Where in the ACS are the individual downloadable ACL statements configured to achieve the most
scalable deployment?
A.
Group Setup
B.
User Setup
C.
Shared Profile Components
D.
Network Access Profiles
E.
Network Configuration
F.
Interface Configuration
Explanation:
The Shared Profile Components section enables you to develop and name reusable, shared sets
of authorization components which may be applied to one or more users or groups of users and
referenced by name within their profiles. These include network access restrictions (NARs),
command authorization sets, and downloadable PIX ACLs.
The Shared Profile Components section of Cisco Secure ACS addresses the scalability of
selective authorization. Shared profile components can be configured once and then applied to
many users or groups.
Without this ability, flexible and comprehensive authorization could only be accomplished by
explicitly configuring the authorization of each user group for each possible command on each
possible device. Creating and applying these named shared profile components (access
restrictions, command sets, and ACLs) makes it unnecessary to repeatedly enter long lists of
devices or commands when defining network access parameters.
Shared profile components also enable Cisco Secure ACS to authorize a command on behalf of
another device or devices. Their scalability extends to the following capabilities:
A way to determine the list of commands a user could issue against one or more devices in the
network.
A way to determine the list of devices on which a particular user may execute a particular
command and
http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_user_guide_chapter09186a00
80205a4a.html