Question 1 | What does AAA stand for? -
A. Authentication, authorization, accounting -
B. Authentication, authentication, accounting -
C. Authentication, authorization, application -
D. Authentication, accounting, access control |
A1: | Answer A is correct. AAA stands for authentication, authorization, and accounting. Therefore, answers B, C, and D are incorrect. |
Question 2 | When using AAA commands what does the local parameter mean? -
A. AAA local requests are sent to a server. -
B. Only local logins are performed on the remote database. -
C. Authenticate using a remote local server. -
D. Authenticate using the local database. |
A2: | Answer D is correct. The local parameter is used to define that the local database of usernames and passwords should be used, rather than a remote database. Answer A is incorrect because requests are not sent to a server. Answers B and C are incorrect because a local database is used and not a remote server. |
Question 3 | By default, the PIX supports providing logon credentials for which basic protocols? (Select three.) -
A. SSL -
B. Telnet -
C. HTTP -
D. IPX -
E. TFTP -
F. FTP |
A3: | Answers B, C, and F are correct. The PIX supports three basic protocols with cut-through proxy authentication: HTTP, FTP, and Telnet. Therefore, answers A, D, and E are incorrect. |
Question 4 | When talking about AAA services, what does the acronym ACS stand for? -
A. Access control server -
B. Authentication control server -
C. Accounting Cisco Server -
D. Authorization Cisco server |
A4: | Answer A is correct. ACS stands for Access control server, and it can be used for RADIUS and TACACS+ AAA services. Therefore, answers B, C, and D are incorrect. |
Question 5 | Which command is used to direct authentication and accounting? -
A. aaa-server -
B. aaa authentication -
C. aaa remote-server -
D. aaa authorization |
A5: | Answer A is correct. The aaa-server command, combined with the group tag , is used to define where to direct AAA services. Answers B and D are incorrect because the aaa authentication and aaa authorization commands are used to define which features need checking against the AAA services. Answer C is incorrect because this is an invalid command. |
Question 6 | If a user fails to authenticate on the PIX with an AAA server, what happens? -
A. The user gains access. -
B. The connection is dropped. -
C. The user is forwarded to the Cisco Web site. -
D. The user account is disabled. |
A6: | Answer B is correct. If a user authentication has failed, the connection is dropped. Answer A is incorrect because the user does not gain access. Answer C incorrect, the user connection is dropped, not forwarded to Cisco's Web site. Answer D is incorrect because the user account is not disabled, only prevented from connecting. |
Question 7 | Which AAA part denies a person the ability to Telnet? -
A. Accounting -
B. Authentication -
C. Access control -
D. Authorization |
A7: | Answer D is correct. The authorization denies the ability to Telnet. Answer A is incorrect because accounting only tracks what a user does. Answer B is incorrect because authentication prevents a user from logging in ”it does not just restrict Telnet. Answer C is not part of the AAA services, so it is incorrect. |
Question 8 | What is virtual HTTP used for? -
A. It's a replacement for Linux Web servers. -
B. It enables Web browsers to work correctly with HTTP authentication. -
C. It provides authentication for Telnet users. -
D. It provides a Web interface to configure the PIX firewall. |
A8: | Answer B is correct. Virtual HTTP is used to help overcome problematic issues with browsers and internal Web server issues. Answer A is incorrect because it is not a Web server replacement feature. Answer C is incorrect because Virtual HTTP is for HTTP connections. Answer D is incorrect because the PDM is the Web interface for the PIX firewall. |
Question 9 | What do RADIUS and TACACS+ use for a transport layer protocol? -
A. TACACS+ uses TCP, and RADIUS uses TCP. -
B. TACACS+ uses UDP, and RADIUS uses TCP. -
C. TACACS+ uses TCP, and RADIUS uses UDP. -
D. TACACS+ uses UDP, and RADIUS uses UDP. |
A9: | Answer C is correct. The RADIUS protocol uses UDP, and the TACACS+ protocol uses TCP. The TACACS+ is considered to be more secure than RADIUS because all the payload is encrypted. Therefore, answers A, B, and D are incorrect. |
Question 10 | Which statement is true about the PIX firewall? -
A. The PIX supports only local AAA services. -
B. The PIX supports local, RADIUS, and TACACS+. -
C. The PIX supports only local and RADIUS. -
D. The PIX supports only TACACS+ and RADIUS. |
A10: | Answer B is correct. The PIX firewall supports local, RADIUS, and TACACS+. Separate groups can be created for different types of traffic, and each group can point to a different RADIUS or TACACS+ server. Therefore, answers A, C, and D are incorrect because the PIX supports local, RADIUS, and TACACS+. |
Question 11 | Which statement is true about downloadable ACLs? -
A. They're supported on RADIUS and not TACACS+. -
B. They're supported on TACACS+ and not RADIUS. -
C. They're supported on both RADIUS and TACACS+. -
D. They're not supported on RADIUS or TACACS+. |
A11: | Answer A is correct. Cisco supports downloadable ACLs on RADIUS and not TACACS+. Therefore, answers B, C, and D are incorrect. |
Question 12 | Which statements are true about named downloadable ACLs? (Select two.) -
A. They are supported on TACACS+. -
B. They are shared among PIX firewalls and users. -
C. They are shared among PIX firewalls but not users. -
D. They are supported on RADIUS. |
A12: | Answers B and D are correct. Named ACLs are shared between users and PIX firewalls, and Cisco supports downloadable ACLs on RADIUS and not TACACS+. Answer A is incorrect because downloadable ACLs are only supported on RADIUS not TACACS+. Answer C is incorrect because named access lists can be shared among users. Unnamed access lists are not shared among users. |