CCNA: Cisco Certified Network Associate — Question 301

A network administrator must configure SSH for remote access to router R1. The requirement is to use a public and private key pair to encrypt management traffic to and from the connecting client. Which configuration, when applied, meets the requirements?

Answer options

• A. R1#enable R1#configure terminal R1(config)#ip domain-name cisco.com R1(config)#crypto key generate ec keysize 1024
• B. R1#enable R1#configure terminal R1(config)#ip domain-name cisco.com R1(config)#crypto key generate ec keysize 2048
• C. R1#enable R1#configure terminal R1(config)#ip domain-name cisco.com R1(config)#crypto key encrypt rsa name myKey
• D. R1#enable R1#configure terminal R1(config)#ip domain-name cisco.com R1(config)#crypto key generate rsa modulus 1024

Correct answer: D

Explanation

The correct answer is D because it generates an RSA key pair with a modulus of 1024 bits, which is necessary for SSH encryption. Options A and B incorrectly use EC (Elliptic Curve) keys, which are not applicable for this requirement. Option C incorrectly attempts to encrypt an RSA key instead of generating a key pair needed for SSH.