200-301 Question #638: Real Exam Question with Answer & Explanation

The correct answer is C: crypto key generate rsa. After configuring the domain name, username, and password, the next step to complete Secure Shell (SSH) access using an RSA key is to generate the cryptographic key.

Submitted by mateo_ar· Mar 5, 2026Security Fundamentals

Question

An engineer has configured the domain name, user name, and password on the local router. What is the next step to complete the configuration tor a Secure Shell access RSA key?

Options

Acrypto key Import rsa pem
Bcrypto key pubkey-chain rsa
Ccrypto key generate rsa
Dcrypto key zeroize rsa

Explanation

After configuring the domain name, username, and password, the next step to complete Secure Shell (SSH) access using an RSA key is to generate the cryptographic key.

Common mistakes.

A. crypto key import rsa pem is used to import an existing RSA key from a file, not to generate a new key pair on the device.
B. crypto key pubkey-chain rsa is a command used to manage a chain of public keys for authentication, not to generate the router's own host key.
D. crypto key zeroize rsa is used to securely delete existing RSA keys from the router's memory, which is the opposite of generating them.

Concept tested. SSH RSA key generation

Reference. https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/security/d1_sec_ssh/configuration/xe-3s/sec-ssh-xe-3s-book/sec-ssh-cfg.html

Topics

#Cisco SSH configuration#RSA key generation#crypto key generate command

Community Discussion

No community discussion yet for this question.

Full 200-301 Practice Browse All 200-301 Questions