Which three options are common examples of AAA implementation on Cisco routers? (Choose
three.)
A.
authenticating remote users who are accessing the corporate LAN through IPsec VPN connections
B.
authenticating administrator access to the router console port, auxiliary port, and vty ports
C.
implementing PKI to authenticate and authorize IPsec VPN peers using digital certificates
D.
tracking Cisco NetFlow accounting statistics
E.
securing the router by locking down all unused services
F.
performing router commands authorization using TACACS+
Explanation:
http://www.cisco.com/en/US/products/ps6638/products_data_sheet09186a00804fe332.html
Need for AAA Services
Security for user access to the network and the ability to dynamically define a user’s profile to gain
access to network resources has a legacy dating back to asynchronous dial access. AAA network
security services provide the primary framework through which a network administrator can set up
access control on network points of entry or network access servers, which is usually the function of
a router or access server.
Authentication identifies a user; authorization determines what that user can do; and accounting
monitors the network usage time for billing purposes.
AAA information is typically stored in an external database or remote server such as RADIUS or
TACACS+.
The information can also be stored locally on the access server or router. Remote security servers,
such as RADIUS and TACACS+, assign users specific privileges by associating attribute-value (AV)
pairs, which define the access rights with the appropriate user. All authorization methods must be
defined through AAA.