nerdexam
Cisco

350-401 · Question #1030

Refer to the exhibit. An engineer configured TACACS+ to authenticate remote users, but the configuration is not working as expected. Which configuration must be applied to enable access?

The correct answer is D. R1 (config)# tacacs server prod. If TACACS+ authentication is not working, the most fundamental step to enable access is ensuring the TACACS+ server itself is properly referenced or defined for the router to interact with.

Submitted by jian89· Mar 6, 2026Security

Question

Refer to the exhibit. An engineer configured TACACS+ to authenticate remote users, but the configuration is not working as expected. Which configuration must be applied to enable access?

Exhibits

350-401 question #1030 exhibit 1
350-401 question #1030 exhibit 2

Options

  • AR1 (config)# ip tacacs source-interface Gig 0/0
  • BR1 (config)# tacacs server prod
  • CR1 (config)# aaa authorization exec default group tacacs+ local
  • DR1 (config)# tacacs server prod

How the community answered

(20 responses)
  • A
    5% (1)
  • B
    10% (2)
  • C
    25% (5)
  • D
    60% (12)

Why each option

If TACACS+ authentication is not working, the most fundamental step to enable access is ensuring the TACACS+ server itself is properly referenced or defined for the router to interact with.

AR1 (config)# ip tacacs source-interface Gig 0/0

The command `ip tacacs source-interface Gig 0/0` specifies the source IP address for TACACS+ packets but does not enable the server interaction itself if the server is not defined or reachable.

BR1 (config)# tacacs server prod

This choice is identical to choice D, so it represents the same correct action.

CR1 (config)# aaa authorization exec default group tacacs+ local

The command `aaa authorization exec default group tacacs+ local` configures authorization methods for exec sessions, but it does not enable authentication or define the TACACS+ server if it's the missing piece.

DR1 (config)# tacacs server prodCorrect

The command `tacacs server prod`, while potentially an exam-simplified syntax or part of a larger configuration (e.g., within an AAA server group), is the most direct action among the choices to define or activate the specific 'prod' TACACS+ server for use. Without the server being known to the router, authentication cannot proceed.

Concept tested: TACACS+ server configuration

Source: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/security/dcr_security_book/sec-cfg-tacacs.html

Topics

#TACACS+#AAA#server configuration#authentication troubleshooting

Community Discussion

No community discussion yet for this question.

Full 350-401 Practice