Which two are true concerning authorization within a Cisco Unified Computing System?

Which two are true concerning authorization within a Cisco Unified Computing System? (Choose
two.)

Which two are true concerning authorization within a Cisco Unified Computing System? (Choose
two.)

A.
A role defines a collection of privileges that determines which actions a user can take in Cisco
Unified Computing System Manager.

B.
Authorization consists of three components (roles, password policy, and locales) that are based
on which features and resources the user will not have access to.

C.
Customized roles can be configured on and downloaded from remote AAA servers.

D.
The logical resources, pools and policies, are grouped into roles.

E.
If the service profile cannot find available resources, it will search in the parent organization for
pools and resources.



Leave a Reply 4

Your email address will not be published. Required fields are marked *


DM

DM

Answers are A & B I believe, E has nothing to do with authorization…?

dKM

dKM

This may be semantics, but UCS has a ‘Password Profile’, but no ‘Password Policy’; hence, ‘E’ becomes the least worst answer.

Michael Churchill

Michael Churchill

User roles contain one or more privileges that define the operations allowed for the user who is assigned the role. A user can be assigned one or more roles. A user assigned multiple roles has the combined privileges of all assigned roles.

A Cisco UCS domain can contain up to 48 user roles, including the default user roles.

All roles include read access to all configuration settings in the Cisco UCS domain.

Roles can be created, modified to add new or remove existing privileges, or deleted. When a role is modified, the new privileges are applied to all users assigned to that role. Privilege assignment is not restricted to the privileges defined for the default roles. That is, you can use a custom set of privileges to create a unique role.

User profiles on AAA servers (RADIUS or TACACS+) should be modified to add the roles corresponding to the privileges granted to that user. The attribute is used to store the role information. The AAA servers return this attribute with the request and parse it to get the roles. LDAP servers return the roles in the user profile attributes

see

http://www.cisco.com/c/en/us/td/docs/unified_computing/ucs/sw/gui/config/guide/2-0/b_UCSM_GUI_Configuration_Guide_2_0/b_UCSM_GUI_Configuration_Guide_2_0_chapter_01001.html

I would agree that E has nothing to do with authorisation but with pool resources and allocation

If a policy is found or an available resource is inside a pool, Cisco UCS Manager uses that policy or resource. If the pool does not have any available resources at the local level, Cisco UCS Manager moves up in the hierarchy to the parent organization and searches for a pool with the same name. Cisco UCS Manager repeats this step until the search reaches the root organization.

If the search reaches the root organization and has not found an available resource or policy, Cisco UCS Manager returns to the local organization and begins to search for a default policy or available resource in the default pool

I would also say that b is wrong as authorization seem to be set only for roles and locales not a dedicated password policy but happy if proved wrong

Multi-tenancy allows you to divide up the large physical infrastructure of an Cisco UCS domain into logical entities known as organizations. As a result, you can achieve a logical isolation between organizations without providing a dedicated physical infrastructure for each organization.

You can assign unique resources to each tenant through the related organization, in the multi-tenant environment. These resources can include different policies, pools, and quality of service definitions. You can also implement locales to assign or restrict user privileges and roles by organization, if you do not want all users to have access to all organizations so I would say d looks wrong as well

I would say A and C maybe as C could refer to modifying the role and returning it to Cisco UCs to get the right roles

But C is based on the fact that B also look wonky

deine mudder

deine mudder

B is also wrong because of the not
“the user will NOT have access to.”