Exam 350-401 topic 1 question 841 discussion

The commands are wrong. They should have been: a) aaa authentication login default group radius local b) aaa authentication login default group radius c) aaa authorization exec default group radius local d) aaa authorization exec default group radius We can eliminate B & D because without "local" keyword, if the AAA server does not reply to the authentication/authorization request, the authentication/authorization fails. The reason I selected A is: "Authentication allows administrators to identify who can connect to a router by including the user's username and password." "Authorization comes into play after authentication. Authorization allows administrators to control the level of access users have after they successfully gain access to the router." Validate user logins - authentication. https://www.cisco.com/c/en/us/support/docs/security-vpn/terminal-access-controller-access-control-system-tacacs-/10384-security.html https://www.ciscopress.com/articles/article.asp?p=422947&seqNum=2

only C works. and it has a condition stating it should use local, and only that option has it. r2(config)#aaa authentication ? arap Set authentication lists for arap. attempts Set the maximum number of authentication attempts banner Message to use when starting login/authentication. dot1x Set authentication lists for IEEE 802.1x. enable Set authentication list for enable. eou Set authentication lists for EAPoUDP fail-message Message to use for failed login/authentication. login Set authentication lists for logins. onep Set authentication lists for ONEP password-prompt Text to use when prompting for a password ppp Set authentication lists for ppp. sgbp Set authentication lists for sgbp. suppress Do not send access request for a specific type of user. token token authentication username-prompt Text to use when prompting for a username r2(config)#aaa authentication

Login has to do with Authentication and User's Permission is to authorization.

validating user logins is authentication. not authorisation

aaa authentication exec does not even exist. It's C because it also includes the local parameter.

Definitely A. Authentication is what handles logins. Authorization is what handles what an authenticated user is allowed to do.

The question says "user logins" it means "authentication"

There is no command <aaa authentication exec default []> for any purpose ....

Correct answer is C. exec default can be used with authorization command only, for authentication to privileged EXEC command level , authentication enable default is used

A is correct.

All the commands are wrong. As the below users mentioned it should be: aaa authentication login default group radius local or aaa authorization exec default group radius local Consider the fact that all the given options have the "exec" I will chose C.

C is correct

it C it using validate in the quesiton

C is correct after reading this, C is correct for sure https://www.cisco.com/c/en/us/support/docs/security-vpn/terminal-access-controller-access-control-system-tacacs-/10384-security.html#:~:text=This%20document%20focuses%20on%20the,exec%20default%20group%20radius%20local

A is correct

i would say A is correct and consider the missing "login" is a typo C doesn't make any sense to me as the question seems to be asking for authentication

Answer C as answer A doesn't exist. Its a poorly worded question but you must choose what actually exists.