AAA Flashcards

1
Q
Which portion of AAA looks at what a user has access to?
A. authorization
B. authentication
C. accounting
D. auditing
A

A. authorization

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Which command creates a login authentication method named “login” that will primarily use RADIUS and fail over to the local user database?
A. (config)# aaa authentication login default radius local
B. (config)# aaa authentication login login radius local
C. (config)# aaa authentication login default local radius
D. (config)# aaa authentication login radius local

A

B. (config)# aaa authentication login login radius local

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q
Which command globally enables AAA on a device?
A. aaa new-model
B. aaa authentication
C. aaa authorization
D. aaa accounting
A

A. aaa new-model

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q
Which AAA Authorization type includes PPP, SLIP, and ARAP connections?
A. network
B. IP mobile
C. EXEC
D. auth-proxy
A

A. network

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q
Which authentication service is needed to configure 802.1x?
A. RADIUS with EAP Extension
B. TACACS+
C. RADIUS with CoA
D. RADIUS using VSA
A

A. RADIUS with EAP Extension

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

A network engineer configures port security and 802.1x on the same interface. Which option describes what this configuration allows?
A. It allows port security to secure the MAC address that 802.1x authenticates.
B. It allows port security to secure the IP address that 802.1x authenticates.
C. It allows 802.1x to secure the MAC address that port security authenticates.
D. It allows 802.1x to secure the IP address that port security authenticates

A

A. It allows port security to secure the MAC address that 802.1x authenticates.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

AAA question about the command used to login a user and set immediate access to privilege mode.
A. aaa authorization exec default group radius
B. aaa authorization default group radius
C. aaa authorization radius default group

A

A. aaa authorization exec default group radius

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q
What are three types of RADIUS server responses? (Choose three)
A. Accept
B. Reject
C. Challenge
D. Get Password
E. Cancel
A

A. Accept
B. Reject
C. Challenge

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Which are features of TACACS+? (Choose three)
A. Supports backwards compatible with TACACS
B. Encrypts the header
C. Encrypts the whole payload
D. Uses TCP
E. Uses UDP
F. Separates Authentication & Authorization

A

C. Encrypts the whole payload
D. Uses TCP
F. Separates Authentication & Authorization

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Which command is used to configure vendor-specific attributes with RADIUS?
A. radius-server vsa send
B. vendor-specific attribute

A

A. radius-server vsa send

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q
Which two types of packets do TACACS+ work with? (Choose two)
A. reply
B. request
C. response
D. record
A

B. request

C. response

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Which two encryption features are used for TACACS+ and RADIUS? (Choose two)
A. It uses the entire packet.
B. It uses username and password.
C. It uses only password.

A

A. It uses the entire packet.

C. It uses only password.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Which three features about TACACS+ are true? (Choose three)
A. It supports TCP port 49
B. It supports packet encryption
C. It supports client-server architecture
D. It supports client-private cloud architecture

A

A. It supports TCP port 49
B. It supports packet encryption
C. It supports client-server architecture

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q
Which two packet types for authentication and authorization are used in TACACS+? (Choose two)
A. request
B. continue
C. response
D. start
E. stop
A

A. request

C. response

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Which statement is true about TACACS+?
A. It is a Cisco proprietary technology
B. Support several less common protections in address to IP
C. More reliable than RADIUS because it communicate with UDP packets
D. Backwards compatible with TACACS

A

A. It is a Cisco proprietary technology

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Which effect of the line keyword entered at the end of an AAA method list is true?
A. It sets last resort failback authentication method.
B. It override the enable authentication method.
C. It override the radius authentication method.
D. It override the tacacs+ authentication method.

A

A. It sets last resort failback authentication method.

17
Q

Which centralized database separates between AAA attributes?
A. TACACS+
B. RADIUS
C. Local database

A

A. TACACS+

18
Q
Which industry standard AAA mechanism uses the industry neutral mechanism for user authentication and authorization? 
A. RADIUS
B. TACACS+
C. LDAP
D. Kerberos
A

A. RADIUS

19
Q

Question about configuring AAA TACACS+ authentication with fall back to local user database and commands were given?
A. aaa authentication default login tacacs+ local
B. aaa authentication tacacs+ local default login
C. aaa authentication default tacacs+ local login
D. aaa authentication login default tacacs+ local

A

D. aaa authentication login default tacacs+ local

20
Q

Which two differences between RADIUS and TACACS+ are true? (Choose two)
A. Only TACACS+ can combine authentication and authorization function.
B. Only RADIUS uses UDP.
C. Only RADIUS provide granular control over the CLI commands that a user can execute.
D. Only TACACS+ use user privilege levels to determine which commands the user can execute.
E. Only TACACS+ uses UDP.

A

B. Only RADIUS uses UDP.

D. Only TACACS+ use user privilege levels to determine which commands the user can execute.

21
Q

Which two statements about the local user database are true? (Choose two)
A. For console connections, it can be used only as a backup authentication method
B. It can be configured to grant a user-specific privilege level
C. It can store passwords in clear text only
D. For VTY connections, it can be used only as a backup authentication method
E. It can be used as the only method of authentication or as a backup for other methods

A

B. It can be configured to grant a user-specific privilege level
E. It can be used as the only method of authentication or as a backup for other methods

22
Q

Which two features does TACACS+ support? (Choose two)
A. Combining authorization and authentication to streamline AAA services
B. Decentralizing network access management, reducing the potential impact of a security breach to a central device.
C. UDP communication between the network access server and the security server
D. Encrypting the entire TCP Packet containing TACACS+ information
E. PAP and CHAP authentication

A

D. Encrypting the entire TCP Packet containing TACACS+ information
E. PAP and CHAP authentication

23
Q

Which three characteristics of AAA with TACACS+ are true? (Choose three)
A. It is a Cisco-proprietary implementation
B. It is a standard-based implementation
C. It runs on UDP port 49
D. It uses a client-private cloud architecture
E. It uses a client-server architecture
F. It runs on TCP port 49

A

A. It is a Cisco-proprietary implementation
E. It uses a client-server architecture
F. It runs on TCP port 49

24
Q
Which AAA authorization method uses a vendor-neutral directory information protocol?
A. LDAP
B. RADIUS
C. TACACS+
D. Kerberos
A

A. LDAP

25
Q

Which command enables a RADIUS server configuration to use vendor-proprietary attributes?
A. radius-server configure-nas
B. radius-server attribute nas-port extended
C. radius-server host non-standard
D. radius-server vsa send authentication

A

D. radius-server vsa send authentication

26
Q

Which three feature of AAA with RADIUS are true? (Choose three)
A. It encrypts the password for transmission.
B. It integrates authorization and authentication functions.
C. It separates authorization and authentication functions.
D. It encrypts the entire transmission.
E. It secures access to endpoint devices.
F. It secures access to network devices.

A

A. It encrypts the password for transmission.
B. It integrates authorization and authentication functions.
F. It secures access to network devices.

27
Q

Which two statements about TACACS+ are true? (Choose two)
A. It is a Cisco-proprietary technology.
B. It support several less-common protocol in addition to IP.
C. It encrypts only the packet header.
D. It is more reliable than RADIUS because it communicates with UDP packets.
E. It is backwards-compatible with TACACS.
F. It combines accounting and authorization functions.

A

A. It is a Cisco-proprietary technology.

B. It support several less-common protocol in addition to IP.

28
Q
Which form of centralized device authentication allows each AAA feature to function separately?
A. local database
B. RADIUS
C. TACACS+
D. kerberos
A

C. TACACS+

29
Q

Which two tasks must you perform to enable AAA operations with a remote security database? (Choose 2)
A. Configure Cisco Discovery Protocol on all interface used for authentication.
B. Configure user profiles on the remote security database.
C. Configure a user profile in the local database of each device to which the user will have access.
D. Configure network equipment to query the remote security database.
E. Configure SSH to provide remote access to network equipment.

A

B. Configure user profiles on the remote security database.

D. Configure network equipment to query the remote security database.