A network administrator applies the following configuration to an IOS device: aaa new-model aaa authentication login default local group tacacs+ What is the process of password checks when a login attempt is made to the device?
A.
A TACACS+ server is checked first. If that check fails, a local database is checked.
B.
A TACACS+ server is checked first. If that check fails, a RADIUS server is checked. If that check fails, a local database is checked.
C.
A local database is checked first. If that check fails, a TACACS+ server is checked. If that check fails, a RADIUS server is checked.
D.
A local database is checked first. If that check fails, a TACACS+ server is checked.
D correct
Explanation: The âaaa authentication login default local group tacacs+â command is broken down as follows:
+ The âaaa authenticationâ part is simply saying we want to configure authentication settings.
+ The âloginâ is stating that we want to prompt for a username/ password when a connection is made to the device.
+ The âdefaultâ means we want to apply for all login connections (such as tty, vty, console and aux). If we use this keyword, we donât need to configure anything else under tty, vty and aux lines. If we donât use this keyword then we have to specify which line(s) we want to apply the authentication feature.
+ The âlocal group tacacs+â means all users are authenticated using routerâs local database (the first method). If the credentials are not found on the local database, then the TACACS+ server is used (the second method).
The order of authentication methods is based on how they are listed in the configuration. The first method listed is tried first, and if that fails, the next method is used. In this case, "local" is listed before "group tacacs+", so the local database is checked first.
The presence of aaa new-model in the configuration enables the AAA (Authentication, Authorization, and Accounting) framework on the Cisco IOS device, which is required to use AAA features.
With the given configuration aaa authentication login default local group tacacs+, the aaa new-model command doesn't change the order in which the password checks are performed; it simply activates the AAA functionality. So the process for password checks when a login attempt is made to the device would still be:
A. A TACACS+ server is checked first. If that check fails, a local database is checked.
This means that the authentication process will attempt to use TACACS+ first, and if the TACACS+ servers are not available, it will fall back to the local user database for authentication
Router(config)# new-model
Router(config)# authentication login default local group tacacs+
With just "aaa new model" configured, local authentication is applied to all lines and interfaces (except console line line con 0).
Here the AAA method list is applied on all login attempts on all lines of the device, where first local database is checked and then if required, Terminal Access Controller Access Control System (TACACS) server is tried.
https://www.cisco.com/c/en/us/support/docs/security-vpn/terminal-access-controller-access-control-system-tacacs-/200606-aaa-authentication-login-default-local.html
upvoted 1 times
...
This section is not available anymore. Please use the main Exam Page.350-401 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
skh
Highly Voted 4Â years, 6Â months agoShri_Fcb10
Most Recent 8Â months ago[Removed]
1Â year agods0321
1Â year agosupershysherlock
1Â year, 2Â months agobora4motion
2Â years, 5Â months agoKZM
2Â years, 6Â months ago