CCNA Security Question:
Identify the true statements regarding the Authentication Proxy
Answer:
A. It’s part of the IOS Firewall Feature Set.
B. It allows creation of per-user security profiles, rather than more general profiles.
C. It allows creation of general security profiles, but not per-user profiles. D. Profiles can be stored locally, but not remotely.
E. Profiles can be stored on a RADIUS server.
F. Profiles can be stored on a TACACS+ server.
Ans: (A, B, E, F. T he Authentication Proxy allows us to create security profiles that will be applied on a per-user basis, rather than a per-subnet or per-address basis. These profiles can be kept
on either of the following:
• RADIUS server
• TACACS+ server
Upon successful authentication, that particular user’s security policy is downloaded from the
RADIUS or TACACS+ server and applied by the IOS Firewall router.
B. It allows creation of per-user security profiles, rather than more general profiles.
C. It allows creation of general security profiles, but not per-user profiles. D. Profiles can be stored locally, but not remotely.
E. Profiles can be stored on a RADIUS server.
F. Profiles can be stored on a TACACS+ server.
Ans: (A, B, E, F. T he Authentication Proxy allows us to create security profiles that will be applied on a per-user basis, rather than a per-subnet or per-address basis. These profiles can be kept
on either of the following:
• RADIUS server
• TACACS+ server
Upon successful authentication, that particular user’s security policy is downloaded from the
RADIUS or TACACS+ server and applied by the IOS Firewall router.