Which statement about command authorization and security contexts is true?
A.
If command authorization is configured, it must be enabled on all contexts
B.
The changeto command invokes a new context session with the credentials of the currently logged-in user
C.
AAA settings are applied on a per-context basis
D.
The enable_15 user and admins with changeto permissions have different command authorization levels
per context
Explanation:
BD
The capture packet function works on an individual context basis. The ACE traces only the packets that belong
to the context where you execute the capture command. You can use the context ID, which is passed with the
packet, to isolate packets that belong to a specific context. To trace the packets for a single specific context,
use the changeto command and enter the capture command for the new context.
To move from one context on the ACE to another context, use the changeto command
Only users authorized in the admin context or configured with the changeto feature can use the changeto
command to navigate between the various contexts. Context administrators without the changeto feature, who
have access to multiple contexts, must explicitly log in to the other contexts to which they have access.
Source: http://www.cisco.com/c/en/us/td/docs/interfaces_modules/services_modules/ace/vA5_1_0/command/
reference/ACE_cr/execmds.html