Which of the following is typically implemented in a cluster configuration? (Select the best answer.)
A.
ACS
B.
CSA
C.
CTA
D.
SSC
Explanation:
Cisco Secure Access Control System (ACS) is typically implemented in a cluster configuration. ACS is an
Authentication, Authorization, and Accounting (AAA) server that uses Remote Authentication DialIn User
Service (RADIUS) and Terminal Access Controller Access Control System Plus (TACACS+) to provide AAA
services for users, hosts, and network infrastructure devices such as switches and routers. An ACS deployment
typically consists of a primary server responsible for configuration, authentication, and policy enforcement and
one or more secondary servers serving as a backup in case the primary server fails. In largescale deployments,
the primary server’s function is typically relegated to configuration and synchronization services, whereas the
secondary servers provide AAA services to the network clients.
Cisco Trust Agent (CTA) is responsible for ascertaining the status of security applications and management
tools that are installed on a client. As client software, CTA communicates host posture information back to a
network access device on a Cisco Network Admission Control (NAC) framework. NAC is a Cisco feature that
prevents hosts from accessing the network if they do not comply with organizational requirements, such as
containing an updated antivirus definition file. When NAC is configured on an access device, such as a router
or switch, the NAC device intercepts connections from hosts that are not yet registered on the network. When a
host attempts to connect to the network, the access device queries the CTA running on the host for the host’s
security status. The access device then sends this information to the ACS, which determines whether the host
is in compliance with organizational security policies. If the host is in compliance, it is allowed to access the
network? if the host is not in compliance, it can be denied access, quarantined, or allowed limited network
access.
Cisco Secure Services Client (SSC) is client security software that facilitates the use of one authentication
framework for connecting to both wired and wireless devices on a Cisco Unified Wireless Network. SSC makes
use of the Extensible Authentication Protocol (EAP), WiFi Protected Access (WPA), and WPA2 standards to
control network access and enforce security policies for clients using Microsoft Windows platforms. Cisco SSC
is not typically implemented in a cluster configuration.
Cisco Security Agent (CSA) is a Hostbased Intrusion Prevention System (HIPS) that can be installed on host
computers, servers, and pointofsale (POS) computers. CSA can help protect these devices from malicious
network traffic, such as zeroday attacks. In addition, CSA can provide local firewall services, antivirus services,
and security policy enforcement. CSA is not typically implemented in a cluster configuration.Reference:
Cisco: Understanding the ACS Server Deployment (PDF)