nerdexam
ExamsSY0-301Questions#436
CompTIA

SY0-301 · Question #436

SY0-301 Question #436: Real Exam Question with Answer & Explanation

The correct answer is B: TACACS. Original TACACS (not TACACS+ or XTACACS) is the legacy version that encrypts only the password and uses UDP, making it far less secure than modern alternatives.

Question

Which of the following authentication services should be replaced with a more secure alternative?

Options

  • ARADIUS
  • BTACACS
  • CTACACS+
  • DXTACACS

Explanation

Original TACACS (not TACACS+ or XTACACS) is the legacy version that encrypts only the password and uses UDP, making it far less secure than modern alternatives.

Common mistakes.

  • A. RADIUS is a current and widely used AAA protocol that encrypts passwords using MD5 and is supported across most modern network infrastructure, though it has known limitations it is still considered acceptable.
  • C. TACACS+ is the modern, more secure successor that encrypts the entire authentication packet body (not just the password) and uses TCP, making it more reliable and secure.
  • D. XTACACS is an extended version of TACACS developed by Cisco that improved upon the original, though it has since been superseded by TACACS+.

Concept tested. Legacy TACACS protocol security weaknesses

Reference. https://www.cisco.com/c/en/us/support/docs/security-vpn/tacacs/13838-10.html

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full SY0-301 Practice