nerdexam
Cisco

350-401 · Question #1121

An engineer must configure interface and sensor monitoring on a router. The NMS server is located in a trusted zone with IP address 10.15.2.19. Communication between the router and the NMS server must

The correct answer is B. ip access-list standard nms. To secure SNMP monitoring with encryption and restrict access to a single NMS server, a standard access list is used to permit the specific NMS IP address, coupled with SNMPv3 configuration for authentication and privacy.

Submitted by noor.lb· Mar 6, 2026

Question

An engineer must configure interface and sensor monitoring on a router. The NMS server is located in a trusted zone with IP address 10.15.2.19. Communication between the router and the NMS server must be encrypted and password-protected using the most secure algorithms. Access must be allowed only for the NMS server and with the minimum permission levels needed. Which configuration must the engineer apply?

Options

  • Aip access-list extended nms
  • Bip access-list standard nms
  • Cip access-list standard nms
  • Dip access-list standard nms

How the community answered

(22 responses)
  • A
    5% (1)
  • B
    82% (18)
  • C
    5% (1)
  • D
    9% (2)

Why each option

To secure SNMP monitoring with encryption and restrict access to a single NMS server, a standard access list is used to permit the specific NMS IP address, coupled with SNMPv3 configuration for authentication and privacy.

Aip access-list extended nms

An extended IP access list (Choice A) offers more granular control, including protocol and port filtering, but is unnecessarily complex when the only requirement for access control is filtering by source IP, making a standard ACL more suitable.

Bip access-list standard nmsCorrect

Choice B initiates a standard IP access list, which is the appropriate and most efficient method to restrict SNMP access solely based on the source IP address of the NMS server (10.15.2.19), satisfying the access control requirement for minimum complexity.

Cip access-list standard nms

While initiating a standard access list like Choice B, Choice C implicitly represents an incomplete or incorrect subsequent configuration for permitting the specific NMS server IP address, as Choice B is identified as the solely correct answer.

Dip access-list standard nms

Similar to Choice C, Choice D implies an incomplete or incorrect configuration for filtering the NMS server's IP address, as it fails to represent the full and correct command sequence present in Choice B for securing SNMP access.

Concept tested: SNMPv3 security and ACL application for NMS access

Source: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/snmp/configuration/xe-16/snmp-xe-16-book/snmp-cfg-snmp-v3.html

Topics

#Router Monitoring#SNMP Security#Access Control Lists#Secure Network Management

Community Discussion

No community discussion yet for this question.

Full 350-401 Practice