210-260 Question #89: Real Exam Question with Answer & Explanation

The correct answer is A: The user will be prompted to authenticate using the enable password. Two things I need to say. One, local database has nothing to do with enable secret/password as it is literally created using username/password command combinations. Second there is no fallback safety failover with aaa if you specify exact methods. Those exact methods are the only

Question

If a router configuration includes the line aaa authentication login default group tacacs+ enable, which events will occur when the TACACS+ server returns an error? (Choose two.)

Options

AThe user will be prompted to authenticate using the enable password
BAuthentication attempts to the router will be denied
CAuthentication will use the router`s local database
DAuthentication attempts will be sent to the TACACS+ server

Explanation

Two things I need to say. One, local database has nothing to do with enable secret/password as it is literally created using username/password command combinations. Second there is no fallback safety failover with aaa if you specify exact methods. Those exact methods are the only methods used, nothing else. On the previous post I pasted an output for the authentication process with TACACS+ and enable. At a point there was a timeout message which resulted in switching to the second authentication method, ENABLE. “Use the timeout integer argument to specify the period of time (in seconds) the router will wait for a response from the daemon before it times out and declares an error.” As a reference I used What concerns me is „If an ERROR response is received, the network access server will typically try to use an alternative method for authenticating the user.” It doesn’t specifically say „The router retries to connect with the TACACS+”.

Community Discussion

No community discussion yet for this question.

Full 210-260 Practice