Scribd Logo
Upload

Welcome to Scribd!

  • 4K views

    CCNA Security Exam Module 3

    Uploaded by

    Cibeles
    This document provides a summary of 20 questions and answers from a CCNA Security chapter regarding authentication, authorization, and accounting (AAA). Some key points covered include: - Local database authentication is preferred over password-only login as it provides authentication and accountability. - Authorization can only be implemented after a user is authenticated. - Authorization records what resources a user accesses and changes made. The document tests understanding of AAA concepts like accounting, authentication methods, and differences between RADIUS and TACACS+.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PDF or read online from Scribd

    CCNA Security Exam Module 3

    Uploaded by

    Cibeles
    4K views5 pages
    This document provides a summary of 20 questions and answers from a CCNA Security chapter regarding authentication, authorization, and accounting (AAA). Some key points covered include: - Local database authentication is preferred over password-only login as it provides authentication and accountability. - Authorization can only be implemented after a user is authenticated. - Authorization records what resources a user accesses and changes made. The document tests understanding of AAA concepts like accounting, authentication methods, and differences between RADIUS and TACACS+.

    Original Description:

    CCNAS Chapter 3 - CCNA Security: Implementing Network Security (Version 1.0)

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Available Formats

    PDF or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    This document provides a summary of 20 questions and answers from a CCNA Security chapter regarding authentication, authorization, and accounting (AAA). Some key points covered include: - Local database authentication is preferred over password-only login as it provides authentication and accountability. - Authorization can only be implemented after a user is authenticated. - Authorization records what resources a user accesses and changes made. The document tests understanding of AAA concepts like accounting, authentication methods, and differences between RADIUS and TACACS+.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PDF or read online from Scribd
    Download as pdf
    4K views5 pages

    CCNA Security Exam Module 3

    Uploaded by

    Cibeles
    This document provides a summary of 20 questions and answers from a CCNA Security chapter regarding authentication, authorization, and accounting (AAA). Some key points covered include: - Local database authentication is preferred over password-only login as it provides authentication and accountability. - Authorization can only be implemented after a user is authenticated. - Authorization records what resources a user accesses and changes made. The document tests understanding of AAA concepts like accounting, authentication methods, and differences between RADIUS and TACACS+.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PDF or read online from Scribd
    Download as pdf
    of 5

    CCNAS Chapter 3 - CCNA Security: Implementing Network Security (Version 1.

    0)

    1. Why is local database authentication preferred over a password-only login?


    A. It specifies a different password for each line or port.
    B. It provides for authentication and accountability.
    C. It requires a login and password combination on console, vty lines, and aux ports.
    D. It is more efficient for users who only need to enter a password to gain entry to a device.

    AANSWER: B

    2. What is a characteristic of AAA?


    A. Authorization can only be implemented after a user is authenticated.
    B. Accounting services are implemented prior to authenticating a user.
    C. Accounting services determine which resources the user can access and which operations the user is allowed to perform.
    D. Authorization records what the user does, including what is accessed, the amount of time the resource is accessed, and any
    changes that were made.

    ANSWER: A

    3. Due to implemented security controls, a user can only access a server with FTP. Which AAA component accomplishes this?
    A.accessibility
    B.accounting
    C.auditing
    D.authentication
    E.Authorization

    ANSWER: E

    4. Which feature of AAA allows an administrator to track individuals who access network resources, when those resources are
    accessed, and any changes that are made?
    A.accounting
    B.authorization
    C.accessibility
    D.authentication

    ANSWER: A

    5. Which two AAA access method statements are true? (Choose two.)
    A.Character mode provides remote users with access to network resources and requires use of the console, vty, or tty ports.
    B.Character mode provides remote users with access to network resources and requires use of dialup or VPN.
    C.Character mode provides users with administrative privilege EXEC access and requires use of the console, vty, or tty ports.
    D.Packet mode provides users with administrative privilege EXEC access and requires use of dialup or VPN.
    E.Packet mode provides remote users with access to network resources and requires use of dialup or VPN.
    F. Packet mode provides users with administrative privilege EXEC access and requires use of the console, vty, or tty ports.

    ANSWER: C,E

    6. What is a difference between using the login local command and using local AAA authentication for authenticating administrator
    access?
    A. Local AAA authentication supports encrypted passwords; login local does not.
    B. Local AAA provides a way to configure backup methods of authentication; login local does not.
    C. A method list must be configured when using the login local command, but is optional when using local AAA authentication.
    D. The login local command supports the keyword none, which ensures that authentication succeeds, even if all methods return an
    error.

    ANSWER: B
    7. Refer to the exhibit. Router R1 has been configured as shown, with the resulting log message. On the basis of the information
    presented, which two AAA authentication statements are true? (Choose two.)
    A. The locked-out user failed authentication.
    B. The locked-out user is locked out for 10 minutes by default.
    C. The locked-out user should have used the username Admin and password Pa55w0rd.
    D. The locked-out user should have used the username admin and password Str0ngPa55w0rd.
    E. The locked-out user stays locked out until the clear aaa local user lockout Admin command is issued

    ANSWER: A,E

    8. Refer to the exhibit. Router R1 is configured as shown. An administrative user attempts to use Telnet from router R2 to router R1
    using the interface IP address 10.10.10.1. However, Telnet access is denied. Which option corrects this problem?
    A. The R1 10.10.10.1 router interface must be enabled.
    B. The vty lines must be configured with the login authentication default command.
    C. The aaa local authentication attempts max-fail command must be set to 2 or higher.
    D. The administrative user should use the username Admin and password Str0ngPa55w0rd.

    ANSWER: D

    9. When configuring a method list for AAA authentication, what is the effect of the keyword local?
    A.It accepts a locally configured username, regardless of case.
    B.It defaults to the vty line password for authentication.
    C.The login succeeds, even if all methods return an error.
    D.It uses the enable password for authentication.

    ANSWER: A
    10. Which two statements describe AAA authentication? (Choose two.)
    A. Server-based AAA authentication is more scalable than local AAA authentication.
    B. Local AAA is ideal for large complex networks because it uses the local database of
    the router for authentication.
    C. Server-based AAA authentication can use the RADIUS or TACACS+ protocols to
    communicate between the router and a AAA server.
    D. Server-based AAA authentication is ideal for large complex networks because it uses
    the local database of the router for authentication.
    E. Local AAA authentication requires the services of an external server, such as the
    Cisco Secure ACS for Windows Server.

    ANSWER:A,C

    11. What is a characteristic of TACACS+?


    A. TACACS+ is an open IETF standard.
    B. TACACS+ is backward compatible with TACACS and XTACACS.
    C. TACACS+ provides authorization of router commands on a per-user or per-group basis.
    D. TACACS+ uses UDP port 1645 or 1812 for authentication, and UDP port 1646 or 1813 for accounting.

    ANSWER: B

    12. Which statement identifies an important difference between TACACS+ and RADIUS?
    A. TACACS+ provides extensive accounting capabilities when compared to RADIUS.
    B. The RADIUS protocol encrypts the entire packet transmission.
    C. The TACACS+ protocol allows for separation of authentication from authorization.
    D. RADIUS can cause delays by establishing a new TCP session for each authorization request.

    ANSWER: C

    13. Which AAA protocol and feature best support a large ISP that needs to implement detailed accounting for customer invoicing?
    A. TACACS+ because it combines authentication and authorization, but separates accounting
    B. RADIUS because it supports detailed accounting that is required for billing users
    C. TACACS+ because it requires select authorization policies to be applied on a per-user or per-group basis
    D. RADIUS because it requires select authorization policies to be applied on a per-user or per-group basis

    ANSWER: B

    14. In regards to Cisco Secure ACS, what is a client device?


    A. a web server, email server, or FTP server
    B. the computer used by a network administrator
    C. network users who must access privileged EXEC commands
    D. a router, switch, firewall, or VPN concentrator

    ANSWER: D

    15. When configuring a Cisco Secure ACS, how is the configuration interface accessed?
    A. A Web browser is used to configure a Cisco Secure ACS.
    B. The Cisco Secure ACS can be accessed from the router console.
    C. Telnet can be used to configure a Cisco Secure ACS server after an initial configuration is complete.
    D. The Cisco Secure ACS can be accessed remotely after installing ACS client software on the administrator workstation.

    ANSWER:A
    16. Refer to the exhibit. Which Cisco Secure ACS menu is required to configure the IP address and secure password of an AAA
    client?
    A. User Setup
    B. Group Setup
    C. Network Configuration
    D. System Configuration
    E. Interface Configuration
    F. Administration Control

    ANSWER: C

    17. Refer to the exhibit. Which AAA command must be configured to allow authenticated users administrative access to commands
    such as configure terminal?
    A. aaa authorization exec default group radius
    B. aaa authorization exec default group tacacs+
    C. aaa accounting network default start-stop
    D. aaa accounting exec default start-stop

    ANSWER: B

    18.What is the result if an administrator configures the aaa authorization command prior to creating a user with full access rights?
    A.The administrator is immediately locked out of the system.
    B.The administrator is denied all access except to aaa authorization commands.
    C.The administrator is allowed full access using the enable secret password.
    D.The administrator is allowed full access until a router reboot, which is required to apply changes

    ANSWER: A
    19. Refer to the exhibit. In the network shown, which AAA command logs the use of EXEC session commands?
    A. aaa accounting connection start-stop group radius
    B .aaa accounting connection start-stop group tacacs+
    C. aaa accounting exec start-stop group radius
    D. aaa accounting exec start-stop group tacacs+
    E. aaa accounting network start-stop group radius
    F. aaa accounting network start-stop group tacacs+

    ANSWER: D

    20. Which aaa accounting command enables logging of both the start and stop
    records for EXEC sessions on the router?
    A.aaa accounting commands 15 start-stop group tacacs+
    B.aaa accounting connection start-stop group tacacs+
    C.aaa accounting exec default start-stop group tacacs+
    D.aaa accounting network default start-stop group tacacs+
    E.aaa accounting system start-stop tacacs+

    ANSWER: C

    You might also like