200-301 Question #694: Real Exam Question with Answer & Explanation

The correct answer is C: device-administration packets are encrypted in their entirely.. TACACS+ enhances device security by providing centralized authentication, granular command authorization, and full encryption of administrative traffic.

Submitted by kevin_r· Mar 5, 2026Security Fundamentals

Question

Which three options are benefits of using TACACS+ on a device? (Choose three)

Options

AIt ensures that user activity is untraceable
BIt provides a secure accounting facility on the device.
Cdevice-administration packets are encrypted in their entirely.
DIt allows the user to remotely access devices from other vendors.
EIt allows the users to be authenticated against a remote server.
FIt supports access-level authorization for commands.

Explanation

TACACS+ enhances device security by providing centralized authentication, granular command authorization, and full encryption of administrative traffic.

Common mistakes.

A. TACACS+ provides accounting, meaning user activity is traceable and logged, not untraceable.
B. While TACACS+ provides a secure accounting facility, the primary accounting records are typically kept on the central TACACS+ server, not directly 'on the device' itself.
D. TACACS+ is an open standard, but its primary function is AAA, not enabling remote access to devices from other vendors in a special way that other protocols don't.

Concept tested. TACACS+ features and benefits

Reference. https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_aaa/configuration/xe-3s/sec-aaa-xe-3s-book/sec-tacacs.html

Topics

#TACACS+#AAA protocols#Network device security#Access control

Community Discussion

No community discussion yet for this question.

Full 200-301 Practice Browse All 200-301 Questions