350-401 Exam QuestionsBrowse all questions from this exam

350-401 Exam - Question 885


A network engineer must configure the VTY lines on a router to achieve these results:

• Remote access should be permitted only for secure protocols.

• Only a password should be required for device authentication.

• All idle EXEC sessions must be terminated in 60 minutes.

Which configuration should be applied?

Show Answer
Correct Answer: A

The network engineer needs to configure the VTY lines to achieve three specific results: remote access should be permitted only for secure protocols, only a password should be required for device authentication, and all idle EXEC sessions must be terminated in 60 minutes. To permit remote access only for secure protocols, the configuration needs to use 'transport input ssh'. To ensure that only a password is required for device authentication, setting a password using 'password Cisco123' is sufficient. Including 'login' is unnecessary because it introduces additional requirements not specified in the question. Lastly, 'exec-timeout 60' correctly configures the termination of idle EXEC sessions after 60 minutes. Therefore, the correct configuration is 'line vty 0 15', 'password Cisco123', 'transport input ssh', and 'exec-timeout 60', making Option A the correct answer.

Discussion

13 comments
Sign in to comment
AM17212Option: B
Feb 23, 2024

Configuring Line Local Password Authentication To enable password authentication on a line, the following two commands are required under line configuration mode: ■ password password to configure the password ■ login to enable password checking at login

bigyan_jhapaca4Option: B
Jan 27, 2024

correct

teems5ukOption: A
Jan 23, 2024

Option A is the only correct answer here.

MistwalkerOption: A
Jan 28, 2024

Login is enabled by default, and even if it needed to be set, entering it before a password has been configured produces an error (tested in CML).

SeMo0o0oOption: B
Jun 11, 2024

B is correct If the command is simply "login" then it uses the password configured with the password command under the VTY configuration. If the command is "login local" then it asks for a username and password based on the local user database regardless of whether or not the password was used. https://notes.networklessons.com/security-authentication-on-vty-lines#:~:text=If%20the%20command,password%20was%20used.

kldoyle97Option: A
Jan 13, 2024

Its between A and B, Leaning towards A since the question states that only a password is required. B specifies "login" under vty configuration. Doest that mean that it will prompt the user to enter a username and password? however there is no username configured

f490efcOption: A
Jan 19, 2024

Seems login command is enabled by default. Both A and B looks okay

MizuchanOption: A
Jan 28, 2024

Leaning towards A... Both would work I think.

outnumber_gargle024Option: A
Feb 5, 2024

provided answer is correct

outnumber_gargle024
Feb 5, 2024

Correction, provided answer of B is incorrect. The answer is A

slacker_at_workOption: A
Mar 9, 2024

A is correct, "login" is not needed in this scenario

Shri_Fcb10Option: A
May 27, 2024

The login command prompts for username authentication in addition to the password. Since the requirement specifies that only a password should be required for device authentication, the login command is unnecessary and doesn't meet the specified criteria. Therefore, option B doesn't fulfill the requirement of allowing access only with a password.

Eyad_AlotaibiOption: B
Jun 30, 2024

I have tried this in EVE-NG lab, and this result occured with me: If you set login keyword in line vty, the password will be required when you connect to the remote device. If you don't set login keyword, you will be able to connect to the remote device immediately with no password even you have already written a password in line vty. so B is the correct answer.

Eyad_Alotaibi
Jun 30, 2024

connect = access in my native language, sorry if you feel confuse

Steve122Option: B
Jul 17, 2024

Tested in LAB. 'B' works.