Close Window

Assessment System

1. Assessment Selection 2. Assessment Settings 3. Take Assessment

Take Assessment - CCNAS Chapter 3 - CCNA Security: Implementing Network Security

(Version 1.0)

00:20:49
Time Remaining:

1 Which AAA protocol and feature best support a large ISP that needs to implement detailed accounting for customer invoicing?
TACACS+ because it combines authentication and authorization, but separates accounting

RADIUS because it supports detailed accounting that is required for billing users

TACACS+ because it requires select authorization policies to be applied on a per-user or per-group basis

RADIUS because it requires select authorization policies to be applied on a per-user or per-group basis

2 How does a Cisco Secure ACS improve performance of the TACACS+ authorization process?
reduces overhead by using UDP for authorization queries

reduces delays in the authorization queries by using persistent TCP sessions

reduces bandwidth utilization of the authorization queries by allowing cached credentials

reduces number of authorization queries by combining the authorization process with authentication

3 Which two AAA access method statements are true? (Choose two.)
Character mode provides remote users with access to network resources and requires use of the console, vty, or tty ports.

Character mode provides remote users with access to network resources and requires use of dialup or VPN.

Character mode provides users with administrative privilege EXEC access and requires use of the console, vty, or tty ports.

Packet mode provides users with administrative privilege EXEC access and requires use of dialup or VPN.

Packet mode provides remote users with access to network resources and requires use of dialup or VPN.

Packet mode provides users with administrative privilege EXEC access and requires use of the console, vty, or tty ports.

4 Which two statements describe AAA authentication? (Choose two.)

Server-based AAA authentication is more scalable than local AAA authentication.

Local AAA is ideal for large complex networks because it uses the local database of the router for authentication.
Server-based AAA authentication can use the RADIUS or TACACS+ protocols to communicate between the router and a AAA
server.
Server-based AAA authentication is ideal for large complex networks because it uses the local database of the router for
authentication.
 Local AAA authentication requires the services of an external server, such as the Cisco Secure ACS for Windows Server.

5 Why is local database authentication preferred over a password-only login?

It specifies a different password for each line or port.

It provides for authentication and accountability.

It requires a login and password combination on console, vty lines, and aux ports.

It is more efficient for users who only need to enter a password to gain entry to a device.

Refer to the exhibit. In the network shown, which AAA command logs the use of EXEC session commands?
aaa accounting connection start-stop group radius

aaa accounting connection start-stop group tacacs+

aaa accounting exec start-stop group radius

aaa accounting exec start-stop group tacacs+

aaa accounting network start-stop group radius

aaa accounting network start-stop group tacacs+

7 What is a characteristic of AAA?

Authorization can only be implemented after a user is authenticated.

Accounting services are implemented prior to authenticating a user.

Accounting services determine which resources the user can access and which operations the user is allowed to perform.
Authorization records what the user does, including what is accessed, the amount of time the resource is accessed, and any
changes that were made.

8 When configuring a method list for AAA authentication, what is the effect of the keyword local?
It accepts a locally configured username, regardless of case.

It defaults to the vty line password for authentication.

The login succeeds, even if all methods return an error.

It uses the enable password for authentication.

9 What is the result if an administrator configures the aaa authorization command prior to creating a user with full access rights?
The administrator is immediately locked out of the system.
 The administrator is denied all access except to aaa authorization commands.

The administrator is allowed full access using the enable secret password.

The administrator is allowed full access until a router reboot, which is required to apply changes.

10

Refer to the exhibit. Which Cisco Secure ACS menu is required to configure the IP address and secure password of an AAA client?
User Setup

Group Setup

Network Configuration

System Configuration

Interface Configuration

Administration Control

11 After accounting is enabled on an IOS device, how is a default accounting method list applied?
Accounting method lists are applied only to the VTY interfaces.

A named accounting method list must be explicitly defined and applied to desired interfaces.

Accounting method lists are not applied to any interfaces until an interface is added to the server group.

The default accounting method list is automatically applied to all interfaces, except those with named accounting method lists.

12 In regards to Cisco Secure ACS, what is a client device?

 a web server, email server, or FTP server

the computer used by a network administrator

network users who must access privileged EXEC commands

a router, switch, firewall, or VPN concentrator

13 When configuring a Cisco Secure ACS, how is the configuration interface accessed?
A Web browser is used to configure a Cisco Secure ACS.

The Cisco Secure ACS can be accessed from the router console.

Telnet can be used to configure a Cisco Secure ACS server after an initial configuration is complete.

The Cisco Secure ACS can be accessed remotely after installing ACS client software on the administrator workstation.

14 What is an effect if AAA authorization on a device is not configured?

Authenticated users are granted full access rights.

User access to specific services is determined by the authentication process.

Character mode authorization is limited, and packet mode denies all requests.

All authorization requests to the TACACS server receive a REJECT response.

15

Refer to the exhibit. Router R1 has been configured as shown, with the resulting log message. On the basis of the information presen
two AAA authentication statements are true? (Choose two.)
The locked-out user failed authentication.

The locked-out user is locked out for 10 minutes by default.

The locked-out user should have used the username Admin and password Pa55w0rd.

The locked-out user should have used the username admin and password Str0ngPa55w0rd.

The locked-out user stays locked out until the clear aaa local user lockout username Admin command is issued.

Showing 1 of 2 <Prev 1 Next>

Page:

Close Window

All contents copyright 1992-2010 Cisco Systems, Inc. Privacy Statement and Trademarks.