Copy and Edit

CCNA Security Chapter 3 Exam

Description

CCNA Security Chapter 3 Exam
d94829 d94829
Quiz by d94829 d94829, updated more than 1 year ago
d94829 d94829
Created by d94829 d94829 about 6 years ago
1075
2
0

Resource summary

Question 1

Question
Because of implemented security controls, a user can only access a server with FTP. Which AAA component accomplishes this?
Answer
  • accounting
  • accessibility
  • auditing
  • authorization
  • authentication

Question 2

Question
Why is authentication with AAA preferred over a local database method?
Answer
  • It provides a fallback authentication method if the administrator forgets the username or password
  • It uses less network bandwidth
  • It specifies a different password for each line or port
  • It requires a login and password combination on the console, vty lines, and aux ports

Question 3

Question
Which authentication method stores usernames and passwords in ther router and is ideal for small networks
Answer
  • local AAA over TACACS+
  • server-based AAA over TACACS+
  • local AAA
  • local AAA over RADIUS
  • server-based AAA over RADIUS
  • server-based AAA

Question 4

Question
Which component of AAA allows an administrator to track individuals who access network resources and any changes that are made to those resources?
Answer
  • accounting
  • accessibility
  • authentication
  • authorization

Question 5

Question
Refer to the exhibit. Router R1 has been configured as shown, with the resulting log message. On the basis of the information that is presented, which two statements describe the result of AAA authentication operation? (Choose two.)
Image:
Ccna Security Chapter 3 P5 (binary/octet-stream)
Answer
  • The locked-out user stays locked out until the clear aaa local user lockout username Admin command is issued
  • The locked-out user stays locked out until the interface is shut down then re-enabled
  • The locked-out user is locked out for 10 minutes by default
  • The locked-out user should have used the username admin and password Str0ngPa55w0rd
  • The locked-out user failed authentication.

Question 6

Question
A user complains about being locked out of a device after too many unsuccessful AAA login attempts. What could be used by the network administrator to provide a secure authentication access method without locking a user out of a device
Answer
  • Use the login delay command for authentication attempts.
  • Use the login local command for authenticating user access
  • Use the aaa local authentication attempts max-fail global configuration mode command with a higher number of acceptable failures
  • Use the none keyword when configuring the authentication method list

Question 7

Question
A user complains about not being able to gain access to a network device configured with AAA. How would the network administrator determine if login access for the user account is disabled?
Answer
  • Use the show aaa local user lockout command
  • Use the show running-configuration command
  • Use the show aaa sessions command
  • Use the show aaa user command

Question 8

Question
When a method list for AAA authentication is being configured, what is the effect of the keywordlocal
Answer
  • The login succeeds, even if all methods return an error
  • It uses the enable password for authentication
  • It accepts a locally configured username, regardless of case
  • It defaults to the vty line password for authentication

Question 9

Question
Which solution supports AAA for both RADIUS and TACACS+ servers?
Answer
  • Implement Cisco Secure Access Control System (ACS) only
  • RADIUS and TACACS+ servers cannot be supported by a single solution
  • Implement a local database.
  • Implement both a local database and Cisco Secure
  • Access Control System (ACS)

Question 10

Question
What difference exists when using Windows Server as an AAA server, rather than Cisco Secure ACS?
Answer
  • Windows Server requires more Cisco IOS commands to configure
  • Windows Server only supports AAA using TACACS
  • Windows Server uses its own Active Directory (AD) controller for authentication and authorization
  • Windows Server cannot be used as an AAA server

Question 11

Question
What is a characteristic of TACACS+?
Answer
  • TACACS+ uses UDP port 1645 or 1812 for authentication, and UDP port 1646 or 1813 for accounting
  • TACACS+ is backward compatible with TACACS and XTACACS
  • TACACS+ is an open IETF standard
  • TACACS+ provides authorization of router commands on a per-user or per-group basis

Question 12

Question
Which two features are included by both TACACS+ and RADIUS protocols? (Choose two.)
Answer
  • 802.1X support
  • separate authentication and authorization processes
  • SIP support
  • password encryption
  • utilization of transport layer protocols

Question 13

Question
Which server-based authentication protocol would be best for an organization that wants to apply authorization policies on a per-group basis
Answer
  • SSH
  • RADIUS
  • ACS
  • TACACS+

Question 14

Question
Refer to the exhibit. Which statement describes the configuration of the ports for Server1?
Image:
Cfb Hjruo 6lw Azi Mjt Nos1 L Ee Uj Qp Ouw1m Qi Kn R M Nm Qd Celvmpwl X1 T Xb0i E Fxi2 Ye4 Kywe Wo3 Ch Lb Vg Diax Q Kxcq Lu Ty Ls3bh8 Xgxn V Xjdy V Oc3 Qt Et Ivh P Si A Iv T4p Ek Lh T5 6xq X Lh O Ojf S63j Vd X L32 Ve8uo Csn Ieq1zg4 Uy Ivh My9s B T Jylov (image/png)
Answer
  • The configuration using the default ports for a Cisco router
  • The configuration of the ports requires 1812 be used for the authentication and the authorization ports
  • The configuration will not be active until it is saved and Rtr1 is rebooted.
  • The ports configured for Server1 on the router must be identical to those configured on the RADIUS server

Question 15

Question
True or False? The single-connection keyword prevents the configuration of multiple TACACS+ servers on a AAA-enabled router.
Answer
  • True
  • False

Question 16

Question
Why would a network administrator include a local username configuration, when the AAA-enabled router is also configured to authenticate using several ACS servers?
Answer
  • Because ACS servers only support remote user access, local users can only authenticate using a local username database
  • A local username database is required when configuring authentication using ACS servers
  • The local username database will provide a backup for authentication in the event the ACS servers become unreachable
  • Without a local username database, the router will require successful authentication with each ACS server

Question 17

Question
Which debug command is used to focus on the status of a TCP connection when using TACACS+ for authentication?
Answer
  • debug tacacs events
  • debug tacacs
  • debug tacacs accounting
  • debug aaa authentication

Question 18

Question
Which characteristic is an important aspect of authorization in an AAA-enabled network device?
Answer
  • The authorization feature enhances network performance.
  • User access is restricted to certain services
  • User actions are recorded for use in audits and troubleshooting events
  • A user must be identified before network access is granted

Question 19

Question
What is the result of entering the aaa accounting network command on a router?
Answer
  • The router collects and reports usage data related to network-related service requests
  • The router outputs accounting data for all EXEC shell sessions
  • The router provides data for only internal service requests
  • The router outputs accounting data for all outbound connections such as SSH and Telnet

Question 20

Question
What is a characteristic of AAA accounting?
Answer
  • Possible triggers for the aaa accounting exec default command include start-stop and stop-only
  • Accounting can only be enabled for network connections
  • Accounting is concerned with allowing and disallowing authenticated users access to certain areas and programs on the network
  • Users are not required to be authenticated before AAA accounting logs their activities on the network.

Question 21

Question
When using 802.1X authentication, what device controls physical access to the network, based on the authentication status of the client?
Answer
  • the router that is serving as the default gateway
  • the authentication server
  • the switch that the client is connected to
  • the supplicant

Question 22

Question
What device is considered a supplicant during the 802.1X authentication process?
Answer
  • the client that is requesting authentication
  • the switch that is controlling network access
  • the router that is serving as the default gateway
  • the authentication server that is performing client authentication

Question 23

Question
What protocol is used to encapsulate the EAP data between the authenticator and authentication server performing 802.1X authentication?
Answer
  • SSH
  • MD5
  • TACACS+
  • RADIUS
Show full summary Hide full summary

Want to create your own Quizzes for free with GoConqr? Learn more.

Similar

CCNA Security Final Exam
Maikel Degrande
Security Guard Training
Summit College
ISACA CISM Exam Glossary
Fred Jones
Security
annelieserainey
Securities Regulation
harpratap_singh
2W151 Volume 1: Safety and Security - Quiz 7
Joseph Whilden J
Security Quiz Review
Rylan Blah
Security Policies
indysingh7285
2W151 Volume 1: Safety and Security - Quiz 6
Joseph Whilden J
Security (2)
Daniel Freedman
Certified Security Compliance Specialist
jnkdmls
Browse Library