Which two actions restrict access to router R1 by SSH?

Posted by: Pdfprep Category: 300-410 Tags: , ,

Refer to the exhibit.

Which two actions restrict access to router R1 by SSH? (Choose two)
A . Configure transport input ssh on line vty and remove sequence 30 from access list 100.
B . Configure transport output ssh on line vty and remove sequence 20 from access list 100.
C . Remove class-map ANY from service-policy CoPP
D . Configure transport output ssh on line vty and remove sequence 10 from access list 199.
E . Remove sequence 10 from access list 100 and add sequence 20 deny tcp any any eq telnet to access list 199

Answer: AB

Explanation:

To only allow SSH to R1, we have to: +Deny Telnet in ACL 100 because the action of class-map:

PERMIT is "permit" + Permit Telnet in ACL199 because the action of class-map: ANY is "drop" But:

+ In ACL 100 there is a permit statement for Telnet traffic"20permittcpanyanyeq telnet (5 matches) "which is not correct so we must remove this statement.

+ InACL199 there is an ACL statement "10 deny tcp any eq telnet any (50 matches) ". This statement is aimed for Telnet traffic leaving R1 which is not correct so we must remove this statement.

Note:

+The command "transport output telnet ssh" allows telnet and SSH from this device (to other devices).

+Telnet is TCP port 23. +When using Telnet on source port, it affects Telnet traffic leaving from R1.

Leave a Reply

Your email address will not be published.