| 1. Why is local database
authentication preferred over a password-only login? |
|
|
It specifies a different password for each line or port. |
|
>>
|
It provides for authentication and accountability. |
|
|
It requires a login and password combination on console, vty lines, and
aux ports. |
|
|
It is more efficient for users who only need to enter a password to gain
entry to a device. |
|
|
|
| 2. Which authentication method
stores usernames and passwords in the router and is ideal for small networks? |
|
>>
|
local AAA |
|
|
local AAA over RADIUS |
|
|
local AAA over TACACS+ |
|
|
server-based AAA |
|
|
server-based AAA over RADIUS |
|
|
server-based AAA over TACACS+ |
|
| 3. In regards to Cisco
Secure ACS, what is a client device? |
|
|
a web server, email server, or FTP server. |
|
|
the computer used by a network administrator. |
|
|
network users who must access privileged EXEC commands. |
|
>>
|
a router, switch, firewall, or VPN concentrator. |
|
|
|
| 4. When configuring a Cisco Secure
ACS, how is the configuration interface accessed? |
|
>>
|
A Web browser is used to configure a Cisco Secure ACS. |
|
|
The Cisco Secure ACS can be accessed from the router console. |
|
|
Telnet can be used to configure a Cisco Secure ACS server after an initial
configuration is complete. |
|
|
The Cisco Secure ACS can be accessed remotely after installing
ACS client software on the administrator workstation. |
|
|
|
| 5. What is a difference between
using the login local command and using local AAA authentication for
authenticating administrator access? |
|
|
Local AAA authentication supports encrypted passwords; login local does
not. |
|
>>
|
Local AAA provides a way to configure backup methods of
authentication; login local does not. |
|
|
A method list must be configured when using the login local command, but
is optional when using local AAA authentication. |
|
|
The login local command supports the keyword none, which ensures that
authentication succeeds, even if all methods return an error. |
|
|
|
| 6. Due to implemented security
controls, a user can only access a server with FTP. Which AAA component
accomplishes this? |
|
|
Accessibility |
|
|
Accounting |
|
|
Auditing |
|
|
Authentication |
|
>>
|
Authorization |
|
|
|
| 7. Which two AAA access method statements are true?
(Choose two.) |
|
|
Character mode provides remote users with access to network resources and
requires use of the console, vty, or tty ports. |
|
|
Character mode provides remote users with access to network resources and
requires use of dialup or VPN. |
|
>>
|
Character mode provides users with administrative privilege EXEC
access and requires use of the console, vty, or tty ports. |
|
|
Packet mode provides users with administrative privilege EXEC access and
requires use of dialup or VPN. |
|
>>
|
Packet mode provides remote users with access to network resources
and requires use of dialup or VPN. |
|
|
Packet mode provides users with administrative privilege EXEC access and
requires use of the console, vty, or tty ports. |
|
|
|
| 8. What is a characteristic of TACACS+? |
|
|
TACACS+ is an open IETF standard. |
|
|
TACACS+ is backward compatible with TACACS and XTACACS. |
|
>>
|
TACACS+ provides authorization of router commands on a per-user or
per-group basis. |
|
|
TACACS+ uses UDP port 1645 or 1812 for authentication, and UDP port 1646
or 1813 for accounting. |
|
|
|
| 9. Refer to the exhibit. Router R1 is configured as
shown. An administrative user attempts to use Telnet from router R2 to router
R1 using the interface IP address 10.10.10.1. However, Telnet access is
denied. Which option corrects this problem? |
|
|
The R1 10.10.10.1 router interface must be enabled. |
|
|
The vty lines must be configured with the login authentication default
command. |
|
|
The aaa local authentication attempts max-fail command must be set to 2 or
higher. |
|
>>
|
The administrative user should use the username Admin and password
Str0ngPa55w0rd. |
|
|
|
| 10. Refer to the exhibit. In the network shown, which AAA
command logs the use of EXEC session commands? |
|
|
aaa accounting connection start-stop group radius |
|
|
aaa accounting connection start-stop group tacacs+ |
|
|
aaa accounting exec start-stop group radius |
|
>>
|
aaa accounting exec start-stop group tacacs+ |
|
|
aaa accounting network start-stop group radius |
|
|
aaa accounting network start-stop group tacacs+ |
|
|
|
| 11. When configuring a method list
for AAA authentication, what is the effect of the keyword local? |
|
>>
|
It accepts a locally configured
username, regardless of case.
|
|
|
It defaults to the vty line password for
authentication.
|
|
|
The login succeeds, even if all methods
return an error.
|
|
|
It uses the enable password for
authentication.
|
|
|
|
12.
What is the result if an administrator configures the aaa authorization
command prior to creating a user with full access rights?
|
|
>>
|
The administrator is immediately locked
out of the system.
|
|
|
The administrator is denied all access
except to aaa authorization commands.
|
|
|
The administrator is allowed full access
using the enable secret password.
|
|
|
The administrator is allowed full access
until a router reboot, which is required to apply changes.
|
|
|
|
13.
Which statement identifies an important difference between TACACS+ and
RADIUS?
|
|
|
TACACS+ provides extensive accounting
capabilities when compared to RADIUS.
|
|
|
The RADIUS protocol encrypts the entire
packet transmission.
|
|
>>
|
The TACACS+ protocol allows for
separation of authentication from authorization.
|
|
|
RADIUS can cause delays by establishing a
new TCP session for each authorization request.
|
|
|
|
14.
Which two statements describe Cisco Secure ACS? (Choose two.)
|
|
>>
|
Cisco Secure ACS supports LDAP.
|
|
|
Cisco Secure ACS is only supported on wired
LAN connections.
|
|
|
Cisco Secure ACS only supports the TACACS+
protocol.
|
|
>>
|
Cisco Secure ACS supports both TACACS+
and RADIUS protocols.
|
|
|
Cisco Secure ACS Express is a
rack-mountable unit intended for more than 350 users.
|
|
|
|
15.
How does a Cisco Secure ACS improve performance of the TACACS+ authorization
process?
|
|
|
reduces overhead by using UDP for
authorization queries
|
|
>>
|
reduces delays in the authorization
queries by using persistent TCP sessions
|
|
|
reduces bandwidth utilization of the
authorization queries by allowing cached credentials
|
|
|
reduces number of authorization queries by
combining the authorization process with authentication
|
|
|
|
16.
How does a Cisco Secure ACS improve performance of the TACACS+ authorization
process?
|
|
|
reduces overhead by using UDP for
authorization queries
|
|
>>
|
reduces delays in the authorization
queries by using persistent TCP sessions
|
|
|
reduces bandwidth utilization of the
authorization queries by allowing cached credentials
|
|
|
reduces number of authorization queries by
combining the authorization process with authentication
|
|
|
|
| 17. What is an effect if AAA
authorization on a device is not configured? |
|
>>
|
Authenticated users are granted full access rights. |
|
|
User access to specific services is determined by the authentication
process. |
|
|
Character mode authorization is limited, and packet mode denies all
requests. |
|
|
All authorization requests to the TACACS server receive a REJECT response. |
|
|
|
| 18. Refer to the exhibit. Router R1
has been configured as shown, with the resulting log message. On the basis of
the information presented, which two AAA authentication statements are true?
(Choose two.) |
|
>>
|
The locked-out user failed authentication. |
|
|
The locked-out user is locked out for 10 minutes by default. |
|
|
The locked-out user should have used the username Admin and password
Pa55w0rd. |
|
|
The locked-out user should have used the username admin and password
Str0ngPa55w0rd. |
|
>>
|
The locked-out user stays locked out until the clear aaa local
user lockout username Admin command is issued. |
|
|
|
| 19. Which technology provides the
framework to enable scalable access security? |
|
|
role-based CLI access |
|
|
Simple Network Management Protocol |
|
|
AutoSecure |
|
|
Cisco Configuration Professional communities |
|
>>
|
authentication, authorization, and accounting |
|
|
|
| 20. Which two modes are supported
by AAA to authenticate users for accessing the network and devices? (Choose
two.) |
|
|
verbose mode |
|
>>
|
character mode |
|
|
quiet mode |
|
>>
|
packet mode |
|
|
ancillary mode |
|
|
|
| 21. Which two features are included
by both TACACS+ and RADIUS protocols? (Choose two.) |
|
|
separate authentication and authorization processes |
|
>>
|
password encryption |
|
>>
|
utilization of transport layer protocols |
|
|
SIP support |
|
|
802.1X support |
|
|
|
| 22. After accounting is enabled on
an IOS device, how is a default accounting method list applied? |
|
|
Accounting method lists are applied only to the VTY interfaces. |
|
|
A named accounting method list must be explicitly defined and applied to
desired interfaces. |
|
|
Accounting method lists are not applied to any interfaces until an
interface is added to the server group. |
|
>>
|
The default accounting method list is automatically applied to all
interfaces, except those with named accounting method lists. |
No comments:
Post a Comment