Scenario: An administrator configured an LDAP authentication policy and bound it globally.
The only system group configured on the Netscaler is NS_Admins. After reviewing the
security logs, the administrator notices that users in the External_Contractors LDAP group
are able to log on to NetScaler using SSH; however, members of the External_Contractors
group are NOT authorized to run any commands. Which action could the administrator take
to prevent the members of the External_Contractors LDAP Group from logging on to
NetScaler using SSH without affecting other users?

A.
Configure an authorization policy that allows logon only by members of the
“External_Contractors” LDAP Group. Bind the new policy globally.

B.
Create a new command policy with a DENY action. Create a System Group named
“External_Contractors” and assign the new command policy to the External_Contractors
group.

C.
Specify (memberOf=”CN=External_Contractors, CN=Groups, CN=example, CN=com”)
as a filter in the properties of the configured LDAP server.

D.
Specify (!(memberOf=”CN=External_Contractors, CN=Groups, CN=example, CN=com”))
as a filter in the properties of the configured LDAP server.

Explanation: