CCNASecurity Test 3
Router R1 has been configured as shown, with the resulting log message. On the basis of the information that is presented, which two statements describe the result of AAA authentication operation?
-The locked-out user stays locked out until the clear aaa local user lockout username Admin command is issued.* -The locked-out user failed authentication
Which two features are included by both TACACS+ and RADIUS protocols? (Choose two.)
-password encryption* -utilization of transport layer protocols*
Which solution supports AAA for both RADIUS and TACACS+ servers?
Implement Cisco Secure Access Control System (ACS) only.
When a method list for AAA authentication is being configured, what is the effect of the keyword local?
It accepts a locally configured username, regardless of case
Why is authentication with AAA preferred over a local database method?
It provides a fallback authentication method if the administrator forgets the username or password
What is a characteristic of AAA accounting?
Possible triggers for the aaa accounting exec default command include start-stop and stop-only.
What protocol is used to encapsulate the EAP data between the authenticator and authentication server performing 802.1X authentication?
RADIUS
Which server-based authentication protocol would be best for an organization that wants to apply authorization policies on a per-group basis?
TACACS+
What is a characteristic of TACACS+?
TACACS+ provides authorization of router commands on a per-user or per-group basis
Why would a network administrator include a local username configuration, when the AAA-enabled router is also configured to authenticate using several ACS servers?
The local username database will provide a backup for authentication in the event the ACS servers become unreachable
Which statement describes the configuration of the ports for Server1?
The ports configured for Server1 on the router must be identical to those configured on the RADIUS server.
What is the result of entering the aaa accounting network command on a router?
The router collects and reports usage data related to network-related service requests
A user complains about being locked out of a device after too many unsuccessful AAA login attempts. What could be used by the network administrator to provide a secure authentication access method without locking a user out of a device?
Use the login delay command for authentication attempts
A user complains about not being able to gain access to a network device configured with AAA. How would the network administrator determine if login access for the user account is disabled?
Use the show aaa local user lockout command
Which characteristic is an important aspect of authorization in an AAA-enabled network device?
User access is restricted to certain services
What difference exists when using Windows Server as an AAA server, rather than Cisco Secure ACS?
Windows Server uses its own Active Directory (AD) controller for authentication and authorization
Which component of AAA allows an administrator to track individuals who access network resources and any changes that are made to those resources?
accounting
Because of implemented security controls, a user can only access a server with FTP. Which AAA component accomplishes this?
authorization
Which debug command is used to focus on the status of a TCP connection when using TACACS+ for authentication?
debug tacacs events
True or False? The single-connection keyword prevents the configuration of multiple TACACS+ servers on a AAA-enabled router.
false
Which authentication method stores usernames and passwords in the router and is ideal for small networks?
local AAA
Which authentication method stores usernames and passwords in ther router and is ideal for small networks
local AAA
What device is considered a supplicant during the 802.1X authentication process?
the client that is requesting authentication
When using 802.1X authentication, what device controls physical access to the network, based on the authentication status of the client?
the switch that the client is connected to