nerdexam
Cisco

350-401 · Question #53

The login method is configured on the VTY lines of a router with these parameters. - The first method for authentication is TACACS - If TACACS is unavailable, login is allowed without any provided cre

The correct answer is C. R1#sh run | include aaa aaa new-model aaa authentication login default group tacacs+ aaa session-id common R1#sh run | section vty line vty 0 4 password 7 02050D480809 R1#sh run | include username R1#. Option C is correct because it uses 'aaa authentication login default group tacacs+' which applies TACACS+ as the primary authentication method to all lines (including VTY) by default, and the VTY lines have a locally configured password (02050D480809). When TACACS+ is unavailabl

Submitted by javi_es· Mar 6, 2026Infrastructure Security / Implementing AAA for Device Access Control (CCNP/CCNA Security or Enterprise Core)

Question

The login method is configured on the VTY lines of a router with these parameters.

  • The first method for authentication is TACACS
  • If TACACS is unavailable, login is allowed without any provided

credentials Which configuration accomplishes this task? A. B. C. D.

Exhibits

350-401 question #53 exhibit 1
350-401 question #53 exhibit 2
350-401 question #53 exhibit 3
350-401 question #53 exhibit 4
350-401 question #53 exhibit 5
350-401 question #53 exhibit 6
350-401 question #53 exhibit 7
350-401 question #53 exhibit 8

Options

  • AR1#sh run | include aaa aaa new-model aaa authentication login VTY group tacacs+ none aaa session-id common R1#sh run | section vty line vty 0 4 password 7 02050D480809 R1#sh run | include username R1#
  • BR1#sh run | include aaa aaa new-model aaa authentication login default group tacacs+ aaa session-id common R1#sh run | section vty line vty 0 4 transport input none R1#
  • CR1#sh run | include aaa aaa new-model aaa authentication login default group tacacs+ aaa session-id common R1#sh run | section vty line vty 0 4 password 7 02050D480809 R1#sh run | include username R1#
  • DR1#sh run | include aaa aaa new-model aaa authentication login telnet group tacacs+ none aaa session-id common R1#sh run | section vty line vty 0 4 R1#sh run | include username R1#

How the community answered

(40 responses)
  • A
    8% (3)
  • B
    18% (7)
  • C
    70% (28)
  • D
    5% (2)

Explanation

Option C is correct because it uses 'aaa authentication login default group tacacs+' which applies TACACS+ as the primary authentication method to all lines (including VTY) by default, and the VTY lines have a locally configured password (02050D480809). When TACACS+ is unavailable, IOS falls back to the line password as an implicit fallback - satisfying the 'login allowed without provided credentials' requirement since the line password acts as the fallback. The 'default' keyword ensures the method list applies to the VTY lines without needing an explicit 'login authentication' statement on the line.

Topics

#AAA Authentication#TACACS+#VTY Line Configuration#IOS Security

Community Discussion

No community discussion yet for this question.

Full 350-401 Practice