nerdexam
Cisco

350-401 · Question #112

Which two mechanisms are available to secure NTP? (Choose two.)

The correct answer is D. IP access list-based E. Encrypted authentication. NTP Security Mechanisms Explained NTP supports two native security mechanisms: IP access list-based control (D), which restricts which hosts or networks can query or peer with the NTP server, and encrypted authentication (E), which uses MD5 (or NTS in newer implementations) to cr

Submitted by andreas_gr· Mar 6, 2026Security

Question

Which two mechanisms are available to secure NTP? (Choose two.)

Options

  • AIP prefix list-based
  • BIPsec
  • CTACACS-based authentication
  • DIP access list-based
  • EEncrypted authentication

How the community answered

(26 responses)
  • B
    4% (1)
  • C
    8% (2)
  • D
    88% (23)

Explanation

NTP Security Mechanisms Explained

NTP supports two native security mechanisms: IP access list-based control (D), which restricts which hosts or networks can query or peer with the NTP server, and encrypted authentication (E), which uses MD5 (or NTS in newer implementations) to cryptographically verify that NTP messages come from a trusted source. Together, these two controls form NTP's built-in security framework, configured directly within NTP commands on Cisco devices (e.g., ntp access-group and ntp authenticate).

Why the distractors are wrong:

  • A (IP prefix list): Prefix lists are used for routing policy filtering (BGP/OSPF), not for NTP access control - NTP specifically uses access lists, not prefix lists.
  • B (IPsec): While IPsec could theoretically protect NTP traffic at the transport level, it is not a native NTP security mechanism and is not part of NTP's defined security model.
  • C (TACACS-based): TACACS+ is an AAA protocol for device administration (login, command authorization) - it has no role in authenticating NTP peers or restricting NTP access.

Memory Tip: Think "NTP needs Access and Authentication" - Access lists (D) control who can reach the NTP server, and Authentication (E) verifies that messages are trusted. Both start with "A" just like the two core NTP security pillars.

Topics

#NTP Security#Access Control Lists#Authentication Mechanisms

Community Discussion

No community discussion yet for this question.

Full 350-401 Practice