Exam 200-301 topic 1 question 647 discussion

there is no ssh entry in the table. I did not understand the answer.

"A network administrator has been tasked with securing VTY access to a router". You need to secure VTY access and add SSH too, not just Telnet.

"Securing" VTY access can be interpreted multiple ways. Are you guaranteeing access through Telnet? If that's how you want to use the word "securing" then sure, but in general, this really is not correct as securing means to have a secure connection. Shame on you Cisco.

I dont see any answer is correct or configuration is wrong or question is wrong. However if you want to secure VTY access(Both Telnet and SSH), D option seems most correct as it allow SSH access to specific ip group. However only that configuration only won't work. You have to use below command as well line vty 0 15 access-class 101

we have to secure the line its ssh

D is the best answer. A is logically correct as well. Depending on the model of the router, IOS supports or does not support keyword SSH. Considering the displayed config already has telnet, we need to add SSH. Hence D. Please remember, CCNA is an entry level exam, testing our knowledge of basic concepts and rules, especially mechanical memorisation of textbook words. For this question, it uses the term 'vty' and wants us to recall that it means 'SSH and Telnet' according to the textbook. No way that CCNA would test us as deep as knowing whether SSH is a usable keyword in the port list, not to mention it does exist in some versions of IOS. In real exams, please stick to basic concepts and rules that you read in the textbook. Don't use real-world experience or real-world logic. CCNA is designed to be a dumb exam. So let's treat it a dumb way. If you think too much in the real exam, for half of the questions you will find all the four choices are correct, and for the other half you will find all the four choices have some kind of flaw.

So I verified in GNS3 ACL's don't have SSH , you have to write port 22 in the command, that's why answer D is a trap and A is a valid answer.

The correct choice is D. The acces via telnet is already secured via eq telnet. Its posible to type telnet after eq on the extended acl (see pag. 50 CCNA 200-301 Official Cert Guide, Volume 2) then we only have to secure via ssh.

it´s A I have tested o a real router, SSH at the of the command is not acceptable, it must be eq 22 But telnet at the end of the command is acceptable.

eq ssh does not exist, you need to specify port 22

Going with D

Key word: Securing. With telnet you will not accomplish this requirement. Https and scp doesn't make sense here. So, I would go with D (ssh) even though the syntax is not fully correct.

The issue with this question is that it's ambiguous as to whether it's asking us to identify an existing command in the configuration, or suggest an additional one. In the first case, the answer is obviously A. In the second case, it's obviously D. The problem is worsened by the fact that Telnet isn't a secure protocol, and allowing only Telnet access is arguably not "securing" anything, favoring SSH. So I chose D, but it could easily be A. Both are arguably correct.

I hate these questions!!!!. A is correct because B, C, and D syntax is incorrect. There is no port labeled SCP, HTTPS, or SSH in the cisco command-line.

Router(config)#access-list 101 permit tcp any 10.0.1.1 0.0.0.0 eq ssh ^ % Invalid input detected at '^' marker.

According to the documentation below, actually there is a SSH keyword (C3 P7) https://www.cisco.com/c/en/us/td/docs/app_ntwk_services/waas/waas/v401_v403/command/reference/cmdref/ext_acl.pdf

I think the question is asking what command would you enter from the answers to enable a secure vty connection in which case its always ssh. telnet = not secure