Implementing and Operating Cisco Enterprise Network Core Technologies (ENCOR) — Question 76

A network administrator applies the following configuration to an IOS device: aaa new-model aaa authentication login default local group tacacs+
What is the process of password checks when a login attempt is made to the device?

Answer options

• A. A TACACS+ server is checked first. If that check fails, a local database is checked.
• B. A TACACS+ server is checked first. If that check fails, a RADIUS server is checked. If that check fails, a local database is checked.
• C. A local database is checked first. If that check fails, a TACACS+ server is checked. If that check fails, a RADIUS server is checked.
• D. A local database is checked first. If that check fails, a TACACS+ server is checked.

Correct answer: D

Explanation

The correct answer is D because the configuration specifies 'local group tacacs+', indicating that the local database will be checked first for authentication. If the local check fails, only then will the TACACS+ server be consulted. Options A, B, and C incorrectly prioritize the TACACS+ server or present the order of checks inaccurately.