350-401 Question #626: Real Exam Question with Answer & Explanation

Question

Refer to the exhibit. Which commands are required to allow SSH connection to the router? A. B. C. D.

Options

• ARouter(config)#access-list 100 permit udp any eq 22 Router(config)#access-list 101 permit tcp any eq 22 Router(config)#class-map class-ssh Router(config-cmap)#match access-group 101 Router(config)#policy-map CoPP Router(config-pmap)#police 100000 conform-action transmit
• BRouter(config)#access-list 100 permit tcp any eq 22 Router(config)#class-map class-ssh Router(config-cmap)#match access-group 10 Router(config)#policy-map CoPP Router(config-pmap)#class class-ssh Router(config-pmap-c)#police 100000 conform-action transmit
• CRouter(config)#access-list 10 permit tcp any eq 22 Router(config)#class-map class-ssh Router(config-cmap)#match access-group 10 Router(config)#policy-map CoPP Router(config-pmap)#class class-ssh Router(config-pmap-c)#police 100000 conform-action transmit
• DRouter(config)#access-list 100 permit tcp any eq 22 Router(config)#access-list 101 permit tcp any eq 22 Router(config)#class-map class-ssh Router(config-cmap)#match access-group 101 Router(config)#policy-map CoPP Router(config-pmap)#class class-ssh Router(config-pmap-c)#police 100000 conform-action transmit

Explanation

Option B is correct because it properly configures a Control Plane Policing (CoPP) policy for SSH traffic: it uses a named extended ACL (100) matching TCP traffic on port 22, creates a class-map that references ACL 100, and correctly structures the policy-map with the class defined inside the policy-map context before applying the police action. The critical elements are using TCP (not UDP) for SSH, correctly referencing the ACL number in the class-map, and including the 'class class-ssh' line within the policy-map before the police statement.

No community discussion yet for this question.