nerdexam
Cisco

350-701 · Question #163

Refer to the exhibit. A network administrator configures command authorization for the admm5 user. What is the admin5 user able to do on HQ_Router after this configuration?

The correct answer is A. complete no configurations. Based on a common authorization configuration where no specific commands are permitted, the admin5 user would be unable to complete any configurations on HQ_Router.

Submitted by kev92· Mar 30, 2026Secure Network Access, Visibility, and Enforcement

Question

Refer to the exhibit. A network administrator configures command authorization for the admm5 user. What is the admin5 user able to do on HQ_Router after this configuration?

Exhibit

350-701 question #163 exhibit

Options

  • Acomplete no configurations
  • Badd subinterfaces
  • Ccomplete all configurations
  • Dset the IP address of an interface

How the community answered

(30 responses)
  • A
    60% (18)
  • B
    20% (6)
  • C
    7% (2)
  • D
    13% (4)

Why each option

Based on a common authorization configuration where no specific commands are permitted, the admin5 user would be unable to complete any configurations on HQ_Router.

Acomplete no configurationsCorrect

If command authorization is configured but no specific commands are explicitly permitted for a user like 'admin5' within the policy, the user will be denied access to execute any configuration commands by default, effectively blocking all changes.

Badd subinterfaces

Adding subinterfaces is a configuration command, and without explicit authorization for this action, the user would be denied permission to perform it.

Ccomplete all configurations

Completing all configurations implies full administrative access, which would require specific and broad authorization, contrary to a scenario where authorization might restrict actions.

Dset the IP address of an interface

Setting an IP address is a specific configuration command; without explicit authorization for interface configuration, the user would be unable to perform this task.

Concept tested: Cisco IOS command authorization default deny

Source: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_usr_aaa/configuration/xe-16/sec-usr-aaa-xe-16-book/sec-usr-aaa-authz.html

Topics

#TACACS+#command authorization#AAA#privilege levels

Community Discussion

No community discussion yet for this question.

Full 350-701 Practice