350-001 Question 4
A new TACACS+ server is configured to provide authentication to a NAS for remote access users. A user tries to connect to the network and fails. The NAS reports a FAIL message. What could be the problem? (Choose all that apply).
A. The TACACS+ service is not running on the server.
B. The password for this user is incorrect.
C. The username does not exist in the TACACS+ user database.
D. The NAS server lost its route to the TACACS+ server.
E. The TACACS+ server is down.
Answer: B, C
Explanation:
A FAIL condition is a result of incorrect username/password information. It means that an authentication request was successfully received, but that it had failed. A FAIL response is significantly different from an ERROR. A FAIL means that the user has not met the criteria contained in the applicable authentication database to be successfully authenticated. Authentication ends with a FAIL response.
An ERROR means that the security server has not responded to an authentication query. Because of this, no authentication has been attempted. Only when an ERROR is detected will AAA select the next authentication method defined in the authentication method list.
Reference:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/secur_c/scprt1/s
cdaaa. htm
Incorrect Answer:
A, D, E. These would have resulted in an ERROR condition instead of a FAIL condition.
With an error, the NAS would query the next authentication method.
A new TACACS+ server is configured to provide authentication to a NAS for remote access users. A user tries to connect to the network and fails. The NAS reports a FAIL message. What could be the problem? (Choose all that apply).
A. The TACACS+ service is not running on the server.
B. The password for this user is incorrect.
C. The username does not exist in the TACACS+ user database.
D. The NAS server lost its route to the TACACS+ server.
E. The TACACS+ server is down.
Answer: B, C
Explanation:
A FAIL condition is a result of incorrect username/password information. It means that an authentication request was successfully received, but that it had failed. A FAIL response is significantly different from an ERROR. A FAIL means that the user has not met the criteria contained in the applicable authentication database to be successfully authenticated. Authentication ends with a FAIL response.
An ERROR means that the security server has not responded to an authentication query. Because of this, no authentication has been attempted. Only when an ERROR is detected will AAA select the next authentication method defined in the authentication method list.
Reference:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/secur_c/scprt1/s
cdaaa. htm
Incorrect Answer:
A, D, E. These would have resulted in an ERROR condition instead of a FAIL condition.
With an error, the NAS would query the next authentication method.
No comments:
Post a Comment