PrepAway - Latest Free Exam Questions & Answers

Which two functions will the Set ASDM Defined User Role…

Refer to the exhibit.

Which two functions will the Set ASDM Defined User Roles perform? (Choose two.)

PrepAway - Latest Free Exam Questions & Answers

A.
enables role based privilege levels to most Cisco ASA commands

B.
enables the Cisco ASDM user to assign privilege levels manually to individual commands or groups of commands

C.
enables command authorization with a remote TACACS+ server

D.
enables three predefined user account privileges (Admin=Priv 15, Read Only=Priv 5, Monitor Only=Priv 3)

Explanation:
http://www.cisco.com/en/US/docs/security/asa/asa80/asdm60/user/guide/devaccss.html ·To use predefined user account privileges, click Set ASDM Defined User
Roles. The ASDM Defined User Roles Setup dialog box shows the commands and their levels. Click Yes to use the predefined user account privileges: Admin
(privilege level 15, with full access to all CLI commands; Read Only (privilege level 5, with read-only access); and Monitor Only (privilege level 3, with access to the
Monitoring section only). ·To manually configure command levels, click the Configure Command Privileges button. The Command Privileges Setup dialog box
appears. You can view all commands by choosing — All Modes– from the Command Mode drop-down list, or you can choose a configuration mode to view the
commands available in that mode. For example, if you choose context, you can view all commands available in context configuration mode. If a command can be
entered in user EXEC/privileged EXEC mode as well as configuration mode, and the command performs different actions in each mode, you can set the privilege
level for these modes separately. The Variant column displays show, clear, or cmd. You can set the privilege only for the show, clear, or configure form of the
command. The configure form of the command is typically the form that causes a configuration change, either as the unmodified command (without the show or
clear prefix) or as the no form.
To change the level of a command, double-click it or click Edit. You can set the level between 0 and 15. You can only configure the privilege level of the main
command. For example, you can configure the level of all aaa commands, but not the level of the aaa authentication command and the aaa authorization command
separately.
To change the level of all shown commands, click Select All and then Edit.
Click OK to accept your changes.


Leave a Reply