Which of the following statements are true regarding RADIUS? (Select 2 choices.)

A.
It encrypts only the password in AccessRequest packets.

B.
It combines authorization and authentication functions.

C.
It provides more flexible security options than TACACS+.

D.
It uses TCP port 49.

E.
It is a Ciscoproprietary standard protocol.

Explanation:
Remote Authentication DialIn User Service (RADIUS) combines authentication and authorization into a single
function and encrypts only the password in AccessRequest packets. RADIUS is an Internet Engineering Task
Force (IETF) standard protocol for Authentication, Authorization, and Accounting (AAA) operations. RADIUS
uses User Datagram Protocol (UDP) for packet delivery. Because RADIUS encrypts only the password of a
packet, the rest of the packet would be viewable if the packet were intercepted by a malicious user. RADIUS
has fewer flexible security options than Terminal Access Controller Access Control System Plus (TACACS+),
because RADIUS combines the authentication and authorization functions of AAA into a single function and
does not provide router command authorization capabilities.
By contrast, TACACS+ is a Ciscoproprietary protocol that uses Transmission Control Protocol (TCP) for
transport during AAA operations. TACACS+ provides more security and flexibility than RADIUS because
TACACS+ encrypts the entire body of a packet and separates the authentication, authorization, and accounting
functions of AAA. This separation enables granular control of access to resources. For example, TACACS+
gives administrators control over access to configuration commands? users can be permitted or denied access
to specific configuration commands. Because of this flexibility, TACACS+ is used with Cisco Secure Access
Control Server (ACS), which is a software tool that is used to manage user authorization for router access.

Cisco: TACACS+ and RADIUS Comparison: Compare TACACS+ and RADIUS