Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
23 Cards in this Set
- Front
- Back
Which component of AAA is used to determine which resources a user can access and which operations the user is allowed to perform? |
Autherization |
|
What is an effect if AAA authorization on a device is not configured? |
it defaults to the vty line access password |
|
A global company is deploying Cisco Secure ACS to manage user access to its headquarters campus. The network administrator configures the ACS to use multiple external databases for users from different geographical regions. The administrator creates user groups to match these databases. What is a purpose of creating different groups of users to authenticate through the Cisco Secure ACS?
|
to accommodate any difference in the authentication requirements between the ACS and an external database |
|
Which technology provides the framework to enable scalable access security? |
authentication, authorization, and accounting |
|
Because of implemented security controls, a user can only access a server with FTP. Which AAA component accomplishes this? |
authorization |
|
in the context of Cisco Secure ACS, what is a client device? |
router switch ect |
|
What is a characteristic of TACACS+? |
TACACS+ uses UDP port 1645 or 1812 for authentication, and UDP port 1646 or 1813 for accounting. |
|
Which two statements describe AAA access methods? (Choose two.) |
Packet mode provides users with administrative privilege EXEC access and requires use of the console, vty, or tty ports. |
|
What type of AAA access method does character mode provide |
console vty, and aux |
|
What type of AAA access does packet mode provide |
Access to network services ppp |
|
Refer to the exhibit. In the network that is shown, which AAA command logs the use of EXEC session commands? |
aaa accounting exec start-stop group tacacs+ |
|
Refer to the exhibit. Router R1 is configured as shown. An administrative user attempts to use Telnet from router R2 to router R1 using the interface IP address 10.10.10.1. However, Telnet access is denied. Which option corrects this problem? |
The administrative user should use the username Admin and password Str0ngPa55w0rd. |
|
Which two features are included by both TACACS+ and RADIUS protocols? (Choose two.) |
password encryption |
|
Refer to the exhibit. Router R1 has been configured as shown, with the resulting log message. On the basis of the information that is presented, which two statements describe the result of AAA authentication operation? (Choose two.) |
The locked-out user failed authentication |
|
Refer to the exhibit. A network administrator configures AAA authentication on R1. When the administrator tests the configuration by telneting to R1 and no ACS servers can be contacted, which password should the administrator use in order to login successfully? |
Pa$$w0rD |
|
Refer to the exhibit. A network administrator configures AAA authentication on R1. Which statement describes the effect of the keyword single-connection in the configuration? |
The authentication performance is enhanced by keeping the connection to the TACACS+ server open. |
|
Which two statements describe AAA access methods? (Choose two.)
|
Packet mode provides remote users with access to network resources and requires use of dialup or VPN.
Character mode provides users with administrative privilege EXEC access and requires use of the console, vty, or tty ports. |
|
What is a characteristic of TACACS+? |
TACACS+ provides authorization of router commands on a per-user or per-group basis. The TACACS+ protocol provides flexibility in AAA services. For example, using TACACS+, administrators can select authorization policies to be applied on a per-user or per-group basis. |
|
When a method list for AAA authentication is being configured, what is the effect of the keywordlocal? |
It accepts a locally configured username, regardless of case.
In defining AAA authentication method list, one option is to use a preconfigured local database. There are two keywords, either of which enables local authentication via the preconfigured local database. The keyword local accepts a username regardless of case, and the keyword local-case is case-sensitive for both usernames and passwords. |
|
What is the result if an administrator uses the aaa authorization command prior to creating a user with full access rights?
|
The administrator is immediately locked out of the system.
|
|
How does a Cisco Secure ACS improve performance of the TACACS+ authorization process?
|
Reducing delays in the authorization queries by using persistent TCP sessions
By default, when using a server-based AAA process, TACACS+ establishes a new TCP session for every authorization request, which can lead to delays when users enter commands. Cisco Secure ACS supports persistent TCP sessions to improve performance. |
|
What is an effect if AAA authorization on a device is not configured? |
Authenticated users are granted full access rights. |
|
Which two features are included by both TACACS+ and RADIUS protocols? (Choose two.) |
password encryption |