nerdexam
Cisco

350-401 · Question #290

Refer to the exhibit. Only administrators from the subnet 10.10.10.0/24 are permitted to have access to the router. A secure protocol must be used for the remote access and management of the router in

The correct answer is A. access-list 23 permit 10.10.10.0 0.0.0.255 line vty 0 15 access-class 23 in transport input ssh. Option A correctly creates an ACL permitting only the 10.10.10.0/24 subnet using the proper wildcard mask (0.0.0.255), applies it inbound on all 16 VTY lines (0–15) using 'access-class 23 in', and restricts remote access to SSH only via 'transport input ssh', satisfying both the

Submitted by haruto_sh· Mar 6, 2026Network Security – Configure and verify access control using ACLs and secure management protocols (SSH) on Cisco IOS devices

Question

Refer to the exhibit. Only administrators from the subnet 10.10.10.0/24 are permitted to have access to the router. A secure protocol must be used for the remote access and management of the router instead of clear-text protocols. Which configuration achieves this goal? A. B. C. D.

Exhibits

350-401 question #290 exhibit 1
350-401 question #290 exhibit 2

Options

  • Aaccess-list 23 permit 10.10.10.0 0.0.0.255 line vty 0 15 access-class 23 in transport input ssh
  • Baccess-list 23 permit 10.10.10.0 0.0.0.255 line vty 0 15 access-class 23 out transport input all
  • Caccess-list 23 permit 10.10.10.0 0.0.0.255 line vty 0 4 access-class 23 in transport input ssh
  • Daccess-list 23 permit 10.10.10.0 255.255.255.0 line vty 0 15 access-class 23 in transport input ssh

How the community answered

(26 responses)
  • A
    88% (23)
  • C
    8% (2)
  • D
    4% (1)

Explanation

Option A correctly creates an ACL permitting only the 10.10.10.0/24 subnet using the proper wildcard mask (0.0.0.255), applies it inbound on all 16 VTY lines (0–15) using 'access-class 23 in', and restricts remote access to SSH only via 'transport input ssh', satisfying both the access restriction and secure protocol requirements. The 'access-class in' direction filters incoming connection attempts, ensuring only authorized administrators can initiate sessions. Together, these commands replace clear-text protocols like Telnet with the encrypted SSH protocol.

Topics

#SSH#ACL#VTY Lines#Router Security

Community Discussion

No community discussion yet for this question.

Full 350-401 Practice