Which two actions are required before FIPS is configured in Cisco MDS? (Choose two.)
A. Passwords must be a minimum of 10 characters in length.
B. SNMP v2 or v3 must be enabled.
C. Remote authentication must occur utilizing RADIUS/TACACS+.
D. Disable VRRP.
E. Delete all SSH server RSA key pairs.
F. Delete all IKE policies utilizing MD5 or DES for encryption.
G. Enable the FC-FIPS feature.
H. Disable SSH.
D&F.
Reference:
https://www.cisco.com/c/en/us/td/docs/switches/datacenter/mds9000/sw/7_3/configuration/security/security/fips.html
Follow these guidelines before enabling FIPS mode:
Make your passwords a minimum of eight characters in length.
Disable Telnet. Users should log in using SSH only.
Disable remote authentication through RADIUS/TACACS+. Only users local to the switch can be authenticated.
Disable SNMP v1 and v2. Any existing user accounts on the switch that have been configured for SNMPv3 should be configured only with SHA for authentication and AES/3DES for privacy.
Disable VRRP.
Delete all IKE policies that either have MD5 for authentication or DES for encryption. Modify the policies so they use SHA for authentication and 3DES/AES for encryption.
Delete all SSH Server RSA1 keypairs.
D&F.
Reference:
https://www.cisco.com/c/en/us/td/docs/switches/datacenter/mds9000/sw/7_3/configuration/security/security/fips.html
Follow these guidelines before enabling FIPS mode:
Make your passwords a minimum of eight characters in length.
Disable Telnet. Users should log in using SSH only.
Disable remote authentication through RADIUS/TACACS+. Only users local to the switch can be authenticated.
Disable SNMP v1 and v2. Any existing user accounts on the switch that have been configured for SNMPv3 should be configured only with SHA for authentication and AES/3DES for privacy.
Disable VRRP.
Delete all IKE policies that either have MD5 for authentication or DES for encryption. Modify the policies so they use SHA for authentication and 3DES/AES for encryption.
Delete all SSH Server RSA1 keypairs.