CCNA Security - Chapter 3 Exam Answers
1. Why is local database authentication preferred over a password-only login?
Answer:
* It provides for authentication and accountability.
2. What is a characteristic of AAA?
Answer:
* Authorization can only be implemented after a user is authenticated.
3. Due to implemented security controls, a user can only access a server with FTP. Which AAA component accomplishes this?
Answer:
* authorization
4. Which two AAA access method statements are true? (Choose two.)
Answer:
* Character mode provides users with administrative privilege EXEC access and requires use of the console, vty, or tty ports.
* Packet mode provides remote users with access to network resources and requires use of dialup or VPN.
5. Which two statements describe AAA authentication? (Choose two.)
Answer:
* Server-based AAA authentication is more scalable than local AAA authentication.
* Server-based AAA authentication can use the RADIUS or TACACS+ protocols to communicate between the router and a AAA server.
6. What is a difference between using the login local command and using local AAA authentication for authenticating administrator access?
Answer:
* Local AAA provides a way to configure backup methods of authentication; login local does not.
7. Refer to the exhibit. Router R1 has been configured as shown, with the resulting log message. On the basis of the information presented, which two AAA authentication statements are true? (Choose two.)
Answer:
* The locked-out user failed authentication.
* The locked-out user stays locked out until the clear aaa local user lockout username Admin command is issued.
8. Refer to the exhibit. Router R1 is configured as shown. An administrative user attempts to use Telnet from router R2 to router R1 using the interface IP address 10.10.10.1. However, Telnet access is denied. Which option corrects this problem?
Answer:
* The administrative user should use the username Admin and password Str0ngPa55w0rd.
9. When configuring a method list for AAA authentication, what is the effect of the keyword local?
Answer:
* It accepts a locally configured username, regardless of case.
10. What is a characteristic of TACACS+?
Answer:
* TACACS+ provides authorization of router commands on a per-user or per-group basis.
11. Which statement identifies an important difference between TACACS+ and RADIUS?
Answer:
* The TACACS+ protocol allows for separation of authentication from authorization.
12. In regards to Cisco Secure ACS, what is a client device?
Answer:
* a router, switch, firewall, or VPN concentrator
13. What is the result if an administrator configures the aaa authorization command prior to creating a user with full access rights?
Answer:
* The administrator is immediately locked out of the system.
14. When configuring a Cisco Secure ACS, how is the configuration interface accessed?
Answer:
* A Web browser is used to configure a Cisco Secure ACS.
15. Which AAA protocol and feature best support a large ISP that needs to implement detailed accounting for customer invoicing?
Answer:
* RADIUS because it supports detailed accounting that is required for billing users
16. After accounting is enabled on an IOS device, how is a default accounting method list applied?
Answer:
* The default accounting method list is automatically applied to all interfaces, except those with named accounting method lists.
17. Refer to the exhibit. In the network shown, which AAA command logs the use of EXEC session commands?
Answer:
* aaa accounting exec start-stop group tacacs+
18. How does a Cisco Secure ACS improve performance of the TACACS+ authorization process?
Answer:
* reduces delays in the authorization queries by using persistent TCP sessions
19. Refer to the exhibit. Which Cisco Secure ACS menu is required to configure the IP address and secure password of an AAA client?
Answer:
* Network Configuration
20. What is an effect if AAA authorization on a device is not configured?
Answer:
* Authenticated users are granted full access rights.
Sumber : http://ccna-exam-answers-final.blogspot.com/2013/08/ccna-security-chapter-3-exam-answers.html
blog.ceaster.com - www.ceaster.com Ceaster Corp
Posts
