Cisco CCNA Security Chapter 3 Exam

7/30/2019 Cisco CCNA Security Chapter 3 Exam

1/6

Cisco CCNA

Questions and a

1. Why is local database au

It specifies a differen

It provides for authen

It requires a login an

It is more efficient fo

device.

2. What is a characteristic

Authorization can on

Accounting services

Accounting services

operations the user is

Authorization record

of time the resource i

3. Due to implemented sec

Which AAA component

accessibility

accountingauditing

authentication

authorization

4. Which two AAA access

Character mode prov

requires use of the co

Character mode prov

requires use of dialu

Character mode prov


Packet mode provide

requires use of dialu

Packet mode provide

use of dialup or VPN

Packet mode provide


5. Which two statements dServer-based AAA a

Security, chapter 3

swers 100% correct.

thentication preferred over a password-only

t password for each line or port.

tication and accountability.

password combination on console, vty lines

r users who only need to enter a password to

f AAA?

ly be implemented after a user is authenticat

re implemented prior to authenticating a use

etermine which resources the user can acces

allowed to perform.

what the user does, including what is acces

s accessed, and any changes that were made.

rity controls, a user can only access a server

accomplishes this?

method statements are true? (Choose two.)

ides remote users with access to network res

nsole, vty, or tty ports.

ides remote users with access to network res

or VPN.

ides users with administrative privilege EXE


s users with administrative privilege EXEC a

or VPN.

s remote users with access to network resour

.

s users with administrative privilege EXEC a


scribe AAA authentication? (Choose two.)thentication is more scalable than local AA

xam.

ogin?

, and aux ports.

gain entry to a

d.

r.

s and which

ed, the amount

with FTP.

urces and

urces and

C access and

ccess and

es and requires

ccess and

authentication.


2/6

Local AAA is ideal f

of the router for auth

Server-based AAA a

communicate betwee

Server-based AAA a

uses the local databas

Local AAA authentic

Cisco Secure ACS fo

6. What is a difference bet

authentication for authen

Local AAA authentic

Local AAA provides

local does not.

A method list must boptional when using

The login local com

authentication succee

7

.

Refer to the exhibit. Rou

message. On the basis o

statements are true? (Ch

The locked-out user

The locked-out user i

The locked-out user s

Pa55w0rd.


Str0ngPa55w0rd.


username Admin co

r large complex networks because it uses th

ntication.

thentication can use the RADIUS or TACA

n the router and a AAA server.

thentication is ideal for large complex netw

e of the router for authentication.

ation requires the services of an external ser

r Windows Server.

een using the login local command and usi

ticating administrator access?

ation supports encrypted passwords; login l

a way to configure backup methods of authe

configured when using the login local comocal AAA authentication.

and supports the keyword none, which ens

ds, even if all methods return an error.

ter R1 has been configured as shown, with t

the information presented, which two AAA

ose two.)

ailed authentication.

s locked out for 10 minutes by default.

hould have used the username Admin and p

hould have used the username admin and p

tays locked out until the clear aaa local use

mmand is issued.

local database

S+ protocols to

rks because it

er, such as the

g local AAA

cal does not.

ntication; login

and, but is

res that

e resulting log

authentication

ssword

ssword

lockout


3/6

8.

Refer to the exhibit. Rou

attempts to use Telnet fr

10.10.10.1. However, Te

The R1 10.10.10.1

The vty lines must

command.

The aaa local auth

or higher.The administrative

Str0ngPa55w0rd.

9. When configuring a met

keyword local?

It accepts a locally

It defaults to the vt

The login succeeds,

It uses the enable p

10. What is a characteristic

TACACS+ is an op

TACACS+ is back

TACACS+ provide

group basis.

TACACS+ uses U

or 1813 for accounti

11. Which statement identi

RADIUS?

ter R1 is configured as shown. An administr

m router R2 to router R1 using the interface

lnet access is denied. Which option corrects

router interface must be enabled.

e configured with the login authentication

entication attempts max-fail command mu

user should use the username Admin and pa

od list for AAA authentication, what is the

onfigured username, regardless of case.

line password for authentication.

even if all methods return an error.

ssword for authentication.

of TACACS+?

n IETF standard.

ard compatible with TACACS and XTACA

authorization of router commands on a per-

P port 1645 or 1812 for authentication, and

ng

fies an important difference between TACA

tive user

IP address

this problem?

default

t be set to 2

sword

ffect of the

CS.

user or per-

DP port 1646

S+ and


4/6

TACACS+ provide

RADIUS.

The RADIUS proto

The TACACS+ pro

authorization.

RADIUS can cause

authorization reques

12. In regards to Cisco Sec

a web server, email

the computer used b

network users who

a router, switch, fire

13. What is the result if an

prior to creating a user

The administrator i

The administrator i

The administrator i

The administrator i

to apply changes.

14. When configuring a Ci

A Web browser is uThe Cisco Secure A

Telnet can be used t

configuration is co

The Cisco Secure A

software on the adm

15. Which AAA protocol a

detailed accounting for

TACACS+ becaus

accounting

RADIUS because i

users

TACACS+ becaus

per-user or per-gro

RADIUS because i

user or per-group b

16. After accounting is ena

list applied?Accounting method

extensive accounting capabilities when com

ol encrypts the entire packet transmission.

ocol allows for separation of authentication

delays by establishing a new TCP session fo

t.

re ACS, what is a client device?

server, or FTP server

y a network administrator

ust access privileged EXEC commands

wall, or VPN concentrator

administrator configures the aaa authorizati

with full access rights?

s immediately locked out of the system.

s denied all access except to aaa authorizati

s allowed full access using the enable secret

s allowed full access until a router reboot, w

co Secure ACS, how is the configuration int

sed to configure a Cisco Secure ACS.CS can be accessed from the router console.

o configure a Cisco Secure ACS server after

plete.

CS can be accessed remotely after installing

inistrator workstation.

nd feature best support a large ISP that needs

customer invoicing?

it combines authentication and authorizatio

supports detailed accounting that is require

it requires select authorization policies to b

p basis

requires select authorization policies to be a

asis

led on an IOS device, how is a default acco

lists are applied only to the VTY interfaces.

pared to

rom

r each

on command

on commands.

password.

ich is required

rface accessed?

an initial

ACS client

to implement

, but separates

for billing

applied on a

pplied on a per-

nting method


5/6

A named accountin

desired interfaces.

Accounting method

added to the server

The default account

except those with n

17

.

Refer to the exhibit. In

EXEC session comman

aaa accounting

aaa accounting

aaa accounting

aaa accountingaaa accounting

aaa accounting

18. How does a Cisco Secu

authorization process?

reduces overhead b

reduces delays in th

reduces bandwidth

credentials

reduces number of

with authentication

method list must be explicitly defined and

lists are not applied to any interfaces until a

roup.

ing method list is automatically applied to all

med accounting method lists.

the network shown, which AAA command l

ds?

connection start-stop group radius

connection start-stop group tacacs+

exec start-stop group radius

exec start-stop group tacacs+network start-stop group radius

network start-stop group tacacs+

re ACS improve performance of the TACA

using UDP for authorization queries

authorization queries by using persistent T

tilization of the authorization queries by all

uthorization queries by combining the autho

pplied to

interface is

interfaces,

gs the use of

S+

P sessions

wing cached

ization process


6/6

19.

Refer to the exhibit. W

address and secure pass

User Setup

Group Setup

Network Config

System Configur

Interface Config

Administration C

20. What is an effect if AA

Authenticated users

User access to speci

Character mode aut

All authorization re

ich Cisco Secure ACS menu is required to c

word of an AAA client?

ration

ationration

ontrol

A authorization on a device is not configure

are granted full access rights.

fic services is determined by the authenticati

orization is limited, and packet mode denies

uests to the TACACS server receive a REJ

onfigure the IP

?

on process.

all requests.

CT response.

Documents

Cisco CCNA Security Chapter 3 Exam