Exam 350-401 topic 1 question 455 discussion

Although C & D can both let network administrator to perform changes when RADIUS servers are unreachable, C is doing what the question asking for - "to be authorized if the user has successfully authenticated" "if-authenticated" allows user get authorized (every command the user enter is authorized) in the session if user is authenticated by any of methods defined in aaa meanwhile "none" disable authorization (every command the user enter does not need authorization) for the session if the defined authorization method in aaa is unreachable ENCOR OCG Page 775 has specified that

C is correct

Answer is D because RADIUS server is unavailable, and local user need to issue commands. And with "non" is there, the local user will not be subject of authorization will issue commands without restrictions

C is correct GNS3 Output : R1(config)#aaa authorization exec default group radius ? group Use server-group. if-authenticated Succeed if user has authenticated. krb5-instance Use Kerberos instance privilege maps. local Use local database. none No authorization (always succeeds).

C is the answer. The aaa authorization exec default group radius if-authenticated command configures the network access server to contact the RADIUS server to determine if users are permitted to start an EXEC shell when they log in. If an error occurs when the network access server contacts the RADIUS server, the fallback method is to permit the CLI to start, provided the user has been properly authenticated.