Which three statements about the TACACS protocol are correct? (Choose three.)
Click on the arrows to vote for the correct answerA. B. C. D. E. F.
Sure, I'd be happy to explain the correct statements about the TACACS+ protocol:
A. TACACS+ is an IETF standard protocol: This statement is incorrect. TACACS+ is not an IETF (Internet Engineering Task Force) standard protocol. TACACS+ was originally developed by Cisco, but it is now an open standard.
B. TACACS+ uses TCP port 47 by default: This statement is incorrect. TACACS+ uses TCP port 49 by default.
C. TACACS+ is considered to be more secure than the RADIUS protocol: This statement is correct. TACACS+ is considered to be more secure than RADIUS (Remote Authentication Dial-In User Service) protocol because TACACS+ separates authentication, authorization, and accounting functions, while RADIUS combines them into a single function.
D. TACACS+ can support authorization and accounting while having another separate authentication solution: This statement is correct. TACACS+ can support authorization and accounting while having another separate authentication solution. This allows organizations to use different authentication methods for different services or devices while maintaining a centralized authorization and accounting system.
E. TACACS+ only encrypts the password of the user for security: This statement is incorrect. TACACS+ encrypts the entire packet, not just the password.
F. TACACS+ supports per-user or per-group for authorization of router commands: This statement is correct. TACACS+ supports both per-user and per-group authorization of router commands, allowing fine-grained control over who can execute specific commands on network devices.
So the correct statements are C, D, and F.