A network engineer is testing an automation platform that interacts with Cisco networking devices via NETCONF over SSH. In accordance with internal security requirements:
✑ NETCONF sessions are permitted only from trusted sources in the 172.16.20.0/24 subnet.
✑ CLI SSH access is permitted from any source.
Which configuration must the engineer apply on R1?

A. configure terminal hostname R1 ip domain-name mydomain.com crypto key generate rsa ip ssh version 1 access-list 1 permit 172.16.20.0 0.0.0.255 netconf ssh acl 1 line vty 0 4 transport input ssh end

B. configure terminal hostname R1 ip domain-name mydomain.com crypto key generate rsa ip ssh version 2 access-list 1 permit 172.16.20.0 0.0.0.255 access-list 1 permit any netconf ssh line vty 0 4 access-class 1 in transport input ssh end

C. configure terminal hostname R1 ip domain-name mydomain.com crypto key generate rsa ip ssh version 1 access-list 1 permit 172.16.20.0 0.0.0.255 access-list 2 permit any netconf ssh line vty 0 4 access-class 2 in transport input ssh end

D. configure terminal hostname R1 ip domain-name mydomain.com crypto key generate rsa ip ssh version 2 access-list 1 permit 172.16.20.0 0.0.0.255 netconf ssh acl 1 line vty 0 4 transport input ssh end








 

Suggested Answer: D



This question is in 350-501 SPCOR exam 
For getting CCNP Service Provider Certificate


Disclaimers:
The website is not related to, affiliated with, endorsed or authorized by Cisco.
Trademarks, certification & product names are used for reference only and belong to Cisco.