You are on page 1of 6

24/3/2015

Chapter3QuizAuthentication,Authorization,andAccounting:2015EJ_TASRC_HM12_HF19_A

Chapter3QuizAuthentication,Authorization,andAccounting
Fechalmite Nohayfechadevencimiento

Puntos 24

Preguntas 12

Tiempolmite Ninguno

Intentospermitidos Ilimitado

Instructions
ThisquizcoversthecontentinCCNASecurity:ImplementingNetworkSecurity1.2Chapter3.Itisdesignedtoprovideanadditionalopportunitytopracticetheskillsand
knowledgepresentedinthechapterandtopreparefortheChapterExam.Youwillbeallowedmultipleattemptsandthegradedoesnotappearinthegradebook.
Therearemultipletasktypesthatmaybeavailableinthisquiz.Ratherthanhavingstaticgraphicstoview,someitemsmayrequireyoutoopenaPTactivityandperformsome
investigationandconfigurationofdevicesbeforeansweringthequestion.
NOTE:TherearesomesmalldifferencesinhowthequestionsscoreandoperateintheQuizandhowtheyscoreandoperateintheChapterExam.Quizzesallowforpartialcredit
scoringonallitemtypestofosterlearning.Pointsonquizzescanalsobedeductedforansweringincorrectly.ThisdoesnotoccurwiththeChapterExam.
Form28083

Volverarealizarlaevaluacin

Historialdeintentos

Intento

Tiempo

Calificacin

ELLTIMO

Intento1

30minutos

10de24

EnviadoMar24en9:29pm

Pregunta1

0/2pts

WhichstatementdescribesacharacteristicofauthorizationinanAAAsolution?

Respuestacorrecta

ItworkssimilarlytoprivilegelevelsandrolebasedCLI.
ItonlyappliestopacketmodeAAAandnotcharactermodeAAA.
Itrequiresuserstoperformanadditionalstepafterauthentication.

Respondido

Itacceptsusernamesandpasswordstodetermineifusersarewhotheysaytheyare.

Refertocurriculumtopic:3.1.2
TheauthorizationprocessissimilartoCLIprivilegelevelsandrolebasedCLI.Ithappensautomaticallyafterauser
authenticates,anddoesnotrequiretheusertoperformanyadditionalsteps.

Pregunta2

2/2pts

WhichstatementdescribesadifferencebetweenRADIUSandTACACS+?

RADIUSusesTCPwhereasTACACS+usesUDP.
RADIUSissupportedbytheCiscoSecureACSsoftwarewhereasTACACS+isnot.
Correcto!

RADIUSencryptsonlythepasswordwhereasTACACS+encryptsallcommunication.
RADIUSseparatesauthenticationandauthorizationwhereasTACACS+combinesthemasoneprocess.

https://1367017.netacad.com/courses/228306/quizzes/1326080

1/6

24/3/2015

Chapter3QuizAuthentication,Authorization,andAccounting:2015EJ_TASRC_HM12_HF19_A

Refertocurriculumtopic:3.3.2
TACACS+usesTCP,encryptstheentirepacket(notjustthepassword),andseparatesauthenticationandauthorization
intotwodistinctprocesses.BothprotocolsaresupportedbytheCiscoSecureACSsoftware.

Pregunta3

2/2pts

Refertotheexhibit.Whichstatementdescribestheoutputofthedebug?

Anincorrectpasswordwasused.
Correcto!

Auserwassuccessfullyauthenticated.
AproperusernamewasnotprovidedtotheTACACS+server.
ThesecretkeyusedbytheroutertoauthenticatetotheTACACS+serverisincorrect.

Refertocurriculumtopic:3.4.3
The"authenresponsestatus=PASS"lineinthedebugoutputindicatesthattheloginattemptwassuccessful.

Pregunta4

2/2pts

WhichscenariorepresentsanAAAclientthatwouldbeconfiguredintheCiscoSecureACSapplication?

Correcto!

arouterthatallowsuserstoconnectremotely
auserwhologsinremotelytovariousdevices
auserwhoconnectstoanetworkviaaVPNtunnel
aPCthatisusedtoconnectremotelytonetworkdevices

Refertocurriculumtopic:3.3.4
AAAclientsarethedevicesthatusetheservicesoftheCiscoSecureACSapplicationforAAA.Thisincludesrouters,
switches,firewalls,andVPNconcentrators.Althoughusersandhostsaresometimesreferredtoas"clients"inother
contexts,theyarenotAAAclientsintheCiscoSecureACSapplication.

Pregunta5

https://1367017.netacad.com/courses/228306/quizzes/1326080

0/2pts

2/6

24/3/2015

Chapter3QuizAuthentication,Authorization,andAccounting:2015EJ_TASRC_HM12_HF19_A
Whatistheprimaryfunctionoftheaaaauthorizationcommand?

permitAAAserveraccesstoAAAclientservices
Respuestacorrecta

Respondido

limitauthenticateduseraccesstoAAAclientservices
permitauthenticateduseraccesstoAAAclientservices

limitAAAserveraccesstoAAAclientservices

Refertocurriculumtopic:3.5.1
Authorizationisconcernedwithallowinganddisallowingauthenticatedusersaccesstocertainareasandprogramson
thenetworkaswellasspecificservices.Controllingaccesstoconfigurationcommandsgreatlysimplifiesthe
infrastructuresecurityinlargeenterprisenetworks.

Pregunta6

0/2pts

WhatisadrawbackofthelocaldatabasemethodofsecuringdeviceaccessthatcanbesolvedbyusingAAAwithcentralizedservers?

Thereisnoabilitytoprovideaccountability.
Itisverysusceptibletobruteforceattacksbecausethereisnousername.
Respondido

Respuestacorrecta

Thepasswordscanonlybestoredinplaintextintherunningconfiguration.

Becausetheuseraccountsmustbeconfiguredlocallyoneachdevice,AAAwithcentralizedserversisnotscalable.

Refertocurriculumtopic:3.1.1
Thelocaldatabasemethodofsecuringdeviceaccessutilizesusernamesandpasswordsthatareconfiguredlocallyon
therouter.Thisallowsadministratorstokeeptrackofwhologgedintothedeviceandwhen.Thepasswordscanalsobe
encryptedintheconfiguration.However,theaccountinformationmustbeconfiguredoneachdevicewherethataccount
shouldhaveaccess,makingthissolutionverydifficulttoscale.

Pregunta7

0/2pts

Refertotheexhibit.WhatconfigurationwouldneedtobeappliedtothevtylinesinordertousethisAAApolicy?

loginauthenticationadmin
Respondido

loginauthenticationradius

loginauthenticationlocal
Respuestacorrecta

Noconfigurationisnecessary.

https://1367017.netacad.com/courses/228306/quizzes/1326080

3/6

24/3/2015

Chapter3QuizAuthentication,Authorization,andAccounting:2015EJ_TASRC_HM12_HF19_A

Refertocurriculumtopic:3.2.1
Thespecialnamedlist"default"isenabledautomaticallyonallinterfacesandlines.Noextraconfigurationisnecessary
tomaketheconfigurationwork.Ifthedefaultlistisreplacedwithanotherlistonthevtyline,itcanbeputbackagainwith
theloginauthenticationdefaultcommand.

0/2pts

Pregunta8

Whichserverbasedauthenticationprotocolwouldbebestforanorganizationthatwantstoapplyauthorizationpoliciesonapergroup
basis?

Respondido

ACS

SSH
RADIUS
Respuestacorrecta

TACACS+

Refertocurriculumtopic:3.3.2
TACACS+isconsideredtobemoresecurethanRADIUSbecauseallTACACS+trafficisencryptedinsteadofjustthe
userpasswordwhenusingRADIUS.

0/2pts

Pregunta9
WhatisthepurposeofthenonekeywordinanAAAauthenticationconfiguration?

ItcompletelydisablesAAAauthenticationonthedevice.
Itpreventsusersfromloggingintothedeviceremotely.
Respondido

Respuestacorrecta

Itonlyallowsuserswithprivilegelevel15tologintothedevice.

Itallowsuserstologintothedevicewithoutcredentialsifallotherauthenticationmethodsfail.

Refertocurriculumtopic:3.2.1
Thenonekeywordallowsausertologinwithoutcredentials,andprovidesabackupincaseallotherauthentication
methodsfail.Afailureoccursiftheauthenticationmethodisnotworking,forexampleifaserverisunreachable,ora
localdatabasehasnotbeenconfigured.

2/2pts

Pregunta10
MatcheachfunctionalcomponentofAAAwithitsdescription.(Notalloptionsareused.)

Correcto!

authentication

Correcto!

authorization

https://1367017.netacad.com/courses/228306/quizzes/1326080

provingthatusersarewhotheysaytheyare

determiningwhatresourcesuserscanaccessortheoperationstheyareallowedtoperf

4/6

24/3/2015
Correcto!

Chapter3QuizAuthentication,Authorization,andAccounting:2015EJ_TASRC_HM12_HF19_A
accounting

recordingwhatusersdoandwhattheyaccess

OtherIncorrectMatchOptions:
calculatinghowmuchausermustpayforremoteaccesstoadevice

Refertocurriculumtopic:3.1.1

2/2pts

Pregunta11

6:50:12:

AAA/AUTHEN/START(50996740):Method=TACACS+
6:50:12:TAC+(50996740):receivedauthenresponsestatus=GETUSER
6:50:12:AAA/AUTHEN(50996740):status=GETUSER
6:50:15:AAA/AUTHEN/CONT(50996740):continue_login
6:50:15:AAA/AUTHEN(50996740):status=GETUSER
6:50:15:AAA/AUTHEN(50996740):Method=TACACS+
6:50:15:TAC+:sendAUTHEN/CONTpacket
6:50:15:TAC+(50996740):receivedauthenresponsestatus=GETPASS
6:50:15:AAA/AUTHEN(50996740):status=GETPASS
6:50:20:AAA/AUTHEN/CONT(50996740):continue_login
6:50:20:AAA/AUTHEN(50996740):status=GETPASS
6:50:20:AAA/AUTHEN(50996740):Method=TACACS+
6:50:20:TAC+:sendAUTHEN/CONTpacket
6:50:20:TAC+(50996740):receivedauthenresponsestatus=PASS
6:50:20:AAA/AUTHEN(50996740):status=PASS">

Refertotheexhibit.WhatpartoftheAAAstatusmessagehelpsanetworkadministratordeterminewhichmethodlistisbeingreferenced?

Correcto!

GETUSER
AAA/AUTHEN/START
create_user
receivedauthenresponsestatus

Refertocurriculumtopic:3.2.3
TheGETUSERandGETPASSareusefulstatusmessagestolookforintheoutputinordertoquicklyidentifywhich
methodlistisbeingused.

https://1367017.netacad.com/courses/228306/quizzes/1326080

5/6

24/3/2015

Chapter3QuizAuthentication,Authorization,andAccounting:2015EJ_TASRC_HM12_HF19_A

Pregunta12

0/2pts

WhatisthepurposeofthestartstopparameterwhenAAAaccountingisbeingconfigured?

ItdisablesAAAaccountingservicesontheline.
Respuestacorrecta

Respondido

Itgeneratesalogentryatthebeginningandendofaprocess.
ItensuresthatuserscannotstartorstoptheAAAprocessontherouter.

ItcausestheAAAprocesstobeinthestoppedstatewhenevertherouterfirststarts.

Refertocurriculumtopic:3.5.2
TherearethreetriggersthatdefinewhenAAAgeneratesalogentry:startstop,stoponly,andnone.Startstop
generatesalogentrywhenaprocessbothstartsandstops.Thestoponlygeneratesalogentryonlywhenaprocess
completes.Nonepreventsaccountingmessagesfrombeingsentatall.

https://1367017.netacad.com/courses/228306/quizzes/1326080

6/6

You might also like