nerdexam
CompTIA

SG0-001 · Question #281

The fabric security has been compromised and an unauthorized administrative session is established, removing zones from the active zone set. Which two (2) countermeasures should you take to reduce thi

The correct answer is C. enable access control list and role based access control D. disable Telnet and enable secure shell. To mitigate the risk of unauthorized administrative actions on a compromised fabric, it's crucial to secure both the access protocols and the administrative permissions.

Storage Management

Question

The fabric security has been compromised and an unauthorized administrative session is established, removing zones from the active zone set. Which two (2) countermeasures should you take to reduce this risk? (Choose two.)

Options

  • Aredirect logging to syslog of a protected system
  • Benable port authentication using DH-CHAP
  • Cenable access control list and role based access control
  • Ddisable Telnet and enable secure shell
  • Eenable storage access controls and link encryption

How the community answered

(57 responses)
  • A
    16% (9)
  • B
    4% (2)
  • C
    74% (42)
  • E
    7% (4)

Why each option

To mitigate the risk of unauthorized administrative actions on a compromised fabric, it's crucial to secure both the access protocols and the administrative permissions.

Aredirect logging to syslog of a protected system

Redirecting logging helps with auditing and forensics after an incident but does not directly prevent or reduce the risk of an unauthorized administrative session from occurring or succeeding.

Benable port authentication using DH-CHAP

Port authentication protocols like DH-CHAP secure the connection between devices and the fabric, ensuring only authorized devices can connect, but they do not secure administrative access to the fabric's management interface.

Cenable access control list and role based access controlCorrect

Enabling Access Control Lists (ACLs) and Role Based Access Control (RBAC) restricts administrative privileges, ensuring that only authorized users or roles can modify critical configurations like zone sets, thereby limiting the impact of a compromised session.

Ddisable Telnet and enable secure shellCorrect

Disabling insecure protocols like Telnet and enabling secure alternatives like Secure Shell (SSH) encrypts administrative communication, preventing eavesdropping and unauthorized access to administrative sessions, which helps safeguard against session compromise.

Eenable storage access controls and link encryption

Enabling storage access controls and link encryption protects data access and data in transit within the storage network, but these measures do not directly address the security of the fabric's administrative control plane.

Concept tested: Securing SAN administrative access and control plane

Source: https://www.cisco.com/c/en/us/td/docs/switches/datacenter/mds9000/sw/6_2/security/security_config/config_security.html

Topics

#Fabric security#Access control#Secure protocols#Zone management

Community Discussion

No community discussion yet for this question.

Full SG0-001 Practice