Ross, CCNP #CSCO10444244 is the owner of Ittechtips.com; where you’ll find free comprehensive information and videos on how to pass the CCNA (640-553) security exam.
Sign-Up for “100 Free Videos” and, also learn more about the new “Cisco CCNA (640-553) Video Accelerated Training Course” at his website. http://www.ccnaittechtips.com
Article Source: Cisco CCNA (640-553) Security Exam Training: Using the aaa user profile command
In today’s article, I’m going to inform you about the Cisco IOS global configuration mode command named “aaa group server radius”.
CCNA’s (like you) use the “aaa group server radius” command to group different RADIUS server hosts into distinct lists and distinct methods.
Another way of saying it is, network administrators (like you) use the command to select a subset of configured RADIUS server hosts and use them for a particular service. A “group server” is a list of RADIUS server hosts. The router uses a “group server” and a “global server list”; a “global server list” is a “group server” of IP addresses, which are the IP addresses of the selected server hosts.
Below is the command’s syntax:
aaa group server radius group-name
As you can see, the command is really easy to use; and the group-name argument, is used to name the group of configured RADIUS servers. By the way, the following words can’t be used as a group-name argument:
1. auth-guest
2. enable
3. if-authenticated
4. if-needed
5. guest
6. krb5
7. krb-instance
8. krb-telnet
9. tacacsplus
10. tacacs
11. rcmd
12. radius
13. none
14. local
15. line
Below is an example of the command being used:
Router>enable
Router#configure terminal
Router(config)#aaa new-model
Router(config)#aaa group server radius radiusittechtips
Router(config-sg-radius)#server 10.1.1.1 auth-port 1800 acct-port 1801
Router(config-sg-radius)#server 10.2.2.2 auth-port 1802 acct-port 1803
Router(config-sg-radius)#server 10.3.3.3 auth-port 1805 acct-port 1806
Router(config-sg-radius)#end
Router#copy run start
In the example above, the AAA group server named radiusittechtips has three member servers.
Note: If auth-port and acct-port are not specified, the default value of auth-port is 1645 and the default value of acct-port is 1646.
And, just like mostly all Cisco IOS commands; you can use the word “no” in front of the command to remove (disable) the configured command; like you see below:
Router(config)#no aaa group server radius radiusittechtips
By the way, if you decide to use the command, make sure your router(s) is running Cisco IOS 12.0(5)T or higher.
I hope this article was very informative and helped you quickly understand the usage of the aaa group server radius command. If you need to learn more; I suggest you visit my website, were you’ll find the latest information regarding the Cisco CCNA (640-553) Security exam techniques.
To your success,
Charles Ross
CCNA- CCNP #CSCO10444244
Charles Ross, CCNP #CSCO10444244 is the owner of Ittechtips.com; where you’ll find free comprehensive information and videos on how to pass the CCNA (640-553) security exam.
Sign-Up for “100 Free Videos” and, also learn more about the new “Cisco CCNA (640-553) Video Accelerated Training Course” at his website. http://www.ccnaittechtips.com
Article Source: Cisco CCNA (640-553) Security Training: Using the aaa group server radius command
In today’s article, I’m going to inform you about the Cisco IOS global configuration mode command named “aaa group server tacacs+”.
CCNA’s (like you) use the “aaa group server tacacs+” command to group different TACACS+ server hosts into distinct lists and distinct methods.
Another way of saying it is, network administrators (like you) use the command to select a subset of configured TACACS+ server hosts and use them for a particular service. A “group server” is a list of TACACS+ server hosts. The router uses a “group server” and a “global server list”; a “global server list” is a “group server” of IP addresses, which are the IP addresses of the selected server hosts.
Below is the command’s syntax:
aaa group server tacacs+ group-name
As you can see, the command is really easy to use; and the group-name argument, is used to name the group of configured TACACS+ servers. By the way, the following words can’t be used as a group-name argument:
1. auth-guest
2. enable
3. if-authenticated
4. if-needed
5. guest
6. krb5
7. krb-instance
8. krb-telnet
9. tacacsplus
10. tacacs
11. rcmd
12. radius
13. none
14. local
15. line
Below is an example of the command being used:
Router>enable
Router#configure terminal
Router(config)#aaa new-model
Router(config)#aaa group server tacacs+ tacacsittechtips
Router(config-sg-radius)#server 10.1.1.1
Router(config-sg-radius)#server 10.2.2.2
Router(config-sg-radius)#server 10.3.3.3
Router(config-sg-radius)#end
Router#copy run start
In the example above, the AAA group server named tacacsittechtips has three member servers.
And, just like mostly all Cisco IOS commands; you can use the word “no” in front of the command to remove (disable) the configured command; like you see below:
Router(config)#no aaa group server tacacs+ tacacsittechtips
By the way, if you decide to use the command, make sure your router(s) is running Cisco IOS 12.0(5)T or higher.
I hope this article was very informative and helped you quickly understand the usage of the aaa group server tacacs+ command. If you need to learn more; I suggest you visit my website, were you’ll find the latest information regarding the Cisco CCNA (640-553) Security exam techniques.
To your success,
Charles Ross, CCNP #CSCO10444244 is the owner of Ittechtips.com; where you’ll find free comprehensive information and videos on how to pass the CCNA (640-553) security exam.
Sign-Up for “100 Free Videos” and, also learn more about the new “Cisco CCNA (640-553) Video Accelerated Training Course” at his website. http://www.ccnaittechtips.com
Article Source: Cisco CCNA (640-553) Security Training: Using the aaa group server tacacs+ command
In today’s article, I’m going to inform you about the Cisco IOS global configuration mode command named “aaa configuration”.
Network administrators (like you) use the “aaa configuration” command to configure the username and password that are to be used when users attempt to download configuration requests from either a RADIUS server or an DHCP IP address pool.
Below is the command’s syntax:
aaa configuration {config-username | pool | route} username username [password [0 | 7] password]
As you can see, this command can use a lot of keywords; like the following:
config-username – This keyword is used to configure the username and password used in configuration requests that can be downloaded.
pool – This keyword is used to configure the username and password used for downloading an IP pool. IP pools are used to define range of IP addresses that are used for Dynamic Host Configuration Protocol (DHCP) servers and point-to-point servers.
route – This keyword is used to configure the username and password used when downloading static routes through RADIUS.
username username — This keyword and argument are used to define a username to be used instead of the router’s hostname.
password password – This (optional) keyword and argument are used to define an alphanumeric password to be used instead of the default “cisco” password. And, if you type the number “0” after the alphanumeric password, the password will not be encrypted. But, if you type the number “7” after the alphanumeric password, the password will be encrypted using a Cisco-defined encryption algorithm.
Below is an example of the command being used:
Router>enable
Router#configure terminal
Router(config)#aaa new-model
Router(config)#aaa group server radius radius1
Router(config-sg-radius)#server 10.1.1.1
Router(config-sg-radius)#exit
Router(config)#aaa authorization configuration default group radius
Router(config)#aaa authorization configuration foo group radius1
Router(config)#aaa route download 1 authorization foo
Router(config)#aaa configuration route username cross password 0 ittechtips
Router(config)#radius-server host 10.2.2.2
Router(config)#radius-server key 0 RadKey
Router(config)#exit
Router#copy run start
In the above example, we are using the “aaa configuration” command to specify that the username “cross” and the password “ittechtips” be used when downloading a static route configuration.
And, just like mostly all Cisco IOS commands; you can use the word “no” in front of the command to remove (disable) the configured command; like you see below:
Router(config)#no aaa configuration route
By the way, if you decide to use the command, make sure your router(s) is running Cisco IOS 12.2(11)T or higher.
I hope this article was very informative and helped you quickly understand the usage of the aaa configuration command. If you need to learn more; I suggest you visit my website, were you’ll find the latest information regarding the Cisco CCNA (640-553) Security exam techniques.
To your success,
Charles Ross, CCNP #CSCO10444244 is the owner of Ittechtips.com; where you’ll find free comprehensive information and videos on how to pass the CCNA (640-553) security exam.
Sign-Up for “100 Free Videos” and, also learn more about the new “Cisco CCNA (640-553) Video Accelerated Training Course” at his website. http://www.ccnaittechtips.com
Article Source: Cisco CCNA (640-553) Security Exam Training: Using the aaa configuration command
In today’s article, I’m going to inform you about the Cisco IOS global configuration mode command named “aaa authentication enable default”.
CCNA’s (like you) use the “aaa authentication enable default” command to enable AAA authentication, so in order, to control which users will gain access to the privileged command level.
Another way of saying it is; network administrators use the command to create a series of authentication methods that are used to determine whether a user can access the privileged command level. And, during the process, the router will try one authentication method at a time; and will only move on to the next one if the previous method returns an error, not if it fails.
Below are the command’s syntax and authentication (keyword) methods:
Syntax: aaa authentication enable default method1 [method2...]
Authentication (keyword) methods:
•enable—This keyword uses the enable password for authentication.
•group radius—This keyword uses the list of all RADIUS servers for authentication. (This authentication method doesn’t work on a per-username basis.)
•group tacacs+— This keyword uses the list of all TACACS+ servers for authentication.
•group group-name —This keyword uses a subset of RADIUS or TACACS+ servers for authentication as defined by the aaa group server radius or aaa group server tacacs+ command.
•none—This keyword uses no authentication. The client is automatically authenticated by the switch or router without using the information supplied by the user.
Remember, if you use any one of the group keyword methods (group radius, group tacacs+, or group group-name) you’ll need to use either the radius-server host or tacacs+-server host commands to configure your RADIUS or TACACS+ host server(s).
And, if you have more than one RADIUS or TACACS+ host server, you can use either the aaa group server radius or aaa group server tacacs+ commands to create a named group of servers.
Also, if you use the command (plainly) without typing in a method like you see below:
Router(config)#aaa authentication enable default
Router(config)#exit
Router#copy run start
The router will automatically only use the “enable” password as the only method of authentication, and if there is no “enable” password configured on the router; the router will just let the user authenticate anyway.
And, like with mostly all Cisco IOS commands; you can use the word “no” in front of the command to remove (disable) the configured command; like you see below:
Router(config)#no aaa authentication enable default
Remember, in order for you to use the “aaa authentication enable default” command; your router(s) must be running Cisco IOS 12.0(5)T or higher.
I hope this article was very informative and helped you quickly understand the usage of the aaa authentication enable default command. If you need to learn more; I suggest you visit my website, were you’ll find the latest information regarding the Cisco CCNA (640-553) Security exam techniques.
To your success,
Charles Ross, CCNP #CSCO10444244 is the owner of Ittechtips.com; where you’ll find free comprehensive information and videos on how to pass the CCNA (640-553) security exam.
Sign-Up for “100 Free Videos” and, also learn more about the new “Cisco CCNA (640-553) Video Accelerated Training Course” at his website. http://www.ccnaittechtips.com
Article Source: Cisco CCNA (640-553) Security Training: Using the aaa authentication enable default command
In today’s article, I’m going to talk about the “aaa authentication” command being used in webvpn context configuration mode.
When network administrators (like you) use the “aaa authentication” command in webvpn context configuration mode, they are configuring Authentication, Authorization, and Accounting (AAA) authentication for Secure Socket Layer (SSL) Virtual Private Network (VPN) sessions.
In other words, when a network administrator uses the “aaa authentication” command in webvpn context configuration mode, he or she is most likely configuring either an authentication list or server group for a SSL VPN context configuration.
Below are the syntax and an example of the command:
Syntax: aaa authentication {domain name | list name}
Example:
Router(config)#aaa new-model
Router(config)#aaa group server radius myServer
Router(config-sg-radius)#server 11.1.1.20 auth-port 1645 acct-port 1646
Router(config-sg-radius)#exit
Router(config)#aaa authentication login default local group myServer
Router(config)#radius-server host 11.1.1.0 auth-port 1645 acct-port 1646
Router(config)#webvpn context context1
Router(config-webvpn-context)#aaa authentication list myServer
Router(config-webvpn-context)#exit
Notice, that when using the command; a network administrator can use either the “domain” keyword or the “list” keyword.
When he or she uses the “domain” keyword with the command (aaa authentication domain) he or she is configuring authentication for a specific domain. And, when a network administrator uses the “list” keyword with the command (aaa authentication list) he or she is configuring authentication for a specific list or server group.
In the example above, the “myServer” RADIUS server group is being configured for authentication, for the SSL VPN context configuration named “context1”.
If you need to remove the AAA configuration from the SSL VPN context configuration, just type the word “no” in front of the command like you see below:
Router(config-webvpn-context)#no aaa authentication list myServer
Remember, in order for you to use the “aaa authentication” command in webvpn context configuration mode; your router(s) must be running Cisco IOS 12.4(6)T or higher.
I hope this article was very informative and helped you quickly understand the usage of the aaa authentication (WebVPN) command. If you need to learn more; I suggest you visit my website, were you’ll find the latest information regarding the Cisco CCNA (640-553) Security exam techniques.
To your success,
Charles Ross, CCNP #CSCO10444244 is the owner of Ittechtips.com; where you’ll find free comprehensive information and videos on how to pass the CCNA (640-553) security exam.
Sign-Up for “100 Free Videos” and, also learn more about the new “Cisco CCNA (640-553) Video Accelerated Training Course” at his website. http://www.ccnaittechtips.com
Article Source: Cisco CCNA (640-553) Security Training: Using the aaa authentication (WebVPN) command
In today’s article, I’m going to inform you about the Cisco IOS global configuration mode command named “aaa authentication dot1x”.
Network administrators (like you) use the “aaa authentication dot1x” command to specify one or more AAA methods for use on interfaces running IEEE 802.1X.
In other words, when using this command you name the list of methods that the authentication algorithm will try in given sequence to validate the password provided by the user. Currently, the only true method that is “802.1x compliant” is the group radius method; this simply means that when a user needs to be authenticated, it is a RADIUS authentication server that does it. But, if you choose to use the group radius method, make sure that the RADIUS server is configured with the global configuration command named radius-server host.
Below is the command’s syntax:
Syntax: aaa authentication dot1x {default | listname} method1 [method2...]
As you can see, the aaa authentication dot1x command also uses the keywords “default” and “listname”
The “default” keyword tells the router to use the following listed authentication methods as the default methods when a user attempts login in. And, the “listname” keyword is used to name the list of authentication methods tried when a user attempts to login.
And, below are the different “authentication” methods (keywords) that can be used:
•enable—This keyword uses the enable password for authentication.
•group radius—This keyword uses the list of all RADIUS servers for authentication.
•line—This keyword uses the line password for authentication.
•local—This keyword uses the local username database for authentication.
•local-case—This keyword uses the case-sensitive local username database for authentication.
•none—This keyword uses no authentication. The client is automatically authenticated by the switch or router without using the information supplied by the client.
And, like with mostly all Cisco IOS commands; you can use the word “no” in front of the command to remove (disable) the configured command; like you see below:
Router(config)#no aaa authentication dot1x default group radius none
Remember, in order for you to use the “aaa authentication dot1x” command; your router(s) must be running Cisco IOS 12.3(4)T or higher.
I hope this article was very informative and helped you quickly understand the usage of the aaa authentication dot1x command. If you need to learn more; I suggest you visit my website, were you’ll find the latest information regarding the Cisco CCNA (640-553) Security exam techniques.
To your success,
Charles Ross, CCNP #CSCO10444244 is the owner of Ittechtips.com; where you’ll find free comprehensive information and videos on how to pass the CCNA (640-553) security exam.
Sign-Up for “100 Free Videos” and, also learn more about the new “Cisco CCNA (640-553) Video Accelerated Training Course” at his website. http://www.ccnaittechtips.com
Article Source: Cisco CCNA (640-553) Exam Security Training: Using the aaa authentication dot1x command
To help you prepare for total success on exam day, here are 10 complimentary questions on the IOS Firewall set. Answers are at the end of the article. Enjoy!Earning your CCNA Security certification is a tremendous boost to your career and your career prospects!
1. Define the term “DMZ” as it pertains to network security, and name three different common network devices that are typically found there.
2. Identify the true statements.
A. Stateless packet filtering considers the TCP connection state.
B. Stateful packet filtering considers the TCP connection state.
C. Neither stateless nor stateful packet filtering monitor the TCP connection state.
D. Both stateless and stateful packet filtering monitor the TCP connection state, and keep a state table containing that information.
3. Does the Cisco IOS Firewall feature set act as a stateful or stateless packet filter?
4. Which of the following are considered parts of the IOS Firewall feature set?
A. IOS Firewall
B. Intrusion Prevention System
C. RADIUS
D. Authentication Proxy
E. Password Encryption
5. Identify the true statements regarding the Authentication Proxy.
A. It’s part of the IOS Firewall Feature Set.
B. It allows creation of per-user security profiles, rather than more general profiles.
C. It allows creation of general security profiles, but not per-user profiles.
D. Profiles can be stored locally, but not remotely.
E. Profiles can be stored on a RADIUS server.
F. Profiles can be stored on a TACACS+ server.
6. Configuring ACLs is an important part of working with the IOS Firewall. What wildcard masks are replaced in ACLs by the words host and any?
7. What does the dollar sign in the following ACL line indicate?
R1(config)#$ 150 deny ip 172.50.50.0 0.0.0.255 172.50.100.0 0.0.0.255
8. Basically, how does an IOS Firewall prevent a TCP SYN attack?
9. What does the term “punch a hole in the firewall” refer to? (Logically, that is, not physically.)
10. What exactly does the router-traffic option in the following configuration do?
R4(config)#ip inspect name PASSCCNASECURITY tcp router-traffic
R4(config)#ip inspect name PASSCCNASECURITY udp router-traffic
R4(config)#ip inspect name PASSCCNASECURITY icmp router-traffic
Here are the answers!
1. It’s easy to think of your network as the “inside”, and everything else as “outside”. However, we’ve got a third area when it comes to firewalls – the DMZ.
From an IT standpoint, the DMZ is the part of our network that is exposed to outside networks. It’s common to find the following devices in a DMZ:
FTP server
Email server
E-commerce server
DNS servers
Web servers
And if your are concerned for the security of your personal computer or if you are working for an organization there are many security software’s are available in the market, but it is better to go for microsoft certification, microsoft certifications or microsoft career certifications
Article Source: CCNA Security Practice Exam
Implementing, Managing and Maintaining a Server 2003 Network Infrastructure
After you study your text books it is important to test your newly acquired knowledge and see just how well you have absorbed the material. Practice exams….
* Reinforces what you learnt – fill in the gaps of what you missed
* Gets you used to answering questions to build confidence and familiarity
Here are 10 Multiple choice exams questions for you to practice on:
______________________________
Question 1# – You had sometime back implemented a RAS server for receiving requests from the dial-in connections. Lately you have been receiving complaints that some connections are getting rejected for no reason and connections are very slow. You implement another RAS server but this does not help the situation to a great extent although the number of complaints have reduced by 25%.
What should you do?
A. Implement 2 RAS s servers instead of just one
B. Since the complaints have reduce 25% with addition of one RAS server you need 4 servers totally to reduce complaint by 100%
C. Implement a RADIUS server that takes over the responsibility of authentication from the RAS server
D. Implement IIS server
_____________________
Question 2# – You are on the SOA (Start Of Authority) tab of the DNS server DNS1 on which you wish to configure the zone transfer with another DNS server DNS2 every once in 8 hours. Which of the following options will help you configure the DNS zone transfer between the two servers?
A. Refresh Interval
B. Retry Attempts
C. Retry Interval
D. Expiration
_____________________
Question 3# – When pushing software updates to all the clients on the network from a designated server, which of the following settings on the GPO needs to configured?
A. Audit Object Access settings
B. Specify intranet Microsoft update service location
C. Specify internet Microsoft update service location
D. Automatic Update settings
_____________________
Question 4# – You have just created some DNS zones in your network. So far you just had one Primary DNS and one Secondary DNS. The replication was very smooth and trouble free. You now wish that zone transfer and updates on the network happen equally smooth after the zones have been created.
What should you do?
A. Ensure that the zones are all Active Directory integrated
B. Ensure all the DNS servers are running on the Domain controllers
C. Ensure all DNS servers are running on member servers
D. Avoid using zones
_____________________
Question 5# – You are required to change some setting that have been set by the previous administrator for the IPSec policies. Which of the following would you use to manage this?
A. IP Security Monitor Console
B. Microsoft Management Console
C. Network Monitor utility
D. IPSec utility
_____________________
Question 6# – You are required to apply certain security update changes based on the already existing ones in your network. Which of the following would you use to analyze what exists and what needs to be applied?
A. Microsoft Baseline Security Analyzer
B. IP Security Monitor Console
C. Network Monitor
D. Baseline setting of the relevant GPO
_____________________
Question 7# – You wish to keep your DNS server database up-to-date and free of unnecessary records. Which of the following options will help you to maintain the DNS database as desired?
A. Tombstone
B. Aging and scavenging
C. DDNS
D. Secure updates
_____________________
Question 8# – Your network consists of a single domain with one DNS Windows Server 2003. The DNS server hosts a standard primary zone. Users report that the response time for the network seems slow. Using Network Monitor to examine the network traffic, you find that an abnormal amount of traffic is passing between the DNS server and DNS clients.
Which tool would best help you ascertain the cause of excess traffic?
A. System Monitor
B. Event Viewer
C. Tracert
D. Security Monitor
_____________________
Question 9# – You are in the process of expanding the Remote access network as your company is fast acquiring smaller companies across the world.
The company’s written policy states that all Remote Access Servers must have the same security policy settings. Whenever any amendments will be made to these policies written or otherwise will have to be reflected on all the servers at one go to ensure that the administrative time for the said task is kept to the minimum. What should you do?
A. Use RADIUS
B. Use RRAS
C. Use IIS
D. Use Certificate Servers
_____________________
Question 10# – You need to configure updates for your network. Your network consists of 100 Windows Server 2003 DCs and 48 Windows 2003 member servers. There are about 2500 clients. Which of the following would be an ideal and efficient method for implementing an automated process of software updates?
Each choice statement presents a part of the solution. Choose two statements to arrive at a complete solution
A. Configure Software Update Service (SUS) along with Group Policy Objects (GPO).
B. Configure Automatic Updates on all Domain Controllers and clients
C. Configure Automatic Update on the Root DC and ensure the rest do not connect to the Internet at all
D. Ensure only the critical DCs connect to the Microsoft site for Updates and a designated server pushes the update to the rest of the computers on the network
_____________________
ANSWERS
Question 1# – Correct Answers: C
Question 2# – Correct Answers: A
Question 3# – Correct Answers: B
Question 4# – Correct Answers: A
Question 5# – Correct Answers: A
Question 6# – Correct Answers: A
Question 7# – Correct Answers: B
Question 8# – Correct Answers: A
Question 9# – Correct Answers: A
Question 10# – Correct Answers: A,D
__________________
By Georgie Stath – Certification Help is a beginners guide to getting certified. Also find 8 Accelerated Learning Techniques that will see you getting certified faster.
Article Source: 10 Multiple choice practice questions Certification MCSA Microsoft Exam: 70-291