An administrator is configuring an ASA firewall for to secure access on ASA firewall in the essence of controlling configuration command executed on the Firewall.
Which command he will he use?
A. aaa authorization ssh console
B. aaa authorization comands
C. aaa authorization ssh console
D. aaa authentication exec server-authentication
Correct answer is *B*.
aaa authorization command — Specify this keyword to allow **command authorization** to be configured for all administrators on all consoles
aaa authorization exec — Perform administrative authorization for console connections(ssh, http, telnet and enable) configured for authentication to RADIUS, LDAP, TACACS or LOCAL authentication servers.
So all *EXEC* does when using RADIUS is asks it if it is ok for user to login using some protocol. But it does not authorize any specific commands. To authorize specific command it is needed to use **aaa authorization command …**
I think it is D
aaa authorization exec authentication-server auto-enable
Correct answer is B
The question is asking “… in the essence of controlling configuration command executed on the Firewall.”
aaa authorization comands allows exec commands user can use on the ASA.
Answer is B.
aaa authorization ssh console AND aaa authentication exec server-authentication is not a valid command on ASA
https://www.cisco.com/c/en/us/td/docs/security/asa/asa82/command/reference/cmd_ref/a1.html
Answer is B.
aaa authorization ssh console AND aaa authentication exec server-authentication is not a valid command on ASA
The correct answer is: aaa authentication ssh console
A&C are the same so we should have “aaa authentication ssh console” as an option there
https://www.cisco.com/c/en/us/td/docs/security/asa/asa-command-reference/A-H/cmdref1/a1.html
Answer should be D, but “aaa authorization exec server-authentication”