Exam Prep Questions

Search in book...
Toggle Font Controls
Create new playlist

Name your new playlist

Playlist description (optional)
Sign In

Email address

Password

Forgot Password?

or

Continue with Facebook

Continue with Google
Sign Up

Full Name

Email address

Confirm Email Address

Password

or

Continue with Facebook

Continue with Google

Exam Prep Questions

Match the following deployment scenarios for a Cisco IOS router with the correct description:

1.	Single Perimeter:	___
2.	Two Perimeters:	___
3.	Screen Subnet:	___

Descriptions:

A.	The router establishes the trusted network boundary at the Internet and protects a single LAN.
B.	A DMZ is established on a firewall that, in turn, is deployed inside the Cisco IOS router.
C.	A firewall establishes a second perimeter behind the router.

Which of the following is not a feature of Cisco Integrated Services routers? (Choose all that apply.)

	A.	USB Port (most models)
	B.	Unified Network Services
	C.	Integrated PoE VoIP port
	D.	Integrated Security
	E.	Firewire port

True or false. By default, Cisco router passwords must contain at least 10 characters.

Which statement about the service password-encryption command is correct?

	A.	It encrypts all passwords in the router’s configuration file with an AES (Advanced Encryption Standard) 256-bit level encryption.
	B.	With the exception of the hashed enable secret, all passwords on the router are encrypted.
	C.	All passwords on the router are encrypted.
	D.	It has no effect unless the service password secret-encrypt command is also issued.
	E.	None of the above.

You have entered the following commands to create a view called ISP:

CiscoISR(config)parser view ISP
CiscoISR(config-view)#secret 0 hardtoguess

Which one of the following commands enable users of this view to access the configure mode from a terminal?

	A.	commands configure include all terminal
	B.	commands exec include all configure
	C.	commands include exec configure
	D.	commands exec include configure terminal
	E.	None of the above.

Referring to the following list, select the five items that comprise the five basic services that SDM manages:

	A.	Wireless
	B.	Intrusion Protection Services (IPS)
	C.	Routing
	D.	Switching
	E.	Security
	F.	Interfaces
	G.	AAA
	H.	QoS

What (in the right order) does AAA stand for?

	A.	Access, accountability, administration
	B.	Administration, access, accounting
	C.	Accounting, access, administration
	D.	Authentication, authorization, accounting
	E.	Authorization, accounting, administration
	F.	None of the above.

Which of the following is true about the Cisco Secure ACS Solution Engine? (Choose all that are correct.)

	A.	Must be installed on an existing installation of Windows Server.
	B.	Must be installed on an existing installation of Windows Server or Sun Solaris.
	C.	An appliance-based solution that supports up to 50 AAA clients, as well as 350 unique user logons in a 24-hour period.
	D.	An appliance-based solution.
	E.	TACACS+ only
	F.	None of the above.

Fill in the blanks with the correct words from the list:

When designing an AAA solution, remote administrative access is also known as _____ mode. Another name for remote network access is _____ mode.

	A.	Packet, character
	B.	Character, network
	C.	Network, character
	D.	Character, packet
	E.	Packet, network

10.

What command will display a list of all local AAA users who have been locked out?

	A.	show aaa local user lockout
	B.	show aaa user all
	C.	show aaa sessions
	D.	show aaa local lockout
	E.	None of the above.

11.

Which protocols are supported in the AAA dialog between a Cisco IOS router and Cisco Secure ACS? (Choose all that apply.)

	A.	LDAP
	B.	Active Directory
	C.	OBDC
	D.	RADIUS
	E.	TACACS+
	F.	Kerberos

12.

Which of the following statements is most correct concerning RADIUS and TACACS+?

	A.	RADIUS has rich accounting and TACACS+ is capable of customizable user-level policies such as command authorization.
	B.	RADIUS encrypts the whole communication between the AAA client and server, whereas TACACS+ only encrypts the password.
	C.	RADIUS uses UDP for transport and TACACS+ uses TCP.
	D.	RADIUS is a proprietary standard, whereas TACACS+ is Open Source.
	E.	RADIUS uses UDP ports 1645 and 1646 exclusively

13.

Which of the following are not included in the three main task areas in setting up for external AAA? (Choose all that apply.)

	A.	Configure the AAA network.
	B.	Install AAA supplicant software on IP hosts that will authenticate to the IOS router.
	C.	Identify traffic to which AAA is applied.
	D.	Set up users.
	E.	Install Cisco Secure ACS Solution Engine module on the Cisco IOS router.

14.

Select the one answer with the correct two terms to fill in the following blanks.

There are two distinct types of AAA authorization policies:

________ policies that define access rules to the router.

________ policies that define access rules through the router.

Choices:

	A.	Network, Exec
	B.	Packet, Character
	C.	Character, Packet
	D.	Exec, Network
	E.	Administrative, User

Answers to Exam Prep Questions

1.	1—A; 2—C; 3—B.
2.	The answers are C and E. Cisco ISRs do not contain integrated Power over Ethernet (PoE) ports or VoIP ports or Firewire ports. Some of the features are available as option cards on modular ISRs.
3.	False. It is also a trick question! Cisco recommends that passwords should be at least 10 characters in length, but there is no default rule. Passwords can be blank. That is why this chapter stresses basics such as best practices for passwords.
4.	Answer B is correct. Answer D is a trick because that command doesn’t exist and answer A is just plain wrong. Answer C is tricky too because we learn in this chapter that passwords on the router are not encrypted unless we use the service password-encryption command.
5.	The correct answer is B. This is a bit of a trick question because answer B enables configuration from not only the terminal but also from other sources. The syntax of the other (but wrong) answers is all mixed up.
6.	Choices A, C, D, E, and H are correct. The other items can be configured in the SDM, but they are not considered one of the five basic services that the SDM manages.
7.	The correct answer is D.
8.	The correct answer is D. Answer C is meant to confuse because Cisco Secure ACS Express is being described and is also an appliance-based solution. Answers A, B, and E are simply wrong.
9.	The correct answer is D.
10.	Answer A is the correct answer. Answer B is the command that displays detailed statistics of all logged in users. Answer C is used to display current sessions of users who have been authenticated, authorized, or accounted by the AAA module. The command in answer D doesn’t exist.
11.	This is a trick question. The question is not which protocols does Cisco Secure ACS work with to authenticate to an external database. If that was the question, you could choose everything in the list. Answers D and E are correct because only RADIUS and TACACS+ are choices for protocols that work between the AAA client (the Cisco IOS router) and the AAA server (Cisco Secure ACS).
12.	Answers A and C are correct. Answer B is backwards. It’s TACACS+ that encrypts the whole communication, whereas RADIUS encrypts only the password. Answer D is incorrect but for a tricky reason. Although RADIUS is open source, TACACS+ isn’t quite a proprietary standard because Cisco has published it as an RFC (Request for Comment), part of the IETF standards track. Answer E is incorrect because RADIUS can use either ports 1645 and 1646 or ports 1812 and 1813 for authentication/authorization and accounting, respectively.
13.	Answers B and E are correct. Answer B is correct because you do not need special software on an IP host in order to enable AAA for the network. Answer E is correct because the Cisco Secure ACS Solution Engine is an appliance that comprises a self-contained AAA server solution. It is not an add-on module for a router, and the router is the AAA client in this scenario anyway.
14.	Answer D is correct. The use of the terms “packet” and “character” are deliberately misleading because these refer to types of access in general (see Figure 3.10), but not specific types of AAA authorization policies. Answer E is simply wrong but sounds like it might be right to someone who hasn’t read the Exam Cram.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.

Table of Contents for Exam Prep Questions

Create new playlist

Sign In

Sign Up

Exam Prep Questions

Answers to Exam Prep Questions

Table of Contents for
Exam Prep Questions