nerdexam
Cisco

350-401 · Question #564

A network engineer is enabling HTTPS access to the core switch, which requires a certificate to be installed on the switch signed by the corporate certificate authority. Which configuration commands a

The correct answer is C. Core-Switch(config)#crypto pki trustpoint Core-Switch. Explanation Creating a trustpoint (crypto pki trustpoint) is the first required step to issue a Certificate Signing Request (CSR), as it defines the CA relationship and certificate parameters (such as enrollment URL, subject name, and key pair) that the switch needs before a CSR

Submitted by katya_ua· Mar 6, 2026Security

Question

A network engineer is enabling HTTPS access to the core switch, which requires a certificate to be installed on the switch signed by the corporate certificate authority. Which configuration commands are required to issue a certificate signing request from the core switch?

Options

  • ACore-Switch(config)#crypto pki enroll Core-Switch
  • BCore-Switch(config)#ip http secure-trustpoint Core-Switch
  • CCore-Switch(config)#crypto pki trustpoint Core-Switch
  • DCore-Switch(config)#crypto pki trustpoint Core-Switch

How the community answered

(39 responses)
  • A
    13% (5)
  • B
    3% (1)
  • C
    79% (31)
  • D
    5% (2)

Explanation

Explanation

Creating a trustpoint (crypto pki trustpoint) is the first required step to issue a Certificate Signing Request (CSR), as it defines the CA relationship and certificate parameters (such as enrollment URL, subject name, and key pair) that the switch needs before a CSR can be generated and submitted. Option C establishes this foundational trustpoint configuration context, which is the prerequisite for all subsequent PKI operations.

Why the distractors are wrong:

  • Option A (crypto pki enroll) is the command used after the trustpoint is configured to actually generate and submit the CSR - it's the next step, not the one required to issue the request setup
  • Option B (ip http secure-trustpoint) binds an already-installed certificate to the HTTPS server, which comes after the certificate has been obtained - not during the CSR process
  • Option D appears identical to Option C, making it a duplicate distractor with no functional difference

Memory Tip: Think of it as building a house - you need the foundation (trustpoint) before you can submit the application (enroll). The order is always: Trustpoint → Enroll → Bind to HTTPS. The word "trustpoint" contains "trust," reminding you it's about establishing who you trust before requesting anything.

Topics

#PKI#Certificate Signing Request#HTTPS#Device Access Control

Community Discussion

No community discussion yet for this question.

Full 350-401 Practice