Exam JN0-104 topic 1 question 37 discussion

A is correct. https://www.juniper.net/documentation/us/en/software/junos/user-access/topics/topic-map/junos-os-authentication-order.html

A is correct.

The official Juniper course has this exact example and says that the local database is used if all else fails, even though it is not listed in the output of the command...

Correct answer is A

https://www.juniper.net/documentation/us/en/software/junos/user-access/topics/topic-map/junos-os-authentication-order.html authentication-order [ radius tacplus ]; Try configured RADIUS authentication servers. If a RADIUS server is available and authentication is accepted, grant access. If the RADIUS servers fail to respond or the servers return a reject response, try configured TACACS+ servers. If a TACACS+ server is available and authentication is accepted, grant access. If a TACACS+ server is available but authentication is rejected, deny access.

From the link in the previous comment: If the authentication order includes RADIUS or TACACS+ servers, but the servers do not respond to a request, Junos OS always defaults to trying local password authentication as a last resort.

It's D, because in JNCIA courses, we have this example : https://ibb.co/4FVkSnP

A is correct

A. The device will attempt to authenticate using the local database if RADIUS and TACACS+ are unresponsive. The authentication-order configuration specifies the order in which authentication methods will be attempted by the device. In this case, the configuration indicates that RADIUS and TACACS+ are the preferred authentication methods as they are listed first in the order. If the RADIUS and TACACS+ servers are unresponsive or unreachable, the device will fall back to the next available method, which is the local database. So, if RADIUS and TACACS+ authentication fails, the device will attempt authentication using the local database as a backup option. Therefore, the correct statement is A: The device will attempt to authenticate using the local database if RADIUS and TACACS+ are unresponsive.

A All the vendor included juniper works like that. It's a basic behavior The user local is mandatory if the radius and tacacs server do not respond.

A is correct. https://www.juniper.net/documentation/us/en/software/junos/user-access/topics/topic-map/junos-os-authentication-order.html

if the show command does not reveal "" (Radius tacplus password) "" in the configuration, when radius and tacacs fails, the system will never attempt to use password

"A" is the correct answer

Answer is D: the device must include password as a final authentication order option for the device to attempt local password authentication in the event that the remote authentication servers reject the request

A is correct

authentication-order [ radius tacplus ]; Try configured RADIUS authentication servers. If a RADIUS server is available and authentication is accepted, grant access. If the RADIUS servers fail to respond or the servers return a reject response, try configured TACACS+ servers. If a TACACS+ server is available and authentication is accepted, grant access. If a TACACS+ server is available but authentication is rejected, deny access. If no RADIUS or TACACS+ servers are available, try local password authentication.

i think the correct answer is D