CH 1

Question 1

involves controlling access to
who can log in to a network device console, Telnet session, or Secure Shell (SSH) session

Answer 1

Device administration AAA

Question 2

involves securing network access to ensuring
the identity of the device or user before permitting the entity to communicate with
the network.

Answer 2

Network access AAA

Question 3

lists of commands that an authenticated user
is either permitted or not permitted to run

Answer 3

command sets

Question 4

IEEE 802.1X cannot use which protocol?

Answer 4

TACACS

Question 5

TACACS+ was not supported by Cisco ISE until which ISE Version?

Answer 5

2.0

Question 6

which part of a packet is encrypted with TACACS+ and which port does TACACS+ use?

Answer 6

the entire packet, TCP 49

Question 7

When using TACACS+ for authentication, what are the three types of packets exchanged between the client (the network device) and the server:

Answer 7

START, REPLY, CONTINUE

Question 8

This packet is used to begin the authentication request between the AAA
client and the AAA server

Answer 8

START

Question 9

These messages are sent from the AAA server to the AAA client.

Answer 9

REPLY

Question 10

These messages from the AAA client are responses to the AAA server
requests for usernames and passwords

Answer 10

CONTINUE

Question 11

The final REPLY message from the AAA server to the AAA client can include the following
possible values:

Answer 11

ACCEPT, REJECT, ERROR, CONTINUE

Question 12

The user authentication succeeded, and the authorization process may
begin, if the AAA client is configured for authorization

Answer 12

ACCEPT

Question 13

The user authentication failed. The login is denied or the end user is prompted to try again, depending on the configuration of the AAA client

Answer 13

REJECT

Question 14

An error occurred at some point during the authentication. AAA clients typically attempt to authenticate the user again or attempt a different method of authenticating the user

Answer 14

ERROR

Question 15

The user is prompted for additional information. This value sent from
the AAA server within a REPLY message, indicating that more information is required,
should not be confused with the CONTINUE message sent from the AAA client to
the AAA server

Answer 15

CONTINUE

Question 16

When using TACACS+ for authorization, only two messages are used between the AAA
client and the AAA server:

Answer 16

REQUEST or RESPONSE

Question 17

This message is sent from the AAA client to the AAA server to request
authorization

Answer 17

REQUEST

Question 18

This message is sent from the AAA server back to the AAA client with
the result of the authorization request, including specific details, such as the privilege
level assigned to the end user.

Answer 18

RESPONSE

Question 19

A RESPONSE message may contain one of the following replies:

Answer 19

FAIL, PASS_ADD, PASS_REPL, FOLLOW, ERROR

Question 20

This response indicates that the user should be denied access to the
requested service.

Answer 20

FAIL

Question 21

This response indicates successful authorization, and the information contained within the RESPONSE message should be used in addition to the requested information.

Answer 21

PASS_ADD

Question 22

This response indicates successful authorization, but the server has
chosen to ignore the REQUEST message and is replacing it with the information
sent back in the RESPONSE message.

Answer 22

PASS_REPL

Question 23

This reply indicates that the AAA server wants the AAA client to send
the authorization request to a different server. The new server information will be
listed in the RESPONSE packet. The AAA client may use that new server or treat
the response as a FAIL.

Answer 23

FOLLOW

Question 24

This response indicates a problem occurring on the AAA server. Further
troubleshooting needs to occur.

Answer 24

ERROR

Question 25

With accounting, there are two message types used. What are they?

Answer 25

Request, Response

Question 26

This message is sent from the AAA client to the AAA server to indicate a notification of activity

Answer 26

Request

Question 27

Three values that may be included in a REQUEST message:

Answer 27

Start, Stop, Continue

Question 28

This value indicates that a service has begun

Answer 28

Start

Question 29

This value indicates that the service has ended

Answer 29

Stop

Question 30

sometimes referred to as a Watchdog or UPDATE record, is sent when a service has already started and is in progress, but there is updated information to provide in relationship to the service

Answer 30

Continue

Question 31

This message is sent from the AAA server back to the AAA client with the result of the accounting REQUEST message

Answer 31

RESPONSE

Question 32

RESPONSE messages may contain one of 3 replies:

Answer 32

Success, Error, Follow

Question 33

This value indicates that the server received the record from the client

Answer 33

Success

Question 34

This value indicates an error on the server and that the record was not stored

Answer 34

Error

Question 35

This value indicates that the server wants the client to send the record to a different AAA server and includes that server’s information in the RESPONSE message

Answer 35

Follow

Question 36

An IETF standard for AAA, based on client/server model, protocol of choice for network access AAA.

Answer 36

RADIUS

Question 37

One of the major differences in RADIUS and TACACS is that "what" is not separated in a RADIUS transaction.

Answer 37

authentication and authorization

Question 38

What are the message types with RADIUS authentication/authorization?

Answer 38

Access-Request, Access-Accept, Access-Reject, Access-Challenge

Question 39

This message is sent from the AAA client to the AAA server to request authentication and authorization

Answer 39

Access-Request

Question 40

This message is sent from the AAA server to the AAA client to signal a passed authentication

Answer 40

Access-Accept

Question 41

This message is sent from the AAA server to the AAA client to signal authentication failure and indicate that no authorization has been granted

Answer 41

Access-Reject

Question 42

This optional message may be sent from the AAA server to the AAA client when additional information is needed, such as a second password for two-factor authentications

Answer 42

Access-Challenge

Question 43

What are the 2 types of messages used in RADIUS accounting?

Answer 43

Accounting-Request, Accounting-Response

Question 44

This message is sent by the AAA client to the AAA server. It may include time, packets, DHCP information, CDP information, and so on. The message may be a START message indicating that service has begun or a STOP message indicating the service has ended.

Answer 44

Accounting-Request

Question 45

This message acts as an acknowledgment of receipt, so the AAA client knows the accounting message was received by the AAA server.

Answer 45

Accounting-Response

Question 46

Unlike TACACS, RADIUS uses what as the transmission protocol?

Answer 46

UDP (1812 for authentication and 1813 for accounting)

Question 47

allows a RADIUS server to initiate a conversation with a network device and disconnect a user’s session, bounce the port (perform a shut/no-shut), or even tell the device to reauthenticate the user

Answer 47

CoA