Which two statements about the TACACS+ protocol are true?

Which two statements about the TACACS+ protocol are true? (Choose two.)

Which two statements about the TACACS+ protocol are true? (Choose two.)

A.
Because it uses UDP for transport. TACACS+ can detect server crashes out-ofband.

B.
TACACS+ takes advantage of the UDP protocol’s connectionless network
transport.

C.
The entire body of a TACACS+ packet is encrypted with the exception of the
standard clear-text TACACS+ header.

D.
TACACS+ combines the authentication and authorization functions.

E.
VSAs allow products from other vendors to interoperate with Cisco routers that
support TACACS+.

F.
TACACS+ can handle different .AAA services on separate servers.

Explanation:
http://www.cisco.com/c/en/us/support/docs/security-vpn/remote-authentication-dialuser-service-radius/13838-10.html
TACACS+ encrypts the entire body of the packet but leaves a standard TACACS+ header.
Within the header is a field that indicates whether the body is encrypted or not. For debugging purposes, it is useful to have the body of the packets unencrypted. However,
during normal operation, the body of the packet is fully encrypted for more secure communications.
TACACS+ uses the AAA architecture, which separates AAA. This allows separate authentication solutions that can still use TACACS+ for authorization and accounting. For example, with TACACS+, it is possible to use Kerberos authentication and TACACS+ authorization and accounting. After a NAS authenticates on a Kerberos server, it requests authorization information from a TACACS+ server without having to re-authenticate. The NAS
informs the TACACS+ server that it has successfully authenticated on a Kerberos server,
and the server then provides authorization information.



Leave a Reply 0

Your email address will not be published. Required fields are marked *