ExamTopics Logo
Mail Us[email protected]
Menu
Cisco Discussions
exam questions

Exam 300-620 All Questions

View all questions & answers for the 300-620 exam
Go to Exam

Exam 300-620 topic 1 question 206 discussion

Actual exam question from Cisco's 300-620
Question #: 206
Topic #: 1
[All 300-620 Questions]

An engineer must configure a new local user inside a Cisco ACI. The new user must meet these criteria:
• Must be provided with complete read-only access to the tenant.
• Must be permitted to create and delete EPGs within a specific tenant.
• Must not be allowed to modify any other objects within that tenant.

The tenant and security domain association is already in place. Which configuration set configures the new tenant?

  • A. Create a new role with tenant-admin privilege.
    Create the local user and assign it to the tenant-security domain.
    Add the tenant-security domain to the role admin with access privilege type Read.
    Add the tenant-security domain to the new role with access privilege type Write.
  • B. Create a new role with tenant-epg privilege.
    Create the local user and assign it to the tenant-security domain.
    Add the tenant-security domain to the role read-all with access privilege type Read.
    Add the tenant-security domain to the new role with access privilege type Write.
  • C. Create a new role with tenant-connectivity privilege.
    Create the local user and assign it to the tenant-security domain.
    Add the tenant-security domain to the role access-admin with access privilege type Read.
    Add the tenant-security domain to the new role with access privilege type Write.
  • D. Create a new role with tenant-security privilege.
    Create the local user and assign it to the tenant-security domain.
    Add the tenant-security domain to the role tenant-admin with access privilege type Read.
    Add the tenant-security domain to the new role with access privilege type Write.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by imanus at May 17, 2023, 2:38 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
msalamehi
9 months, 3 weeks ago
Selected Answer: B
B is correct, I tried at Lab, in case of A it will allow the user to have more access such as creating BD, contracts, l3outs etc.. def B
upvoted 1 times
...
Mr_Certifiable
1 year, 3 months ago
Selected Answer: B
tenant-epg privilege Used for managing tenant configurations such as deleting/creating endpoint groups. tenant-epg Used for managing tenant configurations such as deleting/creating endpoint groups, VRFs, and bridge domains. Role: tenant-admin aaa Used for configuring authentication, authorization, accouting and import/export policies. access-connectivity-l1 Used for Layer 1 configuration under infra. Example: selectors and port Layer 1 policy configurations. tenant-connectivity-util Used for atomic counter, diagnostic, and image management policies on leaf switches and spine switches.$ tenant-security Used for contract-related configurations for a tenant. https://www.cisco.com/c/en/us/td/docs/switches/datacenter/aci/apic/sw/4-x/security/Cisco-APIC-Security-Configuration-Guide-401/b_Cisco_APIC_Security_Guide_chapter_01000.html
upvoted 1 times
...
hebdeb
1 year, 4 months ago
Selected Answer: B
Role Tenant-epg is only write (create and delete), rest should be read only
upvoted 2 times
...
imanus
1 year, 6 months ago
Selected Answer: A
I vote A, because you need to have read-only to the WHOLE tenant, not just the EPG.
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel