350-401 · Question #112
Which two mechanisms are available to secure NTP? (Choose two.)
The correct answer is D. IP access list-based E. Encrypted authentication. NTP Security Mechanisms Explained NTP supports two native security mechanisms: IP access list-based control (D), which restricts which hosts or networks can query or peer with the NTP server, and encrypted authentication (E), which uses MD5 (or NTS in newer implementations) to cr
Question
Which two mechanisms are available to secure NTP? (Choose two.)
Options
- AIP prefix list-based
- BIPsec
- CTACACS-based authentication
- DIP access list-based
- EEncrypted authentication
How the community answered
(26 responses)- B4% (1)
- C8% (2)
- D88% (23)
Explanation
NTP Security Mechanisms Explained
NTP supports two native security mechanisms: IP access list-based control (D), which restricts which hosts or networks can query or peer with the NTP server, and encrypted authentication (E), which uses MD5 (or NTS in newer implementations) to cryptographically verify that NTP messages come from a trusted source. Together, these two controls form NTP's built-in security framework, configured directly within NTP commands on Cisco devices (e.g., ntp access-group and ntp authenticate).
Why the distractors are wrong:
- A (IP prefix list): Prefix lists are used for routing policy filtering (BGP/OSPF), not for NTP access control - NTP specifically uses access lists, not prefix lists.
- B (IPsec): While IPsec could theoretically protect NTP traffic at the transport level, it is not a native NTP security mechanism and is not part of NTP's defined security model.
- C (TACACS-based): TACACS+ is an AAA protocol for device administration (login, command authorization) - it has no role in authenticating NTP peers or restricting NTP access.
Memory Tip: Think "NTP needs Access and Authentication" - Access lists (D) control who can reach the NTP server, and Authentication (E) verifies that messages are trusted. Both start with "A" just like the two core NTP security pillars.
Topics
Community Discussion
No community discussion yet for this question.