200-301 Question #751: Real Exam Question with Answer & Explanation

The correct answer is C: It separates authentication authorization, and accounting functions.. TACACS+ is a AAA protocol that securely separates authentication, authorization, and accounting functions, providing granular control over administrative access, including the ability to authorize specific router commands.

Submitted by asante_acc· Mar 5, 2026DOMAIN_LIST_MISSING

Question

Which two descriptions of TACACS+ are true? (Choose two.)

Options

AIt encrypts only the password.
BIt uses UDP as its transport protocol.
CIt separates authentication authorization, and accounting functions.
DIt can authorize specific router commands.
EIt combines authentication and authorization

Explanation

TACACS+ is a AAA protocol that securely separates authentication, authorization, and accounting functions, providing granular control over administrative access, including the ability to authorize specific router commands.

Common mistakes.

A. TACACS+ encrypts the entire body of the packet, not just the password, offering a more secure communication channel compared to protocols that only encrypt credentials.
B. TACACS+ uses TCP (Transmission Control Protocol) port 49 for reliable, connection-oriented transport of AAA messages, unlike RADIUS which uses UDP.
E. TACACS+ explicitly separates authentication and authorization, which is a key architectural difference compared to RADIUS, which combines these two functions more closely.

Concept tested. TACACS+ features and characteristics

Reference. https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_usr_aaa/configuration/15-mt/sec-usr-aaa-15-mt-book/sec-cfg-tac-pls.html

Topics

#TACACS+#AAA architecture#Command authorization

Community Discussion

No community discussion yet for this question.

Full 200-301 Practice Browse All 200-301 Questions