nerdexam
Cisco

300-430 · Question #77

Refer to the exhibit. You enter the command on a Cisco Catalyst 3850 Series Switch that runs Cisco ISO XE. What does the command do?

The correct answer is D. It defines the level of access of the user or the device.. The command configures AAA authorization on the switch, which determines the level of access granted to an authenticated user or device.

Security for Wireless Client Connectivity

Question

Refer to the exhibit. You enter the command on a Cisco Catalyst 3850 Series Switch that runs Cisco ISO XE. What does the command do?

Options

  • AIt defines the user identity or the device identity to be validated by the RADIUS server.
  • BIt captures information on the length of the authorized session, as well as the bandwidth usage
  • CIt defines the RADIUS server used to track which sessions are still active.
  • DIt defines the level of access of the user or the device.

How the community answered

(48 responses)
  • A
    4% (2)
  • B
    8% (4)
  • C
    15% (7)
  • D
    73% (35)

Why each option

The command configures AAA authorization on the switch, which determines the level of access granted to an authenticated user or device.

AIt defines the user identity or the device identity to be validated by the RADIUS server.

Validating user or device identity against a RADIUS server is the function of AAA authentication commands, not authorization.

BIt captures information on the length of the authorized session, as well as the bandwidth usage

Capturing session length and bandwidth usage is performed by AAA accounting commands, which log resource consumption.

CIt defines the RADIUS server used to track which sessions are still active.

Tracking which sessions are still active is an accounting or session management function, not a role of authorization configuration.

DIt defines the level of access of the user or the device.Correct

AAA authorization commands on IOS XE (such as 'aaa authorization network' or 'aaa authorization exec') define what services and access levels are permitted after authentication succeeds, not who the user is or how long a session lasts. The authorization step maps the authenticated identity to a policy - such as a VLAN assignment, downloadable ACL, or privilege level - effectively setting the access level for the user or device.

Concept tested: AAA authorization configuration on IOS XE Catalyst switches

Source: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_usr_aaa/configuration/xe-16/sec-usr-aaa-xe-16-book/sec-cfg-authorizatn.html

Topics

#Catalyst 3850#IOS XE#authorization policy#access level

Community Discussion

No community discussion yet for this question.

Full 300-430 Practice