Which two statements about AAA with the local database are true? (Choose two.)
A. It supports a limited number of usernames and passwords.
B. The local database can server only as a backup authentication method.
C. By default, it is queried before a TACACS+ or RADIUS server.
D. Accounting is not supported locally.
E. Authorization is available only for one-time use logins.
AD
Hello people, in the brink of the extinction of this CCNP Certification, I want to explain why it the answer are the letters A and D.
A: It is letter A because, in fact there is a limited number of user names and passwords that a device can be configured.
D: It is letter D because you can not use the local database for network access authorization. The local database does not support accounting.
If you people want to get more into this I could reference this link:
Reference: https://www.cisco.com/c/en/us/td/docs/security/asa/asa82/configuration/guide/config/access_aaa.pdf
That’s it, I want to wish you all good luck in your exams, I hope you get through this with a favorable score.
Colman Bonshtal
Totally agree with your answer but sadly your link is already broken so it’s impossible to use as reference.
I wasn’t sure about the limit on number of usernames but AAA Accouting definitely cannot be used with a local username.
Not sure what the point of comments is here though as they never pay attention or correct their answers.
AD
“You can configure AAA to operate with out a server by setting the switch to implement AAA in local mode.The switch then handles authentication and authorization.** No accounting is available ** in this configuration.”
confirmation of D is the correct answer
chrome-extension://cbnaodkpfinfiipjblikofhlhlcickei/src/pdfviewer/web/viewer.html?file=https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst2960x/software/15-0_2_EX/security/configuration_guide/b_sec_152ex_2960-x_cg/b_sec_152ex_2960-x_cg_chapter_01000.pdf
DE right.
———————————————–
aaa authorization exec local
aaa authorization network local
—————–
https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst2960x/software/15-0_2_EX/security/configuration_guide/b_sec_152ex_2960-x_cg/b_sec_152ex_2960-x_cg_chapter_01000.pdf
Correct Answer is AD
DE is right.
CD
https://www.cisco.com/c/en/us/td/docs/switches/metro/me2600x/config/guide/b_ME2600X-scg/b_ME2600X-scg_chapter_01010.pdf
Only a limited set of functions can be controlled via the local database.
Because the none keyword enables any user logging in to successfully authenticate, it should be used only
as a backup method of authentication.
In many circumstances, AAA uses protocols such as RADIUS nor TACACS+ to administer its security functions.
When AAA accounting is activated, the network access server reports user activity to the RADIUS or TACACS+ security server
Provides the method for remote access control, including one-time authorization or
authorization for each service, per-user account list and profile, user group support, and support of IP
and Telnet.
You said “Because the none keyword enables any user logging in to successfully authenticate, it should be used only
as a backup method of authentication.”
Then your answer should be B instead of C.
In my opinion I agree with you “B,D” is the correct answer.
C is wrong , because what is the point of having TACACS+ or RADIUS if you going to check user credentials in the local database before them.
the local should be used as last resort a”BACKUP”