Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us [email protected]
Menu

Unlimited Access

Get Unlimited Contributor Access to the all ExamTopics Exams!
Take advantage of PDF Files for 1000+ Exams along with community discussions and pass IT Certification Exams Easily.
Netapp Discussions

Exam NS0-162 topic 1 question 43 discussion

Actual exam question from Netapp's NS0-162
Question #: 43
Topic #: 1
[All NS0-162 Questions]

You need to configure data-at-rest encryption for your NetApp ONTAP 9.8 cluster. Your company does not have Key Management Interoperability Protocol (KMIP) services available but must require a passphrase to be entered when a node is rebooted.
In this scenario, which two actions should be performed to satisfy these requirements? (Choose two.)

  • A. Enable onboard key management
  • B. Enable common criteria mode
  • C. Configure an external key management server
  • D. Enable cluster-wide FIPS-compliant mode
Show Suggested Answer Hide Answer
Suggested Answer: AD 🗳️
Reference:
https://docs.netapp.com/ontap-9/topic/com.netapp.doc.pow-nve/Encryption%20of%20data%20at%20rest.pdf
by khk141 at Sept. 11, 2021, 10:20 a.m.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
khk141
Highly Voted 2 years, 7 months ago
I think A,B...
upvoted 6 times
SirALb
2 years, 7 months ago
I agree, Enabling onboard key management by default you are not required to enter a passphrase when the node is rebooted. To be asked the password , you need to enable the common criteria mode also. Source: Page 13 in the reference.
upvoted 2 times
...
...
Joocey
Highly Voted 2 years, 3 months ago
It appears the answer is AB. ONTAP 9.6 and later: ************ This article describes the procedure to configure the Onboard Key Manager (OKM) for password-protected boot. ONTAP versions 9.4 and later have the capability to require the Onboard Key Manager (OKM) passphrase during the system boot process. 1. Run the key manager setup wizard with the following command: ::> security key-manager onboard enable -cc-mode-enabled yes *********** In the above command "-CC-Mode_enabled" CC is for common criteria.
upvoted 5 times
...
AceGunner
Most Recent 1 year ago
Selected Answer: AB
https://docs.netapp.com/us-en/ontap/encryption-at-rest/enable-onboard-key-management-96-later-nve-task.html "Set cc-mode-enabled=yes to require that users enter the key manager passphrase after a reboot. For NVE, if you set cc-mode-enabled=yes, volumes you create with the volume create and volume move start commands are automatically encrypted. The - cc-mode-enabled option is not supported in MetroCluster configurations. The security key-manager onboard enable command replaces the security key-manager setup command."
upvoted 1 times
...
Newboy
1 year, 1 month ago
A&D. A. Enable onboard key management and D. Enable cluster-wide FIPS-compliant mode would satisfy the requirements for data-at-rest encryption with a passphrase required at node reboot.
upvoted 1 times
...
ihurd
2 years, 1 month ago
Selected Answer: AB
A and B are correct.
upvoted 2 times
...
KZM
2 years, 7 months ago
The FIPS-compliant mode just can be used if the KMIP server is available. The onboard key management encryption and common criteria mode provide the passphrase each time a node reboots. So, the answer should "A" and "B", I think.
upvoted 4 times
...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel