Professional Documents
Culture Documents
Chapter3QuizAuthentication,Authorization,andAccounting:2015EJ_TASRC_HM12_HF19_A
Chapter3QuizAuthentication,Authorization,andAccounting
Fechalmite Nohayfechadevencimiento
Puntos 24
Preguntas 12
Tiempolmite Ninguno
Intentospermitidos Ilimitado
Instructions
ThisquizcoversthecontentinCCNASecurity:ImplementingNetworkSecurity1.2Chapter3.Itisdesignedtoprovideanadditionalopportunitytopracticetheskillsand
knowledgepresentedinthechapterandtopreparefortheChapterExam.Youwillbeallowedmultipleattemptsandthegradedoesnotappearinthegradebook.
Therearemultipletasktypesthatmaybeavailableinthisquiz.Ratherthanhavingstaticgraphicstoview,someitemsmayrequireyoutoopenaPTactivityandperformsome
investigationandconfigurationofdevicesbeforeansweringthequestion.
NOTE:TherearesomesmalldifferencesinhowthequestionsscoreandoperateintheQuizandhowtheyscoreandoperateintheChapterExam.Quizzesallowforpartialcredit
scoringonallitemtypestofosterlearning.Pointsonquizzescanalsobedeductedforansweringincorrectly.ThisdoesnotoccurwiththeChapterExam.
Form28083
Volverarealizarlaevaluacin
Historialdeintentos
Intento
Tiempo
Calificacin
ELLTIMO
Intento1
30minutos
10de24
EnviadoMar24en9:29pm
Pregunta1
0/2pts
WhichstatementdescribesacharacteristicofauthorizationinanAAAsolution?
Respuestacorrecta
ItworkssimilarlytoprivilegelevelsandrolebasedCLI.
ItonlyappliestopacketmodeAAAandnotcharactermodeAAA.
Itrequiresuserstoperformanadditionalstepafterauthentication.
Respondido
Itacceptsusernamesandpasswordstodetermineifusersarewhotheysaytheyare.
Refertocurriculumtopic:3.1.2
TheauthorizationprocessissimilartoCLIprivilegelevelsandrolebasedCLI.Ithappensautomaticallyafterauser
authenticates,anddoesnotrequiretheusertoperformanyadditionalsteps.
Pregunta2
2/2pts
WhichstatementdescribesadifferencebetweenRADIUSandTACACS+?
RADIUSusesTCPwhereasTACACS+usesUDP.
RADIUSissupportedbytheCiscoSecureACSsoftwarewhereasTACACS+isnot.
Correcto!
RADIUSencryptsonlythepasswordwhereasTACACS+encryptsallcommunication.
RADIUSseparatesauthenticationandauthorizationwhereasTACACS+combinesthemasoneprocess.
https://1367017.netacad.com/courses/228306/quizzes/1326080
1/6
24/3/2015
Chapter3QuizAuthentication,Authorization,andAccounting:2015EJ_TASRC_HM12_HF19_A
Refertocurriculumtopic:3.3.2
TACACS+usesTCP,encryptstheentirepacket(notjustthepassword),andseparatesauthenticationandauthorization
intotwodistinctprocesses.BothprotocolsaresupportedbytheCiscoSecureACSsoftware.
Pregunta3
2/2pts
Refertotheexhibit.Whichstatementdescribestheoutputofthedebug?
Anincorrectpasswordwasused.
Correcto!
Auserwassuccessfullyauthenticated.
AproperusernamewasnotprovidedtotheTACACS+server.
ThesecretkeyusedbytheroutertoauthenticatetotheTACACS+serverisincorrect.
Refertocurriculumtopic:3.4.3
The"authenresponsestatus=PASS"lineinthedebugoutputindicatesthattheloginattemptwassuccessful.
Pregunta4
2/2pts
WhichscenariorepresentsanAAAclientthatwouldbeconfiguredintheCiscoSecureACSapplication?
Correcto!
arouterthatallowsuserstoconnectremotely
auserwhologsinremotelytovariousdevices
auserwhoconnectstoanetworkviaaVPNtunnel
aPCthatisusedtoconnectremotelytonetworkdevices
Refertocurriculumtopic:3.3.4
AAAclientsarethedevicesthatusetheservicesoftheCiscoSecureACSapplicationforAAA.Thisincludesrouters,
switches,firewalls,andVPNconcentrators.Althoughusersandhostsaresometimesreferredtoas"clients"inother
contexts,theyarenotAAAclientsintheCiscoSecureACSapplication.
Pregunta5
https://1367017.netacad.com/courses/228306/quizzes/1326080
0/2pts
2/6
24/3/2015
Chapter3QuizAuthentication,Authorization,andAccounting:2015EJ_TASRC_HM12_HF19_A
Whatistheprimaryfunctionoftheaaaauthorizationcommand?
permitAAAserveraccesstoAAAclientservices
Respuestacorrecta
Respondido
limitauthenticateduseraccesstoAAAclientservices
permitauthenticateduseraccesstoAAAclientservices
limitAAAserveraccesstoAAAclientservices
Refertocurriculumtopic:3.5.1
Authorizationisconcernedwithallowinganddisallowingauthenticatedusersaccesstocertainareasandprogramson
thenetworkaswellasspecificservices.Controllingaccesstoconfigurationcommandsgreatlysimplifiesthe
infrastructuresecurityinlargeenterprisenetworks.
Pregunta6
0/2pts
WhatisadrawbackofthelocaldatabasemethodofsecuringdeviceaccessthatcanbesolvedbyusingAAAwithcentralizedservers?
Thereisnoabilitytoprovideaccountability.
Itisverysusceptibletobruteforceattacksbecausethereisnousername.
Respondido
Respuestacorrecta
Thepasswordscanonlybestoredinplaintextintherunningconfiguration.
Becausetheuseraccountsmustbeconfiguredlocallyoneachdevice,AAAwithcentralizedserversisnotscalable.
Refertocurriculumtopic:3.1.1
Thelocaldatabasemethodofsecuringdeviceaccessutilizesusernamesandpasswordsthatareconfiguredlocallyon
therouter.Thisallowsadministratorstokeeptrackofwhologgedintothedeviceandwhen.Thepasswordscanalsobe
encryptedintheconfiguration.However,theaccountinformationmustbeconfiguredoneachdevicewherethataccount
shouldhaveaccess,makingthissolutionverydifficulttoscale.
Pregunta7
0/2pts
Refertotheexhibit.WhatconfigurationwouldneedtobeappliedtothevtylinesinordertousethisAAApolicy?
loginauthenticationadmin
Respondido
loginauthenticationradius
loginauthenticationlocal
Respuestacorrecta
Noconfigurationisnecessary.
https://1367017.netacad.com/courses/228306/quizzes/1326080
3/6
24/3/2015
Chapter3QuizAuthentication,Authorization,andAccounting:2015EJ_TASRC_HM12_HF19_A
Refertocurriculumtopic:3.2.1
Thespecialnamedlist"default"isenabledautomaticallyonallinterfacesandlines.Noextraconfigurationisnecessary
tomaketheconfigurationwork.Ifthedefaultlistisreplacedwithanotherlistonthevtyline,itcanbeputbackagainwith
theloginauthenticationdefaultcommand.
0/2pts
Pregunta8
Whichserverbasedauthenticationprotocolwouldbebestforanorganizationthatwantstoapplyauthorizationpoliciesonapergroup
basis?
Respondido
ACS
SSH
RADIUS
Respuestacorrecta
TACACS+
Refertocurriculumtopic:3.3.2
TACACS+isconsideredtobemoresecurethanRADIUSbecauseallTACACS+trafficisencryptedinsteadofjustthe
userpasswordwhenusingRADIUS.
0/2pts
Pregunta9
WhatisthepurposeofthenonekeywordinanAAAauthenticationconfiguration?
ItcompletelydisablesAAAauthenticationonthedevice.
Itpreventsusersfromloggingintothedeviceremotely.
Respondido
Respuestacorrecta
Itonlyallowsuserswithprivilegelevel15tologintothedevice.
Itallowsuserstologintothedevicewithoutcredentialsifallotherauthenticationmethodsfail.
Refertocurriculumtopic:3.2.1
Thenonekeywordallowsausertologinwithoutcredentials,andprovidesabackupincaseallotherauthentication
methodsfail.Afailureoccursiftheauthenticationmethodisnotworking,forexampleifaserverisunreachable,ora
localdatabasehasnotbeenconfigured.
2/2pts
Pregunta10
MatcheachfunctionalcomponentofAAAwithitsdescription.(Notalloptionsareused.)
Correcto!
authentication
Correcto!
authorization
https://1367017.netacad.com/courses/228306/quizzes/1326080
provingthatusersarewhotheysaytheyare
determiningwhatresourcesuserscanaccessortheoperationstheyareallowedtoperf
4/6
24/3/2015
Correcto!
Chapter3QuizAuthentication,Authorization,andAccounting:2015EJ_TASRC_HM12_HF19_A
accounting
recordingwhatusersdoandwhattheyaccess
OtherIncorrectMatchOptions:
calculatinghowmuchausermustpayforremoteaccesstoadevice
Refertocurriculumtopic:3.1.1
2/2pts
Pregunta11
6:50:12:
AAA/AUTHEN/START(50996740):Method=TACACS+
6:50:12:TAC+(50996740):receivedauthenresponsestatus=GETUSER
6:50:12:AAA/AUTHEN(50996740):status=GETUSER
6:50:15:AAA/AUTHEN/CONT(50996740):continue_login
6:50:15:AAA/AUTHEN(50996740):status=GETUSER
6:50:15:AAA/AUTHEN(50996740):Method=TACACS+
6:50:15:TAC+:sendAUTHEN/CONTpacket
6:50:15:TAC+(50996740):receivedauthenresponsestatus=GETPASS
6:50:15:AAA/AUTHEN(50996740):status=GETPASS
6:50:20:AAA/AUTHEN/CONT(50996740):continue_login
6:50:20:AAA/AUTHEN(50996740):status=GETPASS
6:50:20:AAA/AUTHEN(50996740):Method=TACACS+
6:50:20:TAC+:sendAUTHEN/CONTpacket
6:50:20:TAC+(50996740):receivedauthenresponsestatus=PASS
6:50:20:AAA/AUTHEN(50996740):status=PASS">
Refertotheexhibit.WhatpartoftheAAAstatusmessagehelpsanetworkadministratordeterminewhichmethodlistisbeingreferenced?
Correcto!
GETUSER
AAA/AUTHEN/START
create_user
receivedauthenresponsestatus
Refertocurriculumtopic:3.2.3
TheGETUSERandGETPASSareusefulstatusmessagestolookforintheoutputinordertoquicklyidentifywhich
methodlistisbeingused.
https://1367017.netacad.com/courses/228306/quizzes/1326080
5/6
24/3/2015
Chapter3QuizAuthentication,Authorization,andAccounting:2015EJ_TASRC_HM12_HF19_A
Pregunta12
0/2pts
WhatisthepurposeofthestartstopparameterwhenAAAaccountingisbeingconfigured?
ItdisablesAAAaccountingservicesontheline.
Respuestacorrecta
Respondido
Itgeneratesalogentryatthebeginningandendofaprocess.
ItensuresthatuserscannotstartorstoptheAAAprocessontherouter.
ItcausestheAAAprocesstobeinthestoppedstatewhenevertherouterfirststarts.
Refertocurriculumtopic:3.5.2
TherearethreetriggersthatdefinewhenAAAgeneratesalogentry:startstop,stoponly,andnone.Startstop
generatesalogentrywhenaprocessbothstartsandstops.Thestoponlygeneratesalogentryonlywhenaprocess
completes.Nonepreventsaccountingmessagesfrombeingsentatall.
https://1367017.netacad.com/courses/228306/quizzes/1326080
6/6