ISC2 Systems Security Certified Practitioner (SSCP) Practice Question
Your organization manages hundreds of routers and switches across several sites. New security policy states that:
Administrators must authenticate against Active Directory.
Every configuration command must be individually authorized and logged for auditing.
Devices must fall back to local credentials if the central service is unavailable.
The control channel between devices and the authentication server must use an encrypted, reliable TCP connection. Which solution best satisfies all of these requirements?
Configure devices to authenticate directly against an LDAPS server without additional AAA services.
Deploy TACACS+ servers integrated with Active Directory and configure devices to use local authentication if the servers are unreachable.
Implement RADIUS servers over their default UDP ports with shared secrets for authentication and accounting.
Rely solely on SSH public-key authentication configured locally on each network device and disable external AAA.
TACACS+ integrates with directory services such as Active Directory while keeping authentication, authorization, and accounting logically separate. It can enforce per-command authorization and generate detailed command accounting records, meeting the audit requirement. TACACS+ encrypts the entire packet (except the header) and operates over the reliable TCP port 49, satisfying the encrypted-transport mandate. Network devices can be configured with a local user database as a fallback if the TACACS+ server is unreachable. RADIUS typically uses UDP, encrypts only the user password, and does not natively support command-level authorization. LDAP over SSL/TLS provides only authentication and lacks per-command accounting. Solely using SSH keys removes centralized control and auditing and offers no AAA fallback mechanism.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
How does TACACS+ differ from RADIUS in terms of security?
Open an interactive chat with Bash
Why is per-command authorization significant in network device management?
Open an interactive chat with Bash
What happens if a TACACS+ server becomes unavailable?
Open an interactive chat with Bash
ISC2 Systems Security Certified Practitioner (SSCP)
Network and Communication Security
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .