350-401 · Question #1040
Refer to the exhibit. An engineer must update the existing configuration to achieve these results: - Only administrators from the 192.168.1.0/24 subnet can access the vty lines. - Access to the vty li
The correct answer is C. access-list 1 permit 192.168.1.0 0.0.0.255 line vty 0 15 access-class 1 in transport input ssh. Option C is correct because it uses the proper wildcard mask (0.0.0.255) to permit only the 192.168.1.0/24 subnet, applies the ACL inbound on all vty lines (0–15) with 'access-class 1 in', and restricts transport input to SSH only - which is encrypted and not a clear-text protoco
Question
Refer to the exhibit. An engineer must update the existing configuration to achieve these results:
- Only administrators from the 192.168.1.0/24 subnet can access the vty
lines.
- Access to the vty lines using clear-text protocols is prohibited.
Which command set should be applied? A. B. C. D.
Options
- Aaccess-list 1 permit 192.168.1.0 0.0.0.255 line vty 0 15 access-class 1 in transport input none
- Baccess-list 1 permit 192.168.1.0 0.0.0.255 line vty 0 15 access-class 1 in transport input telnet ssh
- Caccess-list 1 permit 192.168.1.0 0.0.0.255 line vty 0 15 access-class 1 in transport input ssh
- Daccess-list 1 permit 192.168.1.0 255.255.255.0 line vty 0 15 access-class 1 in transport input telnet rlogin
How the community answered
(26 responses)- B4% (1)
- C96% (25)
Explanation
Option C is correct because it uses the proper wildcard mask (0.0.0.255) to permit only the 192.168.1.0/24 subnet, applies the ACL inbound on all vty lines (0–15) with 'access-class 1 in', and restricts transport input to SSH only - which is encrypted and not a clear-text protocol. This satisfies both requirements: subnet-based access restriction and prohibition of clear-text protocols like Telnet.
Topics
Community Discussion
No community discussion yet for this question.