CCNA: Cisco Certified Network Associate — Question 459

An engineer is configuring remote access to a router from IP subnet 10.139.58.0/28. The domain name, crypto keys, and SSH have been configured. Which configuration enables the traffic on the destination router?

Answer options

• A. line vty 0 15 access-class 120 in ! ip access-list extended 120 permit tcp 10.139.58.0 0.0.0.15 any eq 22
• B. interface FastEthernet0/0 ip address 10.122.49.1 255.255.255.252 ip access-group 10 in ! ip access-list standard 10 permit udp 10.139.58.0 0.0.0.7 host 10.122.49.1 eq 22
• C. interface FastEthernet0/0 ip address 10.122.49.1 255.255.255.252 ip access-group 110 in ! ip access-list standard 110 permit tcp 10.139.58.0 0.0.0.15 eq 22 host 10.122.49.1
• D. line vty 0 15 access-group 120 in ! ip access-list extended 120 permit tcp 10.139.58.0 0.0.0.15 any eq 22

Correct answer: A

Explanation

The correct answer is A because it uses an access-class on the vty lines, allowing SSH traffic from the specified subnet on the correct port. Options B and C incorrectly apply access-lists to an interface rather than the vty lines, and option D is similar to A but lacks the access-class, making it less appropriate for controlling access to the router's vty lines.