Cisco CCNA mock exam questions sample test – Question 235

.You wish to configure Secure Shell (SSH) support on your router so that incoming VTY connections are secure.
Which of the following commands must be configured? (Choose all that apply.)

A. ip domain-name
B. transport input ssh
C. ip access-group
D. crypto key generate rsa
E. service config


Correct Answer: ABD

Explanation:
Secure Shell (SSH) provides a secure alternative to Telnet for remote management of a Cisco device. Configuring Secure Shell (SSH) support on a Cisco router involves a minimum
of three commands:
ip domain-name [domain-name]: configures the DNS of the router (global configuration mode)
crypto key generates rsa: generates a cryptographic key to be used with SSH (global configuration mode)
transport input ssh: allows SSH connections on the router’s VTY lines (VTY line configuration mode)
The transport input ssh command allows only SSH connectivity to the router, and prevents clear-text Telnet connections. To enable both SSH and Telnet, you would use the transport
input ssh telnet command.
The ip access-group command is incorrect because this command is used to activate an access control list (ACL) on an interface, and does not pertain to SSH.
The service config command is incorrect because this command is used to automatically configure routers from a network server, and does not pertain to SSH.
Objective:
Infrastructure Security
Sub-Objective:
Configure, verify, and troubleshoot basic device hardening
References:
Cisco > Support > Technology Support > Security and VPN > Secure Shell (SSH) > Design > Configuring Secure Shell on Routers and Switches Running Cisco IOS > Document ID:
4145