CompTIA Security+ (SY0-501) — Question 87

A security administrator is tasked with implementing centralized management of all network devices. Network administrators will be required to logon to network devices using their LDAP credentials. All command executed by network administrators on network devices must fall within a preset list of authorized commands and must be logged to a central facility.
Which of the following configuration commands should be implemented to enforce this requirement?

Answer options

• A. LDAP server 10.55.199.3
• B. CN=company, CN=com, OU=netadmin, DC=192.32.10.233
• C. SYSLOG SERVER 172.16.23.50
• D. TACAS server 192.168.1.100

Correct answer: B

Explanation

The correct answer, B, specifies the distinguished name for the LDAP group that contains the network administrators, ensuring they can authenticate using their LDAP credentials. Option A simply indicates an LDAP server's IP without addressing the group or command authorization. Option C pertains to logging but does not enforce command restrictions, and option D references a TACACS server, which is not applicable in this scenario.