Which accounting notices are used to send a failed auth…

Which accounting notices are used to send a failed authentication attempt record to a AAA server? (Choose
two.)

Which accounting notices are used to send a failed authentication attempt record to a AAA server? (Choose
two.)

A.
Stop

B.
Stop-record

C.
Stop-only

D.
Start-stop

Explanation:
Brad
Answer) C and D
Confidence level: 50%
Note: This is a widely debated question and my research did not turn up a concrete answer. Some users on the
securitytut forums have said that A is a correct answer.
BD
aaa accounting { auth-proxy | system | network | exec | connection | commands level | dot1x } { default | listname | guarantee-first } [ vrf vrf-name ] { start-stop | stop-only | none } [broadcast] { radius | group group-name }+ stop-only: Sends a stop accounting record for all cases including authentication failures regardless of whether
the aaa accounting send stop-record authentication failure command is configured.
+ stop-record: Generates stop records for a specified event.
For minimal accounting, include the stop-only keyword to send a “stop” accounting record for all cases
including authentication failures. For more accounting, you can include the start-stop keyword, so that
RADIUS or TACACS+ sends a “start” accounting notice at the beginning of the requested process and a “stop”
accounting notice at the end of the process.
Source: http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/security/a1/sec-a1-cr-book/sec-cr-a1.html
On securitytut. com you can find a full description of the simulation test I did.



Leave a Reply 0

Your email address will not be published. Required fields are marked *