Q: 16
An engineer must configure a user role interface policy on a Cisco Nexus 9000 Series Switch. The role
must prevent access to interface FC3/2 but allow access to interface FC3/1. Which
set of actions must be taken to accomplish this goal?
Options
Discussion
Option A, Strictly fits what the question asks, deny FC3/2, permit FC3/1. Pretty sure this is how Nexus policies should look. Disagree?
A , since you want to block FC3/2 completely but give access to FC3/1. That's what option A does using deny and permit rules in the right order. Pretty sure that's standard Nexus user role config logic, unless I'm missing something.
A . Denying FC3/2 and permitting FC3/1 matches the requirement for least privilege on interface access.
A , saw this exact pattern on a mock exam.
Its A-D is a common trap that would actually deny FC3/1, which you want to allow. Saw a similar question on practice tests, pretty sure A handles the restriction as asked. Anyone see this differently?
A is the right choice. You need to explicitly deny FC3/2 and permit FC3/1 for the user role, which matches what the policy needs on Nexus. Pretty sure this lines up with how interface roles are handled, but open to other takes.
I think it's D. Policy says permit FC3/2, deny FC3/1.
D imo, but is this for best security or just minimum access? That changes the pick.
Be respectful. No spam.
