Upload
paulina-echeverria
View
223
Download
0
Embed Size (px)
Citation preview
7/30/2019 Cisco CCNA Security Chapter 3 Exam
1/6
Cisco CCNA
Questions and a
1. Why is local database au
It specifies a differen
It provides for authen
It requires a login an
It is more efficient fo
device.
2. What is a characteristic
Authorization can on
Accounting services
Accounting services
operations the user is
Authorization record
of time the resource i
3. Due to implemented sec
Which AAA component
accessibility
accountingauditing
authentication
authorization
4. Which two AAA access
Character mode prov
requires use of the co
Character mode prov
requires use of dialu
Character mode prov
requires use of the co
Packet mode provide
requires use of dialu
Packet mode provide
use of dialup or VPN
Packet mode provide
requires use of the co
5. Which two statements dServer-based AAA a
Security, chapter 3
swers 100% correct.
thentication preferred over a password-only
t password for each line or port.
tication and accountability.
password combination on console, vty lines
r users who only need to enter a password to
f AAA?
ly be implemented after a user is authenticat
re implemented prior to authenticating a use
etermine which resources the user can acces
allowed to perform.
what the user does, including what is acces
s accessed, and any changes that were made.
rity controls, a user can only access a server
accomplishes this?
method statements are true? (Choose two.)
ides remote users with access to network res
nsole, vty, or tty ports.
ides remote users with access to network res
or VPN.
ides users with administrative privilege EXE
nsole, vty, or tty ports.
s users with administrative privilege EXEC a
or VPN.
s remote users with access to network resour
.
s users with administrative privilege EXEC a
nsole, vty, or tty ports.
scribe AAA authentication? (Choose two.)thentication is more scalable than local AA
xam.
ogin?
, and aux ports.
gain entry to a
d.
r.
s and which
ed, the amount
with FTP.
urces and
urces and
C access and
ccess and
es and requires
ccess and
authentication.
7/30/2019 Cisco CCNA Security Chapter 3 Exam
2/6
Local AAA is ideal f
of the router for auth
Server-based AAA a
communicate betwee
Server-based AAA a
uses the local databas
Local AAA authentic
Cisco Secure ACS fo
6. What is a difference bet
authentication for authen
Local AAA authentic
Local AAA provides
local does not.
A method list must boptional when using
The login local com
authentication succee
7
.
Refer to the exhibit. Rou
message. On the basis o
statements are true? (Ch
The locked-out user
The locked-out user i
The locked-out user s
Pa55w0rd.
The locked-out user s
Str0ngPa55w0rd.
The locked-out user s
username Admin co
r large complex networks because it uses th
ntication.
thentication can use the RADIUS or TACA
n the router and a AAA server.
thentication is ideal for large complex netw
e of the router for authentication.
ation requires the services of an external ser
r Windows Server.
een using the login local command and usi
ticating administrator access?
ation supports encrypted passwords; login l
a way to configure backup methods of authe
configured when using the login local comocal AAA authentication.
and supports the keyword none, which ens
ds, even if all methods return an error.
ter R1 has been configured as shown, with t
the information presented, which two AAA
ose two.)
ailed authentication.
s locked out for 10 minutes by default.
hould have used the username Admin and p
hould have used the username admin and p
tays locked out until the clear aaa local use
mmand is issued.
local database
S+ protocols to
rks because it
er, such as the
g local AAA
cal does not.
ntication; login
and, but is
res that
e resulting log
authentication
ssword
ssword
lockout
7/30/2019 Cisco CCNA Security Chapter 3 Exam
3/6
8.
Refer to the exhibit. Rou
attempts to use Telnet fr
10.10.10.1. However, Te
The R1 10.10.10.1
The vty lines must
command.
The aaa local auth
or higher.The administrative
Str0ngPa55w0rd.
9. When configuring a met
keyword local?
It accepts a locally
It defaults to the vt
The login succeeds,
It uses the enable p
10. What is a characteristic
TACACS+ is an op
TACACS+ is back
TACACS+ provide
group basis.
TACACS+ uses U
or 1813 for accounti
11. Which statement identi
RADIUS?
ter R1 is configured as shown. An administr
m router R2 to router R1 using the interface
lnet access is denied. Which option corrects
router interface must be enabled.
e configured with the login authentication
entication attempts max-fail command mu
user should use the username Admin and pa
od list for AAA authentication, what is the
onfigured username, regardless of case.
line password for authentication.
even if all methods return an error.
ssword for authentication.
of TACACS+?
n IETF standard.
ard compatible with TACACS and XTACA
authorization of router commands on a per-
P port 1645 or 1812 for authentication, and
ng
fies an important difference between TACA
tive user
IP address
this problem?
default
t be set to 2
sword
ffect of the
CS.
user or per-
DP port 1646
S+ and
7/30/2019 Cisco CCNA Security Chapter 3 Exam
4/6
TACACS+ provide
RADIUS.
The RADIUS proto
The TACACS+ pro
authorization.
RADIUS can cause
authorization reques
12. In regards to Cisco Sec
a web server, email
the computer used b
network users who
a router, switch, fire
13. What is the result if an
prior to creating a user
The administrator i
The administrator i
The administrator i
The administrator i
to apply changes.
14. When configuring a Ci
A Web browser is uThe Cisco Secure A
Telnet can be used t
configuration is co
The Cisco Secure A
software on the adm
15. Which AAA protocol a
detailed accounting for
TACACS+ becaus
accounting
RADIUS because i
users
TACACS+ becaus
per-user or per-gro
RADIUS because i
user or per-group b
16. After accounting is ena
list applied?Accounting method
extensive accounting capabilities when com
ol encrypts the entire packet transmission.
ocol allows for separation of authentication
delays by establishing a new TCP session fo
t.
re ACS, what is a client device?
server, or FTP server
y a network administrator
ust access privileged EXEC commands
wall, or VPN concentrator
administrator configures the aaa authorizati
with full access rights?
s immediately locked out of the system.
s denied all access except to aaa authorizati
s allowed full access using the enable secret
s allowed full access until a router reboot, w
co Secure ACS, how is the configuration int
sed to configure a Cisco Secure ACS.CS can be accessed from the router console.
o configure a Cisco Secure ACS server after
plete.
CS can be accessed remotely after installing
inistrator workstation.
nd feature best support a large ISP that needs
customer invoicing?
it combines authentication and authorizatio
supports detailed accounting that is require
it requires select authorization policies to b
p basis
requires select authorization policies to be a
asis
led on an IOS device, how is a default acco
lists are applied only to the VTY interfaces.
pared to
rom
r each
on command
on commands.
password.
ich is required
rface accessed?
an initial
ACS client
to implement
, but separates
for billing
applied on a
pplied on a per-
nting method
7/30/2019 Cisco CCNA Security Chapter 3 Exam
5/6
A named accountin
desired interfaces.
Accounting method
added to the server
The default account
except those with n
17
.
Refer to the exhibit. In
EXEC session comman
aaa accounting
aaa accounting
aaa accounting
aaa accountingaaa accounting
aaa accounting
18. How does a Cisco Secu
authorization process?
reduces overhead b
reduces delays in th
reduces bandwidth
credentials
reduces number of
with authentication
method list must be explicitly defined and
lists are not applied to any interfaces until a
roup.
ing method list is automatically applied to all
med accounting method lists.
the network shown, which AAA command l
ds?
connection start-stop group radius
connection start-stop group tacacs+
exec start-stop group radius
exec start-stop group tacacs+network start-stop group radius
network start-stop group tacacs+
re ACS improve performance of the TACA
using UDP for authorization queries
authorization queries by using persistent T
tilization of the authorization queries by all
uthorization queries by combining the autho
pplied to
interface is
interfaces,
gs the use of
S+
P sessions
wing cached
ization process
7/30/2019 Cisco CCNA Security Chapter 3 Exam
6/6
19.
Refer to the exhibit. W
address and secure pass
User Setup
Group Setup
Network Config
System Configur
Interface Config
Administration C
20. What is an effect if AA
Authenticated users
User access to speci
Character mode aut
All authorization re
ich Cisco Secure ACS menu is required to c
word of an AAA client?
ration
ationration
ontrol
A authorization on a device is not configure
are granted full access rights.
fic services is determined by the authenticati
orization is limited, and packet mode denies
uests to the TACACS server receive a REJ
onfigure the IP
?
on process.
all requests.
CT response.