AAA

Question 1

Which portion of AAA looks at what a user has access to?
A. authorization
B. authentication
C. accounting
D. auditing

Answer 1

A. authorization

Question 2

Which command creates a login authentication method named “login” that will primarily use RADIUS and fail over to the local user database?
A. (config)# aaa authentication login default radius local
B. (config)# aaa authentication login login radius local
C. (config)# aaa authentication login default local radius
D. (config)# aaa authentication login radius local

Answer 2

B. (config)# aaa authentication login login radius local

Question 3

Which command globally enables AAA on a device?
A. aaa new-model
B. aaa authentication
C. aaa authorization
D. aaa accounting

Answer 3

A. aaa new-model

Question 4

Which AAA Authorization type includes PPP, SLIP, and ARAP connections?
A. network
B. IP mobile
C. EXEC
D. auth-proxy

Answer 4

A. network

Question 5

Which authentication service is needed to configure 802.1x?
A. RADIUS with EAP Extension
B. TACACS+
C. RADIUS with CoA
D. RADIUS using VSA

Answer 5

A. RADIUS with EAP Extension

Question 6

A network engineer configures port security and 802.1x on the same interface. Which option describes what this configuration allows?
A. It allows port security to secure the MAC address that 802.1x authenticates.
B. It allows port security to secure the IP address that 802.1x authenticates.
C. It allows 802.1x to secure the MAC address that port security authenticates.
D. It allows 802.1x to secure the IP address that port security authenticates

Answer 6

A. It allows port security to secure the MAC address that 802.1x authenticates.

Question 7

AAA question about the command used to login a user and set immediate access to privilege mode.
A. aaa authorization exec default group radius
B. aaa authorization default group radius
C. aaa authorization radius default group

Answer 7

A. aaa authorization exec default group radius

Question 8

What are three types of RADIUS server responses? (Choose three)
A. Accept
B. Reject
C. Challenge
D. Get Password
E. Cancel

Answer 8

A. Accept
B. Reject
C. Challenge

Question 9

Which are features of TACACS+? (Choose three)
A. Supports backwards compatible with TACACS
B. Encrypts the header
C. Encrypts the whole payload
D. Uses TCP
E. Uses UDP
F. Separates Authentication & Authorization

Answer 9

C. Encrypts the whole payload
D. Uses TCP
F. Separates Authentication & Authorization

Question 10

Which command is used to configure vendor-specific attributes with RADIUS?
A. radius-server vsa send
B. vendor-specific attribute

Answer 10

A. radius-server vsa send

Question 11

Which two types of packets do TACACS+ work with? (Choose two)
A. reply
B. request
C. response
D. record

Answer 11

B. request

C. response

Question 12

Which two encryption features are used for TACACS+ and RADIUS? (Choose two)
A. It uses the entire packet.
B. It uses username and password.
C. It uses only password.

Answer 12

A. It uses the entire packet.

C. It uses only password.

Question 13

Which three features about TACACS+ are true? (Choose three)
A. It supports TCP port 49
B. It supports packet encryption
C. It supports client-server architecture
D. It supports client-private cloud architecture

Answer 13

A. It supports TCP port 49
B. It supports packet encryption
C. It supports client-server architecture

Question 14

Which two packet types for authentication and authorization are used in TACACS+? (Choose two)
A. request
B. continue
C. response
D. start
E. stop

Answer 14

A. request

C. response

Question 15

Which statement is true about TACACS+?
A. It is a Cisco proprietary technology
B. Support several less common protections in address to IP
C. More reliable than RADIUS because it communicate with UDP packets
D. Backwards compatible with TACACS

Answer 15

A. It is a Cisco proprietary technology

Question 16

Which effect of the line keyword entered at the end of an AAA method list is true?
A. It sets last resort failback authentication method.
B. It override the enable authentication method.
C. It override the radius authentication method.
D. It override the tacacs+ authentication method.

Answer 16

A. It sets last resort failback authentication method.

Question 17

Which centralized database separates between AAA attributes?
A. TACACS+
B. RADIUS
C. Local database

Answer 17

A. TACACS+

Question 18

Which industry standard AAA mechanism uses the industry neutral mechanism for user authentication and authorization? 
A. RADIUS
B. TACACS+
C. LDAP
D. Kerberos

Answer 18

A. RADIUS

Question 19

Question about configuring AAA TACACS+ authentication with fall back to local user database and commands were given?
A. aaa authentication default login tacacs+ local
B. aaa authentication tacacs+ local default login
C. aaa authentication default tacacs+ local login
D. aaa authentication login default tacacs+ local

Answer 19

D. aaa authentication login default tacacs+ local

Question 20

Which two differences between RADIUS and TACACS+ are true? (Choose two)
A. Only TACACS+ can combine authentication and authorization function.
B. Only RADIUS uses UDP.
C. Only RADIUS provide granular control over the CLI commands that a user can execute.
D. Only TACACS+ use user privilege levels to determine which commands the user can execute.
E. Only TACACS+ uses UDP.

Answer 20

B. Only RADIUS uses UDP.

D. Only TACACS+ use user privilege levels to determine which commands the user can execute.

Question 21

Which two statements about the local user database are true? (Choose two)
A. For console connections, it can be used only as a backup authentication method
B. It can be configured to grant a user-specific privilege level
C. It can store passwords in clear text only
D. For VTY connections, it can be used only as a backup authentication method
E. It can be used as the only method of authentication or as a backup for other methods

Answer 21

B. It can be configured to grant a user-specific privilege level
E. It can be used as the only method of authentication or as a backup for other methods

Question 22

Which two features does TACACS+ support? (Choose two)
A. Combining authorization and authentication to streamline AAA services
B. Decentralizing network access management, reducing the potential impact of a security breach to a central device.
C. UDP communication between the network access server and the security server
D. Encrypting the entire TCP Packet containing TACACS+ information
E. PAP and CHAP authentication

Answer 22

D. Encrypting the entire TCP Packet containing TACACS+ information
E. PAP and CHAP authentication

Question 23

Which three characteristics of AAA with TACACS+ are true? (Choose three)
A. It is a Cisco-proprietary implementation
B. It is a standard-based implementation
C. It runs on UDP port 49
D. It uses a client-private cloud architecture
E. It uses a client-server architecture
F. It runs on TCP port 49

Answer 23

A. It is a Cisco-proprietary implementation
E. It uses a client-server architecture
F. It runs on TCP port 49

Question 24

Which AAA authorization method uses a vendor-neutral directory information protocol?
A. LDAP
B. RADIUS
C. TACACS+
D. Kerberos

Answer 24

A. LDAP

Question 25

Which command enables a RADIUS server configuration to use vendor-proprietary attributes?
A. radius-server configure-nas
B. radius-server attribute nas-port extended
C. radius-server host non-standard
D. radius-server vsa send authentication

Answer 25

D. radius-server vsa send authentication

Question 26

Which three feature of AAA with RADIUS are true? (Choose three)
A. It encrypts the password for transmission.
B. It integrates authorization and authentication functions.
C. It separates authorization and authentication functions.
D. It encrypts the entire transmission.
E. It secures access to endpoint devices.
F. It secures access to network devices.

Answer 26

A. It encrypts the password for transmission.
B. It integrates authorization and authentication functions.
F. It secures access to network devices.

Question 27

Which two statements about TACACS+ are true? (Choose two)
A. It is a Cisco-proprietary technology.
B. It support several less-common protocol in addition to IP.
C. It encrypts only the packet header.
D. It is more reliable than RADIUS because it communicates with UDP packets.
E. It is backwards-compatible with TACACS.
F. It combines accounting and authorization functions.

Answer 27

A. It is a Cisco-proprietary technology.

B. It support several less-common protocol in addition to IP.

Question 28

Which form of centralized device authentication allows each AAA feature to function separately?
A. local database
B. RADIUS
C. TACACS+
D. kerberos

Answer 28

C. TACACS+

Question 29

Which two tasks must you perform to enable AAA operations with a remote security database? (Choose 2)
A. Configure Cisco Discovery Protocol on all interface used for authentication.
B. Configure user profiles on the remote security database.
C. Configure a user profile in the local database of each device to which the user will have access.
D. Configure network equipment to query the remote security database.
E. Configure SSH to provide remote access to network equipment.

Answer 29

B. Configure user profiles on the remote security database.

D. Configure network equipment to query the remote security database.