多项选择题

A.A good security practice is to havethe none parameter……

Refer to the exhibit. Which two statements about the AAA configuration are true？（）

A.A good security practice is to havethe none parameter configured as the final method used toensure that no other authentication method will be used
B.If a TACACS+ server is not available， then a user connecting via the console port would not beable to gain access since no other authentication method has been defined
C.If a TACACS+ server is not available， then the user Bob could be able to enter privileged modeas long as the proper enable password is entered
D.Theaaa new-model command forces the router to override every other authentication methodpreviously configured for the router lines
E.To increase security， group radius should be used instead of group tacacs+
F.Two authentication options are prescribed by the displayedaaa authentication command

<上一题目录下一题>

热门试题

单项选择题Incomputersecurity，AAAstandsforauthentication，authorizationandaccounting.WhichoptionabouttheAAAauthenticationenabledefaultgroupradiusenablecommandiscorrect？（）

A.If the radius server returns an error， the enable password will be used
B.If the radius server returns a ’failed’ message， the enable password will be used
C.The command login authentication group will associate the AM authentication to a specifiedinterface
D.If the group database is unavailable， the radius server will be used

单项选择题Authentication is the process of determining if a user or identity is who they claim to be. Refer tothe exhibit. Which statement about the authentication process is correct？（）

A.The LIST1 list will disable authentication on the console port
B.All login requests will be authenticated using the group tacacs+ method
C.The default login authentication will automatically be applied to all login connections
D.Because no method list is specified， the LIST1 list will not authenticate anyone on the consoleport

单项选择题Asanetworkengineer，doyouknowforwhatpurposeSDMusesSecurityDeviceEventExchange（SDEE）？（）

A.to provide a keepalive mechanism
B.to pull event logs from the router
C.to extract relevant SNMP information
D.to perform application-level accounting

单项选择题Asanetworktechnician，doyouknowwhatisarecommendedpracticeforsecureconfigurationmanagement？（）

A.Disable post scan
B.Use SSH or SSL
C.Enable trust levels
D.Deny echo replies on all edge routers

单项选择题Network Topology Exhibit： Configuration Exhibit： NET（config）# access-list 112 deny icmp any any echo log NET（config）# access-list 112 deny imp any any redirect log NET（config）# access-list 112 deny icmp any any mask-request log NET（config）# access-list 112 permit icmp any 10.1.1.0 0.0.0.255 NET（config）# interface Fa0 1 NET（config-if）# ip access-group 112 in You work as a network administrator at networkTut.com， study the exhibit carefully. The configuration has been applied to router NET to mitigate the threat of certain types of ICMPbasedattacks while allowing some ICMP traffic to the corporate LAN to work. However， the configurationis incorrect. On the basis of the information in the exhibit， which configuration option wouldcorrectly configure router NET？（）

A.The first three statements of ACL 112 should have permitted the ICMP traffic and the laststatement should deny the identified traffic
B.The last statement of ACL 112 should have been "access-list 112deny icmp any 10.2.1.00.0.0.255"
C.The last statement of ACL 112 should have been "access-list 112permit icmp any 10.2.1.00.0.0.255"
D.ACL 112 should have been applied to interface Fa0/0 in an inbound direction
E.The last statement of ACL 112 should have been "access-list 112deny icmp any 10.1.1.00.0.0.255"
F.ACL 112 should have been applied to interface Fa0/1 in an outbound direction
G.None of the above