Home > AAA Questions

AAA Questions

January 28th, 2021 in ENCOR 350-401 Go to comments

Question 1

Question 2

Explanation

The “aaa authentication login default local group tacacs+” command is broken down as follows:

+ The ‘aaa authentication’ part is simply saying we want to configure authentication settings.
+ The ‘login’ is stating that we want to prompt for a username/password when a connection is made to the device.
+ The ‘default’ means we want to apply for all login connections (such as tty, vty, console and aux). If we use this keyword, we don’t need to configure anything else under tty, vty and aux lines. If we don’t use this keyword then we have to specify which line(s) we want to apply the authentication feature.
+ The ‘local group tacacs+” means all users are authenticated using router’s local database (the first method). If the credentials are not found on the local database, then the TACACS+ server is used (the second method).

Question 3


Explanation

According to the requirements (first use TACACS+, then allow login with no authentication), we have to use “aaa authentication login … group tacacs+ none” for AAA command.

The next thing to check is the if the “aaa authentication login default” or “aaa authentication login list-name” is used. The ‘default’ keyword means we want to apply for all login connections (such as tty, vty, console and aux). If we use this keyword, we don’t need to configure anything else under tty, vty and aux lines. If we don’t use this keyword then we have to specify which line(s) we want to apply the authentication feature.

From above information, we can find out answer C is correct. Although the “password 7 0202039485748” line under “line vty 0 4” is not necessary.

If you want to learn more about AAA configuration, please read our AAA TACACS+ and RADIUS Tutorial – Part 2.

For your information, answer D would be correct if we add the following command under vty line (“line vty 0 4”): “login authentication telnet” (“telnet” is the name of the AAA list above)

Question 4

Question 5

Explanation

The “autocommand” causes the specified command to be issued automatically after the user logs in. When the command is complete, the session is terminated. Because the command can be any length and can contain embedded spaces, commands using the autocommand keyword must be the last option on the line. In this specific question, we have to enter this line “username CCNP autocommand show running-config”.

Question 6

Explanation

In this question, there are two different passwords for user “tommy”:
+ In the TACACS+ server, the password is “Tommy”
+ In the local database of the router, the password is “Cisco”.

From the line “login authentication local” we know that the router uses the local database for authentication so the password should be “Cisco”.

Note: “… password 0 …” here means unencrypted password.

Comments
  1. Anonymous
    February 17th, 2021

    Question 1

    B. TACACS+ authentication uses an RSA server to authenticate users
    C. Local user names are case-insensitive

    B and C I think are also true

    Digitaltut can you look in this one

  1. No trackbacks yet.