Referring to the exhibit, which statement is correct?
Referring to the exhibit, which statement is correct?
The device will attempt to authenticate using the local database if RADIUS and TACACS+ are unresponsive. Junos OS defaults to local password authentication as a last resort if configured RADIUS or TACACS+ servers do not respond. This ensures a fallback method for authentication, which is crucial for maintaining access to the device even when primary authentication methods fail.
A is correct. https://www.juniper.net/documentation/us/en/software/junos/user-access/topics/topic-map/junos-os-authentication-order.html
A is correct.
A All the vendor included juniper works like that. It's a basic behavior The user local is mandatory if the radius and tacacs server do not respond.
authentication-order [ radius tacplus ]; Try configured RADIUS authentication servers. If a RADIUS server is available and authentication is accepted, grant access. If the RADIUS servers fail to respond or the servers return a reject response, try configured TACACS+ servers. If a TACACS+ server is available and authentication is accepted, grant access. If a TACACS+ server is available but authentication is rejected, deny access. If no RADIUS or TACACS+ servers are available, try local password authentication.
if the show command does not reveal "" (Radius tacplus password) "" in the configuration, when radius and tacacs fails, the system will never attempt to use password
A is correct. https://www.juniper.net/documentation/us/en/software/junos/user-access/topics/topic-map/junos-os-authentication-order.html
A is correct
"A" is the correct answer
A. The device will attempt to authenticate using the local database if RADIUS and TACACS+ are unresponsive. The authentication-order configuration specifies the order in which authentication methods will be attempted by the device. In this case, the configuration indicates that RADIUS and TACACS+ are the preferred authentication methods as they are listed first in the order. If the RADIUS and TACACS+ servers are unresponsive or unreachable, the device will fall back to the next available method, which is the local database. So, if RADIUS and TACACS+ authentication fails, the device will attempt authentication using the local database as a backup option. Therefore, the correct statement is A: The device will attempt to authenticate using the local database if RADIUS and TACACS+ are unresponsive.
i think the correct answer is D
Why is that?
Answer is D: the device must include password as a final authentication order option for the device to attempt local password authentication in the event that the remote authentication servers reject the request
incorrect
If the authentication order includes LDAPS, RADIUS, or TACACS+ servers, but the servers DO NOT RESPOND to a request, Junos OS always defaults to trying local password authentication as a last resort. If the authentication order includes LDAPS, RADIUS, or TACACS+ servers, but the servers REJECT the request, the handling of the request is more complicated. The key is the word UNRESPONSIVE in the A answer.
A is correct
It's D, because in JNCIA courses, we have this example : https://ibb.co/4FVkSnP
From the link in the previous comment: If the authentication order includes RADIUS or TACACS+ servers, but the servers do not respond to a request, Junos OS always defaults to trying local password authentication as a last resort.
https://www.juniper.net/documentation/us/en/software/junos/user-access/topics/topic-map/junos-os-authentication-order.html authentication-order [ radius tacplus ]; Try configured RADIUS authentication servers. If a RADIUS server is available and authentication is accepted, grant access. If the RADIUS servers fail to respond or the servers return a reject response, try configured TACACS+ servers. If a TACACS+ server is available and authentication is accepted, grant access. If a TACACS+ server is available but authentication is rejected, deny access.
Correct answer is A
The official Juniper course has this exact example and says that the local database is used if all else fails, even though it is not listed in the output of the command...