Practice Q's - AAA Flashcards

1
Q

Which type of device can act as a client in a system that uses TACACS+? (Which device type can act as a client in a system that uses TACACS+?)

  1. router
  2. end user workstation
  3. AD server
  4. end user wireless device
A

Correct Answer: A

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Which command is used to configure vendor-specific attributes with RADIUS?

  1. radius-server vsa send
  2. vendor-specific attribute
  3. ???
  4. ???
A

Correct Answer: A

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Which two statements about the local user database are true? (Choose two.)

  1. For console connections, it can be used only as a backup authentication method.
  2. It can be configured to grant a user-specific privilege level.
  3. It can store passwords in clear text only.
  4. For VTY connections, it can be used only as a backup authentication method.
  5. It can be used as the only method of authentication or as a backup for other methods.
A

Correct Answer: BE Section

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Which two features does TACACS+ support? (Choose two.)

  1. Combining authorization and authentication to streamline AAA services.
  2. Decentralizing network access management, reducing the potential impact of a security breach to a central device.
  3. UDP communication between the network access server and the security server.
  4. Encrypting the entire TCP Packet containing TACACS + information.
  5. PAP and CHAP authentication.
A

Correct Answer: DE

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Which three characteristics of AAA with TACACS+ are true? (Choose three.)

  1. It is a Cisco-proprietary implementation.
  2. It is a standard-based implementation.
  3. It runs on UDP port 49.
  4. It uses a client-private cloud architecture.
  5. It uses a client-server architecture.
  6. It runs on TCP port 49.
A

Correct Answer: AEF

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Which AAA authorization method uses a vendor-neutral directory information protocol?

  1. LDAP
  2. RADIUS
  3. TACACS+
  4. Kerberos
A

Correct Answer: A

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Which command enables a RADIUS server configuration to use vendor-proprietary attributes?

  1. radius-server configure-nas
  2. radius-server attribute nas-port extended
  3. radius-server host non-standard
  4. radius-server vsa send authentication
A

Correct Answer: D

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

A question about AAA accounting features. (Choose two.)

  1. authentication
  2. authorization
  3. connection
  4. commands
  5. system
A

Correct Answer: DE

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

You want a device to use the local user database if the TACACS+ server is unreachable. Which AAA login authentication command must you configure?

  1. aaa authentication login default group local tacacs+
  2. aaa authentication login default group tacacs+ local
  3. aaa authentication login default group local
  4. aaa authentication login TACACS group tacacs+ local
A

Correct Answer: B

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Which information in a RADIUS access-request packet is encrypted?

  1. entire header
  2. username and password
  3. entire payload
  4. password
A

Correct Answer: D

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Which AAA authorization type applies security policies on a per-user basis?

  1. Exex
  2. command
  3. auto-proxy
  4. network
A

Correct Answer: C

Explanation/Reference:

Method lists are specific to the authorization type requested:

+ Auth-proxy – Applies specific security policies on a per-user basis. For detailed information on the authentication proxy feature, refer to the chapter “Configuring Authentication Proxy” in the “Traffic Filtering and Firewalls” part of this book.

+ Commands – Applies to the EXEC mode commands a user issues. Command authorization attempts authorization for all EXEC mode commands, including global configuration commands, associated with a specific privilege level.

+ EXEC – Applies to the attributes associated with a user EXEC terminal session.

+ Network – Applies to network connections. This can include a PPP, SLIP, or ARAP connection.

+ Reverse Access – Applies to reverse Telnet sessions.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Which two accounting types does AAA support? (Choose two.)

  1. connection
  2. privilege
  3. authorization
  4. authentication
  5. system
A

Correct Answer: CD

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Which three feature of AAA with RADIUS are true? (Choose three.)

  1. It encrypts the password for transmission.
  2. It integrates authorization and authentication functions.
  3. It separates authorization and authentication functions.
  4. It encrypts the entire transmission.
  5. It secures access to endpoint devices.
  6. It secures access to network devices.
A

Correct Answer: ABF

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Which command do you enter on a device so that users are automatically placed in enable mode after they authenticate with TACACS+?

  1. aaa authorization exec default group tacacs+ if-authenticated
  2. aaa authorization exec default group tacacs+ local-case
  3. aaa authorization exec default group tacacs+ enable
  4. aaa authentication exec default group tacacs+ if-authenticated
A

Correct Answer: D

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Which two statements about TACACS+ are true? (Choose two.)

  1. It is a Cisco-proprietary technology.
  2. It support several less-common protocol in addition to IP.
  3. It encrypts only the packet header.
  4. It is more reliable than RADIUS because it communicates with UDP packets.
  5. It is backwards-compatible with TACACS.
  6. It combines accounting and authorization functions.
A

Correct Answer: AB

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Which two tasks must you perform to enable AAA operations with a remote security database? (Choose two.)

  1. Configure Cisco Discovery Protocol on all interface used for authentication.
  2. Configure user profiles on the remote security database.
  3. Configure a user profile in the local database of each device to which the user will have access.
  4. Configure network equipment to query the remote security database.
  5. Configure SSH to provide remote access to network equipment.
A

Correct Answer: BD

17
Q

Which form of centralized device authentication allows each AAA feature to function separately?

  1. local database
  2. RADIUS
  3. TACACS+
  4. kerberos
A

Correct Answer: C

18
Q

Which statement about local database device authentication is true?

  1. It is most appropriate for authentication on a large network with many end users.
  2. It can be used as a fallback authentication method when the connection to the remote network access service fails.
  3. It is primary used for authentication without usernames.
  4. It supports the full functionally of the AAA accounting feature.
A

Correct Answer: B

19
Q

Which three responses from a RADIUS server are valid? (Choose three.)

  1. CHALLENGE
  2. ACKNOWLEDGE
  3. UPDATE PASSWORD
  4. REJECT
  5. ACCEPT
  6. CONFIRM
A

Correct Answer: ADE

20
Q

Which two statements about RADIUS are true? (Choose two.)

  1. It combines authentication and accounting functions.
  2. It support several less-common protocols in addition to IP.
  3. It is less secure than TACACS+ because it encrypts only the user name and password.
  4. It uses UDP packets to communicate.
  5. It combine authentication and authorization function.
A

Correct Answer: DE

21
Q

Which three features of AAA with TACACS+ are true? (Choose three.)

  1. It secures access to network devices.
  2. It encrypts the entire transmission.
  3. It secures access to endpoint devices.
  4. It encrypts the password for transmission.
  5. It integrates authorization and authentication functions.
  6. It separates authorization and authentication functions.
A

Correct Answer: ABF