CCNP Switch FAQ: Managing Switch Users

CCNP Switch FAQ: Managing Switch Users

Q1. The acronym AAA represents which three of the following functions?
a. Analysis
b. Authentication
c. Accounting
d. Administration
e. Authorization
f. Accounts

Answer: B, C, E
Figure: A Simplified View of AAA

Q2. If theusername command is used in a switch configuration, which one of the following authentication methods is implied?
a. Remote
b. Local
c. RADIUS
d. TACACS+

Answer: B

Q3. Which two external methods of authentication do Catalyst switches support?
a. Pre-shared key
b. Active Directory
c. RADIUS
d. KERBEROS
e. TACACS+

Answer: C, E

Q4. Which one of the following commands should be used to configure a vty line to use the myservers authentication method list?
a. line authentication myservers
b. authentication myservers
c. authentication method myservers
d. login authentication myservers

Answer: D

Q5. A RADIUS server is located at IP address 192.168.199.10. Which one of the following commands configures a Catalyst switch to find the server?
a. authentication radius 192.168.199.10
b. aaa radius 192.168.199.10
c. radius-server host 192.168.199.10
d. radius server 192.168.199.10

Answer: C

Q6. Suppose that the following configuration command has been entered on a Catalyst switch. Which one answer correctly identifies the authentication method that will be used first when a user tries to connect to the switch?
Switch(config)#aaa authentication login default radius tacacs+ local
a. RADIUS servers
b. Locally defined usernames
c. TACACS+ servers
d. Default line passwords
e. None of the these answers; all methods are tried simultaneously

Answer: A

Q7. If a user needs to be in privileged EXEC or enable mode, which part of AAA must succeed? (Choose one correct answer.)
a. Authentication
b. Authorization
c. Accounting
d. Administration

Answer: B

Q8. What happens if authorization is not configured on a switch? (Choose one correct answer.)
a. Authenticated users cannot use any switch commands.
b. Authenticated users must authenticate themselves to move to a higher privilege level.
c. Authenticated users can use any switch command.
d. Authorization cannot be disabled or omitted.

Answer: B

Q9. Which two of the following commands will begin a configuration that will authorize users to run any switch command and to make configuration changes?
a. aaa authorization commands …
b. aaa authorization exec …
c. aaa authorization config-commands …
d. aaa authorization config all …
e. aaa authorization any any

Answer: A, C. The aaa authorization command separates the switch command and configuration command functions so that each can have its own method list. The respective keywords are aaa authorization commands and aaa authorization config-commands.

Q10. Suppose you would like to configure AAA accounting to keep a record of switch commands that are entered by users. Which one of the following commands should you enter to accomplish your goal?
a. aaa accounting exec default start-stop mymethods
b. aaa accounting commands 15 default start-stop mymethods
c. aaa accounting system commands start-stop mymethods
d. aaa accounting commands 15 default none mymethods

Answer: B

More Resources

About the author

Prasanna

Leave a Comment