An engineer must configure router R1 to validate user logins via RADIUS and fall back to the local user database if the RADIUS server is not available. Which configuration must be applied?
An engineer must configure router R1 to validate user logins via RADIUS and fall back to the local user database if the RADIUS server is not available. Which configuration must be applied?
To validate user logins via RADIUS and fall back to the local user database if the RADIUS server is not available, the correct configuration command is: aaa authentication exec default radius local. This command specifies that the router should first use the RADIUS server to authenticate users. If the RADIUS server is unavailable, it will then use the local user database. This ensures that users can still be authenticated even if there is an issue with the RADIUS server.
The commands are wrong. They should have been: a) aaa authentication login default group radius local b) aaa authentication login default group radius c) aaa authorization exec default group radius local d) aaa authorization exec default group radius We can eliminate B & D because without "local" keyword, if the AAA server does not reply to the authentication/authorization request, the authentication/authorization fails. The reason I selected A is: "Authentication allows administrators to identify who can connect to a router by including the user's username and password." "Authorization comes into play after authentication. Authorization allows administrators to control the level of access users have after they successfully gain access to the router." Validate user logins - authentication. https://www.cisco.com/c/en/us/support/docs/security-vpn/terminal-access-controller-access-control-system-tacacs-/10384-security.html https://www.ciscopress.com/articles/article.asp?p=422947&seqNum=2
If the question remains the same but the answers look like this: a) aaa authentication exec default group radius local b) aaa authentication exec default group radius c) aaa authorization exec default group radius local d) aaa authorization exec default group radius, then I'd go with C.
only C works. and it has a condition stating it should use local, and only that option has it. r2(config)#aaa authentication ? arap Set authentication lists for arap. attempts Set the maximum number of authentication attempts banner Message to use when starting login/authentication. dot1x Set authentication lists for IEEE 802.1x. enable Set authentication list for enable. eou Set authentication lists for EAPoUDP fail-message Message to use for failed login/authentication. login Set authentication lists for logins. onep Set authentication lists for ONEP password-prompt Text to use when prompting for a password ppp Set authentication lists for ppp. sgbp Set authentication lists for sgbp. suppress Do not send access request for a specific type of user. token token authentication username-prompt Text to use when prompting for a username r2(config)#aaa authentication
Answer C as answer A doesn't exist. Its a poorly worded question but you must choose what actually exists.
The question is talking about users logging in which would apply to Authentication more than its referring to "Authorization" which comes into play after you have gained access to the device via telnet or ssh. Maybe the question is missing some wording because it should be aaa authentication. https://www.ciscopress.com/articles/article.asp?p=422947&seqNum=2#:~:text=A%20remote%20user%20must%20be,users%20are%20permitted%20access%20to.
correct
sorry, C is closest correct answer since no such command as "aaa authentication exec default radius local"- so instead of authentication, the authorization is the closest hit, although as I understand then they want to validate user logins(a.k.a check user and password), not set the permissions and rights. dumb question
I agree
Answer should be C.
The correct is C but its missing the " default ". It should be : C. aaa authorization exec default group radius local Most Voted https://www.examtopics.com/discussions/cisco/view/102230-exam-350-401-topic-1-question-726-discussion/
sorry i wanted to write " group "
C is correct after reading this, C is correct for sure https://www.cisco.com/c/en/us/support/docs/security-vpn/terminal-access-controller-access-control-system-tacacs-/10384-security.html#:~:text=This%20document%20focuses%20on%20the,exec%20default%20group%20radius%20local
it must be aaa authentication login default radius local or aaa authorization exec default radius local
A is correct
sorry it´s C
i would say A is correct and consider the missing "login" is a typo C doesn't make any sense to me as the question seems to be asking for authentication
sorry it´s C