Learn the correct command to limit users in the sangroup role from running commands on VSANs 15-20 on a Cisco MDS 9000 Series Switch. Improve switch security with proper role-based access control configuration.
Table of Contents
Question
Refer to the exhibit.
An engineer must restrict users assigned to the sangroup role on the Cisco MDS 9000 Series Switch from issuing commands on VSANs 15 to 20. Which command must the engineer run to achieve this objective?
A. permit vsan 15-20
B. no vsan policy deny
C. vsan policy deny vsan 15-20
D. no permit vsan 15-20
Answer
To restrict users assigned to the sangroup role on the Cisco MDS 9000 Series Switch from issuing commands on VSANs 15 to 20, the correct command to run is:
C. vsan policy deny vsan 15-20
Explanation
This command explicitly denies the sangroup role from executing any commands on the specified VSAN range of 15 to 20.
Let’s analyze the other options:
A. permit vsan 15-20
This would do the opposite and allow commands on VSANs 15-20, which is not the desired outcome.
B. no vsan policy deny
This negates any existing VSAN policy restrictions but does not set a specific deny rule for VSANs 15-20.
D. no permit vsan 15-20
This would remove a permit rule, if one existed, for VSANs 15-20. However, it does not explicitly deny commands on those VSANs.
Therefore, option C, “vsan policy deny vsan 15-20”, is the correct command to achieve the objective of preventing the sangroup role users from issuing commands on VSANs 15 through 20 on the Cisco MDS 9000 Series Switch. This command ensures proper role-based access control to improve switch security by limiting the scope of commands certain user roles can execute on sensitive VSANs.
Cisco 350-601 certification exam practice question and answer (Q&A) dump with detail explanation and reference available free, helpful to pass the Cisco 350-601 exam and earn Cisco 350-601 certification.