ExamTopics Logo
Mail Us[email protected]
Menu
Cisco Discussions
exam questions

Exam 300-620 All Questions

View all questions & answers for the 300-620 exam
Go to Exam

Exam 300-620 topic 1 question 119 discussion

Actual exam question from Cisco's 300-620
Question #: 119
Topic #: 1
[All 300-620 Questions]

A customer implements RBAC on a Cisco APIC using a Windows RADIUS server that is configured with network control policies. The APIC configuration is as follows:
• Tenant = TenantX
• Security Domain = TenantX-SD
• User = X

The customer requires User X to have access to TenantX only, without any extra privilege in the Cisco ACI fabric domain. Which Cisco AV pair must be implemented on the RADIUS server to meet these requirement?

  • A. shell:domains = TenantX-SD/fabric-admin/,common//read-all
  • B. shell:domains = TenantX-SD/tenant-admin
  • C. shell:domains = TenantX-SD/tenant-ext-admin/,common//read-all
  • D. shell:domains = TenantX-SD/tenant-admin/,common//read-all
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by Rododendron2 at May 6, 2023, 12:34 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
udo2020
1 month ago
Selected Answer: D
It is "shell:domains = TenantX-SD/tenant-admin/,common//read-all" because the role tenant-ext-admin has additional rights and this is not allowed.
upvoted 1 times
...
designated
1 month, 3 weeks ago
Selected Answer: B
It is B!!!
upvoted 1 times
...
Rollizo
2 months, 3 weeks ago
Selected Answer: B
It is B: tenand-admin “When assigned to a limited security domain, allows configuration of most attributes inside a tenant but does not allow changes to fabricwide settings that can potentially impact other tenants”
upvoted 1 times
Rollizo
2 months, 1 week ago
Has to be C, tenant-admin allows access to fabric configuration inside the tenant itself
upvoted 1 times
...
...
zelya19
10 months, 3 weeks ago
Selected Answer: C
Also work: shell:domains = TenantX-SD/admin/,common//read-all
upvoted 1 times
...
sailorsoul
11 months, 4 weeks ago
Selected Answer: C
tenant-admin have fabric privileges as well.
upvoted 1 times
...
kamel86
1 year, 2 months ago
Selected Answer: C
As mentioned "without any extra privilege in the Cisco ACI fabric domain" so it should be C to mange the tenant only https://www.cisco.com/c/en/us/td/docs/dcn/aci/apic/5x/security-configuration/cisco-apic-security-configuration-guide-release-52x/access-authentication-and-accounting-52x.html
upvoted 4 times
...
Rododendron2
1 year, 8 months ago
so practically, none of options, correct is: shell:domains = TenantX-SD/admin/,common//read-all
upvoted 3 times
...
Rododendron2
1 year, 8 months ago
Selected Answer: D
D. shell:domains = TenantX-SD/tenant-admin/,common//read-all https://www.cisco.com/c/en/us/td/docs/switches/datacenter/aci/apic/sw/5-x/security/cisco-apic-security-configuration-guide-50x/m_access_authentication_and_accounting.html
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago