Implementing and Configuring Cisco Identity Services Engine (SISE) — Question 96

An engineer is configuring Cisco ISE for network device administration and has devices that support both protocols. What are two benefits of choosing TACACS+ over RADIUS for these devices? (Choose two.)

Answer options

• A. TACACS+ uses secure EAP-TLS while RADIUS does not.
• B. TACACS+ is FIPS compliant while RADIUS is not.
• C. TACACS+ encrypts the entire payload being sent while RADIUS only encrypts the password.
• D. TACACS+ is designed for network access control while RADIUS is designed for role-based access.
• E. TACACS+ provides the ability to authorize specific commands while RADIUS does not.

Correct answer: C, E

Explanation

The correct answer is C and E because TACACS+ offers full payload encryption, providing enhanced security, while RADIUS only encrypts the password. Additionally, TACACS+ allows for command authorization, which is a critical feature for managing device permissions, unlike RADIUS that does not support this level of control.