1. Since of imposed security controls, a user deserve to only access a server through FTP. Which AAA component accomplishes this?






2. Why is authentication with AAA wanted over a regional database method?

It gives a fallback authentication technique if the administrator forgets the username or password.*

It uses much less network bandwidth.

You are watching: Which of the following is a characteristic of tacacs+

It states a different password because that each heat or port.

It needs a login and also password mix on the console, vty lines, and aux ports.

3. Which authentication an approach stores usernames and passwords in ther router and is best for tiny networks.

local AAA over TACACS+

server-based AAA over TACACS+

local AAA*

local AAA over RADIUS

server-based AAA over RADIUS

server-based AAA

4. Which component of AAA permits an administrator to track individuals who accessibility network resources and any transforms that are made to those resources?





5. Refer to the exhibit. Router R1 has been configured together shown, v the resulting log message. Top top the basis of the details that is presented, which two statements describe the an outcome of AAA authentication operation? (Choose two.)


The locked-out user remains locked out till the clean aaa local user lockout username Admin command is issued.*

The locked-out user remains locked out till the interface is shut under then re-enabled.

The locked-out user is locked out for 10 minutes by default.

The locked-out user should have used the username admin and password Str0ngPa55w0rd.

The locked-out user fail authentication.*

6. A user complains around being locked the end of a maker after too plenty of unsuccessful AAA login attempts. What could be offered by the network administrator to carry out a for sure authentication access technique without locking a user the end of a device?

Use the login hold-up command for authentication attempts.*

Use the login neighborhood command because that authenticating user access.

Use the aaa regional authentication attempts max-fail an international configuration mode command v a greater number of agree failures.

Use the no one keyword when configuring the authentication method list.

7. A user complains about not gift able to gain access to a network device configured through AAA. Exactly how would the network administrator recognize if login access for the user account is disabled?

Use the display aaa local user lockout command.*

Use the present running-configuration command.

Use the present aaa sessions command.

Use the present aaa user command.

8. Once a technique list for AAA authentication is being configured, what is the effect of the keywordlocal?

The login succeeds, even if all techniques return one error.

It provides the permit password for authentication.

It accepts a in your ar configured username, regardless of case.*

It defaults to the vty heat password for authentication.

9. Which systems supports AAA because that both RADIUS and also TACACS+ servers?

Implement Cisco Secure accessibility Control device (ACS) only.*

RADIUS and TACACS+ servers can not be sustained by a solitary solution.

Implement a regional database.

Implement both a local database and also Cisco Secure

Access manage System (ACS).

10. What difference exists when using home windows Server together an AAA server, quite than Cisco for sure ACS?

Windows Server requires more Cisco IOS regulates to configure.

Windows Server just supports AAA using TACACS.

Windows Server supplies its own energetic Directory (AD) controller because that authentication and authorization.*

Windows Server cannot be supplied as an AAA server.

11. What is a characteristic of TACACS+?

TACACS+ supplies UDP port 1645 or 1812 because that authentication, and UDP harbor 1646 or 1813 because that accounting.

TACACS+ is behind compatible with TACACS and XTACACS.

TACACS+ is an open IETF standard.

TACACS+ offers authorization that router commands on a per-user or per-group basis.*

12. I m sorry two attributes are consisted of by both TACACS+ and also RADIUS protocols? (Choose two.)

802.1X support

separate authentication and also authorization processes

SIP support

password encryption*

utilization of transfer layer protocols*

13. I beg your pardon server-based authentication protocol would be ideal for an organization that wants to apply authorization policies on a per-group basis?





14. Refer to the exhibit. I beg your pardon statement describes the configuration of the ports because that Server1?


The configuration making use of the default ports for a Cisco router.

The construction of the ports needs 1812 be supplied for the authentication and also the authorization ports.

The configuration will not be active until the is saved and also Rtr1 is rebooted.

The port configured for Server1 ~ above the router should be similar to those configured top top the RADIUS server.*

15. True or False?

The single-connection keyword avoids the construction of multiple TACACS+ servers top top a AAA-enabled router.



16. Why would a network administrator include a regional username configuration, when the AAA-enabled router is also configured to authenticate using numerous ACS servers?

Because ACS servers only support remote user access, local users deserve to only authenticate utilizing a neighborhood username database.

A regional username database is forced when configuring authentication using ACS servers.

The local username database will administer a backup for authentication in the occasion the ACS servers end up being unreachable.*

Without a local username database, the router will call for successful authentication with each ACS server.

17. I beg your pardon debug command is used to focus on the status of a TCP connection when making use of TACACS+ for authentication?

debug tacacs events*

debug tacacs

debug tacacs accounting

debug aaa authentication

18. I beg your pardon characteristic is an important aspect that authorization in one AAA-enabled network device?

The authorization feature enhances network performance.

User access is limited to details services.*

User actions are recorded for use in audits and troubleshooting events.

A user should be identified prior to network access is granted.

19. What is the result of beginning the aaa accounting network command on a router?

The router collects and reports usage data pertained to network-related company requests.*

The router outputs audit data for all EXEC shell sessions.

The router offers data for just internal business requests.

The router outputs accountancy data for every outbound relationships such as SSH and Telnet.

20. What is a characteristics of AAA accounting?

Possible triggers for the aaa accountancy exec default command encompass start-stop and also stop-only.*

Accounting have the right to only be enabled for network connections.

Accounting is pertained to with permitting and disallowing authenticated users accessibility to particular areas and programs on the network.

See more: Author James Patterson Murder Of A Small Town S Into Focus, James Patterson'S Murder Of A Small Town

Users room not compelled to be authenticated prior to AAA accounting logs their tasks on the network.

21. When using 802.1X authentication, what an equipment controls physical accessibility to the network, based upon the authentication status of the client?

the router that is serving as the default gateway

the authentication server

the switch the the customer is connected to*

the supplicant

22. What machine is thought about a supplicant during the 802.1X authentication process?

the customer that is requesting authentication*

the switch the is managing network access

the router the is serving together the default gateway

the authentication server that is performing client authentication

23. What protocol is provided to encapsulate the EAP data in between the authenticator and also authentication server performing 802.1X authentication?