Exam JN0-105 topic 1 question 26 discussion

Answer B is correct A: Incorrect—TACACS+ rejection stops further attempts. B: Correct—password used only if TACACS+ and RADIUS don’t respond. C: Incorrect—only one method is used, not combined permissions. D: Incorrect—rejection by TACACS+ or RADIUS stops further attempts.

D is the correct answer. As for B, password authentication will be used if the server fails to respond OR if they return a reject response due to an incorrect username or password.

B is the correct answer.

Actually C is the correct answer.

D is the correct answer because you have three types of authentication listed in the config and because of that it will try all three regardless of any failures or rejects. If password wasn't listed and a rejection was recived by either tacplus or radius then password will not be referenced.

https://www.networkcuriosity.com/junos-authentication-order/#:~:text=Junos%20can%20authenticate%20users%20using,locally%20configured%20accounts%20and%20passwords.

A and B are both correct. C and D are wrong. If the first option responds with a reject the other options are not tried. If the first one doesn’t respond then the router tries the next option.

B accurately describes the scenario where password authentication is used as a last resort when both TACACS+ and RADIUS servers fail to respond.

If the authentication order includes RADIUS or TACACS+ servers, but the servers do not respond to a request, Junos OS always defaults to trying local password authentication as a last resort.

Seems the correct answer should be (B) Explanation: In the scenario where the system authentication order is set to 'tacplus radius password,' the correct statement is (B). If the TACACS+ and RADIUS servers are unreachable or fail to respond, the system will fall back to using password authentication. This ensures that users can still authenticate using locally stored passwords if external authentication servers are unavailable.