An administrator is configuring N I P on Cisco ASA via ASDM and needs to ensure that rogue NTP servers cannot insert themselves as the authoritative time source Which two steps must be taken to accomplish this task? (Choose two)
A.
Specify the NTP version
B.
Configure the NTP stratum
C.
Set the authentication key
D.
Choose the interface for syncing to the NTP server
To prevent rogue NTP servers from inserting themselves as the authoritative time source, the administrator needs to configure NTP authentication and specify the interface for syncing to the NTP server. NTP authentication allows the ASA to verify the identity and integrity of the NTP packets received from the server, using a shared secret key. Specifying the interface for syncing to the NTP server ensures that the ASA uses the correct source address for sending and receiving NTP packets, and avoids potential routing issues. The other options are not required or relevant for this task. Specifying the NTP version is optional and does not affect security. Configuring the NTP stratum is only applicable for NTP servers, not clients. The ASA can only act as an NTP client, not a server. Setting the NTP DNS hostname is not recommended, as it introduces a dependency on DNS resolution and may cause synchronization problems if the DNS server changes the IP address of the NTP server. References :=
Some possible references are:
Configure NTP Authentication on Secure Network Analytics
CLI Book 1: Cisco ASA Series General Operations CLI Configuration Guide, 9.6 - Basic Settings
Cisco ASA NTP and Clock Configuration with Examples
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit