Which statement about RBAC user roles on a Cisco Nexus switch is true?
A. If a user belongs to two roles, a permit access in one role takes priority over a deny access in the other role.
B. The predefined roles can be changed by the network-admin.
C. If a user belongs to two roles, the user can execute only the commands that are permitted by both of the roles.
D. On a Cisco Nexus 7000 Series Switch, roles are shared between VDCs.
Correct Answer: A
If you belong to multiple roles, you can execute a combination of all the commands permitted by these roles. Access to a command takes priority over being denied access to a command. For example, suppose a user has RoleA, which denied access to the configuration commands. However, the user also has RoleB, which has access to the configuration commands. In this case, the user has access to the configuration commands.
https://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus3000/sw/system_mgmt/7_x/b_Cisco_Nexus_3000_Series_NX-OS_System_Management_Configuration_Guide_7x/b_Cisco_Nexus_3000_Series_NX-OS_System_Management_Configuration_Guide_7x_chapter_0110.pdf
Correct Answer: C
Explanation/Reference:
User RolesUser roles containrules that define the operationsallowedfor the user who is assignedthe role. Each userrolecancontainmultiplerulesandeachusercanhavemultipleroles.Forexample,ifrole1allowsaccessonlytoconfigurationoperations,androle2allowsaccessonlytodebugoperations,userswhobelongtobothrole1and role2 can access configurationand debug operations.
https://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus3548/sw/system_mgmt/b_N3548_System_Management_Config_503_A1/b_N3548_System_Management_Config_503_A1_chapter_0101.pdf