ExamGecko
Search Search Login
Home Home / Cisco / 350-401
Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

What are two differences between the RIB and the FIB? (Choose two.)
Which option works with a DHCP server to return at least one WLAN management interface IP address during the discovery phase and is dependent upon the VCI of the AP?
An engineer must update the local web authentication details on a Cisco 5520 WLC. The engineer has one active SSID configured for web authentication and plans to update the virtual interface with a nonroutable IP address. Which command must the engineer apply?
An engineer is troubleshooting the Ap join process using DNS. Which FQDN must be resolvable on the network for the access points to successfully register to the WLC?
Which port is required to allow APs to join a WLC when directed broadcasts are used on a Cisco iOS switch?
Refer to the Exhibit. Refer to the exhibit. Which action must be performed to allow RESTCONF access to the device?
Refer to the Exhibit. Refer to the exhibit An engineer is troubleshooting an mDNS issue in an environment where Cisco ISE is used to dynamically assign mDNS roles to users The engineer has confirmed that ISE is sending the correct values, but name resolution is not functioning as expected Which WLC configuration change resolves the issue?
A company has an existing Cisco 5520 HA cluster using SSO. An engineer deploys a new single Cisco Catalyst 9800 WLC to test new features. The engineer successfully configures a mobility tunnel between the 5520 cluster and 9800 WLC. Client connected to the corporate WLAN roam seamlessly between access points on the 5520 and 9800 WLC. After a failure on the primary 5520 WLC, all WLAN services remain functional; however, Client roam between the 5520 and 9800 controllers without dropping their connection. Which feature must be configured to remedy the issue?
Which configuration allows administrators to configure the device through the console port and use a network authentication server? A) B) C) D)
Which solution simplifies management ot secure access to network resources?

Question 850 - 350-401 discussion

Report
Export

Refer to the Exhibit.

Refer to Ihe exhibit. An engineer must update the existing configuation to achieve these resu ts:

* Only administrators from the 192.168 1.0.'?4 subnet can access the vty lines.

* Access to the vty lines using clear-text protocols is prohibited.

Which command set should be appled?

A)

B)

C)

D)

A.

Option A

Answers
A.

Option A

B.

Option B

Answers
B.

Option B

C.

Option C

Answers
C.

Option C

D.

Option D

Answers
D.

Option D

Suggested answer: B

Explanation:

Option B is the correct command set to update the existing configuration to achieve the desired results.The configuration steps are as follows12:

Define a standard access list that permits only the administrators from the 192.168.1.0/24 subnet to access the vty lines. In this case, the access list is namedADMINand it allows any host with an IP address in the range of 192.168.1.1 to 192.168.1.254 to access the vty lines:ip access-list standard ADMINandpermit 192.168.1.0 0.0.0.255.

Apply the access list to the vty lines using theaccess-classcommand. This command restricts incoming and outgoing connections between a particular vty and the addresses in the access list. In this case, the access listADMINis applied to the vty lines 0 to 15 in the inbound direction, which means that only the hosts that match the access list can initiate a connection to the vty lines:line vty 0 15andaccess-class ADMIN in.

Disable the clear-text protocols such as Telnet for the vty lines using thetransport inputcommand. This command specifies which protocols are allowed for incoming connections. In this case, only SSH is allowed for the vty lines, which is a secure protocol that encrypts the data between the client and the server:transport input ssh.

Option A is incorrect because it does not apply the access list to the vty lines, which is required to restrict the access to the administrators from the 192.168.1.0/24 subnet.Without theaccess-classcommand, any host can attempt to connect to the vty lines12.

Option C is incorrect because it does not disable the clear-text protocols for the vty lines, which is required to prohibit the access to the vty lines using unsecure protocols.Without thetransport input sshcommand, both Telnet and SSH are allowed for the vty lines by default12.

Option D is incorrect because it uses an extended access list instead of a standard access list, which is not recommended for controlling access to the vty lines. An extended access list requires more configuration and processing than a standard access list, and it cannot be applied directly to the vty lines.It has to be applied to each interface that can be used to access the vty lines, which increases the complexity and the possibility of errors12.Reference:1:Controlling Access to a Virtual Terminal Line,2:Configuring Secure Shell

Show Answer
asked 10/10/2024
Juan Yontz
46 questions
PreviousPreviousNextNext
User
Your answer:
0 comments
Sorted by

Leave a comment first

ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms