Cisco CANAC - Implementing Cisco NAC Appliance Set 1

The end-user Cisco Trust Agent capability summary message does not match the defined role-based
security policy requirement on the Cisco NAM. ✘ The Cisco NAM receives a Cisco Security Agent vulnerability alert from the Cisco NAS ✘ The Nessus network scan report matches a defined role-based or OS-based vulnerability on the Cisco NAM ✘ The Cisco NAM will perform an agentless scan and interpret the results to determine if the client machinesis vulnerable ✔

For users who acquire temporary access or the normal login role ✘ For users who acquire the quarantine access role ✘ For Administrator access ✘ For testing or for guest user accounts ✔

Cisco NAA Backup Server ✘ Cisco NAS Backup Network Scanning ✘ Cisco NAM and Cisco NAS redundancy ✘ Cisco NAM and Cisco NAS load Balancing ✔

Temporary Roles and Quarantines roles ✘ Nessus Plug-ins and Antivirus Rules ✘ Temporary and Quarantine network Remediation timer ✘ Session timeouts and traffic controls policies ✔

For testing or for guest user accounts ✘ For users who acquire temporary access or the normal login role ✘ For users who acquire the quarantine access role ✘ For Administrator access ✔

A device that does not require posture assessment each time it logs in to the network ✘ A device that does not have to go through certification while its MAC address remains on the certified list ✘ A multiuser device that is configured as a floating device so that recertification is not required at each login ✘ A single or multiuser device that is only recertified when another user of the device logs out and accessesthe network ✔

When the timeout value is exceeded during data-mirroring activities ✘ When the IP-based heartbeat signal fails to be transmitted and received within a certain time period ✘ When the UDP heartbeat signal fails to be transmitted on the serial heartbeat connection between failoverpeers ✘ When the UDP heartbeat signal is not transmitted and received within a certain time period ✔

At the authentication Server ✘ At the Cisco NAA ✘ At the Cisco NAS ✘ At the Cisco NAM ✔

Device manually added to the certified device list are automatically deleted when the device list-clearing
timer expires ✘ Devices that pass the Cisco NAA requirements are automatically added to the exempt device list ✘ To remove an exempt device from the certified list, click the clear Certified Device Button ✘ A device is not required to be rescanned at the next login as long as it MAC address is in the certified list ✔

From the Cisco NAS web Admin Console, enable Cisco NAA autoupdate on the Administration->Software
Update Form

✘ The Cisco NAA is upgraded directly to each Cisco NAS using the upgrade server form available on theCisco NAM web console GUI ✘ Configure the Cisco NAS by selecting which Cisco NAA to upgrade in the Cisco NAA Upgrade form ✘ Each Time the Cisco NAA is upgraded, the Cisco NAM automatically download the new version of CiscoNAA to all Cisco NAS Servers ✔