Implementing AAA in Cisco IOS

Question 1

What is most likely used for authentication of a network administrator accessing the CLI of a Cisco router?

Answer 1

TACACS, ACS

Question 2

What allows for granular control related to authorization of specific Cisco IOS commands that are being attempted by an authenticated and authorized Cisco router admin?

Answer 2

TACACS

Question 3

Which devices or users would be clients of an ACS server?

Answer 3

Router, Switch

Question 4

On the router, what should be created and applied to a vty line to enforce a specific set of methods for identifying who a user is?

Answer 4

Authorization method list

Question 5

What is the minimum size for an effective TACACS group of servers?

Answer 5

1

Question 6

With what can you configure AAA on the router?

Answer 6

CCP, CLI

Question 7

Which statement is true for ACS 5.x and later?

Answer 7

Authorization policies can be associated with user groups that are accessing specific network device groups.

Question 8

Where in the ACS do you go to create a new group of administrators?

Answer 8

Users and Identity Stores > Identity Groups

Question 9

From the router, which method tests the most about the ACS configuration, without forcing you to log in again at the router?

Answer 9

test aaa

Question 10

What could likely cause an ACS authentication failure, even when the user is using the correct credentials?

Answer 10

Incorrect secret on ACS, Incorrect IP address of the ACS server on the router, incorrect routing, incorrect filtering between the ACS and router