A security administrator is tasked with implementing centralized management of all network
devices. Network administrators will be required to logon to network devices using their LDAP
credentials. All command executed by network administrators on network devices must fall within
a preset list of authorized commands and must be logged to a central facility. Which of the
following configuration commands should be implemented to enforce this requirement?
A.
LDAP server 10.55.199.3
B.
CN=company, CN=com, OU=netadmin, DC=192.32.10.233
C.
SYSLOG SERVER 172.16.23.50
D.
TACAS server 192.168.1.100
TACACS+
D
1
0
D.
1
0
Choice B is using LDAP format.
The Lightweight Directory Access Protocol is an open, vendor-neutral, industry standard application protocol for accessing and maintaining distributed directory information services over an Internet Protocol (IP) network. Directory services play an important role in developing intranet and Internet applications by allowing the sharing of information about users, systems, networks, services, and applications throughout the network. As examples, directory services may provide any organized set of records, often with a hierarchical structure, such as a corporate email directory. Similarly, a telephone directory is a list of subscribers with an address and a phone number.
An entry can look like this when represented in LDAP Data Interchange Format (LDIF) (LDAP itself is a binary protocol):
dn: cn=John Doe,dc=example,dc=com cn: John Doe
givenName: John sn: Doe
telephoneNumber: +1 888 555 6789
telephoneNumber: +1 888 555 1232 mail: john@example.com
manager: cn=Barbara Doe,dc=example,dc=com objectClass: inetOrgPerson
objectClass: organizationalPerson objectClass: person
objectClass: top
“dn” is the distinguished name of the entry; it is neither an attribute nor a part of the entry. “cn=John Doe” is the entry’s RDN (Relative Distinguished Name), and “dc=example,dc=com” is the DN of the parent entry, where “dc” denotes ‘Domain Component’. The other lines show the attributes in the entry. Attribute names are typically mnemonic strings, like “cn” for common name, “dc” for domain component, “mail” for e-mail address, and “sn” for surname.
0
8
LDAP does not directly support user accounting
D is the correct answer.
5
0
Lake your comments are never correct. The answer is D.
3
0