300-320 · Question #410
300-320 Question #410: Real Exam Question with Answer & Explanation
The correct answer is B: Data networks must never traverse the management network. The fundamental Cisco best practice for Out-of-Band (OOB) management network design is strict separation of planes: data traffic must never traverse the management network. The entire purpose of OOB management is to maintain a dedicated, physically or logically separate network u
Question
Options
- AData networks must be limited to SSH, NTP, FTP, SNMP and TaCACS+ protocols
- BData networks must never traverse the management network
- CData networks and management networks must be in the routing table
- DData networks must traverse the management network as a backup path
Explanation
The fundamental Cisco best practice for Out-of-Band (OOB) management network design is strict separation of planes: data traffic must never traverse the management network. The entire purpose of OOB management is to maintain a dedicated, physically or logically separate network used exclusively for device management (SSH, SNMP, syslog, NTP, AAA, etc.). If data plane traffic is allowed to traverse the management network - even as a backup path - it defeats the security and availability guarantees that OOB provides. In a security incident or network outage, the management network must remain reachable and unaffected by data plane events. Option A reverses the constraint (it should apply to the management network, not the data network). Option C conflicts with the goal of strict isolation - management routes are often kept in a separate VRF. Option D directly violates the OOB principle by allowing data traffic to use the management path.
Community Discussion
No community discussion yet for this question.