350-601 Question #195: Real Exam Question with Answer & Explanation

Question

An engineer is implementing Cisco Intersight in a secure environment. The environment must use LDAP directory service and ensure information integrity and confidentiality. Which two steps must be taken to implement the solution? (Choose two.)

Options

• AEnable Encryption for LDAP.
• BAdd a self-signed LDAP certificate to Cisco Intersight.
• CEnable Certificate Signing Request in Cisco Intersight.
• DAdd a trusted root LDAP certificate to Cisco Intersight
• EAdd a trusted OAuth token to Cisco Intersight.

Explanation

To implement secure LDAP directory services with Cisco Intersight, ensuring information integrity and confidentiality, the engineer must enable encryption for LDAP and add a trusted root LDAP certificate to Intersight. Encryption secures the communication, while the trusted root certificate validates the LDAP server's identity.

Common mistakes.

• B. Adding a self-signed LDAP certificate directly to Intersight is generally not recommended for secure, production environments as it bypasses the chain of trust provided by a Certificate Authority.
• C. Enabling a Certificate Signing Request (CSR) in Cisco Intersight is used to generate a request for Intersight's own server certificate, not for importing an LDAP server's certificate for client-side trust.
• E. OAuth tokens are used for API authentication and authorization, not for securing LDAP directory service connections for user authentication.

Concept tested. Cisco Intersight secure LDAP integration

Reference. https://www.cisco.com/c/en/us/td/docs/unified_computing/intersight/sw/admin-guide/b_Cisco_Intersight_Administration_Guide/b_Cisco_Intersight_Administration_Guide_chapter_01000.html

No community discussion yet for this question.