350-401 Question #1030: Real Exam Question with Answer & Explanation

Question

Refer to the exhibit. An engineer configured TACACS+ to authenticate remote users, but the configuration is not working as expected. Which configuration must be applied to enable access?

Options

• AR1 (config)# ip tacacs source-interface Gig 0/0
• BR1 (config)# tacacs server prod
• CR1 (config)# aaa authorization exec default group tacacs+ local
• DR1 (config)# tacacs server prod

Explanation

If TACACS+ authentication is not working, the most fundamental step to enable access is ensuring the TACACS+ server itself is properly referenced or defined for the router to interact with.

Common mistakes.

• A. The command ip tacacs source-interface Gig 0/0 specifies the source IP address for TACACS+ packets but does not enable the server interaction itself if the server is not defined or reachable.
• B. This choice is identical to choice D, so it represents the same correct action.
• C. The command aaa authorization exec default group tacacs+ local configures authorization methods for exec sessions, but it does not enable authentication or define the TACACS+ server if it's the missing piece.

Concept tested. TACACS+ server configuration

Reference. https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/security/dcr_security_book/sec-cfg-tacacs.html

No community discussion yet for this question.