CCNA Security Chapter 3 Exam Answers
1.
Because of implemented security controls,
a user can only access a server with FTP. Which AAA component accomplishes
this?
·
accounting
·
accessibility
·
auditing
·
authorization
·
authentication
2.
Why is authentication with AAA preferred
over a local database method?
·
It provides a fallback
authentication method if the administrator forgets the username or password.
·
It uses less network bandwidth.
·
It specifies a different password for
each line or port.
·
It requires a login and password
combination on the console, vty lines, and aux ports.
3.
Which authentication method stores
usernames and passwords in ther router and is ideal for small networks.
·
local AAA over TACACS+
·
server-based AAA over TACACS+
·
local AAA
·
local AAA over RADIUS
·
server-based AAA over RADIUS
·
server-based AAA
4.
Which component of AAA allows an
administrator to track individuals who access network resources and any changes
that are made to those resources?
·
accounting
·
accessibility
·
authentication
·
authorization
5.
Refer to the exhibit. Router R1 has been
configured as shown, with the resulting log message. On the basis of the
information that is presented, which two statements describe the result of AAA
authentication operation? (Choose two.)
·
The locked-out user
stays locked out until the clear aaa local user lockout username Admin command
is issued.
·
The locked-out user stays locked out
until the interface is shut down then re-enabled.
·
The locked-out user is locked out for 10
minutes by default.
·
The locked-out user should have used the
username admin and password Str0ngPa55w0rd.
·
The locked-out user
failed authentication.
6. A user
complains about being locked out of a device after too many unsuccessful AAA
login attempts. What could be used by the network administrator to provide a
secure authentication access method without locking a user out of a device?
·
Use the login delay
command for authentication attempts.
·
Use the login local command for
authenticating user access.
·
Use the aaa local authentication
attempts max-fail global configuration mode command with a higher number of
acceptable failures.
·
Use the none keyword when configuring
the authentication method list.
7.
A user complains about not being able to
gain access to a network device configured with AAA. How would the network
administrator determine if login access for the user account is disabled?
·
Use the show aaa local
user lockout command.
·
Use the show running-configuration
command.
·
Use the show aaa sessions command.
·
Use the show aaa user command.
8.
When a method list for AAA authentication
is being configured, what is the effect of the keywordlocal?
·
The login succeeds, even if all methods
return an error.
·
It uses the enable password for authentication.
·
It accepts a locally
configured username, regardless of case.
·
It defaults to the vty line password for
authentication.
9.
Which solution supports AAA for both
RADIUS and TACACS+ servers?
·
Implement Cisco Secure
Access Control System (ACS) only.
·
RADIUS and TACACS+ servers cannot be
supported by a single solution.
·
Implement a local database.
·
Implement both a local database and
Cisco Secure
·
Access Control System (ACS).
10. What
difference exists when using Windows Server as an AAA server, rather than Cisco
Secure ACS?
·
Windows Server requires more Cisco IOS
commands to configure.
·
Windows Server only supports AAA using
TACACS.
·
Windows Server uses its
own Active Directory (AD) controller for authentication and authorization.
·
Windows Server cannot be used as an AAA
server.
11. What is
a characteristic of TACACS+?
·
TACACS+ uses UDP port 1645 or 1812 for
authentication, and UDP port 1646 or 1813 for accounting.
·
TACACS+ is backward compatible with
TACACS and XTACACS.
·
TACACS+ is an open IETF standard.
·
TACACS+ provides
authorization of router commands on a per-user or per-group basis.
12. Which
two features are included by both TACACS+ and RADIUS protocols? (Choose two.)
·
802.1X support
·
separate authentication and
authorization processes
·
SIP support
·
password encryption
·
utilization of transport
layer protocols.
13. Which
server-based authentication protocol would be best for an organization that
wants to apply authorization policies on a per-group basis?
·
SSH
·
RADIUS
·
ACS
·
TACACS+
14. Refer
to the exhibit. Which statement describes the configuration of the ports for
Server1?
·
The configuration using the default
ports for a Cisco router.
·
The configuration of the ports requires
1812 be used for the authentication and the authorization ports.
·
The configuration will not be active
until it is saved and Rtr1 is rebooted.
·
The ports configured for
Server1 on the router must be identical to those configured on the RADIUS
server.
15. True or
False?
The single-connection keyword prevents the configuration of multiple TACACS+ servers on a AAA-enabled router.
The single-connection keyword prevents the configuration of multiple TACACS+ servers on a AAA-enabled router.
·
false
·
true
16. Why
would a network administrator include a local username configuration, when the
AAA-enabled router is also configured to authenticate using several ACS
servers?
·
Because ACS servers only support remote
user access, local users can only authenticate using a local username database.
·
A local username database is required
when configuring authentication using ACS servers.
·
The local username
database will provide a backup for authentication in the event the ACS servers
become unreachable.
·
Without a local username database, the
router will require successful authentication with each ACS server.
17. Which
debug command is used to focus on the status of a TCP connection when using
TACACS+ for authentication?
·
debug tacacs events
·
debug tacacs
·
debug tacacs accounting
·
debug aaa authentication
18. Which
characteristic is an important aspect of authorization in an AAA-enabled
network device?
·
The authorization feature enhances
network performance.
·
User access is
restricted to certain services.
·
User actions are recorded for use in
audits and troubleshooting events.
·
A user must be identified before network
access is granted.
19. What is
the result of entering the aaa accounting network command on a router?
·
The router collects and
reports usage data related to network-related service requests.
·
The router outputs accounting data for
all EXEC shell sessions.
·
The router provides data for only
internal service requests.
·
The router outputs accounting data for
all outbound connections such as SSH and Telnet.
20. What is
a characteristic of AAA accounting?
·
Possible triggers for
the aaa accounting exec default command include start-stop and stop-only.
·
Accounting can only be enabled for
network connections.
·
Accounting is concerned with allowing
and disallowing authenticated users access to certain areas and programs on the
network.
·
Users are not required to be
authenticated before AAA accounting logs their activities on the network.
21. When
using 802.1X authentication, what device controls physical access to the
network, based on the authentication status of the client?
·
the router that is serving as the
default gateway
·
the authentication server
·
the switch that the
client is connected to
·
the supplicant
22. What
device is considered a supplicant during the 802.1X authentication process?
·
the client that is
requesting authentication
·
the switch that is controlling network
access
·
the router that is serving as the
default gateway
·
the authentication server that is
performing client authentication
23. What
protocol is used to encapsulate the EAP data between the authenticator and
authentication server performing 802.1X authentication?
·
SSH
·
MD5
·
TACACS+
·
RADIUS
0 التعليقات :
إرسال تعليق