nerdexam
Cisco

300-620 · Question #142

Refer to the exhibit. A customer must back up the current Cisco ACl configuration securely to the remote location using encryption and authentication. The backup job must run once per day. The custome

The correct answer is C. Export destination using SCP protocol.. To securely back up the Cisco ACI configuration daily using encryption and authentication while excluding sensitive data, the Secure Copy Protocol (SCP) must be configured with an appropriate export policy.

ACI Management

Question

Refer to the exhibit. A customer must back up the current Cisco ACl configuration securely to the remote location using encryption and authentication. The backup job must run once per day. The customer s security policy mandates that any sensitive information including passwords, must not be exported from the device. Which set of steps meets these requirements?

Exhibit

300-620 question #142 exhibit

Options

  • AExport destination using FTP protocol.
  • BExport destination using FTP protocol.
  • CExport destination using SCP protocol.
  • DExport destination using SCP protocol.

How the community answered

(67 responses)
  • A
    3% (2)
  • B
    6% (4)
  • C
    82% (55)
  • D
    9% (6)

Why each option

To securely back up the Cisco ACI configuration daily using encryption and authentication while excluding sensitive data, the Secure Copy Protocol (SCP) must be configured with an appropriate export policy.

AExport destination using FTP protocol.

FTP (File Transfer Protocol) does not provide encryption or strong authentication, making it insecure for transferring sensitive configuration data.

BExport destination using FTP protocol.

FTP (File Transfer Protocol) does not provide encryption or strong authentication, making it insecure for transferring sensitive configuration data.

CExport destination using SCP protocol.Correct

SCP (Secure Copy Protocol) provides encrypted and authenticated file transfer over SSH, ensuring the ACI configuration backup is secure, and an appropriate export policy allows for the exclusion of sensitive information like passwords.

DExport destination using SCP protocol.

While SCP provides secure transport, if the specific steps in option D do not configure the ACI export policy to redact sensitive information, it would fail to meet the security policy requiring passwords not be exported, unlike option C which implicitly covers the full set of requirements.

Concept tested: Cisco ACI configuration backup security

Source: https://www.cisco.com/c/en/us/td/docs/dcn/aci/apic/6x/config/b_Cisco_APIC_Configuration_Guide_6x/m-config-apic-backup-and-restore.html

Topics

#configuration backup#secure protocols#SCP#data encryption

Community Discussion

No community discussion yet for this question.

Full 300-620 Practice