350-701 · Question #163
Refer to the exhibit. A network administrator configures command authorization for the admm5 user. What is the admin5 user able to do on HQ_Router after this configuration?
The correct answer is A. complete no configurations. Based on a common authorization configuration where no specific commands are permitted, the admin5 user would be unable to complete any configurations on HQ_Router.
Question
Refer to the exhibit. A network administrator configures command authorization for the admm5 user. What is the admin5 user able to do on HQ_Router after this configuration?
Exhibit
Options
- Acomplete no configurations
- Badd subinterfaces
- Ccomplete all configurations
- Dset the IP address of an interface
How the community answered
(30 responses)- A60% (18)
- B20% (6)
- C7% (2)
- D13% (4)
Why each option
Based on a common authorization configuration where no specific commands are permitted, the admin5 user would be unable to complete any configurations on HQ_Router.
If command authorization is configured but no specific commands are explicitly permitted for a user like 'admin5' within the policy, the user will be denied access to execute any configuration commands by default, effectively blocking all changes.
Adding subinterfaces is a configuration command, and without explicit authorization for this action, the user would be denied permission to perform it.
Completing all configurations implies full administrative access, which would require specific and broad authorization, contrary to a scenario where authorization might restrict actions.
Setting an IP address is a specific configuration command; without explicit authorization for interface configuration, the user would be unable to perform this task.
Concept tested: Cisco IOS command authorization default deny
Source: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_usr_aaa/configuration/xe-16/sec-usr-aaa-xe-16-book/sec-usr-aaa-authz.html
Topics
Community Discussion
No community discussion yet for this question.
