CCNA Security v20 Chapter 3 Exam Answers
CCNA Security v20 Chapter 3 Exam Answers
CCNA Security v20 Chapter 3 Exam Answers
1. Because of implemented security controls, a user can only access a server with FTP. Which AAA
component accomplishes this?
accounting
accessibility
auditing
authorization*
authentication
3. Which authentication method stores usernames and passwords in ther router and is ideal for small
networks.
4. Which component of AAA allows an administrator to track individuals who access network resources
and any changes that are made to those resources?
accounting*
accessibility
authentication
authorization
5. Refer to the exhibit. Router R1 has been configured as shown, with the resulting log message. On the
basis of the information that is presented, which two statements describe the result of AAA
authentication operation? (Choose two.)
1/5
CCNA Security Chapter 3 Exam Answer v2 001
The locked-out user stays locked out until the clear aaa local user lockout username Admin
command is issued.*
The locked-out user stays locked out until the interface is shut down then re-enabled.
The locked-out user is locked out for 10 minutes by default.
The locked-out user should have used the username admin and password Str0ngPa55w0rd.
The locked-out user failed authentication.*
6. A user complains about being locked out of a device after too many unsuccessful AAA login
attempts. What could be used by the network administrator to provide a secure authentication access
method without locking a user out of a device?
7. A user complains about not being able to gain access to a network device configured with AAA. How
would the network administrator determine if login access for the user account is disabled?
8. When a method list for AAA authentication is being configured, what is the effect of the
keywordlocal?
2/5
It defaults to the vty line password for authentication.
9. Which solution supports AAA for both RADIUS and TACACS+ servers?
10. What difference exists when using Windows Server as an AAA server, rather than Cisco Secure ACS?
TACACS+ uses UDP port 1645 or 1812 for authentication, and UDP port 1646 or 1813 for accounting.
TACACS+ is backward compatible with TACACS and XTACACS.
TACACS+ is an open IETF standard.
TACACS+ provides authorization of router commands on a per-user or per-group basis.*
12. Which two features are included by both TACACS+ and RADIUS protocols? (Choose two.)
802.1X support
separate authentication and authorization processes
SIP support
password encryption *
utilization of transport layer protocols *
13. Which server-based authentication protocol would be best for an organization that wants to apply
authorization policies on a per-group basis?
SSH
RADIUS
ACS
TACACS+*
14. Refer to the exhibit. Which statement describes the configuration of the ports for Server1?
3/5
CCNA Security Chapter 3 Exam Answer v2 002
false*
true
16. Why would a network administrator include a local username configuration, when the AAA-enabled
router is also configured to authenticate using several ACS servers?
Because ACS servers only support remote user access, local users can only authenticate using a local
username database.
A local username database is required when configuring authentication using ACS servers.
The local username database will provide a backup for authentication in the event the ACS
servers become unreachable. *
Without a local username database, the router will require successful authentication with each ACS
server.
17. Which debug command is used to focus on the status of a TCP connection when using TACACS+ for
authentication?
The router collects and reports usage data related to network-related service requests.*
The router outputs accounting data for all EXEC shell sessions.
The router provides data for only internal service requests.
The router outputs accounting data for all outbound connections such as SSH and Telnet.
Possible triggers for the aaa accounting exec default command include start-stop and stop-
only.*
Accounting can only be enabled for network connections.
Accounting is concerned with allowing and disallowing authenticated users access to certain areas
and programs on the network.
Users are not required to be authenticated before AAA accounting logs their activities on the network.
21. When using 802.1X authentication, what device controls physical access to the network, based on the
authentication status of the client?
22. What device is considered a supplicant during the 802.1X authentication process?
23. What protocol is used to encapsulate the EAP data between the authenticator and authentication
server performing 802.1X authentication?
SSH
MD5
TACACS+
RADIUS*
Related Articles
Prev Article
Next Article
5/5