Practice Q's - AAA

Question 1

Which type of device can act as a client in a system that uses TACACS+? (Which device type can act as a client in a system that uses TACACS+?)

1. router
2. end user workstation
3. AD server
4. end user wireless device

Answer 1

Correct Answer: A

Question 2

Which command is used to configure vendor-specific attributes with RADIUS?

1. radius-server vsa send
2. vendor-specific attribute
3. ???
4. ???

Answer 2

Correct Answer: A

Question 3

Which two statements about the local user database are true? (Choose two.)

1. For console connections, it can be used only as a backup authentication method.
2. It can be configured to grant a user-specific privilege level.
3. It can store passwords in clear text only.
4. For VTY connections, it can be used only as a backup authentication method.
5. It can be used as the only method of authentication or as a backup for other methods.

Answer 3

Correct Answer: BE Section

Question 4

Which two features does TACACS+ support? (Choose two.)

1. Combining authorization and authentication to streamline AAA services.
2. Decentralizing network access management, reducing the potential impact of a security breach to a central device.
3. UDP communication between the network access server and the security server.
4. Encrypting the entire TCP Packet containing TACACS + information.
5. PAP and CHAP authentication.

Answer 4

Correct Answer: DE

Question 5

Which three characteristics of AAA with TACACS+ are true? (Choose three.)

1. It is a Cisco-proprietary implementation.
2. It is a standard-based implementation.
3. It runs on UDP port 49.
4. It uses a client-private cloud architecture.
5. It uses a client-server architecture.
6. It runs on TCP port 49.

Answer 5

Correct Answer: AEF

Question 6

Which AAA authorization method uses a vendor-neutral directory information protocol?

1. LDAP
2. RADIUS
3. TACACS+
4. Kerberos

Answer 6

Correct Answer: A

Question 7

Which command enables a RADIUS server configuration to use vendor-proprietary attributes?

1. radius-server configure-nas
2. radius-server attribute nas-port extended
3. radius-server host non-standard
4. radius-server vsa send authentication

Answer 7

Correct Answer: D

Question 8

A question about AAA accounting features. (Choose two.)

1. authentication
2. authorization
3. connection
4. commands
5. system

Answer 8

Correct Answer: DE

Question 9

You want a device to use the local user database if the TACACS+ server is unreachable. Which AAA login authentication command must you configure?

1. aaa authentication login default group local tacacs+
2. aaa authentication login default group tacacs+ local
3. aaa authentication login default group local
4. aaa authentication login TACACS group tacacs+ local

Answer 9

Correct Answer: B

Question 10

Which information in a RADIUS access-request packet is encrypted?

1. entire header
2. username and password
3. entire payload
4. password

Answer 10

Correct Answer: D

Question 11

Which AAA authorization type applies security policies on a per-user basis?

1. Exex
2. command
3. auto-proxy
4. network

Answer 11

Correct Answer: C

Explanation/Reference:

Method lists are specific to the authorization type requested:

+ Auth-proxy – Applies specific security policies on a per-user basis. For detailed information on the authentication proxy feature, refer to the chapter “Configuring Authentication Proxy” in the “Traffic Filtering and Firewalls” part of this book.

+ Commands – Applies to the EXEC mode commands a user issues. Command authorization attempts authorization for all EXEC mode commands, including global configuration commands, associated with a specific privilege level.

+ EXEC – Applies to the attributes associated with a user EXEC terminal session.

+ Network – Applies to network connections. This can include a PPP, SLIP, or ARAP connection.

+ Reverse Access – Applies to reverse Telnet sessions.

Question 12

Which two accounting types does AAA support? (Choose two.)

1. connection
2. privilege
3. authorization
4. authentication
5. system

Answer 12

Correct Answer: CD

Question 13

Which three feature of AAA with RADIUS are true? (Choose three.)

1. It encrypts the password for transmission.
2. It integrates authorization and authentication functions.
3. It separates authorization and authentication functions.
4. It encrypts the entire transmission.
5. It secures access to endpoint devices.
6. It secures access to network devices.

Answer 13

Correct Answer: ABF

Question 14

Which command do you enter on a device so that users are automatically placed in enable mode after they authenticate with TACACS+?

1. aaa authorization exec default group tacacs+ if-authenticated
2. aaa authorization exec default group tacacs+ local-case
3. aaa authorization exec default group tacacs+ enable
4. aaa authentication exec default group tacacs+ if-authenticated

Answer 14

Correct Answer: D

Question 15

Which two statements about TACACS+ are true? (Choose two.)

1. It is a Cisco-proprietary technology.
2. It support several less-common protocol in addition to IP.
3. It encrypts only the packet header.
4. It is more reliable than RADIUS because it communicates with UDP packets.
5. It is backwards-compatible with TACACS.
6. It combines accounting and authorization functions.

Answer 15

Correct Answer: AB

Question 16

Which two tasks must you perform to enable AAA operations with a remote security database? (Choose two.)

1. Configure Cisco Discovery Protocol on all interface used for authentication.
2. Configure user profiles on the remote security database.
3. Configure a user profile in the local database of each device to which the user will have access.
4. Configure network equipment to query the remote security database.
5. Configure SSH to provide remote access to network equipment.

Answer 16

Correct Answer: BD

Question 17

Which form of centralized device authentication allows each AAA feature to function separately?

1. local database
2. RADIUS
3. TACACS+
4. kerberos

Answer 17

Correct Answer: C

Question 18

Which statement about local database device authentication is true?

1. It is most appropriate for authentication on a large network with many end users.
2. It can be used as a fallback authentication method when the connection to the remote network access service fails.
3. It is primary used for authentication without usernames.
4. It supports the full functionally of the AAA accounting feature.

Answer 18

Correct Answer: B

Question 19

Which three responses from a RADIUS server are valid? (Choose three.)

1. CHALLENGE
2. ACKNOWLEDGE
3. UPDATE PASSWORD
4. REJECT
5. ACCEPT
6. CONFIRM

Answer 19

Correct Answer: ADE

Question 20

Which two statements about RADIUS are true? (Choose two.)

1. It combines authentication and accounting functions.
2. It support several less-common protocols in addition to IP.
3. It is less secure than TACACS+ because it encrypts only the user name and password.
4. It uses UDP packets to communicate.
5. It combine authentication and authorization function.

Answer 20

Correct Answer: DE

Question 21

Which three features of AAA with TACACS+ are true? (Choose three.)

1. It secures access to network devices.
2. It encrypts the entire transmission.
3. It secures access to endpoint devices.
4. It encrypts the password for transmission.
5. It integrates authorization and authentication functions.
6. It separates authorization and authentication functions.

Answer 21

Correct Answer: ABF