Refer to the exhibit. An engineer is updating the management access configuration of switch SW1 to allow secured, encrypted remote configuration. Which two commands or command sequences must the engineer apply to the switch? (Choose two.)
A.
SW1(config)#enable secret ccnaTest123
B.
SW1(config)#username NEW secret R3mote123
C.
SW1(config)#line vty 0 15 SW1(config-line)#transport input ssh
D.
SW1(config)# crypto key generate rsa
E.
SW1(config)# interface f0/1 SW1(confif-if)# switchport mode trunk
Going with A and C. There is a username and password configured already. Configuring enable secret is a must when using SSH otherwise you cannot enter to enabled mode. Try it in packet tracer. Pls correct me if im wrong
Yep you are right! I tried it in PT.
First I did B and C on the switch. Then went on the PC and although I successfully connected to the switch via SSH, it did not allow me to enter into privileged EXEC mode because of the missing enable secret command.
So I went back to the switch and removed B, then did A. Went back to the PC to connect via SSH, connected with no problem, and was then able to enter into privileged EXEC mode and thus configure the switch remotely which is what the question requires.
Thanks all!
Level 0 – Zero-level access only allows five commands- logout, enable, disable, help and exit.
Level 1 – User-level access allows you to enter in User Exec mode that provides very limited read-only access to the router.
Level 15 – Privilege level access allows you to enter in Privileged Exec mode and provides complete control over the router.
the username and password already configured as you see is a PRIVILEGE 1 level credential which is why it is necessary to create another username and secret to enable privilege exec mode access. You do not necessarily need to add the command enable secret <string> to access the privileged exec mode via telnet/ssh. the username and secret command should be adequate when the LOGIN LOCAL command in added to the LINE VTY 0 4/5 15 interface.
I hope this helps!
To answer correctly this question, you need to know about:
1) SSH configuration
2) Privilege levels
------------------------------------------
To summary the 2dn item:
Privilege levels from [0-1]: Allow you to encter "User mode" from SSH/Telnet (and you will need to type a "enable secret" command in the router to access the Priveleged EXEC mode).
Privilege levels from [2-15]: Allow you to automatically enter Privileged EXEC mode from SSH/Telnet.
------------------------------------------
Note:
The "enable secret" command assigns a privilege level = 15 (The highest privilege level).
-------------------------------------------
If you feel more courious about privilege levels, you can see the following article from Cisco:
https://learningnetwork.cisco.com/s/blogs/a0D3i000002eeWTEAY/cisco-ios-privilege-levels
A & C is the answer
Hey admin, stop using Chat GPT to answer the questions. Chat GPT hasn't seen the exhibit to answer accurately, it answers the question in general and this isn´t what we need.
It's B and C. The exhibit shows login local so you need a username [] secret/password [] pair. SSH requires both a username and password pair unlike telnet. If you ssh -l into the device using option B. it would work unlike option A.
Option A would work if you use -> line vty 0 15, login, password, But only for Telnet not SSH.
SSH test on PT without the enable secret below and it really shows that you can't access:
Cisco Packet Tracer PC Command Line 1.0
C:\>ssh -l pablo 10.0.32.2
Password: xxx
SW3>
SW3>enable
% No password set.
SW3>
I tested with telnet and it's the same thing:
C:\>telnet 10.0.32.2
Trying 10.0.32.2 ...Open
User Access Verification
Username: pablo
Password:
SW3>en
% No password set.
SW3>
In fact, it is possible to access it, but only in user mode SW3> and execute some commands (show, ping, ssh...). However, in the privileged SW3# podo for "remote access", a password of "Enable" would be required, "even if it has not been configured", unlike access via console.
B. SW1(config)#username NEW secret R3mote123
This command creates a new username (NEW) with a password (R3mote123) for authentication when accessing the switch remotely.
D. SW1(config)#crypto key generate rsa
This command generates an RSA key pair used for secure SSH communication. The RSA key pair is necessary for encrypting the remote management traffic.
Therefore, options B and D are the commands or command sequences that the engineer must apply to the switch to enable secured, encrypted remote configuration.
wrong, try it on packet tracer. you need the "enable secrete" to access enable mode remotely. and the crypto keys were already created, check the exhibit last command.
The correct answers are:
A. SW1(config)#enable secret ccnaTest123
C. SW1(config)#line vty 0 15 SW1(config-line)#transport input ssh
The enable secret command sets the password for the privileged EXEC mode. The transport input ssh command configures the switch to accept only SSH connections on the virtual terminal lines (VTYs).
The other options are incorrect.
Option B, username NEW secret R3mote123, creates a new username and password for remote access, but it does not secure the connection.
Option D, crypto key generate rsa, generates an RSA key pair for SSH authentication, but it does not configure the switch to accept SSH connections.
Option E, interface f0/1 switchport mode trunk, configures interface f0/1 as a trunk port, but it does not affect remote access.
The correct answers are:
C. SW1(config)#line vty 0 15 SW1(config-line)#transport input ssh
D. SW1(config)# crypto key generate rsa
These commands will enable SSH on the switch and generate an RSA key pair, which is required for SSH authentication.
The other commands are not necessary for enabling SSH on the switch. The command in option A sets the enable password, which is used for local login to the switch. The command in option B creates a new user account with the username "NEW" and the password "R3mote123". The command in option E configures interface f0/1 as a trunk port.
I agree with joondale. Although the username is just privilege Level1, but in this level 1 the enable cmd is accessible so therefore "Configuring enable secret is a must when using SSH otherwise you cannot enter to enabled mode." Therefore answers are A and C.
In the exhibit,
1.Hostname changed
2.Domain-name configured
3.Username and Password configured (B had been configured,no longer needed)
4.crypto key also configured (D had been configured, D no longer needed)
B D wrong, A C True.
Wrongs:
B.Username is given on exhibit.
D.Key is also generated. Attention to the end of the exhibition
E.Fa0/1 is access port
------------------------------------------------------------------------
Corrects:
A.We must set password to ENABLE mode for ssh config
C.Only TELNET config on exhibit. We must config "transport input ssh" command.
B is wrong since in the answer option only create a normal user access and not privilege user
https://study-ccna.com/cisco-privilege-levels/#:~:text=It%20is%20important%20to%20secure,the%20devices%20from%20unauthorized%20access.
To make things clear...
If there is no "username blabla privilege 15 password/secret blabla" entered
which would make the user log in to priviledged switch# directly, and not switch>
you need to have an "enable secret blabla" command entered or the user will not be able to enter priviledged mode and be stuck in switch> not being able to get to switch#
Don't take my word for it try it yourself in PT.
This section is not available anymore. Please use the main Exam Page.200-301 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
joondale
Highly Voted 2 years, 1 month agooatmealturkey
1 year, 8 months agosplashy
2 years, 1 month agoEthanhuntMI6
1 year, 10 months ago[Removed]
2 years agoIAmAlwaysWrongOnExamtopics
1 year, 10 months agoElmasquentona963
Highly Voted 1 year, 1 month ago[Removed]
Most Recent 7 months agod5c03de
7 months, 3 weeks agodropspablo
1 year, 4 months agodropspablo
1 year, 4 months agodropspablo
1 year, 4 months agoStingVN
1 year, 5 months ago[Removed]
1 year, 4 months agoccna_exam
1 year, 5 months agoccna_exam
1 year, 5 months agorogi2023
1 year, 7 months agoYaqub009
1 year, 8 months agoYaqub009
1 year, 8 months agomohdhafizudddinesa
1 year, 10 months agomichael1001
1 year, 10 months ago[Removed]
2 years agosplashy
2 years, 1 month agosplashy
1 year, 11 months agoking_oat
2 years, 1 month agoShadyAbdekmalek
2 years, 1 month ago