Chapter 3: Posture Agents

Cisco Press

1 2 3 Page 3
Page 3 of 3

Cisco Trust Agent communicates with various NAC-enabled host applications by way of their posture plug-ins. NAC third-party vendors must build their own posture plug-ins to communicate their credentials to the policy decision points. Each vendor is identified by a unique vendor ID that includes identifying its application type (for example, antivirus) and attributes (for example, version). ACS must be able to understand the NAC vendor's credentials. You might need to import partner attribute definition files (ADFs) into the ACS ADF dictionary.

Cisco Trust Agent also acts as a vital communication tool to users by informing them by way of message notifications in the form of pop-ups. It also guides users into remediation by the use of their web browser and URL redirections.

The presence of NAC-enabled applications and posture agents, in conjunction with the network access devices and the policy validation servers, allows the network to intelligently evaluate and enforce a security compliance policy anywhere in the network.

Resources

Network Admission Control EBC Presentation, Russell Rice, Director of Marketing, STG, Cisco Systems, Inc.

Network Admission Control Technical Frequently Asked Questions, http://wwwin.cisco.com/stg/nac/nac_technical_faq.shtml#anchor4.

Review Questions

You can find the answers to the review questions in Appendix A.

  1. Cisco Trust Agent includes an 802.1X supplicant for which type of interfaces?

    1. Any type of access interface

    2. Only wired interfaces

    3. Wired and wireless interfaces

    4. All Layer 2 and Layer 3 interfaces

  2. How is the protected EAP tunnel established between ACS and Cisco Trust Agent?

    1. Both use a shared secret password only.

    2. Choice of using either a shared secret password or certificate.

    3. Cisco Trust Agent presents a certificate to ACS.

    4. ACS presents a certificate to Cisco Trust Agent.

  3. When evaluating identity and posture credentials, which EAP type must be used with 802.1X?

    1. EAP-FAST

    2. Protected EAP

    3. EAP-TLS

    4. EAP-GTC

  4. Cisco Trust Agent communicates directly with which two NAC components?

    1. NAD

    2. ACS

    3. NAC-enabled applications posture plug-in

    4. Posture agents

  5. Which type(s) of NAC vendor file is located in the host directory C:\Program Files\Common Files\PostureAgent\Plugins?

    1. .dll

    2. .log

    3. .exe

    4. .inf

  6. Which common filenames are assigned to the two posture agent plug-ins?

    1. ctapp.inf

    2. CiscoHostPP.inf

    3. CiscoHostPP.dll

    4. ctaapi.dll

    5. ctapp.dll

  7. Which of the following statements is false?

    1. A benefit of using CSA with NAC is that it can protect Cisco Trust Agent from being altered.

    2. CSA MC allows the ability to install Cisco Trust Agent and required certificates along with the CSA quiet install.

    3. CSA can discover and mark application traffic with DSCP values.

    4. CSA is a posture agent and does not require the use of Cisco Trust Agent.

Copyright © 2007 Pearson Education. All rights reserved.

Learn more about this topic

 
Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.
Related:

Copyright © 2007 IDG Communications, Inc.

1 2 3 Page 3
Page 3 of 3
SD-WAN buyers guide: Key questions to ask vendors (and yourself)