Which statement about command authorization and security contexts is true?

Posted by: Pdfprep Category: 210-260 Tags: , ,

Which statement about command authorization and security contexts is true?
A . If command authorization is configured, it must be enabled on all contexts
B . The changeto command invokes a new context session with the credentials of the currently logged-in user
C . AAA settings are applied on a per-context basis
D . The enable_15 user and admins with changeto permissions have different command authorization levels per context

Answer: B

Explanation:

The capture packet function works on an individual context basis. The ACE traces only the packets that belong to the context where you execute the capture command. You can use the context ID, which is passed with the packet, to isolate packets that belong to a specific context. To trace the packets for a single specific context, use the changeto command and enter the capture command for the new context.

To move from one context on the ACE to another context, use the changeto command Only users authorized in the admin context or configured with the changeto feature can use the changeto command to navigate between the various contexts. Context administrators without the changeto feature, who have access to multiple contexts, must explicitly log in to the other contexts to which they have access.

Source: http://www.cisco.com/c/en/us/td/docs/interfaces_modules/services_modules/ace/vA5_1_0/comma nd/ reference/ACE_cr/execmds.html

* AAA settings are discrete per context, not shared between contexts. When configuring command authorization, you must configure each context separately.

* New context sessions started with the changeto command always use the default value “enable_15” username as the administrator identity, regardless of what username was used in the previous context session.

to read more, here’s the link https://www.cisco.com/c/en/us/td/docs/security/asa/asa90/configuration/guide/asa_90_cli_config/a ccess_management.html#30969

Leave a Reply

Your email address will not be published.