350-401 · Question #503
Which configuration enables a device to be configured via NETCONF over SSHv2? A. B. C. D.
The correct answer is B. hostname Device ! aaa new-model ! username cisco privilege 15 password cisco ! ip domain-name cisco.com crypto key generate rsa modulus 2048 ip ssh version 2 ! aaa authentication login default local aaa authorization exec default local ! netconf-yang netconf ssh. Option B is correct because it includes all required components for NETCONF over SSHv2: AAA new-model with both authentication AND authorization configured (aaa authentication login default local AND aaa authorization exec default local), a privileged (level 15) user, RSA key gen
Question
Which configuration enables a device to be configured via NETCONF over SSHv2? A. B. C. D.
Exhibits
Options
- Ahostname Device ! username cisco1 privilege 15 password 0 cisco1 ! ip domain-name cisco.com crypto key generate rsa modulus 2048 ip ssh version 2 ! netconf ssh ! line vty 0 15 login local
- Bhostname Device ! aaa new-model ! username cisco privilege 15 password cisco ! ip domain-name cisco.com crypto key generate rsa modulus 2048 ip ssh version 2 ! aaa authentication login default local aaa authorization exec default local ! netconf-yang netconf ssh
- Chostname Device ! username admin password 0 admin ! ip domain-name cisco.com crypto key generate rsa modulus 2048 ip ssh version 2 ! netconf-yang ! line vty 0 15 login local
- Dhostname Device ! aaa new-model ! username admin privilege 15 password 0 admin ! ip domain-name cisco.com crypto key generate rsa modulus 2048 ip ssh version 2 ! netconf-yang
How the community answered
(15 responses)- A7% (1)
- B67% (10)
- C20% (3)
- D7% (1)
Explanation
Option B is correct because it includes all required components for NETCONF over SSHv2: AAA new-model with both authentication AND authorization configured (aaa authentication login default local AND aaa authorization exec default local), a privileged (level 15) user, RSA key generation, SSH version 2, and the netconf-yang command. NETCONF requires AAA authorization (exec) to be enabled so the device can authorize the NETCONF session and assign the correct privilege level to the connecting user. The 'netconf ssh' line alongside 'netconf-yang' is acceptable but the critical differentiator is the presence of both AAA authentication and exec authorization.
Topics
Community Discussion
No community discussion yet for this question.







