Home » Cisco » 400-151 » Which two security features are supported by NX-API?
Which two security features are supported by NX-API? (Choose 2)
A. NX-API support certificate-based authentication
D. User must have appropriate accounts to access the device through NX-API
C. All communication to the device is encrypted when you use VPN.
B. All communication to the device is encrypted when you use HTTPS.
Correct Answer: BD
Explanation/Reference:
http://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus7000/sw/programmability/guide/b_Cisco_Nexus_7000_Series_NX-OS_Programmability_Guide/b_Cisco_Nexus_7000_Series_NX-OS_Programmability_Guide_chapter_0101.html
Security
NX-API supports HTTPS. All communication to the device is encrypted when you use HTTPS.
NX-API is integrated into the authentication system on the device. Users must have appropriate accounts to access the device through NX-API. NX-API uses HTTP basic authentication. All requests must contain the username and password in the HTTP header.
Note
You should consider using HTTPS to secure your user’s login credentials.
You can enable NX-API by using the feature manager CLI command. NX-API is disabled by default.
NX-API provides a session-based cookie, nxapi_auth when users first successfully authenticate. With the session cookie, the username and password are included in all subsequent NX-API requests that are sent to the device. The username and password are used with the session cookie to bypass performing the full authentication process again. If the session cookie is not included with subsequent requests, another session cookie is required and is provided by the authentication process. Avoiding unnecessary use of the authentication process helps to reduce the workload on the device.
Note
A nxapi_auth cookie expires in 600 seconds (10 minutes). This value is a fixed and cannot be adjusted.
Note
NX-API performs authentication through a programmable authentication module (PAM) on the switch. Use cookies to reduce the number of PAM authentications, which reduces the load on the PAM.