200-301 Question #575: Real Exam Question with Answer & Explanation

Question

Refer to the exhibit. Which two commands must be added to update the configuration of router R1 so that it accepts only encrypted connections? (Choose two)

Options

• Ausername CNAC secret R!41!4319115@
• Bip ssh version 2
• Cline vty 0 4
• Dcrypto key generate rsa 1024
• Etransport input ssh

Explanation

To configure a router to accept only encrypted connections via SSH, RSA cryptographic keys must be generated, and the VTY lines must be specifically configured to use SSH for transport.

Common mistakes.

• A. Creating a local username is for authentication, not directly for enabling or enforcing the encryption of remote connections.
• B. ip ssh version 2 specifies which version of SSH to use but does not enable SSH or enforce encrypted connections itself.
• C. line vty 0 4 is a command to enter the virtual terminal line configuration mode, not a command that enables or enforces encrypted connections.

Concept tested. SSH configuration (RSA keys, VTY transport)

Reference. https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_conn_ssh/configuration/15-mt/sec-sec-ssh-15-mt-book/sec-cfg-ssh-on-router.html

No community discussion yet for this question.