Which of the following facilitates the use of one authentication framework for connecting to both wired and
wireless devices on a Cisco Unified Wireless Network? (Select the best answer.)
A.
ACS
B.
CSA
C.
CTA
D.
SSC
Explanation:
Cisco Secure Services Client (SSC) is client security software that facilitates the use of one authentication
framework for connecting to both wired and wireless devices on a Cisco Unified Wireless Network. SSC makes
use of the Extensible Authentication Protocol (EAP), WiFi Protected Access (WPA), and WPA2 standards to
control network access and enforce security policies for clients using Microsoft Windows platforms.
Cisco Secure Access Control System (ACS) is an Authentication, Authorization, and Accounting (AAA) server
that uses Remote Authentication DialIn User Service (RADIUS) and Terminal Access Controller Access Control
System Plus (TACACS+) to provide AAA services for users, hosts, and network infrastructure devices such as
switches and routers. ACS is typically implemented in a cluster configuration. An ACS deployment typically
consists of a primary server responsible for configuration, authentication, and policy enforcement and one or
more secondary servers serving as a backup in case the primary server
fails. In largescale deployments, the primary server’s function is typically relegated to configuration and
synchronization services, whereas the secondary servers provide AAA services to the network clients.
Cisco Trust Agent (CTA) is responsible for ascertaining the status of security applications and management
tools that are installed on a client. As client software, CTA communicates host posture information back to a
network access device on a Cisco Network Admission Control (NAC) framework. NAC is a Cisco feature that
prevents hosts from accessing the network if they do not comply with organizational requirements, such as
containing an updated antivirus definition file. When NAC is configured on an access device, such as a router
or switch, the NAC device intercepts connections from hosts that are not yet registered on the network. When a
host attempts to connect to the network, the access device queries the CTA running on the host for the host’s
security status. The access device then sends this information to the ACS, which determines whether the host
is in compliance with organizational security policies. If the host is in compliance, it is allowed to access the
network? if the host is not in compliance, it can be denied access, quarantined, or allowed limited network
access.
Cisco Security Agent (CSA) is a Hostbased Intrusion Prevention System (HIPS) that can be installed on host
computers, servers, and pointofsale (POS) computers. CSA can help protect these devices from malicious
network traffic, such as zeroday attacks. In addition, CSA can provide local firewall services, antivirus services,
and security policy enforcement. CSA does not facilitate the use of one authentication framework for connecting
to both wired and wireless devices on a Cisco Unified Wireless Network.Cisco: Cisco Secure Services Client