1. |
1—A; 2—C; 3—B. |
2. |
The answers are C and E. Cisco ISRs do not contain integrated Power over Ethernet (PoE) ports or VoIP ports or Firewire ports. Some of the features are available as option cards on modular ISRs. |
3. |
False. It is also a trick question! Cisco recommends that passwords should be at least 10 characters in length, but there is no default rule. Passwords can be blank. That is why this chapter stresses basics such as best practices for passwords. |
4. |
Answer B is correct. Answer D is a trick because that command doesn’t exist and answer A is just plain wrong. Answer C is tricky too because we learn in this chapter that passwords on the router are not encrypted unless we use the service password-encryption command. |
5. |
The correct answer is B. This is a bit of a trick question because answer B enables configuration from not only the terminal but also from other sources. The syntax of the other (but wrong) answers is all mixed up. |
6. |
Choices A, C, D, E, and H are correct. The other items can be configured in the SDM, but they are not considered one of the five basic services that the SDM manages. |
7. |
The correct answer is D. |
8. |
The correct answer is D. Answer C is meant to confuse because Cisco Secure ACS Express is being described and is also an appliance-based solution. Answers A, B, and E are simply wrong. |
9. |
The correct answer is D. |
10. |
Answer A is the correct answer. Answer B is the command that displays detailed statistics of all logged in users. Answer C is used to display current sessions of users who have been authenticated, authorized, or accounted by the AAA module. The command in answer D doesn’t exist. |
11. |
This is a trick question. The question is not which protocols does Cisco Secure ACS work with to authenticate to an external database. If that was the question, you could choose everything in the list. Answers D and E are correct because only RADIUS and TACACS+ are choices for protocols that work between the AAA client (the Cisco IOS router) and the AAA server (Cisco Secure ACS). |
12. |
Answers A and C are correct. Answer B is backwards. It’s TACACS+ that encrypts the whole communication, whereas RADIUS encrypts only the password. Answer D is incorrect but for a tricky reason. Although RADIUS is open source, TACACS+ isn’t quite a proprietary standard because Cisco has published it as an RFC (Request for Comment), part of the IETF standards track. Answer E is incorrect because RADIUS can use either ports 1645 and 1646 or ports 1812 and 1813 for authentication/authorization and accounting, respectively. |
13. |
Answers B and E are correct. Answer B is correct because you do not need special software on an IP host in order to enable AAA for the network. Answer E is correct because the Cisco Secure ACS Solution Engine is an appliance that comprises a self-contained AAA server solution. It is not an add-on module for a router, and the router is the AAA client in this scenario anyway. |
14. |
Answer D is correct. The use of the terms “packet” and “character” are deliberately misleading because these refer to types of access in general (see Figure 3.10), but not specific types of AAA authorization policies. Answer E is simply wrong but sounds like it might be right to someone who hasn’t read the Exam Cram. |