RADIUS uses UDP while TACACS+ uses TCP.
RADIUS encrypts only the password in the access-request packet, from the client to the server. The remainder of the packet is unencrypted. Other information, such as username, authorized services, and accounting, can be captured by a third party.
TACACS+ encrypts the entire body of the packet but leaves a standard TACACS+ header.
RADIUS combines authentication and authorization.
TACACS+ uses the AAA architecture, which separates AAA.
the correct answer is option B: TACACS+ separates authentication and authorization, while RADIUS combines them. Option A is incorrect because neither RADIUS nor TACACS+ is designed to log commands entered by administrators. Option C is incorrect because both RADIUS and TACACS+ can encrypt sensitive information. Option D is incorrect because both RADIUS and TACACS+ can be used for various types of authentication, including dial-up, wireless, and VPN.
TACACS (Terminal Access Controller Access Control System) is a security protocol that provides centralized validation of users who are attempting to gain access to a router or NAS. TACACS+ provides separate authentication, authorization and accounting services
RADIUS combines authenticaiton and authorization into a single function; TACACS+ allows these services to be split between different servers.
TACACS+ encrypts only password information, and RADIUS encrypts the entire payload.
"RADIUS combines authentication and authorization. The access-accept packets sent by the RADIUS server to the client contain authorization information. This makes it difficult to decouple authentication and authorization.
TACACS+ uses the AAA architecture, which separates AAA. This allows separate authentication solutions that can still use TACACS+ for authorization and accounting. For example, with TACACS+, it is possible to use Kerberos authentication and TACACS+ authorization and accounting."
Source: https://www.cisco.com/c/en/us/support/docs/security-vpn/remote-authentication-dial-user-service-radius/13838-10.html
-TACACS+ provides for separate and modular authentication, authorization, and accounting facilities
-In the Cisco implementation, RADIUS clients run on Cisco routers and send authentication requests to a central RADIUS server that contains all user authentication and network service access information
B is correct
https://www.cisco.com/c/en/us/support/docs/security-vpn/remote-authentication-dial-user-service-radius/13838-10.html
upvoted 3 times
...
This section is not available anymore. Please use the main Exam Page.200-301 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Shamwedge
Highly Voted 3 years, 2 months agoMarioE
2 years, 1 month agodipanjana1990
3 years agoxbololi
1 year, 10 months ago[Removed]
Highly Voted 4 years, 9 months agobymrdas
Most Recent 10 months, 1 week ago[Removed]
1 year, 1 month agoricky1802
1 year, 3 months agoCiscoman021
2 years, 1 month agoguisam
2 years, 4 months agomiki1001
2 years, 9 months agoCustomexit
2 years, 6 months agomzu_sk8
2 years, 5 months agomiki1001
2 years, 9 months agoRougePotatoe
2 years, 6 months agoschleef
3 years, 5 months agoxtraMiles
9 months, 1 week agoBenjamin8189
3 years, 6 months agoZUMY
4 years ago