cisco security chapter 3 exam
Which solution supports AAA for both RADIUS and TACACS+ servers?
Implement Cisco Secure Access Control System (ACS) only.*
When a method list for AAA authentication is being configured, what is the effect of the keyword local?
It accepts a locally configured username, regardless of case*
Why is authentication with AAA preferred over a local database method?
It provides a fallback authentication method if the administrator forgets the username or password.*
What is a characteristic of AAA accounting?
Possible triggers for the aaa accounting exec default command include start-stop and stop-only.*
What protocol is used to encapsulate the EAP data between the authenticator and authentication server performing 802.1X authentication?
RADIUS*
What is a characteristic of TACACS+?
TACACS+ provides authorization of router commands on a per-user or per-group basis.*
Which server-based authentication protocol would be best for an organization that wants to apply authorization policies on a per-group basis?
TACACS+*
Why would a network administrator include a local username configuration, when the AAA-enabled router is also configured to authenticate using several ACS servers?
The local username database will provide a backup for authentication in the event the ACS servers become unreachable.*
What is the result of entering the aaa accounting network command on a router?
The router collects and reports usage data related to network-related service requests.*
A user complains about being locked out of a device after too many unsuccessful AAA login attempts. What could be used by the network administrator to provide a secure authentication access method without locking a user out of a device?
Use the login delay command for authentication attempts.*
A user complains about not being able to gain access to a network device configured with AAA. How would the network administrator determine if login access for the user account is disabled?
Use the show aaa local user lockout command.*
Which characteristic is an important aspect of authorization in an AAA-enabled network device?
User access is restricted to certain services.*
What difference exists when using Windows Server as an AAA server, rather than Cisco Secure ACS?
Windows Server uses its own Active Directory (AD) controller for authentication and authorization.*
Which component of AAA allows an administrator to track individuals who access network resources and any changes that are made to those resources?
accounting*
Because of implemented security controls, a user can only access a server with FTP. Which AAA component accomplishes this?
authorization*
Which debug command is used to focus on the status of a TCP connection when using TACACS+ for authentication?
debug tacacs events*
True or False? The single-connection keyword prevents the configuration of multiple TACACS+ servers on a AAA-enabled router.
false*
Which authentication method stores usernames and passwords in the router and is ideal for small networks?
local AAA*
Which authentication method stores usernames and passwords in ther router and is ideal for small networks.
local AAA*
Which two features are included by both TACACS+ and RADIUS protocols? (Choose two.)
password encryption* utilization of transport layer protocols*
What device is considered a supplicant during the 802.1X authentication process?
the client that is requesting authentication*
When using 802.1X authentication, what device controls physical access to the network, based on the authentication status of the client?
the switch that the client is connected to*
