Exam NCP-MCI-6.10 Topic 1 Question 63 Discussion
Actual exam question for Nutanix's NCP-MCI-6.10 exam
Question #: 63
Topic #: 1
Question #: 63
Topic #: 1
Refer to Exhibit:
An administrator sees the alert shown in the exhibit.
What should the administrator do to ensure the nutanix user can no longer SSH to a CVM using a password?
An administrator sees the alert shown in the exhibit.
What should the administrator do to ensure the nutanix user can no longer SSH to a CVM using a password?
Suggested Answer: C Vote an answer
Understanding the Exhibit & the Alert
The alert states:
* "The cluster is using password-based SSH access for the CVM."
* "Password-based remote login is enabled on the cluster."
* "It is recommended to use key-based SSH access instead of password-based SSH access for better security." This means that the nutanix user can log in to Controller VMs (CVMs) using a password, which is a security risk.
Corrective Action: Enabling Cluster Lockdown
#(C) Enable Cluster Lockdown. (Correct Answer)
* Cluster Lockdown Mode restricts password-based SSH access and forces key-based authentication.
* This prevents users from logging into CVMs using passwords, enhancing cluster security.
* To enable Cluster Lockdown:
* Go to Prism Central or Prism Element.
* Navigate to Settings # Security # Cluster Lockdown.
* Enable Cluster Lockdown Mode.
Evaluating the Other Answer Choices
#(A) Rename the nutanix user. (Incorrect)
* The nutanix user is a built-in system account required for cluster operations.
* Renaming the user will not prevent SSH access via password.
#(B) Block port 22 on the CVM firewall. (Incorrect)
* Blocking port 22 (SSH) will completely disable SSH access, including key-based authentication.
* This may break cluster management and troubleshooting operations.
#(D) Delete the nutanix user. (Incorrect)
* The nutanix user is a critical system account required for cluster functionality.
* Deleting the account will cause serious issues with cluster management.
Multicloud Infrastructure References & Best Practices
* Nutanix Security Best Practices:
* Always use key-based SSH authentication instead of password-based logins.
* Enable Cluster Lockdown Mode to enforce security policies.
* Regularly audit user access to ensure security compliance.
* Cluster Lockdown Benefits:
* Prevents unauthorized SSH access via passwords.
* Enforces public key authentication, reducing brute-force attack risks.
* Strengthens CVM security against potential exploits.
References:
* Nutanix Security Guide #Enabling Cluster Lockdown for SSH Security
* Nutanix KB #Securing SSH Access on Nutanix Clusters
The alert states:
* "The cluster is using password-based SSH access for the CVM."
* "Password-based remote login is enabled on the cluster."
* "It is recommended to use key-based SSH access instead of password-based SSH access for better security." This means that the nutanix user can log in to Controller VMs (CVMs) using a password, which is a security risk.
Corrective Action: Enabling Cluster Lockdown
#(C) Enable Cluster Lockdown. (Correct Answer)
* Cluster Lockdown Mode restricts password-based SSH access and forces key-based authentication.
* This prevents users from logging into CVMs using passwords, enhancing cluster security.
* To enable Cluster Lockdown:
* Go to Prism Central or Prism Element.
* Navigate to Settings # Security # Cluster Lockdown.
* Enable Cluster Lockdown Mode.
Evaluating the Other Answer Choices
#(A) Rename the nutanix user. (Incorrect)
* The nutanix user is a built-in system account required for cluster operations.
* Renaming the user will not prevent SSH access via password.
#(B) Block port 22 on the CVM firewall. (Incorrect)
* Blocking port 22 (SSH) will completely disable SSH access, including key-based authentication.
* This may break cluster management and troubleshooting operations.
#(D) Delete the nutanix user. (Incorrect)
* The nutanix user is a critical system account required for cluster functionality.
* Deleting the account will cause serious issues with cluster management.
Multicloud Infrastructure References & Best Practices
* Nutanix Security Best Practices:
* Always use key-based SSH authentication instead of password-based logins.
* Enable Cluster Lockdown Mode to enforce security policies.
* Regularly audit user access to ensure security compliance.
* Cluster Lockdown Benefits:
* Prevents unauthorized SSH access via passwords.
* Enforces public key authentication, reducing brute-force attack risks.
* Strengthens CVM security against potential exploits.
References:
* Nutanix Security Guide #Enabling Cluster Lockdown for SSH Security
* Nutanix KB #Securing SSH Access on Nutanix Clusters
by Luther at Feb 16, 2025, 03:42 AM
0
0
0
10
Comments
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Report Comment
Commenting
You can sign-up / login (it's free).