Skip to Content

DCID 300-610: Network Automation Tools for Secure Server Management

By: Author Alex Lim

Posted on

Categories Exam

Discover the best network automation tools for secure server management. Explore Ansible and SaltStack, agentless solutions that support authentication and encryption, meeting stringent security policies without installing additional software.

Table of Contents

Question

A company must introduce a scalable network automation tool to deploy, configure, and manage thousands of network devices and servers. The company servers already have been security-hardened and must not have any additional software installed on them. The security policy mandates the use of a secure communication protocol that supports authentication and encryption for managing the servers.

Which two automation tools must be used to meet these requirements? (Choose two.)

A. Ansible
B. CFEngine
C. SaltStack
D. Chef
E. Puppet

Answer

A. Ansible
C. SaltStack

Explanation

Ansible (Option A) and SaltStack (Option C) are the two automation tools that meet the given requirements. Both tools support agentless architecture, allowing management of servers without installing additional software on the managed nodes. This aligns with the requirement of not installing any additional software on the already security-hardened servers.

Furthermore, Ansible and SaltStack support secure communication protocols like SSH and SSL/TLS, which provide authentication and encryption capabilities, as mandated by the security policy for managing the servers.

Ansible uses SSH for secure communication and follows the push-based model, where the control node initiates the configuration changes on the managed nodes. SaltStack, on the other hand, uses ZeroMQ or TCP for communication and follows a hybrid push-pull model, where both the master and minion nodes can initiate communication.

CFEngine (Option B), Chef (Option D), and Puppet (Option E) require an agent software to be installed on the managed nodes, which violates the requirement of not installing additional software on the servers.

Designing Cisco Data Center Infrastructure (DCID) 300-610 certification exam practice question and answer (Q&A) dump with detail explanation and reference available free, helpful to pass the Designing Cisco Data Center Infrastructure (DCID) 300-610 exam and earn Designing Cisco Data Center Infrastructure (DCID) 300-610 certification.