nerdexam
Cisco

350-401 · Question #1231

An engineer must configure a router to allow users to run specific configuration commands by validating the user against the router database. Which configuration must be applied?

The correct answer is D. aaa authorization exec default local. To control which specific commands a user can execute on a router while authenticating them against the local database, AAA authorization for exec commands must be configured.

Submitted by luis.pe· Mar 6, 2026

Question

An engineer must configure a router to allow users to run specific configuration commands by validating the user against the router database. Which configuration must be applied?

Options

  • Aaaa authentication network default local
  • Baaa authorization network default local
  • Caaa authentication exec default local
  • Daaa authorization exec default local

How the community answered

(33 responses)
  • A
    6% (2)
  • B
    3% (1)
  • C
    9% (3)
  • D
    82% (27)

Why each option

To control which specific commands a user can execute on a router while authenticating them against the local database, AAA authorization for exec commands must be configured.

Aaaa authentication network default local

The `aaa authentication network default local` command configures authentication for network services (e.g., PPP, 802.1X), not for user command execution on the router itself.

Baaa authorization network default local

The `aaa authorization network default local` command configures authorization for network services, not for command execution on the router.

Caaa authentication exec default local

The `aaa authentication exec default local` command configures user authentication for console or VTY access (exec mode), but it determines *who* can log in, not *what* commands they are authorized to run.

Daaa authorization exec default localCorrect

The `aaa authorization exec default local` command configures the router to authorize command execution (exec mode) using the local user database, allowing granular control over which commands a user with a specific privilege level can run.

Concept tested: Cisco IOS AAA command authorization

Source: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/security/a1/sec-a1-cr-book/sec-a1-cr-cli-commands.html#wp2541999905

Topics

#Cisco AAA#AAA authorization#Command authorization#Local database

Community Discussion

No community discussion yet for this question.

Full 350-401 Practice