PrepAway - Latest Free Exam Questions & Answers

which of the following in common?

RADIUS and TACACS+ have which of the following in common? (Select the best answer.)

PrepAway - Latest Free Exam Questions & Answers

A.
They communicate by using the same transport protocol.

B.
They are AAA protocols.

C.
They are Ciscoproprietary protocols.

D.
They encrypt the entire packet.

Explanation:
Terminal Access Controller Access Control System Plus (TACACS+) and Remote Authentication DialIn User
Service (RADIUS) are both Authentication, Authorization, and Accounting (AAA) protocols. However, there are
some important differences between TACACS+ and RADIUS.
TACACS+ encrypts the entire body of a packet and provides router command authorization capabilities.
TACACS+ is a Ciscoproprietary protocol that uses Transmission Control Protocol (TCP) for transport duringAAA operations. TACACS+ provides more security and flexibility than other authentication protocols, such as
RADIUS, which is an open standard protocol commonly used as an alternative to TACACS+. Because
TACACS+ can be used to encrypt the entire body of a packet, users who intercept the encrypted packet cannot
view the user name or contents of the packet. In addition, TACACS+ provides flexibility by separating the
authentication, authorization, and accounting functions of AAA. This enables granular control of access to
resources. For example, TACACS+ gives administrators control over access to configuration commands?
users can be permitted or denied access to specific configuration commands. Because of this flexibility,
TACACS+ is used with Cisco Secure Access Control Server (ACS), which is a software tool that is used to
manage user authorization for router access.
RADIUS was developed as an Internet Engineering Task Force (IETF) standard protocol. Like TACACS+,
RADIUS is a protocol used with AAA operations. However, RADIUS uses User Datagram Protocol (UDP) for
packet delivery and is less secure and less flexible than TACACS+. RADIUS encrypts only the password of a
packet? the rest of the packet would be viewable if the packet were intercepted by a malicious user. With
RADIUS, the authentication and authorization functions of AAA are combined into a single function, which limits
the flexibility that administrators have when configuring these functions. Furthermore, RADIUS does not provide
router command authorization capabilities.

Cisco: TACACS+ and RADIUS Comparison: Compare TACACS+ and RADIUS


Leave a Reply