CCNA: Cisco Certified Network Associate — Question 409

R1 as an NTP server must have:
✑ NTP authentication enabled
✑ NTP packets sourced from Interface loopback 0
✑ NTP stratum 2
✑ NTP packets only permitted to client IP 209.165.200.225
How should R1 be configured?

Answer options

• A. ntp authenticate ntp authentication-key 2 sha1 CISCO123 ntp source Loopback0 ntp access-group server-only 10 ntp master 2 ! access-list 10 permit udp host 209.165.200.225 any eq 123
• B. ntp authenticate ntp authentication-key 2 md5 CISCO123 ntp interface Loopback0 ntp access-group server-only 10 ntp stratum 2 ! access-list 10 permit 209.165.200.225
• C. ntp authenticate ntp authentication-key 2 md5 CISCO123 ntp source Loopback0 ntp access-group server-only 10 ntp master 2 ! access-list 10 permit 209.165.200.225
• D. ntp authenticate ntp authentication-key 2 md5 CISCO123 ntp source Loopback0 ntp access-group server-only 10 ntp stratum 2 ! access-list 10 permit udp host 209.165.200.225 any eq 123

Correct answer: C

Explanation

The correct answer is C because it specifies NTP authentication with the appropriate key type and source interface, but incorrectly uses 'ntp master' instead of 'ntp stratum'. Options A and D both incorrectly use 'sha1' and have 'ntp master' instead of 'stratum'. Option B fails to set the required stratum level and uses 'ntp interface' instead of 'ntp source'.