AAA separates three related security functions. Authentication verifies identity: who the user or device is. Authorization determines what that authenticated identity is allowed to do, such as which commands can be run or which services can be accessed. Accounting records what happened, including login times, commands, resource usage, or session start and stop information. The drag-and-drop answer should map identity checks to authentication, permission or privilege decisions to authorization, and tracking or logging of user activity to accounting. Cisco CCNA v1.1 Security Fundamentals includes AAA concepts and the practical differences between RADIUS and TACACS+. The best way to solve AAA questions is to translate the term into a plain operational question. Authentication asks, “Are you really this user?” Authorization asks, “What are you allowed to access?” Accounting asks, “What did you do?” Those three meanings remain the same whether the backend service is local, RADIUS, or TACACS+.