Which three statements about TACACS+ are true? (Choose three.)
A.
TACACS+ uses TCP port 49.
B.
TACACS+ uses UDP ports 1645 and 1812.
C.
TACACS+ encrypts the entire packet.
D.
TACACS+ encrypts only the password in the Access-Request packet.
E.
TACACS+ is a Cisco proprietary technology.
F.
TACACS+ is an open standard.
Explanation:
TACACS is defined in RFC 1492, and uses (either TCP or UDP) port 49 by default.
Since TCP is connection oriented protocol, TACACS+ does not have to implement transmission
control. RADIUS, however, does have to detect and correct transmission errors like packet loss,
timeout etc. since it rides on UDP which is connectionless. RADIUS encrypts only the users’
password as it travels from the RADIUS client to RADIUS server. All other information such as the
username, authorization, and accounting are transmitted in clear text. Therefore it is vulnerable to
different types of attacks. TACACS+ encrypts all the information mentioned above and therefore
does not have the vulnerabilities present in the RADIUS protocol.
Terminal Access Controller Access-Control System Plus (TACACS+) is a protocol developed by
Cisco and released as an open standard beginning in 1993. Although derived from TACACS,
TACACS+ is a separate protocol that handles authentication, authorization, and accounting (AAA)
services. TACACS+ and other flexible AAA protocols have largely replaced their predecessors.
Reference: http://en.wikipedia.org/wiki/TACACS