Home > Security Questions

Security Questions

July 18th, 2017 in ROUTE 300-101 Go to comments

Question 1

Explanation

RADIUS combines authentication and authorization. The access-accept packets sent by the RADIUS server to the client contain authorization information. This makes it difficult to decouple authentication and authorization.

TACACS+ uses the AAA architecture, which separates AAA. This allows separate authentication solutions that can still use TACACS+ for authorization and accounting. For example, with TACACS+, it is possible to use Kerberos authentication and TACACS+ authorization and accounting. After a NAS authenticates on a Kerberos server, it requests authorization information from a TACACS+ server without having to re-authenticate. The NAS informs the TACACS+ server that it has successfully authenticated on a Kerberos server, and the server then provides authorization information.

During a session, if additional authorization checking is needed, the access server checks with a TACACS+ server to determine if the user is granted permission to use a particular command. This provides greater control over the commands that can be executed on the access server while decoupling from the authentication mechanism.

Reference: http://www.cisco.com/c/en/us/support/docs/security-vpn/remote-authentication-dial-user-service-radius/13838-10.html

Question 2

Explanation

Both RADIUS (Remote Authentication Dial-in User Service) and TACACS+ (Terminal Access Controller Access-Control System) Plus) are the main protocols to provide Authentication, Authorization, and Accounting (AAA) services on network devices.

Both RADIUS and TACACS+ support accounting of commands. Command accounting provides information about the EXEC shell commands for a specified privilege level that are being executed on a network access server. Each command accounting record includes a list of the commands executed for that privilege level, as well as the date and time each command was executed, and the user who executed it.

For example, to send accounting messages to the TACACS+ accounting server when you enter any command other than show commands at the CLI, use the aaa accounting command command in global configuration mode

Note: TACACS+ was developed by Cisco from TACACS.

Reference: http://www.cisco.com/c/en/us/td/docs/ios/12_2/security/configuration/guide/fsecur_c/scfacct.html

Question 3

Explanation

TACACS+ encrypts the entire body of the packet (but leaves a standard TACACS+ header).

TACACS+ is an AAA protocol developed by Cisco.

Question 4

Comments
  1. Anonymous
    August 3rd, 2017

    thanks

  2. Anonymous
    August 3rd, 2017

    is this a new question in the exam? Admin.

  1. No trackbacks yet.