Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions

NVIDIA NCP-AII Exam - Topic 5 Question 2 Discussion

A systems administrator is preparing a new DGX server for deployment. What is the most secure approach to configuring the BMC port during initial setup?
D) Connect the BMC port to a dedicated and firewalled network and change the default admin credentials.
A) Enable remote access to the BMC over the internet using the default admin credentials for initial troubleshooting.
B) Connect the BMC port directly to the production network and retain default admin credentials for convenience.
C) Leave the BMC port disconnected until after the operating system is fully configured and in production.

NVIDIA NCP-AII Exam - Topic 5 Question 2 Discussion

Actual exam question for NVIDIA's NCP-AII exam
Question #: 2
Topic #: 5
[All NCP-AII Questions]

A systems administrator is preparing a new DGX server for deployment. What is the most secure approach to configuring the BMC port during initial setup?

Show Suggested Answer Hide Answer
Suggested Answer: D

The Baseboard Management Controller (BMC) is a powerful tool that allows for total control over the DGX system, including the ability to flash firmware, cycle power, and access the serial console. Because of this, it is a high-value target for security threats. The '100% verified' secure approach (Option D) involves two critical layers:

Network Isolation: The BMC port should never be exposed to the public internet (Option A) or even the general production network (Option B). It must reside on a dedicated Out-of-Band (OOB) network that is firewalled and accessible only to authorized administrators.

Credential Management: Standard NVIDIA factory defaults (like admin/admin) must be changed immediately upon first access. As part of the DGX first-boot wizard, the system prompts the administrator to create a strong, unique password for the primary user, which is then synchronized to the BMC.

Leaving the port disconnected (Option C) is unfeasible for modern data center operations, as the BMC is required for remote monitoring and 'headless' deployment. Following the isolated/firewalled approach ensures the AI Factory remains resilient against both external attacks and internal lateral movement.


Contribute your Thoughts:

0/2000 characters
Nichelle
17 hours ago
I think option D is the best choice. Security first!
upvoted 0 times
...
Jill
6 days ago
Wait, are people really still using default admin credentials? That's wild!
upvoted 0 times
...
Shakira
11 days ago
D sounds right, but changing default creds is a must!
upvoted 0 times
...
Carmelina
2 months ago
C seems too cautious. Is it really necessary to leave it disconnected?
upvoted 0 times
...
Gladys
2 months ago
I can't believe anyone would choose A or B. That's just asking for trouble.
upvoted 0 times
...
Fausto
2 months ago
D is definitely the way to go! Security first!
upvoted 0 times
...
Gail
2 months ago
D is the best option, no doubt about it!
upvoted 0 times
...
Marg
3 months ago
I disagree with C, you should have some access during setup.
upvoted 0 times
...
Cyril
3 months ago
Wait, people actually consider A or B? That's wild!
upvoted 0 times
...
Vernell
3 months ago
C seems risky, what if you need remote access later?
upvoted 0 times
...
Jeniffer
3 months ago
D is definitely the way to go! Security first!
upvoted 0 times
...
Chauncey
3 months ago
I think we talked about the importance of firewalls for BMC ports, so option D sounds familiar and likely the most secure approach.
upvoted 0 times
...
Tony
3 months ago
I recall a practice question where enabling remote access was considered a huge risk, so I doubt that's the right choice here.
upvoted 0 times
...
Laura
4 months ago
I’m not entirely sure, but I feel like connecting the BMC to a dedicated network and changing the credentials is the best practice we covered.
upvoted 0 times
...
Tonette
4 months ago
I remember discussing BMC security in class, and I think leaving it disconnected until everything is set up might be too cautious.
upvoted 0 times
...

Save Cancel