Practice Q's - AAA Flashcards
Which type of device can act as a client in a system that uses TACACS+? (Which device type can act as a client in a system that uses TACACS+?)
- router
- end user workstation
- AD server
- end user wireless device
Correct Answer: A
Which command is used to configure vendor-specific attributes with RADIUS?
- radius-server vsa send
- vendor-specific attribute
- ???
- ???
Correct Answer: A
Which two statements about the local user database are true? (Choose two.)
- For console connections, it can be used only as a backup authentication method.
- It can be configured to grant a user-specific privilege level.
- It can store passwords in clear text only.
- For VTY connections, it can be used only as a backup authentication method.
- It can be used as the only method of authentication or as a backup for other methods.
Correct Answer: BE Section
Which two features does TACACS+ support? (Choose two.)
- Combining authorization and authentication to streamline AAA services.
- Decentralizing network access management, reducing the potential impact of a security breach to a central device.
- UDP communication between the network access server and the security server.
- Encrypting the entire TCP Packet containing TACACS + information.
- PAP and CHAP authentication.
Correct Answer: DE
Which three characteristics of AAA with TACACS+ are true? (Choose three.)
- It is a Cisco-proprietary implementation.
- It is a standard-based implementation.
- It runs on UDP port 49.
- It uses a client-private cloud architecture.
- It uses a client-server architecture.
- It runs on TCP port 49.
Correct Answer: AEF
Which AAA authorization method uses a vendor-neutral directory information protocol?
- LDAP
- RADIUS
- TACACS+
- Kerberos
Correct Answer: A
Which command enables a RADIUS server configuration to use vendor-proprietary attributes?
- radius-server configure-nas
- radius-server attribute nas-port extended
- radius-server host non-standard
- radius-server vsa send authentication
Correct Answer: D
A question about AAA accounting features. (Choose two.)
- authentication
- authorization
- connection
- commands
- system
Correct Answer: DE
You want a device to use the local user database if the TACACS+ server is unreachable. Which AAA login authentication command must you configure?
- aaa authentication login default group local tacacs+
- aaa authentication login default group tacacs+ local
- aaa authentication login default group local
- aaa authentication login TACACS group tacacs+ local
Correct Answer: B
Which information in a RADIUS access-request packet is encrypted?
- entire header
- username and password
- entire payload
- password
Correct Answer: D
Which AAA authorization type applies security policies on a per-user basis?
- Exex
- command
- auto-proxy
- network
Correct Answer: C
Explanation/Reference:
Method lists are specific to the authorization type requested:
+ Auth-proxy – Applies specific security policies on a per-user basis. For detailed information on the authentication proxy feature, refer to the chapter “Configuring Authentication Proxy” in the “Traffic Filtering and Firewalls” part of this book.
+ Commands – Applies to the EXEC mode commands a user issues. Command authorization attempts authorization for all EXEC mode commands, including global configuration commands, associated with a specific privilege level.
+ EXEC – Applies to the attributes associated with a user EXEC terminal session.
+ Network – Applies to network connections. This can include a PPP, SLIP, or ARAP connection.
+ Reverse Access – Applies to reverse Telnet sessions.
Which two accounting types does AAA support? (Choose two.)
- connection
- privilege
- authorization
- authentication
- system
Correct Answer: CD
Which three feature of AAA with RADIUS are true? (Choose three.)
- It encrypts the password for transmission.
- It integrates authorization and authentication functions.
- It separates authorization and authentication functions.
- It encrypts the entire transmission.
- It secures access to endpoint devices.
- It secures access to network devices.
Correct Answer: ABF
Which command do you enter on a device so that users are automatically placed in enable mode after they authenticate with TACACS+?
- aaa authorization exec default group tacacs+ if-authenticated
- aaa authorization exec default group tacacs+ local-case
- aaa authorization exec default group tacacs+ enable
- aaa authentication exec default group tacacs+ if-authenticated
Correct Answer: D
Which two statements about TACACS+ are true? (Choose two.)
- It is a Cisco-proprietary technology.
- It support several less-common protocol in addition to IP.
- It encrypts only the packet header.
- It is more reliable than RADIUS because it communicates with UDP packets.
- It is backwards-compatible with TACACS.
- It combines accounting and authorization functions.
Correct Answer: AB