Implementing Centralized Management of Network Devices: Configuration Commands for SY0-601 Exam | CompTIA Security+

Centralized Management of Network Devices: Configuration Commands

Prev Question Next Question

Question

A security administrator is tasked with implementing centralized management of all network devices.

Network administrators will be required to logon to network devices using their LDAP credentials.

All command executed by network administrators on network devices must fall within a preset list of authorized commands and must be logged to a central facility.

Which of the following configuration commands should be implemented to enforce this requirement?

Answers

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

B.

The configuration commands that should be implemented to enforce the security requirement of centralized management of network devices, LDAP-based logon and command logging to a central facility are:

A. LDAP server 10.55.199.3 C. SYSLOG SERVER 172.16.23.50

Explanation: LDAP (Lightweight Directory Access Protocol) is a widely used protocol for centralized authentication and authorization management. By configuring an LDAP server, the security administrator can enforce that network administrators must logon to network devices using their LDAP credentials, which are stored in the LDAP server. This ensures that all authentication requests are centralized and managed in one place. Therefore, option A is correct.

Syslog is a standard protocol used for message logging. By configuring a syslog server, all messages generated by network devices can be forwarded to the central facility for storage and analysis. Therefore, option C is also correct.

However, the answer options B and D are not correct as they do not relate to the specific security requirement in the question. Option B appears to be a LDAP distinguished name (DN) format that identifies a specific directory entry, but it does not provide any configuration command. Option D mentions TACAS (Terminal Access Controller Access-Control System), which is another authentication protocol but it is not specified in the question. Therefore, options B and D are not relevant to the requirement described in the question.