NCM-MCI-6.10試験無料問題集「Nutanix Certified Master - Multicloud Infrastructure (NCM-MCI) 認定」
Task 8
An administrator has environment that will soon be upgraded to 6.5. In the meantime, they need to implement log and apply a security policy named Staging_Production, such that not VM in the Staging Environment can communicate with any VM in the production Environment, Configure the environment to satisfy this requirement.
Note: All other configurations not indicated must be left at their default values.
An administrator has environment that will soon be upgraded to 6.5. In the meantime, they need to implement log and apply a security policy named Staging_Production, such that not VM in the Staging Environment can communicate with any VM in the production Environment, Configure the environment to satisfy this requirement.
Note: All other configurations not indicated must be left at their default values.
正解:
See the Explanation for step by step solution.
Explanation:
To configure the environment to satisfy the requirement of implementing a security policy named Staging_Production, such that no VM in the Staging Environment can communicate with any VM in the production Environment, you need to do the following steps:
Log in to Prism Central and go to Network > Security Policies > Create Security Policy. Enter Staging_Production as the name of the security policy and select Cluster A as the cluster.
In the Scope section, select VMs as the entity type and add the VMs that belong to the Staging Environment and the Production Environment as the entities. You can use tags or categories to filter the VMs based on their environment.
In the Rules section, create a new rule with the following settings:
Direction: Bidirectional
Protocol: Any
Source: Staging Environment
Destination: Production Environment
Action: Deny
Save the security policy and apply it to the cluster.
This will create a security policy that will block any traffic between the VMs in the Staging Environment and the VMs in the Production Environment. You can verify that the security policy is working by trying to ping or access any VM in the Production Environment from any VM in the Staging Environment, or vice versa.
You should not be able to do so.



Explanation:
To configure the environment to satisfy the requirement of implementing a security policy named Staging_Production, such that no VM in the Staging Environment can communicate with any VM in the production Environment, you need to do the following steps:
Log in to Prism Central and go to Network > Security Policies > Create Security Policy. Enter Staging_Production as the name of the security policy and select Cluster A as the cluster.
In the Scope section, select VMs as the entity type and add the VMs that belong to the Staging Environment and the Production Environment as the entities. You can use tags or categories to filter the VMs based on their environment.
In the Rules section, create a new rule with the following settings:
Direction: Bidirectional
Protocol: Any
Source: Staging Environment
Destination: Production Environment
Action: Deny
Save the security policy and apply it to the cluster.
This will create a security policy that will block any traffic between the VMs in the Staging Environment and the VMs in the Production Environment. You can verify that the security policy is working by trying to ping or access any VM in the Production Environment from any VM in the Staging Environment, or vice versa.
You should not be able to do so.



Your security team is working on automation to manage Security Policies.
They have exported some of the existing rules to the file "Security Policy.txt" located on the desktop. This file needs to be modified for the test environment.
* All rules except the quarantine rule should be logged.
* Only the Quarantine rule should be enforced, the other rules will only be logged.
* The quarantine rule should affect the SecOps environment.
* The SMB rule should only affect VMs with the "smbhost" and "smbclient" tags.
* The "DN test" policy should allow ipv6 and should not restrict any protocols between the included tiers.
There are three rules in the file, do not delete, add or copy lines. Only replace xxxx with the correct value as appropriate. It is possible that not all "xxxxx" will be replaced.
Save the file with the same name.
Possible values to replace the "xxxxx":
8080
ALL
APPLY
false
MONITOR
Non-Prod
SecOps
smbhost
smbclient
TCP
True
They have exported some of the existing rules to the file "Security Policy.txt" located on the desktop. This file needs to be modified for the test environment.
* All rules except the quarantine rule should be logged.
* Only the Quarantine rule should be enforced, the other rules will only be logged.
* The quarantine rule should affect the SecOps environment.
* The SMB rule should only affect VMs with the "smbhost" and "smbclient" tags.
* The "DN test" policy should allow ipv6 and should not restrict any protocols between the included tiers.
There are three rules in the file, do not delete, add or copy lines. Only replace xxxx with the correct value as appropriate. It is possible that not all "xxxxx" will be replaced.
Save the file with the same name.
Possible values to replace the "xxxxx":
8080
ALL
APPLY
false
MONITOR
Non-Prod
SecOps
smbhost
smbclient
TCP
True
正解:
See the Explanation below for detailed answer.
Explanation:
Here is the step-by-step solution to modify the security policy file as required.
Navigate to the desktop and open the file Security Policy.txt (which corresponds to the provided Security Policy.bak content) using a text editor like Notepad.
Modify the file content by replacing the xxxxx and xxxx placeholders according to the security requirements.
Modifications by Rule
Here are the specific changes to make within the file:
1. Quarantine Rule
Requirement 1 (No Logging): The quarantine rule should not be logged.
Change "is_policy_hitlog_enabled": "xxxxx" to "is_policy_hitlog_enabled": "false" Requirement 2 (Enforce): This rule must be enforced.
Change "action": "xxxxx" (under quarantine_rule) to "action": "APPLY"
Requirement 3 (Environment): The rule must affect the "SecOps" environment.
Change "Environment": ["xxxxx"] to "Environment": ["SecOps"]
2. SMB-block Rule
Requirement 1 (Logging): This rule must be logged.
Change "is_policy_hitlog_enabled": "xxxxx" to "is_policy_hitlog_enabled": "True" Requirement 2 (Monitor): This rule must not be enforced, only logged.
Change "action": "xxxxx" (under isolation_rule) to "action": "MONITOR"
Requirement 4 (Tags): The rule must affect the "smbhost" and "smbclient" tags.
Change "SMBv1": ["xxxxx"] to "SMBv1": ["smbhost"]
Change "SMRv1": ["xxxxx"] to "SMRv1": ["smbclient"]
3. DN test (dn-policy1) Rule
Requirement 2 (Monitor): This rule must not be enforced, only logged.
Change "action": "xxxx" (under app_rule) to "action": "MONITOR"
Requirement 5 (Allow IPv6): This policy must allow IPv6 traffic.
Change "allow_ipv6_traffic": "xxxx" to "allow_ipv6_traffic": "True"
Final Step
After making all the replacements, Save the file, overwriting the original Security Policy.txt on the desktop.
Example of completed rules (replace xxxxx accordingly):
Rule Name: Quarantine Rule
Logged: false
Action: APPLY
Environment: SecOps
Protocols: TCP
Ports: 8080
Rule Name: SMB Rule
Logged: True
Action: MONITOR
Tags: smbhost, smbclient
Protocols: TCP
Ports: 8080
Rule Name: DN Test Policy
Logged: True
Action: MONITOR
Environment: Non-Prod
Protocols: ALL
Ports: 8080
Explanation:
Here is the step-by-step solution to modify the security policy file as required.
Navigate to the desktop and open the file Security Policy.txt (which corresponds to the provided Security Policy.bak content) using a text editor like Notepad.
Modify the file content by replacing the xxxxx and xxxx placeholders according to the security requirements.
Modifications by Rule
Here are the specific changes to make within the file:
1. Quarantine Rule
Requirement 1 (No Logging): The quarantine rule should not be logged.
Change "is_policy_hitlog_enabled": "xxxxx" to "is_policy_hitlog_enabled": "false" Requirement 2 (Enforce): This rule must be enforced.
Change "action": "xxxxx" (under quarantine_rule) to "action": "APPLY"
Requirement 3 (Environment): The rule must affect the "SecOps" environment.
Change "Environment": ["xxxxx"] to "Environment": ["SecOps"]
2. SMB-block Rule
Requirement 1 (Logging): This rule must be logged.
Change "is_policy_hitlog_enabled": "xxxxx" to "is_policy_hitlog_enabled": "True" Requirement 2 (Monitor): This rule must not be enforced, only logged.
Change "action": "xxxxx" (under isolation_rule) to "action": "MONITOR"
Requirement 4 (Tags): The rule must affect the "smbhost" and "smbclient" tags.
Change "SMBv1": ["xxxxx"] to "SMBv1": ["smbhost"]
Change "SMRv1": ["xxxxx"] to "SMRv1": ["smbclient"]
3. DN test (dn-policy1) Rule
Requirement 2 (Monitor): This rule must not be enforced, only logged.
Change "action": "xxxx" (under app_rule) to "action": "MONITOR"
Requirement 5 (Allow IPv6): This policy must allow IPv6 traffic.
Change "allow_ipv6_traffic": "xxxx" to "allow_ipv6_traffic": "True"
Final Step
After making all the replacements, Save the file, overwriting the original Security Policy.txt on the desktop.
Example of completed rules (replace xxxxx accordingly):
Rule Name: Quarantine Rule
Logged: false
Action: APPLY
Environment: SecOps
Protocols: TCP
Ports: 8080
Rule Name: SMB Rule
Logged: True
Action: MONITOR
Tags: smbhost, smbclient
Protocols: TCP
Ports: 8080
Rule Name: DN Test Policy
Logged: True
Action: MONITOR
Environment: Non-Prod
Protocols: ALL
Ports: 8080
An administrator needs to configure a new write-intensive MS-SQL VM on Cluster 1.
VM specifications:
* vCPU: 12
* vRAM: 128GB
* Storage: 100 GB OS, 750 GB Data
Create the VM and any objects needed in the current environment to meet requirements, maximizing performance for the production environment. Include NEWSQL in the name of any new objects.
Production environment:
* 4 nodes
* Each node has two 8-core CPUs
* Each node has 1024 GB RAM
* Storage: 4 × 7.16 TB SSD Disks and 8 × 8 TB HDD disks
Make sure the VM is configured for maximum performance for the production environment.
Note: Network configuration is not required at this time. Do not power on the VM.
VM specifications:
* vCPU: 12
* vRAM: 128GB
* Storage: 100 GB OS, 750 GB Data
Create the VM and any objects needed in the current environment to meet requirements, maximizing performance for the production environment. Include NEWSQL in the name of any new objects.
Production environment:
* 4 nodes
* Each node has two 8-core CPUs
* Each node has 1024 GB RAM
* Storage: 4 × 7.16 TB SSD Disks and 8 × 8 TB HDD disks
Make sure the VM is configured for maximum performance for the production environment.
Note: Network configuration is not required at this time. Do not power on the VM.
正解:
See the Explanation below for detailed answer.
Explanation:
Here is the step-by-step solution to create the high-performance SQL VM on Cluster 1.
This task requires two phases: first, creating a new all-flash storage container, and second, creating the VM with a specific vNUMA and disk controller configuration for maximum performance.
1. Access Cluster 1 Prism Element
* From the main Prism Central dashboard, navigate to Hardware > Clusters.
* Find Cluster 1 in the list and click its name. This will open the specific Prism Element login page for that cluster.
* Log in to Cluster 1's Prism Element interface.
2. Create the All-Flash Storage Container
To maximize performance for a "write-intensive" workload on a hybrid cluster, the data and log disks must be placed on an all-flash container.
* In the Cluster 1 PE interface, click the gear icon (Settings) in the top-right corner.
* From the left-hand menu, select Storage.
* Click the + Storage Container button.
* Fill in the basic details:
* Name: NEWSQL_Flash_Container
* Click Advanced Settings.
* Scroll down to the Storage Tier section.
* Select the SSD radio button. This pins all data in this container to the SSD tier, ensuring all-flash performance.
* Click Save.
3. Create and Configure the VM
Now, create the VM, applying vNUMA and multi-SCSI controller best practices.
* From the main PE dashboard, navigate to the VM view.
* Click the + Create VM button.
* Enter the compute details. This configuration is critical for vNUMA performance, as it tells the VM's guest OS about the underlying physical NUMA topology (2 CPUs with 8 cores each).
* Name: NEWSQL_VM
* vCPUs: 12
* Number of Sockets: 2
* Cores per vCPU: 6 (This creates a 2-socket, 6-core VM, totaling 12 vCPUs)
* Memory: 128 GB
* Scroll down to the Disks section and add the OS disk:
* Click + Add New Disk.
* Storage Container: Select the default (hybrid) container.
* Size: 100 GB
* Bus: SCSI
* Device Index: 0 (This will be scsi.0)
* Click Add.
* Add the Data disk (on its own controller for parallel processing):
* Click + Add New Disk.
* Storage Container: Select NEWSQL_Flash_Container.
* Size: 750 GB
* Bus: SCSI
* Device Index: 1 (This creates a new controller, scsi.1)
* Click Add.
* Add a Log disk (on its own controller, a best practice for "write-intensive" SQL):
* Click + Add New Disk.
* Storage Container: Select NEWSQL_Flash_Container.
* Size: 100 GB (A common size for a log disk)
* Bus: SCSI
* Device Index: 2 (This creates a third controller, scsi.2)
* Click Add.
* Review the configuration: You should now have three disks attached, each on a separate controller (scsi.
0, scsi.1, scsi.2). This provides the maximum I/O performance.
* Ensure the Power on VM after creation box is unchecked.
* Click Save.
Topic 1, Performance Based Questions Set 1
Environment
You have been provisioned a dedicated environment for your assessment which includes the following:
Initial Steps
* When you first log into Prism Central or Prism Element you may see the EULA screen. Accept the EULA with any name and then disable Pulse.
* To access Prism Element, the pass-through from Prism Central
(Infrastructure\Hardware\Clusters\cluster-x\Launch Prism Element) works better than directly using the external IP:9440.
Workstation
* Windows Server 2019
* All software/tools/etc to perform the required tasks
* Nutanix Documentation and whitepapers can be found in Desktop\Files\Documentation and Desktop\Files\Documentation 6.10
* Note that the Workstation is the system you are currently logged into
* Windows Server 2019
* All software/tools/etc to perform the required tasks
* Nutanix Documentation and whitepapers can be found in Desktop\Files\Documentation and Desktop\Files\Documentation 6.10
* Note that the Workstation is the system you are currently logged into Nutanix Cluster
* There are two clusters provided, connected to one Prism Central. The connection information for the relevant cluster will be displayed to the right of the question. Please make sure you are working on the correct cluster for each item. Please ignore any licensing violations.
Important Notes
* If the text is too small and hard to read, or you cannot see all of the GUI, you can increase/decrease the zoom of the browser with CTRL + and CTRL - (the plus and minus keys).

Prism Central Web Console
* admin / ykZUCJMER7V*
* nutanix / UJ2xE!DEXGY
Cluster 1
* CVM external IP: 34.53.118.63
* CVM DR IP: 172.30.0.6
* admin / 9Fw0B!3QH4X)
* nutanix / GNP*FE2504XWZ
* root / KR*6HY0z5E8
Cluster 2
* CVM external IP: 34.82.155.5
* CVM DR IP: 172.30.0.4
* admin / 5*K30fA76X
* nutanix / N*3F%1ME!Z7T9

Explanation:
Here is the step-by-step solution to create the high-performance SQL VM on Cluster 1.
This task requires two phases: first, creating a new all-flash storage container, and second, creating the VM with a specific vNUMA and disk controller configuration for maximum performance.
1. Access Cluster 1 Prism Element
* From the main Prism Central dashboard, navigate to Hardware > Clusters.
* Find Cluster 1 in the list and click its name. This will open the specific Prism Element login page for that cluster.
* Log in to Cluster 1's Prism Element interface.
2. Create the All-Flash Storage Container
To maximize performance for a "write-intensive" workload on a hybrid cluster, the data and log disks must be placed on an all-flash container.
* In the Cluster 1 PE interface, click the gear icon (Settings) in the top-right corner.
* From the left-hand menu, select Storage.
* Click the + Storage Container button.
* Fill in the basic details:
* Name: NEWSQL_Flash_Container
* Click Advanced Settings.
* Scroll down to the Storage Tier section.
* Select the SSD radio button. This pins all data in this container to the SSD tier, ensuring all-flash performance.
* Click Save.
3. Create and Configure the VM
Now, create the VM, applying vNUMA and multi-SCSI controller best practices.
* From the main PE dashboard, navigate to the VM view.
* Click the + Create VM button.
* Enter the compute details. This configuration is critical for vNUMA performance, as it tells the VM's guest OS about the underlying physical NUMA topology (2 CPUs with 8 cores each).
* Name: NEWSQL_VM
* vCPUs: 12
* Number of Sockets: 2
* Cores per vCPU: 6 (This creates a 2-socket, 6-core VM, totaling 12 vCPUs)
* Memory: 128 GB
* Scroll down to the Disks section and add the OS disk:
* Click + Add New Disk.
* Storage Container: Select the default (hybrid) container.
* Size: 100 GB
* Bus: SCSI
* Device Index: 0 (This will be scsi.0)
* Click Add.
* Add the Data disk (on its own controller for parallel processing):
* Click + Add New Disk.
* Storage Container: Select NEWSQL_Flash_Container.
* Size: 750 GB
* Bus: SCSI
* Device Index: 1 (This creates a new controller, scsi.1)
* Click Add.
* Add a Log disk (on its own controller, a best practice for "write-intensive" SQL):
* Click + Add New Disk.
* Storage Container: Select NEWSQL_Flash_Container.
* Size: 100 GB (A common size for a log disk)
* Bus: SCSI
* Device Index: 2 (This creates a third controller, scsi.2)
* Click Add.
* Review the configuration: You should now have three disks attached, each on a separate controller (scsi.
0, scsi.1, scsi.2). This provides the maximum I/O performance.
* Ensure the Power on VM after creation box is unchecked.
* Click Save.
Topic 1, Performance Based Questions Set 1
Environment
You have been provisioned a dedicated environment for your assessment which includes the following:
Initial Steps
* When you first log into Prism Central or Prism Element you may see the EULA screen. Accept the EULA with any name and then disable Pulse.
* To access Prism Element, the pass-through from Prism Central
(Infrastructure\Hardware\Clusters\cluster-x\Launch Prism Element) works better than directly using the external IP:9440.
Workstation
* Windows Server 2019
* All software/tools/etc to perform the required tasks
* Nutanix Documentation and whitepapers can be found in Desktop\Files\Documentation and Desktop\Files\Documentation 6.10
* Note that the Workstation is the system you are currently logged into
* Windows Server 2019
* All software/tools/etc to perform the required tasks
* Nutanix Documentation and whitepapers can be found in Desktop\Files\Documentation and Desktop\Files\Documentation 6.10
* Note that the Workstation is the system you are currently logged into Nutanix Cluster
* There are two clusters provided, connected to one Prism Central. The connection information for the relevant cluster will be displayed to the right of the question. Please make sure you are working on the correct cluster for each item. Please ignore any licensing violations.
Important Notes
* If the text is too small and hard to read, or you cannot see all of the GUI, you can increase/decrease the zoom of the browser with CTRL + and CTRL - (the plus and minus keys).

Prism Central Web Console
* admin / ykZUCJMER7V*
* nutanix / UJ2xE!DEXGY
Cluster 1
* CVM external IP: 34.53.118.63
* CVM DR IP: 172.30.0.6
* admin / 9Fw0B!3QH4X)
* nutanix / GNP*FE2504XWZ
* root / KR*6HY0z5E8
Cluster 2
* CVM external IP: 34.82.155.5
* CVM DR IP: 172.30.0.4
* admin / 5*K30fA76X
* nutanix / N*3F%1ME!Z7T9

The security team has provided some new security requirements for cluster level security on Cluster 2.
Security requirements:
* Update the password for the root user on the Cluster 2 node to match the admin user password.
Note: The 192.168.x.x network is not available. To access a node use the host IP (172.30.0.x) from the CVM.
* Output the cluster-wide configuration of the SCMA policy to desktop\output.txt before changes are made.
* Enable the Advanced Intrusion Detection Environment (AIDE) to run on a weekly basis for the hypervisor and cvms for Cluster 2.
* Enable high-strength password policies for the hypervisor and cluster.
* Ensure CVMs require SSH keys for login instead of passwords. (SSH keys are located in the desktop\Files\SSH folder.) Ensure the cluster meets these requirements. Do not reboot any cluster components.
Note: Please ensure you are modifying the correct components.
Security requirements:
* Update the password for the root user on the Cluster 2 node to match the admin user password.
Note: The 192.168.x.x network is not available. To access a node use the host IP (172.30.0.x) from the CVM.
* Output the cluster-wide configuration of the SCMA policy to desktop\output.txt before changes are made.
* Enable the Advanced Intrusion Detection Environment (AIDE) to run on a weekly basis for the hypervisor and cvms for Cluster 2.
* Enable high-strength password policies for the hypervisor and cluster.
* Ensure CVMs require SSH keys for login instead of passwords. (SSH keys are located in the desktop\Files\SSH folder.) Ensure the cluster meets these requirements. Do not reboot any cluster components.
Note: Please ensure you are modifying the correct components.
正解:
See the Explanation below for detailed answer.
Explanation:
Here is the step-by-step solution to apply the security requirements to Cluster 2.
1. Access Cluster 2 Prism Element
First, we must access the Prism Element (PE) interface for Cluster 2, as most security settings are cluster- specific.
* From the Prism Central dashboard, navigate to Hardware > Clusters.
* Find Cluster 2 in the list and click its name. This will open the Prism Element login page for that specific cluster in a new tab.
* Log in to Cluster 2's Prism Element using the admin credentials.
2. Requirement: Update Node Root Password
This task syncs the root password for all AHV hypervisor nodes with the cluster's admin user password.
* In the Cluster 2 PE interface, click the gear icon (Settings) in the top right corner.
* Select Cluster Lockdown from the left-hand menu.
* Click the Set Root Password on All Hosts button.
* A dialog box will appear. Enter the current admin password (the one you just used to log in) into both the New Password and Confirm New Password fields.
* Click Save. This will propagate the admin password to the root user on all nodes in Cluster 2.
3. Requirement: Add CVM SSH Key
This task adds the security team's public key to the admin user, which is required before we can disable password-based login.
* On the desktop, navigate to the Files > SSH folder.
* Open the id_rsa.pub file (or equivalent public key file) with Notepad.
* Copy the entire string of text (e.g., ssh-rsa AAAA...).
* In the Cluster 2 PE interface, go to Settings (gear icon) > User Management.
* Select the admin user and click Modify User.
* Paste the copied public key into the Public Keys text box.
* Click Save.
4. Requirement: Apply SCMA Policies (All other requirements)
The remaining requirements are all applied via the command line on a CVM using Nutanix's Security Configuration Management Automation (SCMA).
* Access the CVM:
* Find a CVM IP for Cluster 2 by going to Hardware > CVMs in the PE interface.
* Open an SSH client (like PuTTY) and connect to that CVM's IP address.
* Log in with the username admin and the corresponding password.
* Output Current Policy (Req 2):
* Before making changes, run the following command to see the current policy:
ncli scma status
* Copy the entire output from your SSH terminal.
* Open Notepad on the desktop, paste the copied text, and Save the file to the desktop as output.
txt.
* Apply New Policies (Req 3, 4, 5):
* Run the following commands one by one. The cluster will apply them immediately without a reboot.
* Enable AIDE (Req 3):
ncli scma update aide-status=enabled aide-schedule=weekly
* Enable High-Strength Passwords (Req 4):
ncli scma update password-policy=high
* Require SSH Keys for CVMs (Req 5):
ncli scma update ssh-login=keys-only
Verification
You can verify all changes by running the status command again. The output should now reflect the new, hardened security posture.
ncli scma status
* AIDE Status: should show Enabled
* AIDE Schedule: should show Weekly
* Password Policy: should show High
* SSH Login: should show keys-only
Explanation:
Here is the step-by-step solution to apply the security requirements to Cluster 2.
1. Access Cluster 2 Prism Element
First, we must access the Prism Element (PE) interface for Cluster 2, as most security settings are cluster- specific.
* From the Prism Central dashboard, navigate to Hardware > Clusters.
* Find Cluster 2 in the list and click its name. This will open the Prism Element login page for that specific cluster in a new tab.
* Log in to Cluster 2's Prism Element using the admin credentials.
2. Requirement: Update Node Root Password
This task syncs the root password for all AHV hypervisor nodes with the cluster's admin user password.
* In the Cluster 2 PE interface, click the gear icon (Settings) in the top right corner.
* Select Cluster Lockdown from the left-hand menu.
* Click the Set Root Password on All Hosts button.
* A dialog box will appear. Enter the current admin password (the one you just used to log in) into both the New Password and Confirm New Password fields.
* Click Save. This will propagate the admin password to the root user on all nodes in Cluster 2.
3. Requirement: Add CVM SSH Key
This task adds the security team's public key to the admin user, which is required before we can disable password-based login.
* On the desktop, navigate to the Files > SSH folder.
* Open the id_rsa.pub file (or equivalent public key file) with Notepad.
* Copy the entire string of text (e.g., ssh-rsa AAAA...).
* In the Cluster 2 PE interface, go to Settings (gear icon) > User Management.
* Select the admin user and click Modify User.
* Paste the copied public key into the Public Keys text box.
* Click Save.
4. Requirement: Apply SCMA Policies (All other requirements)
The remaining requirements are all applied via the command line on a CVM using Nutanix's Security Configuration Management Automation (SCMA).
* Access the CVM:
* Find a CVM IP for Cluster 2 by going to Hardware > CVMs in the PE interface.
* Open an SSH client (like PuTTY) and connect to that CVM's IP address.
* Log in with the username admin and the corresponding password.
* Output Current Policy (Req 2):
* Before making changes, run the following command to see the current policy:
ncli scma status
* Copy the entire output from your SSH terminal.
* Open Notepad on the desktop, paste the copied text, and Save the file to the desktop as output.
txt.
* Apply New Policies (Req 3, 4, 5):
* Run the following commands one by one. The cluster will apply them immediately without a reboot.
* Enable AIDE (Req 3):
ncli scma update aide-status=enabled aide-schedule=weekly
* Enable High-Strength Passwords (Req 4):
ncli scma update password-policy=high
* Require SSH Keys for CVMs (Req 5):
ncli scma update ssh-login=keys-only
Verification
You can verify all changes by running the status command again. The output should now reflect the new, hardened security posture.
ncli scma status
* AIDE Status: should show Enabled
* AIDE Schedule: should show Weekly
* Password Policy: should show High
* SSH Login: should show keys-only