nerdexam
Cisco

350-401 · Question #215

Refer to the exhibit. What is the effect of the configuration?

The correct answer is D. The device will authenticate all users connecting to vty lines 0 through 4 against TACACS+. The configuration directs all users connecting to VTY lines 0 through 4 to be primarily authenticated against a TACACS+ server group, with local authentication as a fallback.

Submitted by chiamaka_o· Mar 6, 2026Security

Question

Refer to the exhibit. What is the effect of the configuration?

Exhibits

350-401 question #215 exhibit 1
350-401 question #215 exhibit 2

Options

  • AThe device will allow users at 192.168.0.202 to connect to vty lines 0 through 4 using the
  • BThe device will allow only users at 192 168.0.202 to connect to vty lines 0 through 4
  • CWhen users attempt to connect to vty lines 0 through 4. the device will authenticate them against
  • DThe device will authenticate all users connecting to vty lines 0 through 4 against TACACS+

How the community answered

(20 responses)
  • A
    5% (1)
  • B
    10% (2)
  • C
    5% (1)
  • D
    80% (16)

Why each option

The configuration directs all users connecting to VTY lines 0 through 4 to be primarily authenticated against a TACACS+ server group, with local authentication as a fallback.

AThe device will allow users at 192.168.0.202 to connect to vty lines 0 through 4 using the

This option is incomplete and refers to a specific IP address (192.168.0.202) that is not mentioned in the provided configuration snippets.

BThe device will allow only users at 192 168.0.202 to connect to vty lines 0 through 4

This option mentions a specific IP address (192.168.0.202) which is not configured for access control; the provided configuration is for authentication, not source IP filtering.

CWhen users attempt to connect to vty lines 0 through 4. the device will authenticate them against

This option is incomplete and does not specify what the users will be authenticated against, leaving the explanation ambiguous.

DThe device will authenticate all users connecting to vty lines 0 through 4 against TACACS+Correct

The `login authentication default` command on the VTY lines instructs the device to use the 'default' AAA authentication method list. The `aaa authentication login default group tacacs+ local` command defines this list, specifying that authentication attempts will first go to TACACS+ servers, and if those fail or are unavailable, the local username database will be used.

Concept tested: AAA VTY line authentication

Source: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/security/a1/sec-a1-cr-book/sec-cr-a4.html

Topics

#TACACS+#VTY access#AAA authentication

Community Discussion

No community discussion yet for this question.

Full 350-401 Practice