SY0-701 · Question #617
SY0-701 Question #617: Real Exam Question with Answer & Explanation
The correct answer is C: Replacing Telnet with SSH. Replacing Telnet with SSH (option C) directly hardens network devices because SSH encrypts all traffic - including credentials and commands - whereas Telnet transmits everything in plaintext, making it trivially interceptable on the network. Why the distractors are wrong: A (Cent
Question
A network engineer is increasing the overall security of network devices and needs to harden the devices. Which of the following will best accomplish this task?
Options
- AConfiguring centralized logging
- BGenerating local administrator accounts
- CReplacing Telnet with SSH
- DEnabling HTTP administration
Explanation
Replacing Telnet with SSH (option C) directly hardens network devices because SSH encrypts all traffic - including credentials and commands - whereas Telnet transmits everything in plaintext, making it trivially interceptable on the network.
Why the distractors are wrong:
- A (Centralized logging) improves visibility and auditing but does nothing to reduce the attack surface or protect device access - it's a monitoring control, not a hardening control.
- B (Local administrator accounts) actually increases risk by multiplying credentials that can be targeted or forgotten; best practice is to minimize local accounts and use centralized authentication (e.g., RADIUS/TACACS+).
- D (Enabling HTTP administration) is the opposite of hardening - HTTP is unencrypted and should be disabled in favor of HTTPS if web-based management is needed at all.
Memory tip: Think of hardening as "closing doors and locking windows." SSH replaces an open, unencrypted door (Telnet) with a locked, encrypted one - that's a direct hardening action. Logging, adding accounts, and enabling HTTP either leave doors open or add new ones.
Topics
Community Discussion
No community discussion yet for this question.