Cisco 350-601 Practice Test - Questions Answers, Page 25

The correct command set for configuring AAA to use CHAP with MD5 hashing and to share the RADIUS configuration across MDS switches involves using theaaa authentication logincommand with theradiuskeyword and enabling CHAP. Theradius distributecommand is used to share the RADIUS configuration automatically with other MDS switches in the environment.

Cisco MDS 9000 Series Security Configuration Guide1

Configuring FC-SP and DHCHAP2

Please note that the actual commands may vary based on the specific requirements and the version of the Cisco NX-OS software running on your switch. It's always best to consult the latest Cisco documentation or a certified Cisco technical expert for the most accurate information.

The DHCP snooping feature acts as a firewall between untrusted hosts and trusted DHCP servers. It validates DHCP messages received from untrusted sources and filters out invalid messages. To implement this on a Cisco Nexus 7000 Series Switch for VLAN 10, you would enable DHCP snooping for that VLAN and then configure the specific interface connected to the legitimate DHCP servers to be trusted. This ensures that DHCP responses from the legitimate servers are allowed, while responses from any other servers are blocked.

Cisco Nexus 7000 Series NX-OS Security Configuration Guide1

Configuring DHCP Snooping2

Enable telemetry featureson the Cisco Nexus 9000 Series Switch to collect and send real-time data.

Configure a secure transport mechanism, such as gRPC with TLS encryption, to ensure that the monitoring data is transmitted securely.

Set up a subscription-based monitoring servicethat can process the telemetry data and provide insights into the network health.

An ISSU upgrade on the Cisco MDS 9000 Series Switch allows for software updates with minimal impact on the switch's operation. The control plane remains up during the upgrade, ensuring continuous network operations and service availability.The process is carefully designed to prevent any significant downtime, and any brief disruption is kept well under the 120-second mark1.

The command set in Option C is likely to configure the Cisco MDS switches to use FC-SP for authentication and to ensure communication remains encrypted even when the AAA server is not reachable.This would typically involve configuring the switches to fall back on local authentication databases and enabling features such as DHCHAP (Diffie-Hellman Challenge Handshake Authentication Protocol) to maintain encrypted communication12.

Option C correctly uses an HTTP POST request to send the necessary payload to Cisco APIC. This method is suitable for creating new resources like an EPG when the specified Tenant and application profile exist. The POST request will ensure that the configuration is applied only if the conditions are met, aligning with the requirement that the firewall policy allows only HTTP connectivity.

Option A, which utilizes the SFTP protocol with a weekly schedule, aligns with the requirements. SFTP ensures encrypted transmission of data, addressing the need for secure backup. A weekly backup schedule is within the 48-hour Recovery Point Objective (RPO), as it guarantees that the most data that could be lost in a disaster is one week's worth, which is acceptable within the given RPO. The Recovery Time Objective (RTO) of 4 hours is related to the restoration process rather than the backup schedule or protocol, so it is not directly influenced by the choice of Option A.

The configuration in Option C likely involves setting the port to N Port and enabling Trunk Mode Active.This setup is necessary for establishing a VSAN trunk, as it allows the port to actively negotiate with the other switch to transmit and receive frames in multiple VSANs over the same physical link1.