You enable FIPS mode on a Cisco TelePresence System Codec C60.
Which of the following statements is not correct?
A.
All calls will be encrypted.
B.
Telnet and HTTP cannot be used.
C.
IEEE 802.1x and SNMP are disabled.
D.
The root user account is disabled.
E.
Software upgrades are disabled.
F.
FIPS mode cannot be disabled.
G.
The SIP Profile Type must be set to Microsoft.
Explanation:
The SIP Profile Type must not be set to Microsoft. Enabling Federal Information Processing Standard (FIPS)
mode on a Cisco TelePresence System (CTS) Codec C60 configures the codec so that it is compliant with
FIPS Publication 1402, which is a U.S. government computer security standard.
FIPS mode requires that a device comply with the following limitations:
Software upgrades are disabled.
All calls must be encrypted.
Unencrypted protocols, such as Telnet and Hypertext Transfer Protocol (HTTP) cannot be used.
Institute of Electrical and Electronics Engineers (IEEE) 802.1x and Simple Network Management Protocol
(SNMP) must be disabled.
The root user account must be disabled.
The SIP Profile Type must not be set to Microsoft.
Once FIPS mode is enabled, it cannot be disabled. Therefore, you must perform a factory reset on the device if
FIPS mode is no longer desired. To perform a factory reset by using the command-line interface (CLI) on a
Cisco C60, connect to the C60 by using Secure Shell (SSH) and issue the xCommand
SystemUnit FactoryReset Confirm: Yes command. To perform a factory reset by using the web interface on a
Cisco C60, navigate to Maintenance > System Recovery, select the Factory Reset tab, and follow the prompts.Reference:
Cisco: Application Programmer Interface (API) Reference Guide, Cisco TelePresence System Codec C60/
C40: The Security commands (PDF)