nerdexam
Cisco

350-701 · Question #200

An engineer is trying to securely connect to a router and wants to prevent insecure algorithms from being used. However, the connection is failing. Which action should be taken to accomplish this goal

The correct answer is D. Generate the RSA key using the crypto key generate rsa command.. To securely connect to a router via SSH and prevent insecure algorithms, an RSA key pair must first be generated on the device.

Submitted by neha2k· Mar 30, 2026Secure Network Access, Visibility, and Enforcement

Question

An engineer is trying to securely connect to a router and wants to prevent insecure algorithms from being used. However, the connection is failing. Which action should be taken to accomplish this goal?

Exhibit

350-701 question #200 exhibit

Options

  • AConfigure the port using the ip ssh port 22 command.
  • BEnable the SSH server using the ip ssh server command.
  • CDisable telnet using the no ip telnet command.
  • DGenerate the RSA key using the crypto key generate rsa command.

How the community answered

(55 responses)
  • A
    5% (3)
  • B
    4% (2)
  • C
    16% (9)
  • D
    75% (41)

Why each option

To securely connect to a router via SSH and prevent insecure algorithms, an RSA key pair must first be generated on the device.

AConfigure the port using the ip ssh port 22 command.

The `ip ssh port 22` command configures the SSH server to listen on a specific port, which is the default, but does not address the lack of cryptographic keys necessary for SSH functionality.

BEnable the SSH server using the ip ssh server command.

The `ip ssh server` command enables the SSH server process, but it relies on an existing RSA key pair; if keys are not generated, the server will not be fully operational or secure.

CDisable telnet using the no ip telnet command.

The `no ip telnet` command disables the insecure Telnet protocol, which is good practice, but it does not resolve SSH connection failures or enable SSH itself.

DGenerate the RSA key using the crypto key generate rsa command.Correct

For SSH to function securely and allow connections while preventing insecure algorithms, the router must first have an RSA key pair generated using the `crypto key generate rsa` command. This key pair is fundamental for encryption and authentication in the SSH protocol, and without it, SSH connections will fail.

Concept tested: SSH key generation for secure connections

Source: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/security/s1/sec-s1-cr-book/sec-s1-cr-sec-b2.html

Topics

#Cisco SSH configuration#RSA key management#Secure remote management#Cryptographic algorithms

Community Discussion

No community discussion yet for this question.

Full 350-701 Practice