Implementing and Operating Cisco Data Center Core Technologies (DCCOR) — Question 247

A company must security harden its Cisco UCS C-Series servers. The security policy requires all out-of-band management to meet these requirements:

• It must encrypt all traffic
• It must use nondefault ports
• It must provide private administrative sessions.

Which Cisco IMC configuration meets the requirements?

Answer options

• A. data1# scope sol data1 /sol # set enabled yes data1 /sol *# set encrypted tls1.2 data1 /sol *# set port 3389 data1 /sol *# set session max 2 data1 /sol *# set deny-local yes
• B. data1# scope cimc data1 /cimc # set enabled yes data1 /cimc *# set encrypted tls data1 /cimc *# set kvm-port 1972 data1 /cimc *# set max-sessions 1 data1 /cimc *# set local-session deny
• C. data1# scope oob data1 /oob # set enabled no data1 /oob *# set encrypted yes data1 /oob *# set kvm-port 2068 data1 /oob *# set max-sessions 1 data1 /oob *# set local-access no
• D. data1# scope kvm data1 /kvm # set enabled yes data1 /kvm *# set encrypted yes data1 /kvm *# set kvm-port 3168 data1 /kvm *# set max-sessions 1 data1 /kvm *# set local-video no

Correct answer: D

Explanation

Option D is correct because it enables encryption, uses a nondefault port (3168), and allows for a maximum of one session while not allowing local video, adhering to the security policy. Options A and B both fail to use a nondefault port and do not meet the encryption requirement adequately, while option C incorrectly sets out-of-band management as disabled, which does not fulfill the requirement for secure management.