CompTIA
CAS-002 · Question #96
CAS-002 Question #96: Real Exam Question with Answer & Explanation
The correct answer is E: RADIUS. RADIUS and TACACS+ are the two AAA protocols that support authenticating users and enforcing shell-level command authorization for network device access.
Question
A network security engineer would like to allow authorized groups to access network devices with a shell restricted to only show information while still authenticating the administrator's group to an unrestricted shell. Which of the following can be configured to authenticate and enforce these shell restrictions? (Select TWO).
Options
- ASingle Sign On
- BActive Directory
- CKerberos
- DNIS+
- ERADIUS
- FTACACS+
Explanation
RADIUS and TACACS+ are the two AAA protocols that support authenticating users and enforcing shell-level command authorization for network device access.
Common mistakes.
- A. Single Sign On is an authentication user experience concept, not a protocol that enforces shell-level command restrictions on network devices.
- B. Active Directory is a directory and authentication service for domain-joined systems and does not natively enforce CLI shell restrictions on network infrastructure devices.
- C. Kerberos is a ticket-based authentication protocol that does not provide mechanisms to enforce command-level or shell restrictions on network device CLIs.
- D. NIS+ (Network Information Service) is a legacy Unix directory service that does not support command authorization or shell restriction enforcement for network device management.
Concept tested. TACACS+ and RADIUS shell authorization for network devices
Community Discussion
No community discussion yet for this question.