Security 5-7
Which two UDP port numbers may be used for server-based AAA RADIUS authentication? (Choose two.) 1812 1645 1813 1646 49
1812 1645
What is a requirement to use the Secure Copy Protocol feature? At least one user with privilege level 1 has to be configured for local authentication. A command must be issued to enable the SCP server side functionality. A transfer can only originate from SCP clients that are routers. The Telnet protocol has to be configured on the SCP server side.
A command must be issued to enable the SCP server side functionality.
What is the biggest issue with local implementation of AAA? Local implementation supports only TACACS+ servers. Local implementation cannot provide secure authentication. Local implementation does not scale well. Local implementation supports only RADIUS servers.
Local implementation does not scale well.
Refer to the exhibit. What information in the syslog message identifies the facility? ADJCHG Loading Done OSPF level 5
OSPF
What are three characteristics of superviews in the Cisco role-based CLI access feature? (Choose three.) A user uses the command enable view superview-name to enter a superview. A user uses a superview to configure commands inside associated CLI views. Commands cannot be configured for a superview. Level 15 privilege access is used to configure a new superview. Deleting a superview does not delete the associated CLI views. A single CLI view can be shared within multiple superviews.
Commands cannot be configured for a superview. Deleting a superview does not delete the associated CLI views. A single CLI view can be shared within multiple superviews.
Which task is necessary to encrypt the transfer of data between the ACS server and the AAA-enabled router? Configure the key exactly the same way on the server and the router. Specify the single-connection keyword. Create a VPN tunnel between the server and the router. Use identical reserved ports on the server and the router.
Configure the key exactly the same way on the server and the router.
Refer to the exhibit. A student uses the show parser view all command to see a summary of all views configured on router R1. What is indicated by the symbol * next to JR-ADMIN? It is a root view. It is a CLI view without a command configured. It is a superview. It is a CLI view.
It is a superview.
What are two characteristics of the Cisco IOS Resilient Configuration feature? (Choose two.) It maintains a mirror image of the configuration file in RAM. It sends a backup copy of the IOS image to a TFTP server. It saves a secure copy of the primary image and device configuration that cannot be removed by a user. It minimizes the downtime of a device that has had the image and configuration deleted. It is a universal feature that can be activated on all Cisco devices.
It saves a secure copy of the primary image and device configuration that cannot be removed by a user. It minimizes the downtime of a device that has had the image and configuration deleted.
Which privilege level is predefined for the privileged EXEC mode? level 0 level 1 level 15 level 16
Level 15
What is the one major difference between local AAA authentication and using the login local command when configuring device access authentication? The login local command requires the administrator to manually configure the usernames and passwords, but local AAA authentication does not. Local AAA authentication allows more than one user account to be configured, but login local does not. Local AAA authentication provides a way to configure backup methods of authentication, but login local does not. The login local command uses local usernames and passwords stored on the router, but local AAA authentication does not.
Local AAA authentication provides a way to configure backup methods of authentication, but login local does not.
A student is learning role-based CLI access and CLI view configurations. The student opens Packet Tracer and adds a router. Which command should be used first for creating a CLI view named TECH-View? Router# enable view Router(config)# aaa new-model Router# enable view TECH-view Router(config)# parser view TECH-view
Router(config)# aaa new-model
Refer to the exhibit. What two statements describe the NTP status of the router? (Choose two.) The router is serving as an authoritative time source. The software clock for the router must be configured with the set clock command so that NTP will function properly. The router is attached to a stratum 2 device. The router is serving as a time source for the device at 192.168.1.1. The IP address of the time source for the router is 192.168.1.1.
The router is attached to a stratum 2 device. The IP address of the time source for the router is 192.168.1.1.
A network engineer is implementing security on all company routers. Which two commands must be issued to force authentication via the password 1A2b3C for all OSPF-enabled interfaces in the backbone area of the company network? (Choose two.) area 0 authentication message-digest ip ospf message-digest-key 1 md5 1A2b3C username OSPF password 1A2b3C enable password 1A2b3C area 1 authentication message-digest
area 0 authentication message-digest ip ospf message-digest-key 1 md5 1A2b3C
Which AAA component can be established using token cards? accounting authorization auditing authentication
authentication
Because of implemented security controls, a user can only access a server with FTP. Which AAA component accomplishes this? accessibility accounting auditing authentication authorization
authorization
Which three items are prompted for a user response during interactive AutoSecure setup? (Choose three.) IP addresses of interfaces content of a security banner enable secret password services to disable enable password interfaces to enable
content of a security banner enable secret password enable password
Which syslog message type is accessible only to an administrator and only via the Cisco CLI? errors alerts debugging emergency
debugging
A network administrator is configuring an AAA server to manage TACACS+ authentication. What are two attributes of TACACS+ authentication? (Choose two.) TCP port 40 encryption for all communication single process for authentication and authorization UDP port 1645 encryption for only the password of a user separate processes for authentication and authorization
encryption for all communication separate processes for authentication and authorization
What are two characteristics of the RADIUS protocol? (Choose two.) encryption of the entire body of the packet encryption of the password only the use of UDP ports for authentication and accounting the separation of the authentication and authorization processes the use of TCP port 49
encryption of the password only the use of UDP ports for authentication and accounting
What IOS privilege levels are available to assign for custom user-level privileges? levels 1 through 15 levels 0, 1, and 15 levels 2 through 14 levels 0 and 1
levels 2 through 14
What is the primary function of the aaa authorization command? permit AAA server access to AAA client services limit authenticated user access to AAA client services permit authenticated user access to AAA client services limit AAA server access to AAA client services
limit authenticated user access to AAA client services
Which authentication method stores usernames and passwords in the router and is ideal for small networks? server-based AAA over TACACS+ local AAA over RADIUS server-based AAA local AAA over TACACS+ local AAA server-based AAA over RADIUS
local AAA
A network administrator is analyzing the features supported by the multiple versions of SNMP. What are two features that are supported by SNMPv3 but not by SNMPv1 or SNMPv2c? (Choose two.) message encryption community-based security SNMP trap mechanism message source validation bulk retrieval of MIB information
message encryption message source validation
An administrator needs to create a user account with custom access to most privileged EXEC commands. Which privilege command is used to create this custom account? privilege exec level 15 privilege exec level 0 privilege exec level 1 privilege exec level 2
privilege exec level 2
Which command will move the show access-lists command to privilege level 14? router(config)# privilege level 14 command show access-lists router(config)# privilege exec level 14 show access-lists router(config)# set privilege level 14 show access-lists router(config)# show access-lists privilege level 14
router(config)# privilege exec level 14 show access-lists
Refer to the exhibit. Based on the output of the show running-config command, which type of view is SUPPORT? CLI view, containing SHOWVIEW and VERIFYVIEW commands superview, containing SHOWVIEW and VERIFYVIEW views secret view, with a level 5 encrypted password root view, with a level 5 encrypted secret password
superview, containing SHOWVIEW and VERIFYVIEW views
A student is learning about role-based views and role-based view configurations. The student enters the Router(config)# parser view TECH-view command. What is the purpose of this command? to create a CLI view named TECH-view to enter the superview named TECH-view to check the current setup of the CLI view named TECH-view to enter the CLI view named TECH-view
to create a CLI view named TECH-view
