nerdexam
Cisco

350-401 · Question #1040

Refer to the exhibit. An engineer must update the existing configuration to achieve these results: - Only administrators from the 192.168.1.0/24 subnet can access the vty lines. - Access to the vty li

The correct answer is C. access-list 1 permit 192.168.1.0 0.0.0.255 line vty 0 15 access-class 1 in transport input ssh. Option C is correct because it uses the proper wildcard mask (0.0.0.255) to permit only the 192.168.1.0/24 subnet, applies the ACL inbound on all vty lines (0–15) with 'access-class 1 in', and restricts transport input to SSH only - which is encrypted and not a clear-text protoco

Submitted by deeparc· Mar 6, 2026Infrastructure Security / Securing Network Device Access - covering ACL application on VTY lines and enforcement of encrypted management protocols (CCNA: Network Security Fundamentals)

Question

Refer to the exhibit. An engineer must update the existing configuration to achieve these results:

  • Only administrators from the 192.168.1.0/24 subnet can access the vty

lines.

  • Access to the vty lines using clear-text protocols is prohibited.

Which command set should be applied? A. B. C. D.

Options

  • Aaccess-list 1 permit 192.168.1.0 0.0.0.255 line vty 0 15 access-class 1 in transport input none
  • Baccess-list 1 permit 192.168.1.0 0.0.0.255 line vty 0 15 access-class 1 in transport input telnet ssh
  • Caccess-list 1 permit 192.168.1.0 0.0.0.255 line vty 0 15 access-class 1 in transport input ssh
  • Daccess-list 1 permit 192.168.1.0 255.255.255.0 line vty 0 15 access-class 1 in transport input telnet rlogin

How the community answered

(26 responses)
  • B
    4% (1)
  • C
    96% (25)

Explanation

Option C is correct because it uses the proper wildcard mask (0.0.0.255) to permit only the 192.168.1.0/24 subnet, applies the ACL inbound on all vty lines (0–15) with 'access-class 1 in', and restricts transport input to SSH only - which is encrypted and not a clear-text protocol. This satisfies both requirements: subnet-based access restriction and prohibition of clear-text protocols like Telnet.

Topics

#VTY Line Security#Access Control Lists#SSH vs Telnet#Network Device Hardening

Community Discussion

No community discussion yet for this question.

Full 350-401 Practice