You configured your system authentication order using the set authentication-order tacplus radius password command. Which statement is correct in this scenario?
A.
A rejection by TACACS+ will prevent a login and bypass the other two authentication methods.
B.
The password authentication will only be used if the TACACS+ and RADIUS servers fail to respond.
C.
All authentication methods are used with the most restrictive permission set used.
D.
The password authentication method is evaluated if the TACACS+ and RADIUS servers respond with a reject message.
If the authentication order includes RADIUS or TACACS+ servers, but the servers reject the request, the handling of the request is more complicated.
If password (local password authentication) is included at the end of the authentication order and the remote authentication servers reject the authentication request, the device attempts local password authentication.
Answer B is correct
A: Incorrect—TACACS+ rejection stops further attempts.
B: Correct—password used only if TACACS+ and RADIUS don’t respond.
C: Incorrect—only one method is used, not combined permissions.
D: Incorrect—rejection by TACACS+ or RADIUS stops further attempts.
D is the correct answer. As for B, password authentication will be used if the server fails to respond OR if they return a reject response due to an incorrect username or password.
D is the correct answer because you have three types of authentication listed in the config and because of that it will try all three regardless of any failures or rejects. If password wasn't listed and a rejection was recived by either tacplus or radius then password will not be referenced.
A and B are both correct. C and D are wrong. If the first option responds with a reject the other options are not tried. If the first one doesn’t respond then the router tries the next option.
If the authentication order includes RADIUS or TACACS+ servers, but the servers do not respond to a request, Junos OS always defaults to trying local password authentication as a last resort.
Seems the correct answer should be (B)
Explanation:
In the scenario where the system authentication order is set to 'tacplus radius password,' the correct statement is (B). If the TACACS+ and RADIUS servers are unreachable or fail to respond, the system will fall back to using
password authentication. This ensures that users can still authenticate using locally stored passwords if external authentication servers are unavailable.
upvoted 2 times
...
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
leowulf
1Â month, 2Â weeks agomirko1976
2Â months agoDan100percent
3Â months, 1Â week agoRajmund
5Â months, 2Â weeks agodthensley
8Â months agodthensley
8Â months ago82986cf
8Â months ago82986cf
8Â months agob39dcd4
8Â months, 2Â weeks ago4d82270
8Â months, 2Â weeks agoe308d74
8Â months, 3Â weeks ago