Upgrade to remove ads
(Security) Chapter 3 homework
Terms in this set (34)
What is a drawback of the local database method of securing device access that can be solved by using AAA with centralized servers?
User accounts must be configured locally on each device, which is an unscalable authentication solution
Refer to the exhibit. Router R1 is configured as shown. An administrative user
attempts to use Telnet from router R2 to router R1 using the interface IP address
10.10.10.1. However, Telnet access is denied. Which option corrects this problem?
The administrative user should use the username Admin and password Str0ngPa55w0rd.
What is the purpose of the none keyword in an AAA
It allows users to log into the device without credentials if all other
authentication methods fail.
Which task is necessary to encrypt the transfer of data between the ACS server and the
Configure the key exactly the same way on the server and the router
What port state is used by 802.1X if a workstation fails authorization?
What is the biggest issue with local implementation of AAA?
Local implementation does not scale well.
What is the first required task when configuring server-based AAA authentication?
Enable AAA globally
Refer to the exhibit. Which statement describes the output of the debug?
A user was successfully authenticated.
Which statement describes a difference between RADIUS and TACACS+?
RADIUS encrypts only the password whereas TACACS+ encrypts all
Refer to the exhibit. What configuration would need to be applied to the vty lines in
order to use this AAA policy?
No configuration is necessary
Which component of AAA allows an administrator to track individuals who access
network resources and any changes that are made to those resources?
Refer to the exhibit. Router R1 has been configured as shown, with the resulting log message. On the basis of the information that is presented, which two statements describe the result of AAA authentication operation? (Choose two.)
A) The locked-out user failed authentication.
E)The locked-out user stays locked out until the clear aaa local user lockout
username Admin command is issued.
Which two features are included by both TACACS+ and RADIUS protocols? (Choose two.)
B) password encryption
C) utilization of transport layer protocols
Refer to the exhibit. Which statement describes the configuration of the ports for Server1?
The ports configured for Server1 on the router must be identical to those configured on the RADIUS server.
Why would a network administrator include a local username configuration, when the
AAA-enabled router is also configured to authenticate using several ACS servers?
The local username database will provide a backup for authentication in the event
the ACS servers become unreachable.
When using 802.1X authentication, what device controls physical access to the
network, based on the authentication status of the client?
the switch that the client is connected to.
Starting chapter 4
Starting Chapter 4 below.
Which statement describes a stateful firewall?
. It can determine if the connection is in the initiation, data transfer, or termination phase.
What are two characteristics of ACLs? (Choose two.)
A) Extended ACLs can filter on destination TCP and UDP ports.
C) Extended ACLs can filter on source and destination IP addresses.
In general which ICMP message type should be stopped inbound?
Which two types of addresses should be denied inbound on a router interface that attaches to the Internet?
B) private IP addresses
D) any IP address that starts with the number 127
Consider the following access list command applied outbound on a router serial interface:
access-list 100 deny icmp 192.168.10.0 0.0.0.255 any echo reply What is the effect of applying this access list command?
No traffic will be allowed outbound on the serial interface.
Where is the firewall policy applied when using Classic Firewall?
What is the result in the self zone if a router is the source or destination of traffic?
All traffic is permitted
What are two characteristics of this access list? (Choose two.)
A) The access list has been applied to an interface.
D) Any device on the 10.1.1.0/24 network (except the 10.1.1.2 device) can telnet to the router that has the
IP address 10.1.1.1 assigned.
Refer to the exhibit. If a hacker on the outside network sends an IP packet with source address 172.30.1.50,
destination address 10.0.0.3, source port 23, and destination port 2447, what does the Cisco IOS firewall do with
The packet is dropped.
Which command is used to activate an IPv6 ACL named ENG_ACL on an interface so that the router filters traffic.
ipv6 traffic-filter ENG_ACL in.
Refer to the exhibit. Which statement describes the function of the ACEs?
These ACEs allow for IPv6 neighbor discovery traffic.
A router has been configured as a classic firewall and an inbound ACL applied to the external interface. Which
action does the router take after inbound-to-outbound traffic is inspected and a new entry is created in the
A dynamic ACL entry is added to the external interface in the inbound direction.
If the provided statements are in the same ACL, which statement should be listed first in the ACL according to
permit udp 172.16.0.0 0.0.255.255 host 172.16.1.5 eq snmptrap
Refer to the exhibit. The network "A" contains multiple corporate servers that are accessed by hosts from the
Internet for information about the corporation. What term is used to describe the network marked as "A"?
When a Cisco IOS Zone-Based Policy Firewall is being configured, which action should be used to make the firewall really stateful? (Choose the best one.)
In the ZPF (or ZBF) configuration, which configuration is used to configure the action that will be taken on a certain type of traffic?
In the ZPF (or ZBF) configuration, which configuration is used to specify a unidirectional firewall policy between two security zones?
THIS SET IS OFTEN IN FOLDERS WITH...
CCNA Security CH 5,6
CISA 3055 Chapter 3
Cisco Advanced Cisco Adaptive Security Appliance
Cisco Managing A Secure Network
YOU MIGHT ALSO LIKE...
Chapter 4 Test Security
Security Chap3 Quiz
Security Chap4 Quiz
Chapter 4 Cisco
OTHER SETS BY THIS CREATOR
Chapter 4 (Spanning Tree Protocol)
Chapter 3 Multiplayer