Answer is A
tacacs-server key
To configure a global TACACS+ shared secret key, use the tacacs-server key command. To remove a configured shared secret, use the no form of this command.
tacacs-server key [0 | 7] shared-secret
Syntax Description
7 (Optional) Configures a preshared key specified in encrypted text to authenticate communication between the TACACS+ client and server.
A
https://community.cisco.com/t5/routing/does-cisco-support-strong-remote-network-authentication/m-p/2767297/highlight/false#M257295:~:text=To%20sum%20up%2C%20Tacacs%20encrypt%20the%20PAP%20protocol%20so%20there%20is%20no%20login/pwd%20in%20clear%20text%20in%20the%20request.
A is correct. The PAP message is in plain text between switch and end user.. but from swicth to AAA server its encrypted. https://community.cisco.com/t5/network-access-control/tacacs-pap-ascii/td-p/1989127
C because PAP by definition does not send password encrypted.
https://www.techopedia.com/definition/4043/password-authentication-protocol-pap#:~:text=Password%20Authentication%20Protocol%20(PAP)%20is,authentication%20server%20as%20plain%20text.
Yes, but
One of the unique features offered by TACACS+ is encryption of the entire packet beyond the header. This feature distinguishes it from RADIUS, which can encrypt only the passwords exchanged rather than the entire packet.
The timeout is set to 5 seconds in the config. PAP is sent encrypted. Deadtime is only the amount of time to query a non responding AAA server amd in minutes.
Blurain is right. PAP authenticates in clear text. "key 7" means you provide the key in an encrypted format to the device, so if someone looks at the config file, they would not see the actual key.
So I think the answer is C, because the key is only encrypted in the config file, but the question is about how PAP authenticates, and it does it in clear text.
I think it means that it sends the type-7 (or type-6 if AES128 encryption is enabled) "encrypted" password through PAP without encrypting the packet itself otherwise.
I think the implication here is that PAP is doing the encryption when, as has been discussed, PAP sends in Clear Text, so that would make the Answer C.
We've already established D is wrong as the Deadtime is in Minutes not seconds and B is wrong because at no point in the configuration does it mention Type 6 encryption
the answer is C. using invetred commas assumes you have alerady run an encryption of the password and so uses clear text. if you dont use the inverted commas then the password will be double encrypted ( thats my understanding anyway )
A is correct
You can specify that the key-value is in clear text format (0 )... type-7 encrypted (7 ). The Cisco NX-OS software encrypts a clear text key before saving it to the running configuration. The default format is clear text. The maximum length is 63 characters...
If you already configured a shared secret using the generate type7_encrypted_secret command, enter it in quotation marks, as shown in the second example. For more information, see Configuring the Shared Secret for RADIUS or TACACS+.
https://help.webex.com/en-us/n6idlrb/Configuring-TACACS
Answer is A.
switch(config)# tacacs-server key [ 0 | 7 ] key-value
Specifies a preshared key for all TACACS+ servers. You can specify a clear text (0) or encrypted (7) preshared key.
https://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus5000/sw/configuration/guide/cli/CLIConfigurationGuide/sec_tacacsplus.html
upvoted 3 times
...
This section is not available anymore. Please use the main Exam Page.350-601 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
AllenT
Highly Voted 3 years, 3 months agociscochick
Highly Voted 3 years, 1 month agoScheldon
Most Recent 6 months agoGuyThatTakesDumps
1 year agoniunius
1 year, 2 months agoharmann
1 year, 2 months agoC4rlos
10 months, 3 weeks agoSmoothey
1 year, 7 months agoAlfi91
2 years agoAlfi91
2 years agoRTL_dude
1 year, 8 months agoSwitchKiller
1 year, 6 months agoblurain
2 years, 6 months agotazerman
2 years, 7 months agoDC4000
2 years, 6 months agoHeyyeh71
3 years, 3 months ago