Tag Archives: TACACS

Which are two characteristics of TACACS+? (Choose two.)

A. It separates authorization and authentication functions. B. It combines authorization and authentication functions. C. It uses UDP port 49. D. It encrypts the password only. E. It uses TCP port 49. Answer: Option A, E. Explanation:  Reference: https://www.cisco.com/c/en/us/support/docs/security-vpn/remote-authentication-dial-user-service-radius/13838-10.html Show AnswerDiscussion The post Which are two characteristics of TACACS+? (Choose two.) appeared first on Majanto.

Which two features must be used on Cisco ISE to enable the TACACS+ feature? (Choose two.)

A. Command Sets B. Server Sequence C. Device Administration License D. External TACACS Servers E. Device Admin Service Answer: Option C, E. Explanation:  No answer description available for this question Show AnswerDiscussion The post Which two features must be used on Cisco ISE to enable the TACACS+ feature? (Choose two.) appeared first on Majanto.

An administrator is configuring Cisco ISE to authenticate users logging into network devices using TACACS+. The administrator is not seeing any of the authentication in the TACACS+ live logs. Which action ensures the users are able to log into the network devices?

A. Enable the device administration service in the PSN persona. B. Enable the device administration service in the Administration persona. C. Enable the session services in the Administration persona. D. Enable the service sessions in the PSN persona. Answer: Option B. Explanation:  Reference: https://www.cisco.eom/c/en/us/td/docs/security/ise/2-4/admin_guide/ b_ISE_admin_guide_24/m_ise_tacacs_device_admin.html Show AnswerDiscussion The post An administrator is configuring Cisco ISE to authenticate users… Read More »

An engineer is creating a new TACACS+ command set and cannot use any show commands after logging into the device with this command set authorization. Which configuration is causing this issue?

Refer to the exhibit. An engineer is creating a new TACACS+ command set and cannot use any show commands after logging into the device with this command set authorization. Which configuration is causing this issue? A. The command set is allowing all commands that are not in the command list. B. The wildcard command listed is in the… Read More »

An administrator is migrating device administration access to Cisco ISE from the legacy TACACS+ solution that used only privilege 1 and 15 access levels. The organization requires more granular controls of the privileges and wants to customize access levels 2-5 to correspond with different roles and access needs. Besides defining a new shell profile in Cisco ISE, what must be done to accomplish this configuration?

A. Enable the privilege levels in Cisco ISE. B. Enable the privilege levels in the IOS devices. C. Define the command privileges for levels 2-5 in Cisco ISE. D. Define the command privileges for levels 2-5 in the IOS devices. Answer: Option D. Explanation:  No answer description available for this question Show AnswerDiscussion The post An administrator is… Read More »

An administrator needs to give the same level of access to the network devices when users are logging into them using TACACS+. However, the administrator must restrict certain commands based on one of three user roles that require different commands. How is this accomplished without creating too many objects using Cisco ISE?

A. Create one shell profile and one command set. B. Create multiple shell profile and one command set. C. Create multiple shell profile and multiple command sets. D. Create one shell profile and multiple command sets. Answer: Option C. Explanation:  Reference: https://www.cisco.eom/c/en/us/td/docs/security/ise/2-1/admin_guide/b_ise_admin_guide_21/ b_ise_admin_guide_20_chapter_0100010.html Show AnswerDiscussion The post An administrator needs to give the same level of access to… Read More »

An engineer configured a Cisco AireOS controller with two TACACS+ servers. The engineer notices that when the primary TACACS+ server fails, the WLC starts using the secondary server as expected, but the WLC does not use the primary server again until the secondary server fails or the controller is rebooted.Which cause of this issue is true?

A. Fallback is enabled B. Fallback is disabled C. DNS query is disabled D. DNS query is enabled Answer: Option B. Explanation:  No answer description available for this question. Show AnswerDiscussion The post An engineer configured a Cisco AireOS controller with two TACACS+ servers. The engineer notices that when the primary TACACS+ server fails, the WLC starts using… Read More »