1. Since of applied protection controls, a user can just accessibility a server with FTP. Which AAA component accomplishes this?

accounting

accessibility

auditing

authorization*

authentication

2. Why is authentication via AAA desired over a local database method?

It offers a fallago authentication technique if the administrator forgets the username or password.*

It provides much less network bandwidth.

You are watching: Which of the following is a characteristic of tacacs+

It mentions a various password for each line or port.

It requires a login and also password combination on the console, vty lines, and aux ports.

3. Which authentication technique stores usernames and passwords in ther rexternal and also is appropriate for little netfunctions.

local AAA over TACACS+

server-based AAA over TACACS+

neighborhood AAA*

regional AAA over RADIUS

server-based AAA over RADIUS

server-based AAA

4. Which component of AAA permits an administrator to track individuals that access netjob-related sources and any alters that are made to those resources?

accounting*

accessibility

authentication

authorization

5. Refer to the exhibit. Router R1 has actually been configured as presented, with the resulting log message. On the basis of the information that is presented, which two statements describe the outcome of AAA authentication operation? (Choose two.)

*

The locked-out user remains locked out until the clear aaa local user lockout username Admin command also is issued.*

The locked-out user stays locked out till the interface is shut down then re-allowed.

The locked-out user is locked out for 10 minutes by default.

The locked-out user must have actually provided the username admin and password Str0ngPa55w0rd.

The locked-out user failed authentication.*

6. A user comlevels about being locked out of a maker after too many type of uneffective AAA login attempts. What might be provided by the network administrator to carry out a secure authentication accessibility approach without locking a user out of a device?

Use the login delay command for authentication attempts.*

Use the login neighborhood command also for authenticating user access.

Use the aaa regional authentication attempts max-fail international configuration mode command with a higher variety of acceptable failures.

Use the none keyword when configuring the authentication approach list.

7. A user complains about not being able to gain access to a netoccupational device configured with AAA. How would certainly the netjob-related administrator recognize if login access for the user account is disabled?

Use the show aaa neighborhood user lockout command.*

Use the show running-configuration command also.

Use the present aaa sessions command.

Use the present aaa user command also.

8. When a technique list for AAA authentication is being configured, what is the effect of the keywordlocal?

The login succeeds, even if all approaches rerotate an error.

It uses the allow password for authentication.

It accepts a in your area configured username, regardmuch less of situation.*

It defaults to the vty line password for authentication.

9. Which solution supports AAA for both RADIUS and TACACS+ servers?

Implement Cisco Secure Access Control System (ACS) only.*

RADIUS and TACACS+ servers cannot be supported by a solitary solution.

Implement a local database.

Implement both a regional database and also Cisco Secure

Access Control System (ACS).

10. What difference exists as soon as making use of Windows Server as an AAA server, rather than Cisco Secure ACS?

Windows Server calls for even more Cisco IOS regulates to configure.

Windows Server only supports AAA using TACACS.

Windows Server provides its own Active Directory (AD) controller for authentication and also authorization.*

Windows Server cannot be supplied as an AAA server.

11. What is a characteristic of TACACS+?

TACACS+ offers UDP port 1645 or 1812 for authentication, and also UDP port 1646 or 1813 for bookkeeping.

TACACS+ is backward compatible through TACACS and XTACACS.

TACACS+ is an open up IETF conventional.

TACACS+ provides authorization of router regulates on a per-user or per-group basis.*

12. Which 2 features are included by both TACACS+ and RADIUS protocols? (Choose 2.)

802.1X support

separate authentication and authorization processes

SIP support

password encryption*

utilization of transport layer protocols*

13. Which server-based authentication protocol would be best for an organization that wants to apply authorization plans on a per-group basis?

SSH

RADIUS

ACS

TACACS+*

14. Refer to the exhibit. Which statement describes the configuration of the ports for Server1?

*

The configuration making use of the default ports for a Cisco router.

The configuration of the ports needs 1812 be supplied for the authentication and the authorization ports.

The configuration will certainly not be active until it is conserved and Rtr1 is rebooted.

The ports configured for Server1 on the rexternal must be similar to those configured on the RADIUS server.*

15. True or False?

The single-connection keyword avoids the configuration of multiple TACACS+ servers on a AAA-permitted rexternal.

false*

true

16. Why would a netjob-related administrator include a regional username configuration, once the AAA-allowed router is additionally configured to authenticate utilizing numerous ACS servers?

Due to the fact that ACS servers only support remote user access, regional individuals can just authenticate utilizing a regional username database.

A neighborhood username database is forced when configuring authentication making use of ACS servers.

The neighborhood username database will certainly carry out a backup for authentication in the occasion the ACS servers come to be unreachable.*

Without a regional username database, the rexternal will call for effective authentication with each ACS server.

17. Which debug command is provided to emphasis on the standing of a TCP link as soon as making use of TACACS+ for authentication?

debug tacacs events*

debug tacacs

debug tacacs accounting

debug aaa authentication

18. Which characteristic is an essential element of authorization in an AAA-allowed network device?

The authorization feature improves netoccupational performance.

User access is limited to particular services.*

User actions are taped for usage in audits and also troubleshooting occasions.

A user have to be identified prior to network access is granted.

19. What is the outcome of entering the aaa accountancy network-related command on a router?

The rexternal collects and also reports usage data concerned network business requests.*

The router outputs audit data for all EXEC shell sessions.

The rexternal gives data for only interior company requests.

The rexternal outputs accounting information for all outbound relations such as SSH and Telnet.

20. What is a characteristic of AAA accounting?

Possible triggers for the aaa audit exec default command also incorporate start-sheight and also stop-just.*

Accounting can just be permitted for netoccupational relations.

Accounting is pertained to with enabling and disenabling authenticated individuals accessibility to particular areas and also programs on the netjob-related.

See more: Author James Patterson Murder Of A Small Town S Into Focus, James Patterson'S Murder Of A Small Town

Users are not required to be authenticated prior to AAA audit logs their activities on the network.

21. When utilizing 802.1X authentication, what device controls physical access to the netoccupational, based upon the authentication condition of the client?

the rexternal that is serving as the default gateway

the authentication server

the switch that the client is connected to*

the supplicant

22. What gadget is thought about a supplicant throughout the 802.1X authentication process?

the client that is requesting authentication*

the switch that is regulating netjob-related access

the rexternal that is serving as the default gateway

the authentication server that is performing client authentication

23. What protocol is offered to encapsulate the EAP information between the authenticator and also authentication server perdeveloping 802.1X authentication?

SSH