ExamTopics Logo
Mail Us[email protected]
Menu
Cisco Discussions
exam questions

Exam 300-415 All Questions

View all questions & answers for the 300-415 exam
Go to Exam

Exam 300-415 topic 1 question 54 discussion

Actual exam question from Cisco's 300-415
Question #: 54
Topic #: 1
[All 300-415 Questions]


Refer to the exhibit. A small company was acquired by a large organization. As a result, the new organization decided to update information on their Enterprise
RootCA and generated a new certificate using openssl. Which configuration updates the new certificate and issues an alert in vManage Monitor | Events
Dashboard?
A.

B.

C.

D.

Show Suggested Answer Hide Answer
Suggested Answer: B
Reference:
https://www.cisco.com/c/en/us/td/docs/solutions/CVD/SDWAN/cisco-sdwan-controller-cert-deploy-guide.html
by Maurel at Jan. 28, 2022, 12:55 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Mykhey
1 year, 3 months ago
I have tested this in a lab environment, B looks correct #RootCA openssl req -x509 -new -nodes -key ROOTCA.key -sha256 -days 2000 -subj "/C=UK/ST=Hampshire/L=Southampton/O=LAB-1/CN=roger.local" -out ROOTCA.pem This is from this lab: https://www.youtube.com/watch?v=X0yfM45sTyk&list=PLplGU0K93TA4oi8wcWGUUtdyJP9VNZ5Ce&index=6
upvoted 2 times
...
incog
1 year, 11 months ago
in doc this is an exmaple: OpenSSL> x509 -req -days 730 -in vmanage.csr -CA subca.crt -CAkey subca.key -set_serial 02 -out vmanage.crt which options matches this one?
upvoted 2 times
...
NetArch_Teck
2 years ago
Correct Answer is B According to Cisco's published guides!
upvoted 2 times
...
Roger95
2 years, 1 month ago
https://www.cisco.com/c/en/us/support/docs/routers/sd-wan/215103-how-to-generate-self-signed-web-certific.html#:~:text=vmanage%3A~%2Fweb%24%20openssl%20genrsa%20-out%20rootca.key%202048%20Generating%20RSA,is%2065537%20%280x10001%29%20vmanage%3A~%2Fweb%24%20ls%20rootca.key%20web_cert.csr%20vmanage%3A~%2Fweb%24
upvoted 1 times
...
hamidreza0010
2 years, 1 month ago
A is the correct answer
upvoted 1 times
mikidvd51
9 months, 3 weeks ago
B is correct. Step1 says - " generate RootCA Certificate" which matches with command syntax/attributes. In option A - the comand generates a "vmanage.crt" which is something else. (It will be needed later on)
upvoted 1 times
...
...
Fireforwall
2 years, 1 month ago
B is correct
upvoted 2 times
...
MerlinTheWizard
2 years, 2 months ago
A is correct: Eliminate C/D due to using Symantec in step 2 - as per the question, it should be local enterprise CA as used in A/B The step 1 should specify 365 days, not 2000, so this eliminates B and leaves us with A.
upvoted 3 times
Outlaw_87
1 year, 6 months ago
There's no requirement for cert to be valid for 365 days. It may be valid for 2000 days. Also there's change in ORG name in option B. Plus according the reference which Roger95 provided syntax in option B is correct. I'll go with B.
upvoted 1 times
...
...
densma
2 years, 3 months ago
B is wrong
upvoted 1 times
...
alin93
2 years, 9 months ago
one thing that bodered me was the O value. The question say that the organization is changed, so the O value must change as well, from the old ABC to XYZ (new organization name)
upvoted 1 times
...
Idro
2 years, 9 months ago
A is correct
upvoted 2 times
...
cfx3175
2 years, 10 months ago
B ONLY - see for syntax below: student@student-vm:~/lolcalCA$ openssl req -x509 -newkey rsa:2048 -keyout myca.key- -out myca.crt - days 3650 -nodes
upvoted 1 times
MerlinTheWizard
2 years, 2 months ago
3650 days is incorrect, also, it will not be generated on a vmanage. B option specified 2000 days, which is incorrect
upvoted 2 times
Outlaw_87
1 year, 6 months ago
There's no problem with 2000 days and it's not incorrect.
upvoted 1 times
...
...
...
khanda
2 years, 11 months ago
B is correct.
upvoted 3 times
...
Baio
3 years, 5 months ago
B is the correct answer. the syntax of the command is: openssl req (without the "-") and than go to vManage > Administration > §Controller Certificate Authorization > Enterprise Root Certificate
upvoted 1 times
MerlinTheWizard
2 years, 2 months ago
the number of days does not correspond with the cert in question
upvoted 1 times
...
...
she_ccie
3 years, 5 months ago
In Releases 17.1 and later, Cisco vManage can act as a Certificate Authority (CA) and can automatically generate and installed signed certificates on vEdge Cloud router. Notice the top left corner. VManage Module RootCa
upvoted 1 times
...
Speirsington
3 years, 6 months ago
I lean towards A https://stackoverflow.com/questions/10175812/how-to-generate-a-self-signed-ssl-certificate-using-openssl
upvoted 1 times
Izeflexzz
3 years, 5 months ago
I stand by B. The syntax is correct, A isn’t. Also, Why would you want a RootCA only valid for 1 year?
upvoted 1 times
MerlinTheWizard
2 years, 2 months ago
Because the cert in question is valid for 365 days, therefore B can't be valid no matter how you look at it
upvoted 1 times
...
...
...
Izeflexzz
3 years, 6 months ago
The correct answer is B, not A. The syntax for OpenSSL is correct and has the right navigation to the enterprise root certificate directory rather than D.
upvoted 2 times
DP
3 years, 5 months ago
How can B be correct when the validity of the cert it generates is 2000 days and it uses O=XYZ, although the exhibit shows a cert with a validity of 365 day and O=ABC? In my opinion, A is the right answer.
upvoted 4 times
...
...
Maurel
3 years, 6 months ago
Right answer should be A
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel