300-715 Question #353: Real Exam Question with Answer & Explanation

Question

What is a primary function of RADIUS compared to TACACS?

Options

• ARADIUS provides AAA for network access, whereas TACACS provides AAA for device
• BRADIUS supports command accounting, whereas TACACS supports only start/stop accounting.
• CRADIUS supports multiple privilege levels, whereas TACACS supports only one privilege level.
• DRADIUS supports command authorization, whereas TACACS provides no support for commands.

Explanation

RADIUS is primarily designed for network access authentication, authorization, and accounting, while TACACS+ provides more granular AAA services specifically for device administration.

Common mistakes.

• B. TACACS+ provides extensive and granular command accounting, allowing detailed logging of individual commands executed by administrators, which is more comprehensive than RADIUS's typically limited start/stop session accounting.
• C. TACACS+ fully supports multiple privilege levels and offers robust command authorization capabilities, enabling administrators to execute specific commands based on their assigned privilege level, unlike RADIUS which has limited support for device administration privilege levels.
• D. TACACS+ is renowned for its granular command authorization features, allowing explicit control over which commands an administrator can execute, a capability that RADIUS lacks or provides in a very limited fashion.

Concept tested. RADIUS vs. TACACS+ Features and Use Cases

Reference. https://www.cisco.com/c/en/us/products/security/radius-vs-tacacs.html

No community discussion yet for this question.