nerdexam
Exams200-301Questions#368
CiscoCisco

200-301 · Question #368

200-301 Question #368: Real Exam Question with Answer & Explanation

The correct answer is A: access-list 101 permit tcp 10.1.10 0.0.0.255 172.16.10 0.0.0.255 eq ssh. To secure VTY access to a router, an access-list entry should be configured to permit only secure protocols like SSH, which uses TCP port 22.

Submitted by rachelw· Mar 5, 2026Security Fundamentals

Question

Refer to the exhibit. A network administrator has been tasked with securing VTY access to a router Which access-list entry accomplishes this task?

Options

  • Aaccess-list 101 permit tcp 10.1.10 0.0.0.255 172.16.10 0.0.0.255 eq ssh
  • Baccess-list 101 permit tcp 10.11.0 0.0.0.255 172.16.10 0.0.0.255 eq scp
  • Caccess-list 101 permit tcp 10.11.0 0.0.0.255 172.16.10 0.0.0.255 eq telnet
  • Daccess-list 101 permit tcp 10.1.10 0.0.0.255 172.16.10 0.0.0.255 eq https

Explanation

To secure VTY access to a router, an access-list entry should be configured to permit only secure protocols like SSH, which uses TCP port 22.

Common mistakes.

  • B. SCP (Secure Copy Protocol) is used for secure file transfer, not for interactive remote terminal access like VTY.

Concept tested. Securing VTY access with SSH and ACLs

Reference. https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/security/dcl/sec-ssh-dcl-book/sec-ssh-enable.html

Topics

#VTY security#ACL configuration#SSH remote access

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full 200-301 PracticeBrowse All 200-301 Questions