60 Chapter 2 Introduction to AAA Security
Review Questions
1.Which of the following is the most secure authentication method?
A.One-time passwords
B.Token cards/soft tokens
C.Username and password
D.S/KEY
2.If you have a default configuration on your interface and then use the following global configuration command, which statement is true?
aaa authorization network gns tacacs local
A.If the TACACS+ server is not reachable, the NAS access will be enabled by default.
B.If the TACACS+ server is not reachable, the local database will be used.
C.The NAS will use the enable password by default.
D.If the TACACS+ server is not reachable, the user will be denied access.
3.Which command enables AAA globally on the NAS?
A.aaa enable
B.aaa new-model
C.aaa default enable
D.aaa authentication login default enable
4.Which component of AAA provides for the identification of users?
A.Accounting
B.Authorization
C.Authentication
D.Administration
5.Which of the following can AAA use for authenticating a user? (Choose all that apply.)
A.NDS
B.TACACS+
C.SQL
D.RADIUS
Copyright ©2003 SYBEX Inc., 1151 Marina Village Parkway, Alameda, CA 94501. |
www.sybex.com |
Review Questions |
61 |
6.Which component of AAA controls the privileges a user is granted?
A.Accounting
B.Authorization
C.Authentication
D.Administration
7.Which of these statements are true regarding the output of the following debug screen? (Choose all that apply.)
1d16h: %LINK-3-UPDOWN: Interface Ethernet0, changed state to up
Oct 5 12:32:12.294: BRI0/0 PPP: Treating connection as a dedicated line Oct 5 12:32:12.294: BRI0/0 PPP: Phase is AUTHENTICATING, by this end Oct 5 12:32:12.294: BRI0/0 CHAP: O CHALLENGE id 7 len 29 from *NASx
A.The user ID is NASx.
B.This connection is established on interface bri0/0.
C.The user is authenticating using CHAP (Challenge Handshake Authentication Protocol).
D.The client is attempting to set up a SLIP (Serial Line Internet Protocol) connection.
8.What does the wait-start radius command do when used with the aaa accounting network command? (Choose all that apply.)
A.The NAS looks for the account information on a RADIUS server.
B.Stop accounting records for network service requests are sent to the RADIUS server.
C.Start accounting records for network service requests are sent to the local database.
D.The requested service cannot start until the acknowledgment has been received from the RADIUS server.
9.Which of these statements are true regarding the following debug output? (Choose all that apply.)
Dec 23 11:59:40.663: AAA/AUTHEN/CONT (1351411051): continue_login (user=’Todd’)
Dec 23 11:59:40.663: AAA/AUTHEN (1351411051): status = GETPASS
Dec 23 11:59:40.663: AAA/AUTHEN/CONT (1351411051): Method=LOCAL
Dec 23 11:59:40.715: AAA/AUTHEN (1351411051): status = PASS
A.The authentication was successful.
B.The user belonged to the Todd group.
C.The method used was local authentication.
D.The output was generated from the debug aaa authentication command.
Copyright ©2003 SYBEX Inc., 1151 Marina Village Parkway, Alameda, CA 94501. |
www.sybex.com |
62 Chapter 2 Introduction to AAA Security
10.Which of the following are packet-mode access methods? (Choose all that apply.)
A.BRI
B.Async
C.Sync
D.Group-sync
E.Telnet
F.Serial
11.Which of the following are considered character-mode access methods? (Choose all that apply.)
A.VTY
B.Async
C.Sync
D.Group-async
E.TTY
F.Serial
G.AUX
12.Which of the following protects against playback hacking?
A.PPP
B.PAP
C.CHAP
D.SLIP
13.Which of the following uses a three-way handshake?
A.PPP
B.PAP
C.CHAP
D.SLIP
14.Which of the following features was developed by Cisco?
A.RADIUS
B.TACACS+
C.Kerberos
D.CHAP
Copyright ©2003 SYBEX Inc., 1151 Marina Village Parkway, Alameda, CA 94501. |
www.sybex.com |
Review Questions |
63 |
15.Which of the following uses the Data Encryption Standard (DES)?
A.RADIUS
B.TACACS+
C.Kerberos
D.CHAP
16.Which of the following is the most secure username/password authentication method?
A.Static username/password
B.Aging username/password
C.One-time passwords (OTP)
D.Token cards/soft tokens
17.Which of these statements are true regarding the following debug output? (Choose all that apply.)
1:09:41: AAA/ACCT: EXEC acct start, line 10 1:09:52: AAA/ACCT: Connect start, line 10, glare 1:09:07: AAA/ACCT: Connection acct stop: task_id=60 service=exec port=10 protocol=telnet
A.This debug output shows that the user is using the local database on the NAS.
B.This is a debug output from the authorization component of AAA.
C.This is a debug output from the accounting component of AAA.
D.The user used Telnet to gain access to the NAS.
18.Which of these statements are true regarding the following debug output? (Choose all that apply.)
01:41:50: AAA/AUTHEN: free_user (0x81420624) user='todd' ruser='' port='tty0' rem_addr='async/' authen_type=ASCII service=LOGIN priv=101:42:12:
AAA/AUTHEN/CONT (864264997): Method=LOCAL
A.This debug output shows that the user is using a remote database for authenticating the user todd.
B.This is a debug output from the authorization component of AAA.
C.This is a debug output from the authentication component of AAA.
D.The password will be checked against the local line password.
Copyright ©2003 SYBEX Inc., 1151 Marina Village Parkway, Alameda, CA 94501. |
www.sybex.com |
64 Chapter 2 Introduction to AAA Security
19.Which of these statements are true regarding the following debug output? (Choose all that apply.)
1:21:23: AAA/AUTHOR (0): user='Todd'
1:21:23: AAA/AUTHOR (0): send AV service=shell 1:21:23: AAA/AUTHOR (0): send AV cmd* 1:21:23: AAA/AUTHOR (342885561): Method=Local
A.The username is Todd.
B.This is a debug output from the authorization component of AAA.
C.This is a debug output from the authentication component of AAA.
D.This is using a remote database for authenticating the user Todd.
20.Which of the following commands trace AAA packets and monitor their activities? (Choose all that apply.)
A.debug aaa authentication
B.debug aaa authorization
C.debug aaa all
D.debug aaa accounting
Copyright ©2003 SYBEX Inc., 1151 Marina Village Parkway, Alameda, CA 94501. |
www.sybex.com |