nerdexam
Exams300-415Questions#150
Cisco

300-415 · Question #150

300-415 Question #150: Real Exam Question with Answer & Explanation

The correct answer is B: Step1: Generate the RootCA Certificate vManage:~#openssl req -x509 -new -nodes -key ROOTCA.key \ -sha256 -days 2000 \ -subj "/C=UK/ST=ENG/L=London/O=XYZ/CN= SDWAN.lab" \ -out ROOTCA.pem Step2: Install the RootCA Certificate vManage > Administration > Settings > Controller Certificate Authorization > Enterprise Root Certificate. To update a new Enterprise Root CA certificate in Cisco SD-WAN after an acquisition, a self-signed Root CA certificate is generated using openssl and then installed through the vManage administration settings.

Management and Operations

Question

Refer to the exhibit. A small company was acquired by a large organization. As a result, the new organization decided to update information on their Enterprise RootCA and generated a new certificate using openssl. Which configuration updates the new certificate and issues an alert in vManage Monitor | Events Dashboard?

Options

  • AStep1: Generate the RootCA Certificate openssl x509 -req -in vmanage_csr \ -CA ROOTCA.pem -CAkey ROOTCA.key -CAcreateserial \ -out vmanage.crt -days 365 -sha256 Step2: Install the RootCA Certificate vManage > Administration > Settings > Controller Certificate Authorization > Enterprise Root Certificate
  • BStep1: Generate the RootCA Certificate vManage:~#openssl req -x509 -new -nodes -key ROOTCA.key \ -sha256 -days 2000 \ -subj "/C=UK/ST=ENG/L=London/O=XYZ/CN= SDWAN.lab" \ -out ROOTCA.pem Step2: Install the RootCA Certificate vManage > Administration > Settings > Controller Certificate Authorization > Enterprise Root Certificate
  • CStep1: Generate the RootCA Certificate openssl x509 -req -in vmanage_csr \ -CA ROOTCA.pem -CAkey ROOTCA.key -CAcreateserial \ -out vmanage.crt -days 365 -sha256 Step2: Install the RootCA Certificate vManage > Administration > Settings > Controller Certificate Authorization > Symantec Automated (Recommended)
  • DStep1: Generate the RootCA Certificate vManage#openssl req -x509 -new -nodes -key ROOTCA.key -sha256 \ -days 2000 \ -subj "/C=UK/ST=ENG/L=London/O=/ABC/CN= SDWAN.lab" \ -out ROOTCA.pem Step2: Install the RootCA Certificate vManage > Administration > Settings > Controller Certificate Authorization > Symantec Automated (Recommended)

Explanation

To update a new Enterprise Root CA certificate in Cisco SD-WAN after an acquisition, a self-signed Root CA certificate is generated using openssl and then installed through the vManage administration settings.

Common mistakes.

  • A. The 'openssl x509 -req -in vmanage_csr' command is used to sign a Certificate Signing Request (CSR) with an existing CA, not to generate a new Root CA certificate, making Step 1 incorrect for this scenario.
  • C. Step 1 is incorrect for generating a Root CA certificate, and Step 2 specifies 'Symantec Automated (Recommended),' which is not applicable for installing a custom-generated Enterprise Root CA certificate.
  • D. The organization name in Step 1 includes a possible typo ('O=/ABC'), and Step 2 specifies 'Symantec Automated (Recommended),' which is incorrect for installing a custom Enterprise Root CA certificate.

Concept tested. Updating Enterprise Root CA certificate in vManage

Reference. https://www.cisco.com/c/en/us/td/docs/routers/sdwan/configuration/sdwan-xe-gs-config-guide/cisco-sd-wan-gs-config-guide-xe-17-x/certificate-management.html

Topics

#Certificate Management#OpenSSL#vManage Configuration#Enterprise Root CA

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full 300-415 Practice