ExamTopics Logo
Mail Us[email protected]
Menu
Cisco Discussions
exam questions

Exam 350-401 All Questions

View all questions & answers for the 350-401 exam
Go to Exam

Exam 350-401 topic 1 question 901 discussion

Actual exam question from Cisco's 350-401
Question #: 901
Topic #: 1
[All 350-401 Questions]

An engineer must configure interface and sensor monitoring on a router. The NMS server is located in a trusted zone with IP address 10.15.2.19. Communication between the router and the NMS server must be encrypted and password-protected using the most secure algorithms. Access must be allowed only for the NMS server and with the minimum permission levels needed. Which configuration must the engineer apply?

  • A. ip access-list extended nms
    permit 1 host 10.15.2.19 any

    snmp-server view ro internet included

    snmp-server view ro ifEntry included

    snmp-server group nms v3 priv notify ro access nms
    snmp-server user user1 nms v3 encrypted auth md5 Password1 pri 3des Password123
  • B. ip access-list standard nms
    permit 10.15.2.19 0.0.0.0

    snmp-server view ro iso included

    snmp-server view ro ifEntry included

    snmp-server group nms v3 priv read ro access nms
    snmp-server user user1 nms v3 auth sha Password1 pri aes 256 Password123
  • C. ip access-list standard nms
    permit 10.15.2.19 0.0.0.0

    snmp-server view rw iso included

    snmp-server view rw ifEntry included

    snmp-server group nms v3 auth write rw access nms
    snmp-server user user1 nms v3 auth des Password1 pri des Password123
  • D. ip access-list standard nms
    permit 10.15.2.19 255.255.255.255

    snmp-server view ro iso included

    snmp-server view ro ifEntry included

    snmp-server group nms v3 priv read ro access nms
    snmp-server user user1 nms v3 auth 3des Password1 pri aes 192 Password123
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by slacker_at_work at March 9, 2024, 9:39 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
slacker_at_work
Highly Voted 7 months, 3 weeks ago
Selected Answer: B
B, as it is RO (not like option C, RW) and using AES 256 which is the best what is listed.
upvoted 6 times
...
[Removed]
Most Recent 5 months ago
Selected Answer: B
B is correct
upvoted 1 times
...
shefo1
7 months, 2 weeks ago
Easy explanation for why B is right A- permit 1 host 10.15.2.19 any (this wrong because in extended ACL we dont have a command like that). C- use the full permission (RW) and use the weak algorithm (des). D- use the wrong wildcard mask(255.255.255.255) and use the weak algorithm (3des).
upvoted 4 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago