Exam 200-301 topic 1 question 566 discussion

The default setting on switch/router to accept remote access is telnet. Crypto key is not yet generated. "...configuration of router R1 so that it accepts ONLY encrypted connections..." So A + C

A and C only encrypted and crypto key not yet generated

A and C I tested in my lab

A & C are correct

B and C must configure

C & E is correct

C & A must have RSA generated and transport input ssh

The ip ssh version 2 command is optional. The crypto key generate rsa 1024 is required for ssh connections. The transport input ssh command specifies that you only want to connect to the router via ssh, this way you can't connect to the router via Telnet, which doesn't support encrypted connections. Therefore, A and C. Search for Set Up an IOS Router or Switch as SSH Client in this site: https://www.cisco.com/c/en/us/support/docs/security-vpn/secure-shell-ssh/4145-ssh.html

A and C

although “crypto key generate rsa” command enables SSH on the device, however the “transport input” command must be entered because ‘The transport command defines which protocols can be used to connect to a line. The default protocol is none, which means that no incoming connections are allowed.’

Given answer of C & E is correct. Given answer C & E is probably correct but A & C is good too. Go with C/E because you need C/E first (for encryption) then you do need A for remote access, so focus on “encryption” in the question. https://ipwithease.com/how-to-configure-ssh-version-2-on-cisco-router/

https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_usr_ssh/configuration/15-s/sec-usr-ssh-15-s-book/sec-secure-shell-v2.html#:~:text=the%20default%20host.-,Configuring%20a%20Device%20for%20SSH%20Version%202%20Using%20RSA%20Key%20Pairs,-SUMMARY%20STEPS

A and C telnet ssh and crypto key not yet created

https://www.firewall.cx/cisco-technical-knowledgebase/cisco-routers/1100-cisco-routers-ssh-support-configuration-rsa-key-generation.html