ExamTopics Logo
Mail Us[email protected]
Menu
Comptia Discussions
exam questions

Exam SY0-601 All Questions

View all questions & answers for the SY0-601 exam
Go to Exam

Exam SY0-601 topic 1 question 327 discussion

Actual exam question from CompTIA's SY0-601
Question #: 327
Topic #: 1
[All SY0-601 Questions]

A security analyst needs to centrally manage credentials and permissions to the company’s network devices. The following security requirements must be met:

• All actions performed by the network staff must be logged.
• Per-command permissions must be possible.
• The authentication server and the devices must communicate through TCP.

Which of the following authentication protocols should the analyst choose?

  • A. Kerberos
  • B. CHAP
  • C. TACACS+
  • D. RADIUS
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by sdc939 at Feb. 7, 2023, 1:01 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
ApplebeesWaiter1122
Highly Voted 1 year, 12 months ago
Selected Answer: C
TACACS+ is a widely used protocol for centrally managing credentials and permissions to network devices. It offers several features that align with the specified security requirements: Logging: TACACS+ supports extensive logging capabilities, allowing all actions performed by the network staff to be logged. This helps with audit trails, monitoring, and forensic analysis. Per-command permissions: TACACS+ provides granular control over access permissions, including per-command permissions. This means that administrators can define specific permissions for each command or operation that network staff can perform. It offers fine-grained access control for network devices. TCP communication: TACACS+ is designed to work over TCP (Transmission Control Protocol), which satisfies the requirement for communication between the authentication server and the network devices.
upvoted 20 times
ApplebeesWaiter1122
1 year, 12 months ago
Option A: Kerberos is a network authentication protocol primarily used in Windows environments. While it offers strong authentication and encryption capabilities, it does not inherently provide per-command permissions or directly support TCP-based communication between authentication servers and network devices. Option B: CHAP (Challenge-Handshake Authentication Protocol) is primarily used for remote access authentication, typically for dial-up connections. It does not offer the extensive management capabilities and per-command permissions required in this scenario. Option D: RADIUS (Remote Authentication Dial-In User Service) is a popular authentication protocol used for centralized authentication, authorization, and accounting (AAA). Although RADIUS is widely used and supports TCP, it does not provide the level of granular control over per-command permissions that TACACS+ does.
upvoted 18 times
...
...
ganymede
Highly Voted 2 years, 2 months ago
Selected Answer: C
C. tacacs+ TACACS+ uses TCP traffic to provide authentication, authorization, and accounting services. It provides full-packet encryption as well as granular command controls, allowing individual commands to be secured as needed. Some of the features of TACACS+ are: - Cisco developed protocol for AAA framework i.e it can be used between the Cisco device and Cisco ACS server. - It uses TCP as a transmission protocol. - It uses TCP port number 49. - If the device and ACS server are using TACACS+ then all the AAA packets exchanged between them are encrypted. - It separates AAA into distinct elements i.e authentication, authorization, and accounting are separated. - It provides greater granular control (than RADIUS) as the commands that are authorized to be used by the user can be specified. - It provides accounting support but is less extensive than RADIUS.
upvoted 16 times
...
Marleigh
Most Recent 11 months, 3 weeks ago
C. TACACS+ - key word network devices
upvoted 1 times
...
Navigator
1 year, 11 months ago
TACACS+ uses TCP while RADIUS uses UDP.
upvoted 5 times
...
fryderyk
2 years ago
Selected Answer: C
This is more of a question from my side than a statement, so feel free to comment. Kerberos: UDP. RADIUS: originally UDP, but as of 2012 also TCP. Do you guys have any comments or other arguments against it? CHAP: by itself does not work on L3, but is acutally used by PPP (L2) or other authentication protocols (e.g. RADIUS). Thus, only TACACS+ meets the requirements.
upvoted 4 times
...
smez
2 years, 2 months ago
Selected Answer: C
N.B. RADIUS is an open-standard AAA protocol that uses UDP port 1645 or 1812 for authentication and UDP port 1646 or 1813 for accounting i.e. not TCP
upvoted 3 times
...
Ufuk_Ari
2 years, 3 months ago
Selected Answer: C
The security analyst should choose the TACACS+ protocol. TACACS+ (Terminal Access Controller Access Control System Plus) is an authentication protocol that meets the security requirements specified.
upvoted 3 times
...
sdc939
2 years, 3 months ago
Selected Answer: C
C. TACACS+ (Terminal Access Controller Access Control System Plus)
upvoted 1 times
...
hsdj
2 years, 3 months ago
I'll chose C. TACACS+ uses Transmission Control Protocol (TCP) as Transport Layer Protocol.
upvoted 1 times
hsdj
2 years, 3 months ago
TACACS+ supports command accounting.
upvoted 1 times
...
...
sdc939
2 years, 3 months ago
C. TACACS+ (Terminal Access Controller Access Control System Plus)
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago