Which three statements about the TACACS protocol are correct? (Choose three.)
CDF.
Sure, I'd be happy to explain the correct statements about the TACACS+ protocol:
A. TACACS+ is an IETF standard protocol: This statement is incorrect. TACACS+ is not an IETF (Internet Engineering Task Force) standard protocol. TACACS+ was originally developed by Cisco, but it is now an open standard.
B. TACACS+ uses TCP port 47 by default: This statement is incorrect. TACACS+ uses TCP port 49 by default.
C. TACACS+ is considered to be more secure than the RADIUS protocol: This statement is correct. TACACS+ is considered to be more secure than RADIUS (Remote Authentication Dial-In User Service) protocol because TACACS+ separates authentication, authorization, and accounting functions, while RADIUS combines them into a single function.
D. TACACS+ can support authorization and accounting while having another separate authentication solution: This statement is correct. TACACS+ can support authorization and accounting while having another separate authentication solution. This allows organizations to use different authentication methods for different services or devices while maintaining a centralized authorization and accounting system.
E. TACACS+ only encrypts the password of the user for security: This statement is incorrect. TACACS+ encrypts the entire packet, not just the password.
F. TACACS+ supports per-user or per-group for authorization of router commands: This statement is correct. TACACS+ supports both per-user and per-group authorization of router commands, allowing fine-grained control over who can execute specific commands on network devices.
So the correct statements are C, D, and F.