ISC2 Systems Security Certified Practitioner (SSCP) Practice Question
Your organization operates hundreds of network switches and routers in branch offices. Administrators authenticate to the devices using RADIUS, but the security team notes that only user passwords are protected in transit and that RADIUS cannot restrict which configuration commands each engineer may run. Which change to the access-control design would most effectively address both issues?
Route administrator SSH sessions through an IPsec VPN while continuing to use RADIUS for AAA.
Replace the RADIUS infrastructure with TACACS+ servers integrated with the corporate directory.
Deploy IEEE 802.1X port-based authentication on all switch management interfaces.
Enable MS-CHAPv2 authentication within the existing RADIUS configuration to protect credentials end-to-end.
TACACS+ encrypts the entire TCP payload of each AAA packet, protecting not only user passwords but also authorization and accounting data while in transit. In addition, TACACS+ supports per-command authorization, allowing the network team to define which individual configuration commands each administrator can execute on a device. RADIUS, even when strengthened with CHAP/MS-CHAP, still encrypts only the password field and offers no native command-level authorization. IEEE 802.1X controls port access, not device management privileges. Tunneling RADIUS over SSH or IPsec would protect all traffic but still would not provide the required granular command authorization. Therefore, migrating to a TACACS+-based solution is the most comprehensive way to solve both identified shortcomings.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
Why is TACACS+ preferred over RADIUS for device administration?
Open an interactive chat with Bash
What is per-command authorization?
Open an interactive chat with Bash
How does TACACS+ encrypt traffic compared to RADIUS?
Open an interactive chat with Bash
ISC2 Systems Security Certified Practitioner (SSCP)
Network and Communication Security
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .