nerdexam
Cisco

350-401 · Question #503

Which configuration enables a device to be configured via NETCONF over SSHv2? A. B. C. D.

The correct answer is B. hostname Device ! aaa new-model ! username cisco privilege 15 password cisco ! ip domain-name cisco.com crypto key generate rsa modulus 2048 ip ssh version 2 ! aaa authentication login default local aaa authorization exec default local ! netconf-yang netconf ssh. Option B is correct because it includes all required components for NETCONF over SSHv2: AAA new-model with both authentication AND authorization configured (aaa authentication login default local AND aaa authorization exec default local), a privileged (level 15) user, RSA key gen

Submitted by thandi_sa· Mar 6, 2026Network Programmability and Automation – Configuring and validating NETCONF/YANG access on IOS-XE devices, including prerequisite SSH, AAA, and authorization settings (maps to Cisco ENCOR / DevNet Associate exam objectives)

Question

Which configuration enables a device to be configured via NETCONF over SSHv2? A. B. C. D.

Exhibits

350-401 question #503 exhibit 1
350-401 question #503 exhibit 2
350-401 question #503 exhibit 3
350-401 question #503 exhibit 4
350-401 question #503 exhibit 5
350-401 question #503 exhibit 6
350-401 question #503 exhibit 7
350-401 question #503 exhibit 8

Options

  • Ahostname Device ! username cisco1 privilege 15 password 0 cisco1 ! ip domain-name cisco.com crypto key generate rsa modulus 2048 ip ssh version 2 ! netconf ssh ! line vty 0 15 login local
  • Bhostname Device ! aaa new-model ! username cisco privilege 15 password cisco ! ip domain-name cisco.com crypto key generate rsa modulus 2048 ip ssh version 2 ! aaa authentication login default local aaa authorization exec default local ! netconf-yang netconf ssh
  • Chostname Device ! username admin password 0 admin ! ip domain-name cisco.com crypto key generate rsa modulus 2048 ip ssh version 2 ! netconf-yang ! line vty 0 15 login local
  • Dhostname Device ! aaa new-model ! username admin privilege 15 password 0 admin ! ip domain-name cisco.com crypto key generate rsa modulus 2048 ip ssh version 2 ! netconf-yang

How the community answered

(15 responses)
  • A
    7% (1)
  • B
    67% (10)
  • C
    20% (3)
  • D
    7% (1)

Explanation

Option B is correct because it includes all required components for NETCONF over SSHv2: AAA new-model with both authentication AND authorization configured (aaa authentication login default local AND aaa authorization exec default local), a privileged (level 15) user, RSA key generation, SSH version 2, and the netconf-yang command. NETCONF requires AAA authorization (exec) to be enabled so the device can authorize the NETCONF session and assign the correct privilege level to the connecting user. The 'netconf ssh' line alongside 'netconf-yang' is acceptable but the critical differentiator is the presence of both AAA authentication and exec authorization.

Topics

#NETCONF#SSHv2#AAA Configuration#Network Programmability

Community Discussion

No community discussion yet for this question.

Full 350-401 Practice