ExamTopics Logo
Mail Us[email protected]
Menu
Cisco Discussions
exam questions

Exam 300-410 All Questions

View all questions & answers for the 300-410 exam
Go to Exam

Exam 300-410 topic 1 question 193 discussion

Actual exam question from Cisco's 300-410
Question #: 193
Topic #: 1
[All 300-410 Questions]


Refer to the exhibit. A user cannot SSH to the router.
What action must be taken to resolve this issue?

  • A. Configure transport input ssh
  • B. Configure transport output ssh
  • C. Configure ip ssh version 2
  • D. Configure ip ssh source-interface loopback0
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by [deleted] at Aug. 5, 2021, 8:28 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
[Removed]
10 months, 1 week ago
Selected Answer: A
A is correct
upvoted 1 times
...
MasterMatt
2 years, 1 month ago
Selected Answer: A
ssh is enabled by default but temporarily disabled if the rsa key is not generated. Once the key is generated, and you have local account plus the transport input ssh you should be able to login with SSH.
upvoted 3 times
...
ERICKPORRAS
2 years, 8 months ago
Selected Answer: A
A is correct, C is incorrect because: If you do not enter this command "ip ssh version 1/ 2 " or do not specify a keyword, the SSH server selects the latest SSH version supported by the SSH client. For example, if the SSH client supports SSHv1 and SSHv2, the SSH server selects SSHv2. check it: https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst2960x/software/15-0_2_EX/security/configuration_guide/b_sec_152ex_2960-x_cg/b_sec_152ex_2960-x_cg_chapter_01001.html
upvoted 3 times
...
Kimaf
3 years, 1 month ago
Selected Answer: C
Is the correct version of SSH specified? By default, both version 1 and 2 are enabled. However, with the ip ssh version {1 | 2} command, you can change the version to just 1 or 2. If clients are connecting with version 2 and the device is configured for version 1, the SSH connection will fail; the same is true if clients are using version 1 and the devices are configured for version 2. To check the version of SSH that is running, use the show ip ssh command, as shown in Example 23-5. If it states version 1.99, it means versions 1 and 2 are running. If it states version 1, then SSHv1 is running, and if it states version 2, then SSHv2 is running. Has the correct key size been specified? SSHv2 uses an RSA key size of 768 or greater. If you were using a smaller key size with SSHv1 and then switched to SSHv2, you would need to create a new key with the correct size; otherwise, SSHv2 would not work. If you are using SSHv2 but accidentally specify a key size less than 768, SSHv2 connections are not allowed. I have based my answer on OCG ENARSI BOOK PAGE 874 and since its specifies 🔑 size of greater than 768.
upvoted 1 times
...
Surfside92
3 years, 6 months ago
I think the answer = C The default transport input is both telnet and ssh so that rules out answer A. The config "ip ssh version 2" is part of the required ssh configuration - and that is missing from the output.
upvoted 1 times
[Removed]
3 years, 4 months ago
Nope... If a ssh version isnt specified, the latest version of ssh is selected. https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst2960x/software/15-0_2_EX/security/configuration_guide/b_sec_152ex_2960-x_cg/b_sec_152ex_2960-x_cg_chapter_01001.html
upvoted 5 times
...
tsabee
3 years, 6 months ago
You've partially right, but the default function was changed: according to command reference: "Defaults No protocols are allowed on the auxiliary (AUX), console, tty, and vty lines. ... Cisco devices do not accept incoming network connections to tty lines by default. You must specify an incoming transport protocol or specify the transport input all command before the line will accept incoming connections. ... This behavior is new as of Cisco IOS Release 15.4(3)M4. Previous to Cisco IOS Release 15.4(3)M4, the default was the transport input all command. If you are upgrading to a release later than Cisco IOS Release 15.4(3)M4, you must configure the transport input none command, or you will be locked out of your device." https://www.cisco.com/c/en/us/td/docs/ios/termserv/command/reference/tsv_book/tsv_s1.html
upvoted 6 times
myrmike
3 years, 4 months ago
To add on if a crypto key is generated the ssh version 1.99 is enabled.
upvoted 4 times
...
tsabee
3 years, 6 months ago
So I think the correct answer is A.
upvoted 4 times
...
...
...
OakA1
3 years, 7 months ago
I don't see any of the answers being correct. The default transport input is both telnet and ssh. Everything is enabled for SSH: domain and crypto key... There is also a local user configured. For me the only way a user can't login if he or she is connecting from a subnet that is not specified in the ACL.
upvoted 1 times
JOKERR
3 years, 5 months ago
Default transport is none. You have to specify explicitly which protocol you want to allow. Otherwise you will get this: ER1#telnet 172.16.45.1 Trying 172.16.45.1 ... % Connection refused by remote host ER1# ER1#ssh -l admin 172.16.45.1 % Connection refused by remote host
upvoted 4 times
...
...
[Removed]
3 years, 9 months ago
Te given answer is correct
upvoted 2 times
Abudi
2 years, 6 months ago
there is an evidence here that you are actually typing “The given answer is correct” in each question and not copy/pasting it xD
upvoted 5 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel