200-301 · Question #632
200-301 Question #632: Real Exam Question with Answer & Explanation
The correct answer is D: crypto key generate rsa modulus 2048. To replace Telnet with encrypted connections and increase the RSA key modulus size on Cisco Catalyst switches, the engineer must configure SSH for secure access and generate an RSA key pair with a 2048-bit modulus.
Question
A network engineer is replacing the switches that belong to a managed-services client with new Cisco Catalyst switches. The new switches will be configured for updated security standards including replacing. Telnet services with encrypted connections and doubling the modulus size from 1024. Which two commands must the engineer configure on the new switches? (Choose two.)
Options
- Acrypto key generate rsa general-keys modulus 1024
- Btransport input all
- Ccrypto key generate rsa usage-keys
- Dcrypto key generate rsa modulus 2048
- Etransport input ssh
Explanation
To replace Telnet with encrypted connections and increase the RSA key modulus size on Cisco Catalyst switches, the engineer must configure SSH for secure access and generate an RSA key pair with a 2048-bit modulus.
Common mistakes.
- A. This command generates an RSA key with a 1024-bit modulus, which is half the required size and does not meet the 'doubling the modulus size' requirement.
- B. The
transport input allcommand allows all connection protocols, including Telnet, which contradicts the requirement to replace Telnet with encrypted connections. - C. The
crypto key generate rsa usage-keyscommand generates separate key pairs for signature and encryption, but it does not specify the modulus size as required by the question.
Concept tested. SSH configuration and RSA key generation
Topics
Community Discussion
No community discussion yet for this question.