Home » Cisco » 400-151 » Which 3 statements about nxapi_auth are true
Which 3 statements about nxapi_auth are true(choose 3)
A. NX-API performs authentication through a programmable authentication module on the switch. Using cookies reduces the Number of PAM authentication, which reduces the load on the PAM.
B. Use of nxapi_auth is optimal. This feature can be disabled to reduced authentication time and to support large number of API calls
C. After the first successful authentication, the username and password are NOT include in subsequent NX-API request that are sent to the device,
D. Expiration time of the nxapi-auth cookes can be changed up to the max of 1200 seconds
E. The nxapi-auth cookies expires in 600 seconds
F. After the first successful authentication , the username and password are used with the session cookie to bypass performing the full authentication process again
Correct Answer: AEF
Explanation/Reference:
http://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus9000/sw/6-x/programmability/guide/b_Cisco_Nexus_9000_Series_NX-OS_Programmability_Guide/b_Cisco_Nexus_9000_Series_NX-OS_Programmability_Configuration_Guide_chapter_0101.pdf
Security
NX-API supports HTTPS. All communication to the device is encrypted when you use HTTPS.
NX-API is integrated into the authentication system on the device. Users must have appropriate accounts to access the device through NX-API. NX-API uses HTTP basic authentication. All requests must contain the username and password in the HTTP header.
Note You should consider using HTTPS to secure your user’s login credentials.
You can enable NX-API by using the feature manager CLI command. NX-API is disabled by default.
NX-API provides a session-based cookie, nxapi_auth when users first successfully authenticate. With the session cookie, the username and password are included in all subsequent NX-API requests that are sent to the device. The username and password are used with the session cookie to bypass performing the full authentication process again. If the session cookie is not included with subsequent requests, another session cookie isrequired and is provided by the authentication process. Avoiding unnecessary use of the authentication process helps to reduce the workload on the device.
Note A nxapi_auth cookie expires in 600 seconds (10 minutes). This value is a fixed and cannot be adjusted.
NX-API performs authentication through a programmable authentication module (PAM) on the switch.
Use cookies to reduce the number of PAM authentications, which reduces the load on the PAM.