Home > AAA Questions

AAA Questions

October 27th, 2018 Go to comments

Question 1

Question 2

Explanation

TACACS+ is an AAA protocol developed by Cisco. TACACS+ separates the authentication, authorization, and accounting steps. This architecture allows for separate authentication solutions while still using TACACS+ for authorization and accounting. For example, it is possible to use the Kerberos Protocol for authentication and TACACS+ for authorization and accounting. After an AAA client passes authentication through a Kerberos server, the AAA client requests authorization information from a TACACS+ server without the necessity to re-authenticate the AAA client by using the TACACS+ authentication mechanism.

Authentication and authorization are not separated in a RADIUS transaction. When the authentication request is sent to a AAA server, the AAA client expects to have the authorization result sent back in reply.

Reference: http://www.cisco.com/c/dam/en/us/products/collateral/security/secure-access-control-server-windows/prod_white_paper0900aecd80737943.pdf

Question 3

Explanation

TACACS+ (and RADIUS) allow users to be authenticated against a remote server -> E is correct.

TACACS+ encrypts the entire body of the packet but leaves a standard TACACS+ header -> C is correct.

TACACS+ supports access-level authorization for commands. That means you can use commands to assign privilege levels on the router -> F is correct.

Note:

By default, there are three privilege levels on the router.
+ privilege level 1 = non-privileged (prompt is router>), the default level for logging in
+ privilege level 15 = privileged (prompt is router#), the level after going into enable mode
+ privilege level 0 = seldom used, but includes 5 commands: disable, enable, exit, help, and logout

Question 4

Explanation

There are three authentication and authorization modes for 802.1x:
+ Monitor mode
+ Low impact mode
+ High security mode

Monitor mode allows for the deployment of the authentication methods IEEE 802.1X without any effect to user or endpoint access to the network. Monitor mode is basically like placing a security camera at the door to monitor and record port access behavior.

With AAA RADIUS accounting enabled, you can log authentication attempts and gain visibility into who and what is connecting to your network with an audit trail. You can discover the following:
+ Which endpoints such as PCs, printers, cameras, and so on, are connecting to your network
+ Where these endpoints connected
+ Whether they are 802.1X capable or not
+ Whether they have valid credentials
+ In the event of failed MAB attempts, whether the endpoints have known, valid MAC addresses

Monitor mode is enabled using 802.1X with the open access and multiauth mode Cisco IOS Software features enabled, as follows:
sw(config-if)#authentication open
sw(config-if)#authentication host-mode multi-auth

For more information about each mode, please read this article: http://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/Security/TrustSec_1-99/Phased_Deploy/Phased_Dep_Guide.html

Question 5

Question 6

Explanation

The command “ppp authentication chap pap” command indicates the CHAP authentication is used first. If it fails or is rejected by other side then uses PAP instead. If you want to use PAP first (then CHAP) you can use the “ppp authentication pap chap” command.

Question 7

Question 8

Comments (11) Comments
  1. honeypunch_of_Osaka
    November 26th, 2018

    Where’s the link for the challenge?

  2. questions
    December 7th, 2018

    where are the questions for AAA?

  3. satako
    December 19th, 2018

    In the last compilation of questions there are only 3 of AAA, missing update and missing the corresponding Flash file to practice.

  4. Nguyen Minh Huy
    December 19th, 2018

    I check the question

  5. bbs
    December 26th, 2018

    Hi all, do you have curren CCNA dumps please sent to hbircanicat[at]gmail[dot]com

  6. CC
    January 19th, 2019

    @9tut There is no quiz of AAA

  7. dorissiano
    April 18th, 2019

    Hi, can i please have the questions ?

  8. bill
    May 10th, 2019

    hi, if anyone wants the questions, please download pdf from:

    https://www.9tut.com/ccna-questions-and-answers

  9. syed
    September 17th, 2019

    @9tut There is no quiz of AAA……..

  10. 9tut
    September 17th, 2019

    @syed: Thanks for your detection, we have just added it!

  11. Podranok
    October 26th, 2019

    9tut. There are ONLY first 3 AAA questions in your dump! Where are missing 5?

Add a Comment