A network administrator creates a local user account and assigns that account to the Level-9 authorization group. The administrator tests the group assignment and is able to successfully log in with the local user credentials. However, the administrator is able to enter all the commands rather than only the commands permitted by the Level-9 group.
How can the administrator resolve this issue?
A. Set an operator password.
B. Set the command access level to enable.
C. Set the command access level to all.
D. Set command authorization to local.
|
Download Printable PDF. VALID exam to help you PASS. |
 |
#D
From Official Aruba training guide
“At the factory default settings, command authorization is set to none, which means that the user’s authorization group does not actually take effect. The user is granted full manager-level access”
In effect unless the line ” aaa authorization command local” is input the above will happen.
Setting an operator password to stop them “Enter-ing” into full access is only related to operator and manager roles and not in relation to groups/aaa access.
So the answer of C is correct
Regards.
It is important for you to understand that RBAC and local users are designed for use with the manager and operator accounts, not instead of those accounts.
If you configure only local users and no manager or operator password, the switch won’t be protected from unauthorized access.
Users will be prompted to log in, but they can press [Enter] and receive full manager access without logging in.
Always set a manager password to protect management access to the switch
SO, correct is A