Which command do you enter so that the default authentication group on a device falls back to the case-sensitive local user database when the initial authentication fails?
A. aaa authentication login default group tacacs+ radius local
B. aaa authentication exec default group tacacs+ local if-authenticated
C. aaa authentication login default group tacacs+ local-case if-authenticated
D. aaa authentication exec default group tacacs+ if-authenticated local
https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_usr_aaa/configuration/xe-3s/sec-usr-aaa-xe-3s-book/sec-cfg-authentifcn.html
Table 8 AAA Authentication Enable Default Methods
enable
Uses the enable password for authentication.
line
Uses the line password for authentication.
none
Uses no authentication.
group radius
Uses the list of all RADIUS hosts for authentication.
The RADIUS method does not work on a per-username basis.
group tacacs+
Uses the list of all TACACS+ hosts for authentication.
group group-name
Uses a subset of RADIUS or TACACS+ servers for authentication as defined by the aaa group server radius or aaa group server tacacs+ command.
The aaa authorization exec default group radius if-authenticated command queries the RADIUS database for information that is used during EXEC authorization, such as autocommands and privilege levels, but only provides authorization if the user has successfully authenticated.
aaa authentication login default group tacacs+ local-case
sequence “if-authenticated” not found on an IOS live system