Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.

Unlimited Access

Get Unlimited Contributor Access to the all ExamTopics Exams!
Take advantage of PDF Files for 1000+ Exams along with community discussions and pass IT Certification Exams Easily.

Exam 350-401 topic 1 question 283 discussion

Actual exam question from Cisco's 350-401
Question #: 283
Topic #: 1
[All 350-401 Questions]

DRAG DROP -
An engineer creates the configuration below. Drag and drop the authentication methods from the left into the order of priority on the right. Not all options are used.

R1#sh run | i aaa -
aaa new-model
aaa authentication login default group ACE group AAA_RADIUS local-case aaa session-id common
R1#
Select and Place:

Show Suggested Answer Hide Answer
Suggested Answer:

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
xziomal9
Highly Voted 2 years, 6 months ago
The correct answer is: priority 1: AAA servers of ACE group priority 2: AAA servers of AAA_RADIUS group priority 3: local configured username in case-sensitive format priority 4: If no method works, then deny login
upvoted 132 times
nushadu
1 year, 3 months ago
true, aaa authentication login default group ACE group AAA_RADIUS local-case aaa session-id common
upvoted 2 times
...
marco74_bi
1 month, 1 week ago
I agree with you
upvoted 1 times
...
...
Hamzaaa
Highly Voted 2 years, 11 months ago
1.AAA ISE 2.AAA Radius 3.Local sensitive case 4.deny if nothing works
upvoted 24 times
...
[Removed]
Most Recent 8 months, 3 weeks ago
Damn! the given answer is so out of the field... AAA ACE Grp AAA AAA_RADIUS grp Local case sensitive deny login
upvoted 2 times
...
wr4net
10 months, 1 week ago
I hate this answer given. all dumps sites shows the same answer as examtopics. as far as im concerned, it should be: priority 1: AAA servers of ACE group (cannot assume AC has tacacs) priority 2: AAA servers of AAA_RADIUS group (cannot assume radius group name has only radius servers priority 3: local configured username in case-sensitive format (3rd option in aaa line will be the third priority, case = case sensitive) priority 4: If no method works, then deny login (last option, if blank is to deny) unless someone can come up with good logic, otherwise, im sticking to my answer. i thought maybe there was some tacacs versus radius priority if they were a part of the same group, but that's not possible, as groups need keyword "radius', or 'tacacs' specified.
upvoted 2 times
...
wr4net
10 months, 2 weeks ago
groups are configured as either a radius or tacacs type: aaa group server tacacs+ MyTacGrpName aaa group server radius MyRadGrpName so you cannot assume ACE is a Tac groups. that rules out that option. also last option is always deny if all methods fail. Lastly, WTF on the word priority. does Priority 1 mean the first (highest) priority, or does priority 4 mean the highest (first) priority. I would assume the P1 = try first. In this case, i would go with: priority 1: AAA servers of ACE group priority 2: AAA servers of AAA_RADIUS group priority 3: local configured username in case-sensitive format priority 4: If no method works, then deny login Other dump sites appear to get this wrong too, so im questioning my logic now.
upvoted 1 times
danman32
8 months ago
Even if the priority list was supposed to be reverse order than what we'd interpret, answer still wrong. So you can keep your sanity :)
upvoted 1 times
...
...
charafDZ
1 year, 1 month ago
"The "local-case" method is used to enforce the typed username to be case sensitive, but in the case of the "local" method the you could type the username in upper or lower case and the Cisco device will accept it. Imagine that you have the "admin" local user, if the you want to login to the device and the method applied is "local" you could login with the "ADMIN" variant of the user and the router/switch will normally accept it, that doesn't happens if the "local-case" keyword is in the AAA policy, so you will have to type the exact username in "admin" in this case." https://learningnetwork.cisco.com/s/question/0D53i00000KstF1CAJ/ppp-chap-authentication-local-vs-localcase
upvoted 1 times
...
x3rox
1 year, 1 month ago
local: case insensitive for username local-case: case sensitive for username
upvoted 2 times
...
kalbos
1 year, 4 months ago
group ACE group AAA_RADIUS local-case deny
upvoted 4 times
...
examShark
2 years, 10 months ago
Given answer is correct
upvoted 2 times
YTAKE
2 years, 6 months ago
I believe so. 1 --- ACE is just the group name, it does not necessarily mean (TACACT+ or Radius) 2 --- The order is also important: the first group is used first, and so on
upvoted 2 times
YTAKE
2 years, 6 months ago
group ACE group AAA_RADIUS local-case deny
upvoted 6 times
...
...
examShark
2 years, 10 months ago
sorry, should be: group ACE group AAA_RADIUS local-case deny
upvoted 23 times
...
...
AliMo123
2 years, 11 months ago
The aaa new-model command immediately applies local authentication to all lines and interfaces (except console line line con 0). so first the local configuration will apply. https://www.cisco.com/c/en/us/support/docs/security-vpn/terminal-access-controller-access-control-system-tacacs-/10384-security.html
upvoted 1 times
thenewguy918
2 years, 10 months ago
After reading through the link you provided it looks like the local authentication is only applied to those interfaces immediately after applying the aaa new-model command to prevent locking out remote users (assuming you created a local login before running the command). But after using the "aaa authentication login default group ACE group AAA_RADIUS local-case" command it replaces the login procedure for all access ports except any that have a different authentication method applied to them manually. The local login is now the 3rd option in the default list after running that command. The problem with this question is you do not know if the servers in those groups are radius or tacacs. You can assume the AAA_RADIUS group is all radius servers.
upvoted 2 times
thenewguy918
2 years, 10 months ago
actually i guess it wouldn't matter if they are radius or tacacs servers since they are both considered AAA From what I have gathered I beleive the answer to be 1. AAA Servers of ACE 2. AAA Servers of AAA_RADIUS 3. Local Case Sensative 4. Deny login
upvoted 12 times
...
...
...
netpeer
2 years, 11 months ago
Broken question
upvoted 1 times
timtgh
1 year, 10 months ago
The question is fine, just the answer shown here is wrong.
upvoted 4 times
...
...
netpeer
2 years, 11 months ago
and the local-case is the 1st method not the last!!
upvoted 1 times
danman32
8 months ago
No because local-case is last on the list. The server groups are first in the list.
upvoted 1 times
...
...
netpeer
2 years, 11 months ago
This seems wrong. The local work is missing from the list and who says that group has TACAS servers??
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...