CCSP SECUR FAQ : Authentication, Authorization, and Accounting

CCSP SECUR FAQ : Authentication, Authorization, and Accounting

Q1. Which of the following best describes AAA authentication?
A. Authentication is last defense against hackers.

B. Authentication can only work with firewalls.

C. Authentication is the way a user is identified prior to being allowed into the network.

D. Authentication is a way to manage what a user can do on a network.

E. Authentication is way to track what a user does once logged in.

Answer: C

Q2. Which of the following best describes AAA authorization?
A. Authorization cannot work without accounting.

B. Authorization provides the means of tracking and recording user activity on the network.

C. Authorization is the way a user is identified.

D. Authorization determines which resources the user is permitted to access and what operation the user is permitted to perform.

Answer: D

Q3. Which of the following best describes AAA accounting?
A. Accounting is the way that users are identified before they log in to the network.

B. Accounting enables you to track the services users are accessing as well as the amount of network resources they are consuming.

C. Accounting cannot be used for billing.

D. Accounting is a way to curtail where users can go on a network access server.

E. AAA accounting is used only to track users logging on to the network.

Answer: B

Q4. What is the command that enables AAA on a network access server or a router?
A. aaa in
B. aaa on
C. aaa new-model
D. enable aaa
E. start aaa services

Answer: C

Q5. Which of the following is the correct syntax to specify RADIUS as the default method for a user authentication during login?
A. authentication radius login
B. login radius aaa authentication
C. aaa login authentication group radius
D. aaa authentication login default group radius
E. radius authentication login

Answer: D

Q6. Which of the following authorization methods does AAA not support?
A. TACACS+
B. RADIUS
C. SQL
D. NDS
E. Cisco

Answer: B

Q7. What command enables you to troubleshoot and debug authentication problems?
A. debug authentication
B. debug aaa authentication
C. authentication debug aaa
D. show authentication
E. show aaa authentication

Answer: B

Q8. How do you track user activity on your network access server?
A. You cannot track user activities on your NAS.
B. Use AAA authorization only.
C. Use AAA authentication only.
D. A and B.
E. Configure AAA accounting.

Answer: E

Q9. Which of the following commands requires authentication for dialup users via async or ISDN connections?
A. ppp authentication default radius
B. aaa authentication ppp default local
C. authentication line isdn
D. aaa authentication login remote
E. aaa ppp authentication radius

Answer: B

Q10. After an authentication method has been defined, what is the next step to make AAA authentication work on the access server?
A. Set up AAA accounting.
B. Do nothing.
C. Apply the authentication method to the desired interface.
D. Reload the router or NAS.

Answer: C

Q11. What command enables AAA on a router/NAS?

Answer: aaa new-model

Q12. Which of the AAA services can be used for billing and auditing?

Answer: Accounting

Q13. What are the seven types of AAA authorization that are supported on the Cisco IOS Software?

Answer: The seven types of AAA authorization are auth-proxy, commands, EXEC, network, reverse access, configuration, and IP mobile

Q14. What AAA command would you use to configure authentication for login to an access server?

Answer: aaa authentication login

Q15. Name two authorization methods supported by AAA?

Answer: TACACS, local, if-authenticated, and RADIUS are all supported by AAA as authorization methods.

Q16. What command enables you to troubleshoot a AAA authorization problem?

Answer: debug aaa authorization

Q17. How many authentication methods can you specify in AAA configuration?

Answer: You can specify up to four authentication methods. The additional methods of authentication are used only if the preceding method returns an error, not if it fails. To specify that the authentication should succeed even if all methods return an error, specify none as the final method in the command line.

Q18. What is the difference between a FAIL response and an ERROR response in a AAA configuration?

Answer: A FAIL response occurs when a user submits an incorrect username and password combination. An ERROR response occurs when the security server fails to respond to an authentication request.

Q19. How would you display all the accounting records for actively accounted functions?

Answer: show accounting

Q20. What command disables AAA functionality on your access server?

Answer: no aaa new-model. This command is done in the global configuration mode.

More Resources

About the author

Scott

Leave a Comment