Last Updated on May 20, 2021 by Admin
Implementing Network Security ( Version 2.0) – CCNAS Chapter 3 Exam Online
CCNAS – Chapter 3 Exam
Quiz-summary
0 of 23 questions completed
Questions:
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
Information
CCNAS – Chapter 3 Exam
You have already completed the quiz before. Hence you can not start it again.
Quiz is loading...
You must sign in or sign up to start the quiz.
You have to finish following quiz, to start this quiz:
Results
0 of 23 questions answered correctly
Your time:
Time has elapsed
You have reached 0 of 0 points, (0)
| Average score |
|
| Your score |
|
Categories
- Not categorized 0%
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- Answered
- Review
-
Question 1 of 23
1. Question
1 pointsBecause of implemented security controls, a user can only access a server with FTP. Which AAA component accomplishes this?
Correct
Incorrect
One of the components in AAA is authorization. After a user is authenticated through AAA, authorization services determine which resources the user can access and which operations the user is allowed to perform.
Hint
One of the components in AAA is authorization. After a user is authenticated through AAA, authorization services determine which resources the user can access and which operations the user is allowed to perform.
-
Question 2 of 23
2. Question
1 pointsWhy is authentication with AAA preferred over a local database method?
Correct
Incorrect
The local database method of authentication does not provide a fallback authentication method if an administrator forgets the username or password. Password recovery will be the only option. When authentication with AAA is used, a fallback method can be configured to allow an administrator to use one of many possible backup authentication methods.
Hint
The local database method of authentication does not provide a fallback authentication method if an administrator forgets the username or password. Password recovery will be the only option. When authentication with AAA is used, a fallback method can be configured to allow an administrator to use one of many possible backup authentication methods.
-
Question 3 of 23
3. Question
1 pointsWhich authentication method stores usernames and passwords in the router and is ideal for small networks?
Correct
Incorrect
In a small network with a few network devices, AAA authentication can be implemented with the local database and with usernames and passwords stored on the network devices. Authentication using the TACACS+ or RADIUS protocol will require dedicated ACS servers although this authentication solution scales well in a large network.
Hint
In a small network with a few network devices, AAA authentication can be implemented with the local database and with usernames and passwords stored on the network devices. Authentication using the TACACS+ or RADIUS protocol will require dedicated ACS servers although this authentication solution scales well in a large network. -
Question 4 of 23
4. Question
1 pointsWhich component of AAA allows an administrator to track individuals who access network resources and any changes that are made to those resources?
Correct
Incorrect
One of the components in AAA is accounting. After a user is authenticated through AAA, AAA servers keep a detailed log of exactly what actions the authenticated user takes on the device.
Hint
One of the components in AAA is accounting. After a user is authenticated through AAA, AAA servers keep a detailed log of exactly what actions the authenticated user takes on the device.
-
Question 5 of 23
5. Question
2 pointsRefer to the exhibit. Router R1 has been configured as shown, with the resulting log message. On the basis of the information that is presented, which two statements describe the result of AAA authentication operation? (Choose two.)
Implementing Network Security ( Version 2.0) – CCNAS Chapter 3 Exam Answers 2019 01 Correct
Incorrect
The aaa local authentication attempts max-fail <number-of-unsuccessful-attempts> command secures AAA user accounts by locking out accounts that have too many failed attempts. After the <number-of-unsuccessful-attempts> condition is reached, the user account is locked. The user account in effect stays locked out until the status is cleared by an administrator.Hint
The aaa local authentication attempts max-fail <number-of-unsuccessful-attempts> command secures AAA user accounts by locking out accounts that have too many failed attempts. After the <number-of-unsuccessful-attempts> condition is reached, the user account is locked. The user account in effect stays locked out until the status is cleared by an administrator. -
Question 6 of 23
6. Question
1 pointsA user complains about being locked out of a device after too many unsuccessful AAA login attempts. What could be used by the network administrator to provide a secure authentication access method without locking a user out of a device?
Correct
Incorrect
The login delay command introduces a delay between failed login attempts without locking the account. This provides a user with unlimited attempts at accessing a device without causing the user account to become locked and thus requiring administrator intervention.Hint
The login delay command introduces a delay between failed login attempts without locking the account. This provides a user with unlimited attempts at accessing a device without causing the user account to become locked and thus requiring administrator intervention. -
Question 7 of 23
7. Question
1 pointsA user complains about not being able to gain access to a network device configured with AAA. How would the network administrator determine if login access for the user account is disabled?
Correct
Incorrect
The show aaa local user lockout command provides an administrator with a list of the user accounts that are locked out and unable to be used for authentication. This command also provides the date and timestamp of the lockout occurrence.Hint
The show aaa local user lockout command provides an administrator with a list of the user accounts that are locked out and unable to be used for authentication. This command also provides the date and timestamp of the lockout occurrence. -
Question 8 of 23
8. Question
1 pointsWhen a method list for AAA authentication is being configured, what is the effect of the keyword local?
Correct
Incorrect
In defining AAA authentication method list, one option is to use a preconfigured local database. There are two keywords, either of which enables local authentication via the preconfigured local database. The keyword local accepts a username regardless of case, and the keyword local-case is case-sensitive for both usernames and passwords.Hint
In defining AAA authentication method list, one option is to use a preconfigured local database. There are two keywords, either of which enables local authentication via the preconfigured local database. The keyword local accepts a username regardless of case, and the keyword local-case is case-sensitive for both usernames and passwords. -
Question 9 of 23
9. Question
1 pointsWhich solution supports AAA for both RADIUS and TACACS+ servers?
Correct
Incorrect
Cisco Secure Access Control System (ACS) supports both TACACS+ and RADIUS servers. Local databases do not use these servers.
Hint
Cisco Secure Access Control System (ACS) supports both TACACS+ and RADIUS servers. Local databases do not use these servers.
-
Question 10 of 23
10. Question
1 pointsWhat difference exists when using Windows Server as an AAA server, rather than Cisco Secure ACS?
Correct
Incorrect
The Cisco IOS configuration is the same whether communicating with a Windows AAA server or any other RADIUS server.
Hint
The Cisco IOS configuration is the same whether communicating with a Windows AAA server or any other RADIUS server.
-
Question 11 of 23
11. Question
1 pointsWhat is a characteristic of TACACS+?
Correct
Incorrect
The TACACS+ protocol provides flexibility in AAA services. For example, using TACACS+, administrators can select authorization policies to be applied on a per-user or per-group basis.
Hint
The TACACS+ protocol provides flexibility in AAA services. For example, using TACACS+, administrators can select authorization policies to be applied on a per-user or per-group basis.
-
Question 12 of 23
12. Question
2 pointsWhich two features are included by both TACACS+ and RADIUS protocols? (Choose two.)
Correct
Incorrect
Both TACACS+ and RADIUS support password encryption (TACACS+ encrypts all communication) and use Layer 4 protocol (TACACS+ uses TCP and RADIUS uses UDP). TACACS+ supports separation of authentication and authorization processes, while RADIUS combines authentication and authorization as one process. RADIUS supports remote access technology, such as 802.1x and SIP; TACACS+ does not.
Hint
Both TACACS+ and RADIUS support password encryption (TACACS+ encrypts all communication) and use Layer 4 protocol (TACACS+ uses TCP and RADIUS uses UDP). TACACS+ supports separation of authentication and authorization processes, while RADIUS combines authentication and authorization as one process. RADIUS supports remote access technology, such as 802.1x and SIP; TACACS+ does not.
-
Question 13 of 23
13. Question
1 pointsWhich server-based authentication protocol would be best for an organization that wants to apply authorization policies on a per-group basis?
Correct
Incorrect
TACACS+ is considered to be more secure than RADIUS because all TACACS+ traffic is encrypted instead of just the user password when using RADIUS.
Hint
TACACS+ is considered to be more secure than RADIUS because all TACACS+ traffic is encrypted instead of just the user password when using RADIUS.
-
Question 14 of 23
14. Question
1 pointsRefer to the exhibit. Which statement describes the configuration of the ports for Server1?
Implementing Network Security ( Version 2.0) – CCNAS Chapter 3 Exam Answers 2019 02 Correct
Incorrect
Cisco routers, by default, use port 1645 for the authentication and port 1646 for the accounting. In the configuration output, the configuration of the RADIUS authentication and authorization ports must match on both router Rtr1 and Server1.
Hint
Cisco routers, by default, use port 1645 for the authentication and port 1646 for the accounting. In the configuration output, the configuration of the RADIUS authentication and authorization ports must match on both router Rtr1 and Server1.
-
Question 15 of 23
15. Question
1 pointsTrue or False?
The single-connection keyword prevents the configuration of multiple TACACS+ servers on a AAA-enabled router.Correct
Incorrect
The single-connection keyword enhances TCP performance by maintaining a single TCP connection for the entire duration of a session. The keyword does not prevent the configuration of multiple TACACS+ servers.Hint
The single-connection keyword enhances TCP performance by maintaining a single TCP connection for the entire duration of a session. The keyword does not prevent the configuration of multiple TACACS+ servers. -
Question 16 of 23
16. Question
1 pointsWhy would a network administrator include a local username configuration, when the AAA-enabled router is also configured to authenticate using several ACS servers?
Correct
Incorrect
The local username database can serve as a backup method for authentication if no ACS servers are available.Hint
The local username database can serve as a backup method for authentication if no ACS servers are available. -
Question 17 of 23
17. Question
1 pointsWhich debug command is used to focus on the status of a TCP connection when using TACACS+ for authentication?
Correct
Incorrect
The debug tacacs events command displays the opening and closing of a TCP connection to a TACACS+ server, the bytes that are read and written over the connection, and the TCP status of the connection.Hint
The debug tacacs events command displays the opening and closing of a TCP connection to a TACACS+ server, the bytes that are read and written over the connection, and the TCP status of the connection. -
Question 18 of 23
18. Question
1 pointsWhich characteristic is an important aspect of authorization in an AAA-enabled network device?
Correct
Incorrect
Authorization is the ability to control user access to specific services. Authentication is used to verify the identity of the user. The accounting feature logs user actions once the user is authenticated and authorized.
Hint
Authorization is the ability to control user access to specific services. Authentication is used to verify the identity of the user. The accounting feature logs user actions once the user is authenticated and authorized.
-
Question 19 of 23
19. Question
1 pointsWhat is the result of entering the aaa accounting network command on a router?
Correct
Incorrect
The three parameters that can be used with aaa accounting are:
- network– runs accounting for all network-related service requests, including PPP
- exec– runs accounting for all the EXEC shell session
- connection – runs accounting on all outbound connections such as SSH and Telnet
Hint
The three parameters that can be used with aaa accounting are:
- network– runs accounting for all network-related service requests, including PPP
- exec– runs accounting for all the EXEC shell session
- connection – runs accounting on all outbound connections such as SSH and Telnet
-
Question 20 of 23
20. Question
1 pointsWhat is a characteristic of AAA accounting?
Correct
Incorrect
AAA accounting enables usage tracking, such as dial-in access and EXEC shell session, to log the data gathered to a database, and to produce reports on the data gathered. Configuring AAA accounting with the keyword Start-Stop triggers the process of sending a “start” accounting notice at the beginning of a process and a “stop” accounting notice at the end of a process. AAA accounting is not limited to network connection activities. AAA accounting is in effect, if enabled, after a user successfully authenticated. Allowing and disallowing user access is the scope of AAA authorization.Hint
AAA accounting enables usage tracking, such as dial-in access and EXEC shell session, to log the data gathered to a database, and to produce reports on the data gathered. Configuring AAA accounting with the keyword Start-Stop triggers the process of sending a “start” accounting notice at the beginning of a process and a “stop” accounting notice at the end of a process. AAA accounting is not limited to network connection activities. AAA accounting is in effect, if enabled, after a user successfully authenticated. Allowing and disallowing user access is the scope of AAA authorization. -
Question 21 of 23
21. Question
1 pointsWhen using 802.1X authentication, what device controls physical access to the network, based on the authentication status of the client?
Correct
Incorrect
The devices involved in the 802.1X authentication process are as follows:
- The supplicant, which is the client that is requesting network access
- The authenticator, which is the switch that the client is connecting and that is actually controlling physical network access
- The authentication server, which performs the actual authentication
Hint
The devices involved in the 802.1X authentication process are as follows:
- The supplicant, which is the client that is requesting network access
- The authenticator, which is the switch that the client is connecting and that is actually controlling physical network access
- The authentication server, which performs the actual authentication
-
Question 22 of 23
22. Question
1 pointsWhat device is considered a supplicant during the 802.1X authentication process?
Correct
Incorrect
The devices involved in the 802.1X authentication process are as follows:
- The supplicant, which is the client that is requesting network access
- The authenticator, which is the switch that the client is connecting to and that is actually controlling physical network access
- The authentication server, which performs the actual authentication
Hint
The devices involved in the 802.1X authentication process are as follows:
- The supplicant, which is the client that is requesting network access
- The authenticator, which is the switch that the client is connecting to and that is actually controlling physical network access
- The authentication server, which performs the actual authentication
-
Question 23 of 23
23. Question
1 pointsWhat protocol is used to encapsulate the EAP data between the authenticator and authentication server performing 802.1X authentication?
Correct
Incorrect
Encapsulation of EAP data between the authenticator and the authentication server is performed using RADIUS.
Hint
Encapsulation of EAP data between the authenticator and the authentication server is performed using RADIUS.