AAA

33a RADIUS vs TACACS+

33a RADIUS vs TACACS+

34 RADIUS vs TACACS+

34 RADIUS vs TACACS+

34a RADIUS vs TACACS+

34a RADIUS vs TACACS+

Which three AAA methods does TACACS+ support? (Choose three.) A. Accounting B. Authentication C. Authorization D. Access E. Acknowledge

A. Accounting B. Authentication C. Authorization

QUESTION 34 Which two options are true about TACACS+? (Choose two.) (Which options are true about TACACS+?) A. Decentralize login to avoid security breach xxxxxx (not remembering full) B. Support PAP and CHAP C. Combines authentication and authorization D. Entire packet is encrypted E. ???

A. Decentralize login to avoid security breach xxxxxx (not remembering full) D. Entire packet is encrypted

QUESTION 23 A question on local database for consoling to network devices. (Choose two.) A. Console is a backup authentication method B. Console is the only backup authentication method C. You can set user privileged levels D. Consoling to network devices is not possible

,A. Console is a backup authentication method C. You can set user privileged levels

QUESTION 124 A network engineer configures port security and 802.1x on the same interface. Which option describes what this configuration allows? A. It allows port security to secure the MAC address that 802.1x authenticates. B. It allows port security to secure the IP address that 802.1x authenticates. C. It allows 802.1x to secure the MAC address that port security authenticates. D. It allows 802.1x to secure the IP address that port security authenticates.

,A. It allows port security to secure the MAC address that 802.1x authenticates.

QUESTION 114 Refer to the exhibit. When a network administrator is attempting an SSH connection to the device, in which order does the device check the login credentials? A. RADIUS server, local username, line password B. RADIUS server, line password, local username C. Line password, local username, RADIUS server D. Line password, RADIUS server, local username

,A. RADIUS server, local username, line password

QUESTION 45 AAA question about the command used to login a user and set immediate access to privilege mode. A. aaa authorization exec default group radius B. aaa authentication default group login C. aaa authorization group default radius D. aaa authentication exec default group radius

,A. aaa authorization exec default group radius

33 RADIUS vs TACACS+

33 RADIUS vs TACACS+

QUESTION 42 Which three characteristics of AAA with RADIUS are true? (Choose three.) A. It uses a client-server architecture. B. It uses standards-based implemented. C. It runs on UDP port 1812. D. It is a Cisco proprietary implementation. E. It runs on TCP port 49. F. It uses a client-private cloud architecture.

A. It uses a client-server architecture. B. It uses standards-based implemented. C. It runs on UDP port 1812

QUESTION 26 A question on local user database for login to network devices. (Choose two.) A. Local user dbs can be main and also backup authentication method B. Local user dbs is the only backup authentication method C. You can set user privileged levels D. Local user dbs is used after 3 unsuccessful logins via RADIUS server E. AAA authentication must be implemented on switch,

A. Local user dbs can be main and also backup authentication method C. You can set user privileged levels

QUESTION 112 Which authentication service is needed to configure 802.1x? A. RADIUS with EAP Extension B. TACACS+ C. RADIUS with CoA D. RADIUS using VSA,

A. RADIUS with EAP Extension

QUESTION 115 Which three responses from a RADIUS server are valid? (Choose three.) A. REJECT B. CHALLENGE C. ACCEPT D. UPDATE PASSWORD E. CONFIRM,

A. REJECT B. CHALLENGE C. ACCEPT

QUESTION 110 Which command globally enables AAA on a device? A. aaa new-model B. aaa authentication C. aaa authorization D. aaa accounting,

A. aaa new-model

QUESTION 99 Which portion of AAA looks at what a user has access to? A. authorization B. authentication C. accounting D. auditing,

A. authorization

QUESTION 21 A question about message TACACS+ server with two choices. (Choose two.) (Msg TACACS server - 2 choices) A. error B. hello C. continue D. transmit E. request

A. error C. continue

QUESTION 111 Which AAA Authorization type includes PPP, SLIP, and ARAP connections? A. network B. IP mobile C. EXEC D. auth-proxy,

A. network

QUESTION 6 Which two packet types are used by the TACACS+ authorization process? (Choose two.) A. request B. response C. reply D. continue E. start

A. request B. response

QUESTION 8 Which two command types are used by the RADIUS accounting process? (Choose two.) A. start B. stop C. record D. reply E. request

A. start B. stop

QUESTION 39 A question about AAA with TACACS+ (Choose three.) A. uses TCP 49 B. uses UDP 49 C. Cisco proprietary D. uses standard... E. uses extended...

A. uses TCP 49 B. uses UDP 49 D. uses standard...

QUESTION 100 Which command creates a login authentication method named "login" that will primarily use RADIUS and fail over to the local user database? A. (config)# aaa authentication login default radius local B. (config)# aaa authentication login login radius local C. (config)# aaa authentication login default local radius D. (config)# aaa authentication login radius local,

B. (config)# aaa authentication login login radius local

QUESTION 46 Which three advantages of TACACS+ are true? (Choose three.) A. It integrates authentication and authorization B. It controls access to network devices C. It controls access to endpoint devices D. It encrypted the passwords E. It encrypted the whole transition F. It separates authentication and authorization

B. It controls access to network devices E. It encrypted the whole transition F. It separates authentication and authorization

QUESTION 31 Which of these two options are true about RADIUS? (Choose two.) A. Uses TCP port 49 B. Uses client server model C. Uses UDP to exchange traffic D. Support for multiple protocols E. Is compatible with TACACS+

B. Uses client server model C. Uses UDP to exchange traffic

QUESTION 245 Which command do you enter so that the default authentication group on a device falls back to the case-sensitive local user database when the initial authentication fails? A. aaa authentication login default group tacacs+ radius local B. aaa authentication exec default group tacacs+ local if-authenticated C. aaa authentication login default group tacacs+ local-case if-authenticated D. aaa authentication exec default group tacacs+ if-authenticated local,

B. aaa authentication exec default group tacacs+ local if-authenticated

QUESTION 5 Which two packet types are used by the TACACS+ authentication process? (Choose two.) A. request B. reply C. start D. response E. continue

B. reply E. continue

TACACS+ authentication process TACACS+ authorization process TACACS+ accounting process

B. reply E. continue = authentication A. request B. response = authorization B. request D. response = accounting

QUESTION 7 Which two packet types are used by the TACACS+ accounting process? (Choose two.) A. start B. request C. continue D. response E. reply

B. request D. response

QUESTION 19 A question about TACACS+ with three choices. (Choose three.) A. Supports backwards compatible with TACACS+ B. Encrypts the header C. Encrypts the whole payload D. Utilizes TCP port E. Utilizes UDP port F. Separates authentication and authorization

C. Encrypts the whole payload D. Utilizes TCP port F. Separates authentication and authorization

QUESTION 32 A question on TACACS+. (Choose two.) A. Backward compatible with TACACS. B. More secure then RADIUS as it uses UDP. C. Has support for multiple protocols other than IP. D. Separates authentication and authorization. E. Encrypts just the header

C. Has support for multiple protocols other than IP. D. Separates authentication and authorization

QUESTION 50 What happens if we add "line" on AAA command? A. Disable TACACS+ authentication B. Disable RADIUS authentication C. It's a last resource (or resort) login D. Is the prefer logging method in Cisco switches

C. It's a last resource (or resort) login

QUESTION 68 Which fallback method can you configure to allow all AAA authorization requests to be granted if the other methods do not respond or return an error? A. enable B. RADIUS C. none D. TACACS+

C. none

Explination

Explination