ExamTopics Logo
Mail Us[email protected]
Menu
Cisco Discussions
exam questions

Exam 350-501 All Questions

View all questions & answers for the 350-501 exam
Go to Exam

Exam 350-501 topic 1 question 226 discussion

Actual exam question from Cisco's 350-501
Question #: 226
Topic #: 1
[All 350-501 Questions]

A network engineer is testing an automation platform that interacts with Cisco networking devices via NETCONF over SSH. In accordance with internal security requirements:
✑ NETCONF sessions are permitted only from trusted sources in the 172.16.20.0/24 subnet.
✑ CLI SSH access is permitted from any source.
Which configuration must the engineer apply on R1?

  • A. configure terminal hostname R1 ip domain-name mydomain.com crypto key generate rsa ip ssh version 1 access-list 1 permit 172.16.20.0 0.0.0.255 netconf ssh acl 1 line vty 0 4 transport input ssh end
  • B. configure terminal hostname R1 ip domain-name mydomain.com crypto key generate rsa ip ssh version 2 access-list 1 permit 172.16.20.0 0.0.0.255 access-list 1 permit any netconf ssh line vty 0 4 access-class 1 in transport input ssh end
  • C. configure terminal hostname R1 ip domain-name mydomain.com crypto key generate rsa ip ssh version 1 access-list 1 permit 172.16.20.0 0.0.0.255 access-list 2 permit any netconf ssh line vty 0 4 access-class 2 in transport input ssh end
  • D. configure terminal hostname R1 ip domain-name mydomain.com crypto key generate rsa ip ssh version 2 access-list 1 permit 172.16.20.0 0.0.0.255 netconf ssh acl 1 line vty 0 4 transport input ssh end
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by oreluc at Sept. 15, 2022, 6:28 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
ccie_race
Highly Voted 1 year, 6 months ago
Option D Restrict access to netconf ssh using acl 1. (ssh here doesn't mean ssh. it means netconf ssh. This is how you configure netconf) Allow everyone on SSH line: No ACL applied to line vty ==================== configure terminal hostname R1 ip domain-name mydomain.com crypto key generate rsa ip ssh version 2 access-list 1 permit 172.16.20.0 0.0.0.255 netconf ssh acl 1 line vty 0 4 transport input ssh end
upvoted 5 times
...
joeneo
Most Recent 8 months, 3 weeks ago
Option D, must be SH v2 and just permit the indicated network
upvoted 2 times
...
thejag
1 year, 2 months ago
Selected Answer: D
D is correct
upvoted 1 times
...
Samarjit1983
1 year, 3 months ago
NETCONF does not support SSH version 1.
upvoted 4 times
...
oreluc
1 year, 8 months ago
the B is wrong because of the access-list. SO my answer is B
upvoted 1 times
...
oreluc
1 year, 8 months ago
i may be wrong, but why not configuring an access-class under vty lines? more answer B then.
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago