An information security manager is concerned that connectivity used to configure and troubleshoot critical network devices could be attacked. The manager has tasked a network security engineer with meeting the following requirements:
▪ Encrypt all traffic between the network engineer and critical devices.
▪ Segregate the different networking planes as much as possible.
▪ Do not let access ports impact configuration tasks.
Which of the following would be the BEST recommendation for the network security engineer to present?
A. Deploy control plane protections.
B. Use SSH over out-of-band management.
C. Force only TACACS to be allowed.
D. Require the use of certificates for AAA.
How to PASS CAS-004 in First Attempt?FULL Printable PDF and Software. VALID exam to help you PASS. |
 |
Another common reason for out-of-band management is to allow emergency access to physically remote devices in case the primary network becomes unavailable. It’s often really handy to have a special back door you can use to troubleshoot whatever problem has broken your main network.
B is correct – Use SSH over out-of-band management – this is the only option that satisfies all 3 criteria.
TACACS can be used to authenticate via access ports – it’s commonly done. By itself, it doesn’t meet ANY of the 3 criteria.
the answer is C
TurtleCock is correct. Please stop posting.
Lol…how is answer C correct?
Stop telling people to stop posting you putz