Cisco
300-415 · Question #309
300-415 Question #309: Real Exam Question with Answer & Explanation
The correct answer is A: Select a private certificate signing authority instead of a public certificate signing authority.. To set the Controller Certificate Authorization mode to use a root certificate, you must select a private certificate signing authority and upload the necessary SSL certificate to vManage.
Controller Deployment
Question
Which two actions are necessary to set the Controller Certificate Authorization mode to indicate a root certificate? (Choose two.)
Options
- ASelect a private certificate signing authority instead of a public certificate signing authority.
- BChange the organization name of the Cisco SD-WAN fabric.
- CSelect the Controller Certificate Authorization mode that is recommended by Cisco.
- DUpload an SSL certificate to vManage.
- ESelect a validity period from the drop-down menu.
Explanation
To set the Controller Certificate Authorization mode to use a root certificate, you must select a private certificate signing authority and upload the necessary SSL certificate to vManage.
Common mistakes.
- B. Changing the organization name of the Cisco SD-WAN fabric is a fabric-wide identifier and does not directly configure the certificate authorization mode for controller trust.
- C. Simply selecting a Cisco-recommended Controller Certificate Authorization mode does not, by itself, indicate or establish trust for a specific root certificate without the underlying certificate management actions.
- E. Selecting a validity period is part of certificate generation, but it is not one of the two primary actions required to set the authorization mode to indicate the use of a root certificate.
Concept tested. Cisco SD-WAN controller certificate authorization
Topics
#Controller security#Certificate management#PKI#vManage configuration
Community Discussion
No community discussion yet for this question.