Cisco Certified Internetwork Expert (CCIE) Practice Test

Disable ads (and more) with a membership for a one time $2.99 payment

Study for the Cisco Certified Internetwork Expert Exam. Prepare with flashcards, multiple-choice questions, and detailed explanations. Equip yourself with the skills needed to become a top-tier network expert. Get ready for your exam!

Start Multiple Choice Practice Test
Start Flash Cards

Each practice test/flash card set has 50 randomly selected questions from a bank of over 500. You'll get a new set of questions each time!

Practice this question and more.

Which two statements about role-based access control are true?

  1. Server profile administrators have read and write access to all system logs by default

  2. The user profile on an AAA server is configured with the roles that grant user privileges

  3. If the same username is used for a local and remote user account, the remote roles override the local account

  4. A view is created on the Cisco IOS device to leverage role-based access controls

The correct answer is: The user profile on an AAA server is configured with the roles that grant user privileges

The statement regarding the user profile on an AAA (Authentication, Authorization, and Accounting) server being configured with the roles that grant user privileges is true because AAA provides a framework for managing user access and permissions. In this context, roles are defined to determine what actions a user can perform on network devices. Each user profile ideally includes the roles that specify the level of access granted, thereby enabling network administrators to enforce security policies and control user privileges efficiently. This configuration typically allows granular control over user access, ensuring that users only have permissions necessary for their specific tasks while minimizing potential security risks. The roles assigned in the user profile dictate the capabilities of users, which is a fundamental principle in role-based access control systems. In contrast, the other statements are either misleading or inaccurate in the context of typical role-based access control configurations. For example, server profile administrators not necessarily having default read and write access to all system logs may depend on specific implementation policies and configurations, leading to variability in user privileges. Similarly, the precedence of remote roles over local accounts can vary depending on configuration specifics and is not a universal rule, while the creation of views on Cisco IOS devices represents a broader access control strategy rather than being a direct feature of role-based access control.

More Questions Like This