CCSP SECUR FAQ : Authentication

CCSP SECUR FAQ : Authentication

Q1. Which of the following is true? (Choose two.)
A. Authentication provides a method for verifying the identity of users.
B. NAS cannot provide authentication.
C. Usernames and passwords can be stored on NAS.
D. Cisco does not support RADIUS.

Answer: A, C

Q2. Which of the following is the least secure method of authentication? (Choose two.)
A. Username/password static
B. Username/password aging
C. Session key one-time password
D. Token cards

Answer: A, B

Q3. Which of the following security protocols is not supported by Cisco network devices?
A. TACACS+
B. RADIUS
C. Kerberos
D. TLS

Answer: D

Q4. Which of the following command syntax is correct for creating a username and password locally on the NAS?
A. Router(config)#username meron password k0nj0
B. Router#username meron password k0nj0
C. Router(config)#set username meron set password k0nj0
D. Router#set username meron password k0nj0

Answer: A

Q5. Which port is reserved for TACACS+?
A. UDP 1645
B. TCP 1645
C. TCP 49
D. UDP 49

Answer: C

Q6. Password Authentication Protocol (PAP)
A. Involves a two-way handshake where the username and password are sent across the link in clear text.

B. Sends username and passwords in encrypted format.

C. Involves a one-way handshake.

D. Is not supported by Cisco network devices.

Answer: A

Q7. Which of the following port does RADIUS use?
A. UDP 49
B. TCP 1645
C. TCP 49
D. UDP 1645

Answer: D

Q8. The CHAP authentication protocol
A. Involves a three-way handshake.
B. Involves a one-way handshake.
C. Is not supported by Cisco network devices.
D. Sends password in clear text.

Answer: A

Q9. Which port is reserved TACACS+ use?

Answer: TCP 49

Q10. Why is PAP considered insecure compared to other authentication protocols such CHAP and MS-CHAP?

Answer: It sends username and password in clear text.

Q11. What type of encryption algorithm does CHAP uses during the three-way handshake?

Answer: MD5

Q12. Who developed and designed the Kerberos authentication protocol?

Answer: Massachusetts Institute of Technology

Q13. Give one difference between CHAP and MS-CHAP?

Answer: CHAP defines a set of “reason-for failure” codes returned in the failure packet Message field.

Q14. Which versions of the TACACS protocol in Cisco IOS Software have officially reached end-ofmaintenance?

Answer: The TACACS and XTACACS protocols in Cisco IOS Software are officially considered end-of-maintenance and are no longer maintained by Cisco for bug fixes or enhancement

Q15. What command is used to disable the console password for a network access server?

Answer: The command no login is used in the global configuration mode.

Q16. Which two popular authentication methods does PPP support?

Answer: PAP and CHAP are the two authentication methods that PPP supports.

Q17. In the RADIUS security architecture, what is the network access server?

Answer: The network access server is the client in the RADIUS security architecture.

More Resources

About the author

Scott

Leave a Comment