Modules 5-7

Question 1

Which privilege level is predefined for the privileged EXEC mode?

a) level 0

b) level 1

c) level 15

d) level 16

Answer 1

Answer:
c) level 15

Explanation:
Privileged EXEC mode (level 15) is reserved for enable-mode privileges (full configuration and view of config files).

Question 2

What is a requirement to use the Secure Copy Protocol feature?

a) At least one user with privilege level 1 has to be configured for local authentication.

b) A command must be issued to enable the SCP server side functionality.

c) A transfer can only originate from SCP clients that are routers.

d) The Telnet protocol has to be configured on the SCP server side.

Answer 2

Answer:
b) A command must be issued to enable the SCP server side functionality. ✔

Explanation:
SCP relies on SSH and AAA. You must enable the server with ip scp server enable; local user should be privilege 15.

Question 3

Which three items are prompted for a user response during interactive AutoSecure setup? (Choose three.)

a) IP addresses of interfaces

b) content of a security banner

c) enable secret password

d) services to disable

e) enable password

f) interfaces to enable

Answer 3

Answer:
b) content of a security banner
c) enable secret password
e) enable password

Explanation:
Interactive AutoSecure prompts for banner and passwords (enable/enable secret) while it auto-secures services and interfaces.

Question 4

Which syslog message type is accessible only to an administrator and only via the Cisco CLI?

a) errors

b) alerts

c) debugging

d) emergency

Answer 4

Answer:
c) debugging

Explanation:
Debug-level messages go to the internal logging buffer and are accessible via the CLI (show logging).

Question 5

Refer to the exhibit. What two statements describe the NTP status of the router? (Choose two.)

a) The router is serving as an authoritative time source.

b) The software clock must be set with clock set for NTP to function.

c) The router is attached to a stratum 2 device.

d) The router is serving as a time source for 192.168.1.1.

e) The IP address of the time source for the router is 192.168.1.1.

Answer 5

Answer:
c) The router is attached to a stratum 2 device; e) The IP address of the time source for the router is 192.168.1.1.

Explanation:
Output shows sync to 192.168.1.1; router is stratum 3, hence its source is stratum 2.

Question 6

An administrator needs to create a user account with custom access to most privileged EXEC commands. Which privilege command is used to create this custom account?

a) privilege exec level 15

b) privilege exec level 0

c) privilege exec level 1

d) privilege exec level 2

Answer 6

Answer:
d) privilege exec level 2

Explanation:
Custom user levels are 2–14. Use privilege exec level <2-14> <command></command> to assign commands.

Question 7

What are two features supported by SNMPv3 but not by SNMPv1/SNMPv2c? (Choose two.)

a) message encryption

b) community-based security

c) SNMP trap mechanism

d) message source validation

e) bulk retrieval of MIB information

Answer 7

Answer:
a) message encryption
d) message source validation

Explanation:
SNMPv3 adds integrity/authentication (source validation) and encryption; v1/v2c use community strings.

Question 8

A network administrator is configuring an AAA server to manage TACACS+ authentication. What are two attributes of TACACS+ authentication? (Choose two.)

a) TCP port 40

b) encryption for all communication

c) single process for authentication and authorization

d) UDP port 1645

e) encryption for only the password of a user

f) separate processes for authentication and authorization

Answer 8

Answer:
b) encryption for all communication
f) separate processes for authentication and authorization

Explanation:
TACACS+ encrypts the entire payload and separates auth and authorization (uses TCP 49)

Question 9

What are two characteristics of the RADIUS protocol? (Choose two.)

a) encryption of the entire body of the packet

b) encryption of the password only

c) the use of UDP ports for authentication and accounting

d) the separation of the authentication and authorization processes

e) the use of TCP port 49

Answer 9

Answer:
b) encryption of the password only
c) the use of UDP ports for authentication and accounting

Explanation:
RADIUS uses UDP 1645/1812 (auth) and 1646/1813 (acct), and encrypts only the password.

Question 10

What is the one major difference between local AAA authentication and using the login local command?

a) The login local command requires manual username/password configuration, but local AAA does not.

b) Local AAA allows more than one user account; login local does not.

c) Local AAA provides a way to configure backup authentication methods; login local does not.

d) The login local command uses local usernames/passwords, but local AAA does not.

Answer 10

Answer:
c) Local AAA provides a way to configure backup authentication methods; login local does not.

Explanation:
Both use local accounts, but AAA lets you specify fallback methods.

Question 11

Which two UDP port numbers may be used for server-based AAA RADIUS authentication? (Choose two.)

a) 1812

b) 1645

c) 1813

d) 1646

e) 49

Answer 11

Answer:
a) 1812
b) 1645

Explanation:
RADIUS auth: 1645/1812; acct: 1646/1813. TACACS+ uses TCP 49.

Question 12

Which command will move the show access-lists command to privilege level 14?

a) router(config)# privilege level 14 command show access-lists

b) router(config)# privilege exec level 14 show access-lists

c) router(config)# set privilege level 14 show access-lists

d) router(config)# show access-lists privilege level 14

Answer 12

Answer:
b) router(config)# privilege exec level 14 show access-lists

Explanation:
Use privilege exec level <level> <command></command>.</level>

Question 13

Which authentication method stores usernames and passwords in the router and is ideal for small networks?

a) server-based AAA over TACACS+

b) local AAA over RADIUS

c) server-based AAA

d) local AAA over TACACS+

e) local AAA

f) server-based AAA over RADIUS

Answer 13

Answer:
e) local AAA

Explanation:
Local AAA stores credentials on the device—simple and suitable for small deployments.

Question 14

What are three characteristics of superviews in the Cisco role-based CLI access feature? (Choose three.)

a) A user uses enable view superview-name to enter a superview.

b) A user uses a superview to configure commands inside associated CLI views.

c) Commands cannot be configured for a superview.

d) Level 15 privilege access is used to configure a new superview.

e) Deleting a superview does not delete the associated CLI views.

f) A single CLI view can be shared within multiple superviews.

Answer 14

Answer:

c) Commands cannot be configured for a superview

e) Deleting a superview does not delete the associated CLI views

f) A single CLI view can be shared within multiple superviews.

Explanation:
Commands are added to CLI views, then views are included in superviews; CLI views persist independently and can be shared.

Question 15

A student enters Router(config)# parser view TECH-view. What is the purpose of this command?

a) to create a CLI view named TECH-view

b) to enter the superview named TECH-view

c) to check the current setup of the CLI view named TECH-view

d) to enter the CLI view named TECH-view

Answer 15

Answer:
a) to create a CLI view named TECH-view

Explanation:
parser view <name> creates a CLI view. (parser view <name> superview creates a superview.) named TECH-view</name></name>

Question 16

show parser view all shows * JR-ADMIN. What does the * indicate?

a) It is a root view.

b) It is a CLI view without a command configured.

c) It is a superview.

d) It is a CLI view.

Answer 16

Answer:
c) It is a superview.

Explanation:
An asterisk in the summary marks a superview.

Question 17

What are two characteristics of the Cisco IOS Resilient Configuration feature? (Choose two.)

a) It maintains a mirror image of the configuration file in RAM.

b) It sends a backup copy of the IOS image to a TFTP server.

c) It saves a secure copy of the primary image and device configuration that cannot be removed by a user.

d) It minimizes the downtime of a device that has had the image and configuration deleted.

e) It is a universal feature on all Cisco devices.

Answer 17

Answer:
c) It saves a secure copy of the primary image and device configuration that cannot be removed by a user
d) It minimizes the downtime of a device that has had the image and configuration deleted.

Explanation:
Resilient Configuration stores secure, undeletable copies to speed recovery; it’s platform-dependent (not universal).

Question 18

What IOS privilege levels are available to assign for custom user-level privileges?

a) levels 1 through 15

b) levels 0, 1, and 15

c) levels 2 through 14

d) levels 0 and 1

Answer 18

Answer:
c) levels 2 through 14

Explanation:
Predefined: 0, 1, 15. Customization available at 2–14.

Question 19

Refer to the exhibit. What information in the syslog message identifies the facility?

a) ADJCHG

b) Loading Done

c) OSPF

d) level 5

Answer 19

Answer:
c) OSPF

Explanation:
Facility categorizes the source (here, OSPF). level 5 is severity; ADJCHG is the mnemonic.

Question 20

What is the biggest issue with local implementation of AAA?

a) Local implementation supports only TACACS+ servers.

b) Local implementation cannot provide secure authentication.

c) Local implementation does not scale well.

d) Local implementation supports only RADIUS servers.

Answer 20

Answer:
c) Local implementation does not scale well.

Explanation:
Local AAA relies on device-local databases, which becomes unmanageable across many devices/users.

Question 21

Which task is necessary to encrypt the transfer of data between the ACS server and the AAA-enabled router?

a) Configure the key exactly the same way on the server and the router.

b) Specify the single-connection keyword.

c) Create a VPN tunnel between the server and the router.

d) Use identical reserved ports on the server and the router.

Answer 21

Answer:
a) Configure the key exactly the same way on the server and the router. ✔

Explanation:
AAA servers/clients use a shared secret key for encryption/authentication; it must match.

Question 22

Based on show running-config, which type of view is SUPPORT?

a) CLI view, containing SHOWVIEW and VERIFYVIEW commands

b) superview, containing SHOWVIEW and VERIFYVIEW views

c) secret view, with a level 5 encrypted password

d) root view, with a level 5 encrypted secret password

Answer 22

Answer:
b) superview, containing SHOWVIEW and VERIFYVIEW views

Explanation:
SUPPORT is a superview that includes CLI views SHOWVIEW and VERIFYVIEW.

Question 23

Which command should be used first for creating a CLI view named TECH-View?

a) Router# enable view

b) Router(config)# aaa new-model

c) Router# enable view TECH-view

d) Router(config)# parser view TECH-view

Answer 23

Answer:
b) Router(config)# aaa new-model

Explanation:
Role-based views require AAA enabled first; then create the view with parser view.

Question 24

Which two commands must be issued to force OSPF MD5 authentication (password 1A2b3C) for all backbone interfaces? (Choose two.)

a) area 0 authentication message-digest

b) ip ospf message-digest-key 1 md5 1A2b3C

c) username OSPF password 1A2b3C

d) enable password 1A2b3C

e) area 1 authentication message-digest

Answer 24

Answer:
a) area 0 authentication message-digest
b) ip ospf message-digest-key 1 md5 1A2b3C

Explanation:
Global area 0 MD5 plus per-interface key enforces OSPF authentication.

Question 25

Because of implemented security controls, a user can only access a server with FTP. Which AAA component accomplishes this? a) accessibility b) accounting c) auditing d) authentication e) authorization

Answer 25

Answer: e) authorization Explanation: Authorization dictates which services (e.g., FTP only) a user can access after authentication.

Question 26

Which AAA component can be established using token cards? a) accounting b) authorization c) auditing d) authentication

Answer 26

Answer: d) authentication Explanation: Token cards (OTP), passwords, challenge/response are authentication factors.

Question 27

What is the primary function of the aaa authorization command? a) permit AAA server access to AAA client services b) limit authenticated user access to AAA client services c) permit authenticated user access to AAA client services d) limit AAA server access to AAA client services

Answer 27

Answer: b) limit authenticated user access to AAA client services Explanation: Authorization controls which areas/commands/services an authenticated user is allowed to use.

Question 28

What must be done before any role-based CLI views can be created? a) Assign multiple privilege levels. b) Configure usernames and passwords. c) Issue the aaa new-model command. d) Create the secret password for the root user.

Answer 28

Answer: c) Issue the aaa new-model command. ✔ Explanation: Before creating any views, AAA must be enabled (aaa new-model). Then create the view, assign a secret to the view, add commands, and exit.

Question 29

Which three statements describe limitations in using privilege levels for assigning command authorization? (Choose three.) a) Creating a user account that needs access to most but not all commands can be a tedious process. b) Commands set on a higher privilege level are not available for lower privilege users. c) The root user must be assigned to each privilege level that is defined. d) It is required that all 16 privilege levels be defined, whether they are used or not. e) There is no access control to specific interfaces on a router. f) Views are required to define the CLI commands that each user can access.

Answer 29

Answer: a) Creating a user account that needs access to most but not all commands can be a tedious process.; b) Commands set on a higher privilege level are not available for lower privilege users.; e) There is no access control to specific interfaces on a router. ✔ Explanation: Privilege levels can’t finely control per-interface access and are coarse; customizing “most but not all” commands is cumbersome.

Question 30

Which two router commands can a user issue when granted privilege level 0? (Choose two.) a) ping b) disable c) help d) configure e) show

Answer 30

Answer: b) disable; c) help ✔ Explanation: Level 0 includes: disable, enable, exit, help, logout.

Question 31

What does level 5 in the following enable secret command indicate? Router(config)# enable secret level 5 csc5io a) The enable secret password can only be set by individuals with privileges for EXEC level 5. b) The enable secret password is hashed using SHA. c) The enable secret password is hashed using MD5. d) The enable secret password grants access to privileged EXEC level 5.

Answer 31

Answer: d) The enable secret password grants access to privileged EXEC level 5. ✔ Explanation: enable secret level sets the password for privilege level n.

Question 32

What are three network enhancements achieved by implementing the Cisco IOS role-based CLI access feature? (Choose three.) a) fault tolerance b) cost reduction c) operational efficiency d) scalability e) security f) availability

Answer 32

Answer: c) operational efficiency; e) security; f) availability ✔ Explanation: Views limit visible commands (efficiency), restrict changes (security), and reduce mistakes (availability).

Question 33

A network administrator wants to create a new view so that a user only has access to certain configuration commands. In role-based CLI, which view should be used to create the new view? a) superview b) admin view c) CLI view d) root view

Answer 33

Answer: d) root view ✔ Explanation: Only the root view user can create CLI views and superviews.

Question 34

A network administrator enters R1# enable view adminview. What is the purpose of this command? a) to enter a superview named adminview b) to enter a CLI view named adminview c) to create a CLI view named adminview d) to enter the root view

Answer 34

Answer: b) to enter a CLI view named adminview ✔ Explanation: enable view switches into the CLI view (assuming it exists).

Question 35

Which range of custom privilege levels can be configured on Cisco routers? a) 0 through 15 b) 2 through 14 c) 1 through 15 d) 2 through 15 e) 1 through 16

Answer 35

Answer: b) 2 through 14 ✔ Explanation: Predefined: 0, 1, 15. Customizable: 2–14.

Question 36

Which command will move the show interface command to privilege level 10? a) router(config-if)# privilege exec level 10 show interface b) router(config)# show interface level 10 c) router(config-if)# show interface level 10 d) router(config)# privilege exec level 10 show interface e) router(config)# privilege level 10 show interface f) router(config-if)# privilege level 10 show interface

Answer 36

Answer: d) router(config)# privilege exec level 10 show interface ✔ Explanation: Use privilege exec level in global config.

Question 37

What is the default privilege level of user accounts created on Cisco routers? a) 0 b) 15 c) 1 d) 16

Answer 37

Answer: c) 1 ✔ Explanation: If no level is specified, accounts default to level 1.

Question 38

An administrator configured: **privilege exec level 14 show ip route enable algorithm-type scrypt secret level 14 cisco-level-10 username ADMIN privilege 14 algorithm-type scrypt secret cisco-level-10** Which two actions are permitted to the user ADMIN? (Choose two.) a) The user can issue the show version command. b) The user can only execute the subcommands under the show ip route command. c) The user can issue the ip route command. d) The user can issue all commands because this privilege level can execute all Cisco IOS commands. e) The user can execute all subcommands under the show ip interfaces command. Answer:

Answer 38

Answer: a) The user can issue the show version command. e) The user can execute all subcommands under the show ip interfaces command. ✔ Explanation: Setting show ip route to a level implicitly allows show and show ip—thus other show commands like show version or show ip interfaces.

Question 39

What service or protocol does the Secure Copy Protocol rely on to ensure secure copy transfers are from authorized users? a) AAA b) RADIUS c) IPsec d) SNMP

Answer 39

Answer: a) AAA Explanation: SCP uses SSH and authenticates users via AAA.

Question 40

During router password recovery, after bypassing NVRAM settings, what should be done next? a) Copy the contents of RAM to the NVRAM. b) Copy the contents of NVRAM to the RAM. c) Reload the router. d) Reset the router.

Answer 40

Answer: c) Reload the router. Explanation: After setting the config-register to ignore startup-config (0x2142), reload so IOS boots ignoring it; then make changes and save.

Question 41

Which protocol is used to automatically synchronize software clocks on Cisco routers? a) DHCP b) NTP c) DNS d) SNMP

Answer 41

Answer: b) NTP Explanation: Network Time Protocol synchronizes device clocks to a time source.

Question 42

Configure NTP server 209.165.200.225 as the time source. Which command is correct? a) ntp peer 192.168.212.11 b) ntp peer 209.165.200.225 c) ntp server 209.165.200.225 d) ntp server 192.168.212.11

Answer 42

Answer: c) ntp server 209.165.200.225 Explanation: ntp server sets the server; ntp peer is for symmetric peer relationships.

Question 43

What are three functions provided by the syslog service? (Choose three.) a) to specify the destinations of captured messages b) to provide statistics on packets flowing through a device c) to periodically poll agents for data d) to gather logging information for monitoring and troubleshooting e) to select the type of logging information that is captured f) to provide traffic analysis

Answer 43

Answer: a) to specify the destinations of captured messages; d) to gather logging information for monitoring and troubleshooting; e) to select the type of logging information that is captured ✔ Explanation: Syslog: collect, filter by type, and forward logs to chosen destinations.

Question 44

Which service should be disabled to prevent malicious ARP redirection? a) LLDP b) reverse ARP c) CDP d) proxy ARP

Answer 44

Answer: d) proxy ARP Explanation: Disable proxy ARP so devices don’t answer ARP on behalf of others.

Question 45

What is the purpose of **ip ospf message-digest-key ...** and **area authentication message-digest** on a router? a) to enable OSPF MD5 authentication on a per-interface basis b) to configure OSPF MD5 authentication globally on the router c) to encrypt OSPF routing updates d) to facilitate the establishment of neighbor adjacencies

Answer 45

b) to configure OSPF MD5 authentication globally on the router Explanation: Use per-interface key plus area MD5 to enable global OSPF auth (per-interface mode uses ip ospf authentication message-digest).

Question 46

Which service is enabled by default and can reveal significant info about a Cisco router? a) FTP b) LLDP c) CDP d) HTTP

Answer 46

Answer: c) CDP Explanation: CDP (Cisco Discovery Protocol) is on by default and exposes device details.

Question 47

Which statement describes SNMP operation? a) An agent collects info and stores it remotely in the MIB on the NMS. b) A get request is used by the SNMP agent to query the device for data. c) An NMS periodically polls agents by using traps to query devices. d) A set request is used by the NMS to change configuration variables in the agent device.

Answer 47

Answer: d) A set request is used by the NMS to change configuration variables in the agent device. ✔ Explanation: Agents store data locally in the MIB; the NMS uses GET to read and SET to change.

Question 48

When SNMPv1 or SNMPv2 is used, which feature provides secure access to MIB objects? a) message integrity b) packet encryption c) source validation d) community strings

Answer 48

Answer: d) community strings Explanation: v1/v2c control access via community strings; v3 adds integrity, auth, and privacy.

Question 49

What are two reasons to enable OSPF authentication? (Choose two.) a) to prevent data traffic from being redirected and then discarded b) to ensure faster network convergence c) to provide data security through encryption d) to prevent redirection of data traffic to an insecure link e) to ensure more efficient routing

Answer 49

Answer: a) to prevent data traffic from being redirected and then discarded; d) to prevent redirection of data traffic to an insecure link Explanation: Authentication protects against routing attacks like route injection/redirection.

Question 50

What are SNMP trap messages? a) unsolicited messages sent by the agent to alert the NMS to a condition b) messages used by the NMS to change configuration variables c) messages used by the NMS to query the device for data d) messages sent periodically by the NMS to agents to query for data

Answer 50

Answer: a) unsolicited messages sent by the agent to alert the NMS to a condition Explanation: Traps are asynchronous alerts from agent → NMS.

Question 51

Which technology allows syslog messages to be filtered to different devices based on importance? a) syslog severity levels b) syslog service timestamps c) syslog service identifiers d) syslog facilities

Answer 51

Answer: a) syslog severity levels Explanation: Severity levels (0–7) let you route/filter logs by criticality.

Question 52

What is a characteristic of the Cisco IOS Resilient Configuration feature? a) It maintains a secure working copy of the bootstrap startup program. b) Once issued, secure boot-config auto-upgrades the archive after new commands. c) secure boot-image works when running an image from a TFTP server. d) A snapshot of the running configuration can be securely archived in persistent storage.

Answer 52

Answer: d) A snapshot of the router running configuration can be taken and securely archived in persistent storage. Explanation: Resilient Config maintains secure copies of the IOS image and config in persistent storage.

Question 53

1. What is a feature of the TACACS+ protocol? a) It combines authentication and authorization as one process. b) It encrypts the entire body of the packet for more secure communications. c) It hides passwords during transmission using PAP and sends the rest in plaintext. d) It utilizes UDP to provide more efficient packet transfer.

Answer 53

Answer: b) It encrypts the entire body of the packet for more secure communications. Explanation: TACACS+: full payload encryption, TCP 49, separate auth and authorization.

Question 54

Which two protocols are used to provide server-based AAA authentication? (Choose two.) a) SSH b) SNMP c) TACACS+ d) 802.1x e) RADIUS

Answer 54

Answer: c) TACACS+; e) RADIUS Explanation: AAA commonly uses TACACS+ or RADIUS servers for centralized authentication.

Question 55

Which functionality does the TACACS single-connection keyword provide? a) allows differing keys between server and client b) enhances the performance of the TCP connection c) maintains a single UDP connection for the life of the session d) encrypts data transfer between server and client

Answer 55

Answer: b) enhances the performance of the TCP connection Explanation: It keeps one TCP connection open for the session instead of repeatedly opening/closing.

Question 56

What are three access control security services? (Choose three.) a) access b) authorization c) repudiation d) availability e) authentication f) accounting

Answer 56

Answer: b) authorization e) authentication f) accounting Explanation: The AAA model: Authentication, Authorization, Accounting.

Question 57

What is the purpose of the network security accounting function? a) to keep track of the actions of a user b) to provide challenge and response questions c) to require users to prove who they are d) to determine which resources a user can access

Answer 57

Answer: a) to keep track of the actions of a user Explanation: Accounting logs who did what, when, and for how long.

Question 58

What does TACACS+ provide in a AAA deployment? a) AAA connectivity via UDP b) authorization on a per-user or per-group basis c) password encryption without encrypting the packet d) compatibility with previous TACACS protocols

Answer 58

Answer: b) authorization on a per-user or per-group basis Explanation: TACACS+ supports granular authorization and encrypts the entire payload over TCP 49.

Question 59

Which term describes a web server keeping logs of user access and session durations? a) accounting b) authentication c) assigning permissions d) authorization

Answer 59

Answer: a) accounting Explanation: Recording usage details is AAA accounting.

Question 60

What is the first required task when configuring server-based AAA authentication? a) Configure the IP address of the server. b) Specify the type of server. c) Configure the type of AAA authentication. d) Enable AAA globally.

Answer 60

Answer: d) Enable AAA globally. Explanation: aaa new-model must be enabled first to use AAA features.

Question 61

What is a characteristic of AAA accounting? a) Accounting can only be enabled for network connections. b) Users are not required to be authenticated before logging. c) Authorization is concerned with access; accounting logs usage. d) Possible triggers for aaa accounting exec default include start-stop and stop-only.

Answer 61

Answer: d) Possible triggers for the aaa accounting exec default command include start-stop and stop-only. Explanation: Accounting supports start-stop or stop-only triggers and logs usage post-authentication.

Question 62

When configuring an AAA authentication method list, what is the effect of the keyword local? a) It uses the enable password for authentication. b) It defaults to the vty line password. c) The login succeeds even if all methods error. d) It accepts a locally configured username, regardless of case.

Answer 62

Answer: d) It accepts a locally configured username, regardless of case. Explanation: local uses the local user database (case-insensitive usernames). local-case is case-sensitive.

Question 63

Which statement describes a difference between RADIUS and TACACS+? a) RADIUS separates authentication and authorization; TACACS+ combines them. b) RADIUS uses TCP; TACACS+ uses UDP. c) RADIUS encrypts only the password whereas TACACS+ encrypts all communication. d) RADIUS is supported by Cisco Secure ACS; TACACS+ is not.

Answer 63

Answer: c) RADIUS encrypts only the password whereas TACACS+ encrypts all communication. Explanation: RADIUS uses UDP and encrypts only the password; TACACS+ uses TCP and encrypts entire payload.

Question 64

A user cannot access a device configured with AAA. How can the admin check if the user account is locked? a) Use the show aaa user command. b) Use the show running-configuration command. c) Use the show aaa sessions command. d) Use the show aaa local user lockout command.

Answer 64

Answer: d) Use the show aaa local user lockout command. Explanation: This shows locked-out accounts with date/time of lockout.

Question 65

Which component of AAA determines which resources a user can access and permitted operations? a) authorization b) authentication c) accounting d) auditing

Answer 65

Answer: a) authorization Explanation: After authentication, authorization defines what the user may do.