350-401 Question #104: Real Exam Question with Answer & Explanation

Question

Which statement about TLS is true when using RESTCONF to write configurations on network devices?

Options

• AIt is provided using NGINX acting as a proxy web server.
• BIt is no supported on Cisco devices.
• CIt required certificates for authentication.
• DIt is used for HTTP and HTTPs requests.

Explanation

TLS and RESTCONF Explanation

When using RESTCONF on Cisco IOS XE devices, TLS (Transport Layer Security) is implemented through NGINX, which acts as a reverse proxy web server that sits between the client and the device's RESTCONF process, handling HTTPS termination and secure communication. This architecture means Cisco effectively outsources the TLS handling to NGINX rather than implementing it natively in the RESTCONF stack itself.

Why the distractors are wrong:

• B is incorrect because TLS is supported on Cisco devices - it's just handled via NGINX
• C is misleading because while certificates can be used, RESTCONF also supports username/password authentication, so certificates are not strictly required
• D is incorrect because TLS is specifically associated with HTTPS only (not plain HTTP), as its entire purpose is to encrypt HTTP traffic

🧠 Memory Tip

Think of NGINX as the "security bouncer" standing in front of the Cisco device - it checks and secures all HTTPS/TLS traffic before letting it through to RESTCONF. If you remember that Cisco IOS XE uses NGINX for its web services infrastructure, option A becomes the natural answer.

No community discussion yet for this question.