Implementing and Operating Cisco Enterprise Network Core Technologies (ENCOR) — Question 788

An engineer must configure interface and sensor monitoring on a router. The NMS server is located in a trusted zone with IP address 10.15.2.19. Communication between the router and the NMS server must be encrypted and password-protected using the most secure algorithms. Access must be allowed only for the NMS server and with the minimum permission levels needed. Which configuration must the engineer apply?

Answer options

• A. ip access-list extended nms permit 1 host 10.15.2.19 any snmp-server view ro internet included snmp-server view ro ifEntry included snmp-server group nms v3 priv notify ro access nms snmp-server user user1 nms v3 encrypted auth md5 Password1 pri 3des Password123
• B. ip access-list standard nms permit 10.15.2.19 0.0.0.0 snmp-server view ro iso included snmp-server view ro ifEntry included snmp-server group nms v3 priv read ro access nms snmp-server user user1 nms v3 auth sha Password1 pri aes 256 Password123
• C. ip access-list standard nms permit 10.15.2.19 0.0.0.0 snmp-server view rw iso included snmp-server view rw ifEntry included snmp-server group nms v3 auth write rw access nms snmp-server user user1 nms v3 auth des Password1 pri des Password123
• D. ip access-list standard nms permit 10.15.2.19 255.255.255.255 snmp-server view ro iso included snmp-server view ro ifEntry included snmp-server group nms v3 priv read ro access nms snmp-server user user1 nms v3 auth 3des Password1 pri aes 192 Password123

Correct answer: B

Explanation

Option B is the correct choice because it utilizes a standard access-list that allows only the NMS server's IP address and employs strong authentication and encryption methods (SHA and AES 256). The other options either do not restrict access appropriately, use weaker encryption, or provide unnecessary permissions that exceed the minimum required for the task.