Implementing and Operating Cisco Data Center Core Technologies (DCCOR) — Question 438

A customer undergoes an IT security review assessment. The auditor must have read-only access to the Cisco Nexus 9000 Series Switch to perform the configuration review. The customer implements this security role for the auditor: role name audit rule 1 permit command * rule 2 - Output omitted -- username auditor password C4SAFF1B05EB1968$c0 role audit
Which configuration snippet must complete the configuration?

Answer options

• A. deny command configure terminal
• B. deny command write *
• C. permit command show *
• D. permit command enable

Correct answer: A

Explanation

The correct answer is A, as it denies the auditor the ability to enter configuration mode, ensuring they retain read-only access. Options B and C do not specifically restrict configuration access, while option D would allow the auditor to enter privileged mode, which is not suitable for a read-only role.