Which statement about Cisco ACS authentication and auth…

Which statement about Cisco ACS authentication and authorization is true?

Which statement about Cisco ACS authentication and authorization is true?

A.
ACS servers can be clustered to provide scalability.

B.
ACS can query multiple Active Directory domains.

C.
ACS uses TACACS to proxy other authentication servers.

D.
ACS can use only one authorization profile to allow or deny requests.

Explanation:
BD
ACS can join one AD domain. If your Active Directory structure has multi-domain forest or is divided into
multiple forests, ensure that trust relationships exist between the domain to which ACS is connected and the
other domains that have user and machine information to which you need access. So B is not correct.
Source: http://www.cisco.com/c/en/us/td/docs/net_mgmt/cisco_secure_access_control_system/5-8/ACSADIntegration/guide/Active_Directory_Integration_in_ACS_5-8.pdf
+ You can define multiple authorization profiles as a network access policy result. In this way, you maintain a
smaller number of authorization profiles, because you can use the authorization profiles in combination as rule
results, rather than maintaining all the combinations themselves in individual profiles. So D. is not correct
+ ACS 5.1 can function both as a RADIUS and RADIUS proxy server. When it acts as a proxy server, ACS
receives authentication and accounting requests from the NAS and forwards the requests to the external
RADIUS server. So C. is nor correct.
Source: http://www.cisco.com/c/en/us/td/docs/net_mgmt/cisco_secure_access_control_system/5-1/user/guide/
acsuserguide/policy_mod.html



Leave a Reply 0

Your email address will not be published. Required fields are marked *