exam questions

Exam NS0-162 All Questions

View all questions & answers for the NS0-162 exam

Exam NS0-162 topic 1 question 43 discussion

Actual exam question from Netapp's NS0-162
Question #: 43
Topic #: 1
[All NS0-162 Questions]

You need to configure data-at-rest encryption for your NetApp ONTAP 9.8 cluster. Your company does not have Key Management Interoperability Protocol (KMIP) services available but must require a passphrase to be entered when a node is rebooted.
In this scenario, which two actions should be performed to satisfy these requirements? (Choose two.)

  • A. Enable onboard key management
  • B. Enable common criteria mode
  • C. Configure an external key management server
  • D. Enable cluster-wide FIPS-compliant mode
Show Suggested Answer Hide Answer
Suggested Answer: AB 🗳️

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
khk141
Highly Voted 1 year, 9 months ago
I think A,B...
upvoted 6 times
SirALb
1 year, 9 months ago
I agree, Enabling onboard key management by default you are not required to enter a passphrase when the node is rebooted. To be asked the password , you need to enable the common criteria mode also. Source: Page 13 in the reference.
upvoted 2 times
...
...
Joocey
Highly Voted 1 year, 5 months ago
It appears the answer is AB. ONTAP 9.6 and later: ************ This article describes the procedure to configure the Onboard Key Manager (OKM) for password-protected boot. ONTAP versions 9.4 and later have the capability to require the Onboard Key Manager (OKM) passphrase during the system boot process. 1. Run the key manager setup wizard with the following command: ::> security key-manager onboard enable -cc-mode-enabled yes *********** In the above command "-CC-Mode_enabled" CC is for common criteria.
upvoted 5 times
...
AceGunner
Most Recent 2 months, 2 weeks ago
Selected Answer: AB
https://docs.netapp.com/us-en/ontap/encryption-at-rest/enable-onboard-key-management-96-later-nve-task.html "Set cc-mode-enabled=yes to require that users enter the key manager passphrase after a reboot. For NVE, if you set cc-mode-enabled=yes, volumes you create with the volume create and volume move start commands are automatically encrypted. The - cc-mode-enabled option is not supported in MetroCluster configurations. The security key-manager onboard enable command replaces the security key-manager setup command."
upvoted 1 times
...
Newboy
3 months, 1 week ago
A&D. A. Enable onboard key management and D. Enable cluster-wide FIPS-compliant mode would satisfy the requirements for data-at-rest encryption with a passphrase required at node reboot.
upvoted 1 times
...
ihurd
1 year, 3 months ago
Selected Answer: AB
A and B are correct.
upvoted 2 times
...
KZM
1 year, 9 months ago
The FIPS-compliant mode just can be used if the KMIP server is available. The onboard key management encryption and common criteria mode provide the passphrase each time a node reboots. So, the answer should "A" and "B", I think.
upvoted 4 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago