Implementing and Operating Cisco Data Center Core Technologies (DCCOR) — Question 161

A company provides applications and database hosting services to multiple customers using isolated infrastructure-as-a-service services within the same data center environment. The environment is based on Cisco MDS 9000 Series Switches. The requirement is to manage the environment by using Fibre Channel
Security Protocol and to enable user authentication when the centralized AAA server is unreachable. All communication between the MDS switches and the remote servers must be encrypted. Which command set must be used to meet these requirements?

Answer options

• A. aaa group server radius RadiusServer1 aaa authentication login default RadiusServer1
• B. aaa group server tacacs+ TacacsServer1 aaa authentication dhchap default group TacacsServer1
• C. aaa group server radius RadiusServer1 aaa authentication dhchap default group RadiusServer1
• D. aaa group server tacacs+ TacacsServer1 aaa authentication login console TacacsServer1

Correct answer: B

Explanation

The correct answer is B because it uses Tacacs+ for authentication, which is suitable for environments needing secure, centralized management and can operate even if the AAA server is down. Options A and C utilize RADIUS, which does not meet the requirement for user authentication when the centralized server is unreachable. Option D, while using Tacacs+, is configured for console access rather than for handling the specific authentication needs outlined in the question.