350-401 Question #1069: Real Exam Question with Answer & Explanation

The correct answer is B: R1(config)# crypto key generate rsa modulus 2048 R1(config)# line vty 0 15 R1(config-line)# transport input ssh. Option B is correct because it provides the essential missing components: generating the RSA key (required for SSH to function) and restricting VTY lines to accept only SSH input via 'transport input ssh'. The exhibit likely already shows a hostname and domain name configured (pr

Submitted by carlos_mx· Mar 6, 2026Network Security – Configuring and verifying device access control using SSH on Cisco IOS routers (CCNA/Network Security fundamentals)

Question

Refer to the exhibit. Which configuration must be added to enable remote access only using SSHv1 or SSHv2 to this router? A. B. C. D.

Options

AR1(config)# ip ssh version 2 R1(config-line)# transport input ssh R1(config-line)# transport output ssh
BR1(config)# crypto key generate rsa modulus 2048 R1(config)# line vty 0 15 R1(config-line)# transport input ssh
CR1(config)# line vty 0 15 R1(config-line)# transport input ssh R1(config-line)# transport output ssh
DR1(config)# crypto key generate rsa modulus 2048 R1(config)# ip ssh version 2 R1(config)# line vty 0 15 R1(config-line)# transport input all

Explanation

Option B is correct because it provides the essential missing components: generating the RSA key (required for SSH to function) and restricting VTY lines to accept only SSH input via 'transport input ssh'. The exhibit likely already shows a hostname and domain name configured (prerequisites for RSA key generation), so the crypto key command completes the SSH setup, and 'transport input ssh' ensures only SSH access is permitted - covering both SSHv1 and SSHv2 by default.

Topics

#SSH Configuration#VTY Line Security#RSA Key Generation#Remote Access Security

Community Discussion

No community discussion yet for this question.

Full 350-401 Practice Browse All 350-401 Questions