- A
SSH
This is correct because SSH supports encrypted remote administration.
- B
Telnet
Why wrong: This is wrong because Telnet sends traffic in clear text.
- C
Open wireless access
Why wrong: This is wrong because WLAN openness is unrelated to secure device administration.
- D
Native VLAN 1
Why wrong: This is wrong because native VLAN choice is unrelated to encrypted management access.
CCNA Network Services and Security Practice Question
This 200-301 practice question tests your understanding of network services and security. Read the scenario carefully and evaluate each option against the stated constraints before committing to an answer. A key principle to apply: sSH provides encrypted remote administrative access, protecting session data and credentials from interception during transit.. Once you have made your selection, read the full explanation to reinforce the concept and understand why each distractor is designed to mislead on exam day.
An engineer wants remote administrative access to remain available but also wants session contents protected in transit. Which management choice best supports that goal?
Clue words in this question
Noticing these words before you look at the options changes how you read each choice.
Clue:
"best"Why it matters: Signals that multiple options may be partially correct. Choose the option that most directly solves the exact problem described, not the one that sounds most complete.
Answer choices
Why each option matters
Answer the question above first, then reveal the full breakdown to understand why each option is right or wrong.
Correct answer & explanation
SSH
The best choice is SSH because it provides encrypted remote administrative access. In plain language, the engineer wants administrators to keep managing devices remotely, but without exposing credentials or session contents in clear text. SSH solves that by protecting the traffic in transit, which is why it is preferred over older plaintext protocols such as Telnet. This is a core management-plane security principle. The goal is not to remove remote administration, but to perform it safely. The correct answer is the one that aligns with secure remote access rather than convenience at the expense of protection.
Key principle: SSH provides encrypted remote administrative access, protecting session data and credentials from interception during transit.
Answer analysis
Option-by-option breakdown
For each option: why learners choose it and why it is or isn't the right answer here.
- ✓
SSH
Why this is correct
This is correct because SSH supports encrypted remote administration.
Clue confirmation
The clue word "best" in the question point toward this answer.
Related concept
SSH provides encrypted remote administrative access, protecting session data and credentials from interception during transit.
- ✗
Telnet
Why it's wrong here
This is wrong because Telnet sends traffic in clear text.
When this WOULD be correct
If the exam question asked for a method of remote access that prioritizes speed and simplicity over security, and the context was a controlled environment where security risks are minimal, Telnet could be considered acceptable.
- ✗
Open wireless access
Why it's wrong here
This is wrong because WLAN openness is unrelated to secure device administration.
When this WOULD be correct
If the question were about providing remote access to a public network where encryption is not a concern, and the focus was solely on ease of access rather than security, then open wireless access could be considered a valid option.
- ✗
Native VLAN 1
Why it's wrong here
This is wrong because native VLAN choice is unrelated to encrypted management access.
When this WOULD be correct
If the question asked about configuring a network switch for management access without any security requirements, or if it specifically focused on VLAN configurations for untagged traffic, then selecting Native VLAN 1 could be correct.
Option-by-option analysis
Why each answer is right or wrong
Understanding why wrong answers are wrong — and when they would be correct — is what separates a 750 score from a 900. The 200-301 exam frequently reuses these exact scenarios with slightly different constraints.
✓SSHCorrect answer▾
Why this is correct
This is correct because SSH supports encrypted remote administration.
✗TelnetWrong answer — click to see why▾
Why this is wrong here
Telnet is incorrect because it transmits data, including passwords, in plaintext, making it insecure for remote administrative access where session content protection is required.
★ When this WOULD be the correct answer
If the exam question asked for a method of remote access that prioritizes speed and simplicity over security, and the context was a controlled environment where security risks are minimal, Telnet could be considered acceptable.
Why candidates choose this
Candidates may choose Telnet due to its historical use in networking and familiarity, mistakenly believing that it is still a viable option for remote access without recognizing the security implications.
✗Open wireless accessWrong answer — click to see why▾
Why this is wrong here
Open wireless access does not provide any encryption or security for data transmitted over the network, making it unsuitable for protecting session contents in transit during remote administrative access.
★ When this WOULD be the correct answer
If the question were about providing remote access to a public network where encryption is not a concern, and the focus was solely on ease of access rather than security, then open wireless access could be considered a valid option.
Why candidates choose this
Candidates may choose this option due to a misunderstanding of wireless security, believing that open access is sufficient for remote management without recognizing the risks of unencrypted data transmission.
✗Native VLAN 1Wrong answer — click to see why▾
Why this is wrong here
Native VLAN 1 is primarily used for untagged traffic on a switch and does not provide any encryption or secure access for remote administration. It is not suitable for protecting session contents in transit.
★ When this WOULD be the correct answer
If the question asked about configuring a network switch for management access without any security requirements, or if it specifically focused on VLAN configurations for untagged traffic, then selecting Native VLAN 1 could be correct.
Why candidates choose this
Candidates may be tempted by this option because they recognize VLANs as a fundamental networking concept and might mistakenly associate Native VLAN 1 with management access without considering the security implications.
Analysis generated from the official 200-301blueprint and verified against question context. The “when correct” sections are what AI assistants cite when candidates ask “what’s the difference between these options?”
Common exam traps
Common exam trap: answer the scenario, not the keyword
A common exam trap is selecting Telnet because it allows remote access, ignoring that it transmits data in clear text. This mistake overlooks the critical security requirement to protect session contents during transit. Another trap is choosing options unrelated to encryption, such as native VLAN or open wireless access, which do not address secure remote management. Candidates must focus on protocols that provide confidentiality and integrity for administrative sessions, not just connectivity.
Detailed technical explanation
How to think about this question
Secure remote administration is essential for protecting network devices from unauthorized access and data interception. SSH (Secure Shell) is a protocol that encrypts all data exchanged between the administrator and the device, including credentials and command output. This encryption prevents attackers from capturing sensitive information during transmission, which is a fundamental security principle in network management. Cisco devices support SSH as the preferred method for secure remote access, replacing older protocols like Telnet. The decision to use SSH over Telnet is based on the need to protect management-plane traffic. Telnet sends all data in plaintext, making it vulnerable to sniffing and man-in-the-middle attacks. SSH uses cryptographic techniques to authenticate both ends of the connection and encrypt the session, ensuring confidentiality and integrity. In Cisco IOS, enabling SSH involves generating cryptographic keys and configuring user authentication, which aligns with security best practices tested in the CCNA exam. Exam candidates often confuse unrelated concepts such as VLAN configurations or wireless access settings with secure management. While native VLANs and wireless security are important in their contexts, they do not encrypt remote administrative sessions. The practical takeaway is that SSH is the only option among the given choices that directly addresses the requirement for encrypted remote access, making it the correct and secure choice for managing Cisco devices remotely.
KKey Concepts to Remember
- SSH provides encrypted remote administrative access, protecting session data and credentials from interception during transit.
- Telnet sends management traffic in clear text, making it vulnerable to eavesdropping and credential theft on the network.
- Remote device management requires secure protocols to maintain confidentiality and integrity of administrative sessions.
- Native VLAN configuration does not influence encryption or security of remote management protocols like SSH or Telnet.
- Open wireless access points do not secure management sessions and can expose administrative traffic to unauthorized users.
- Cisco devices prefer SSH over Telnet for remote management when security is a priority, aligning with best practices.
- Encrypted management protocols like SSH prevent man-in-the-middle attacks by authenticating both client and server.
- Using SSH supports compliance with security fundamentals by ensuring remote administration does not expose sensitive data.
TExam Day Tips
- Watch for words such as best, first, most likely and least administrative effort.
- Review why wrong options are wrong, not only why the correct option is correct.
Key takeaway
SSH provides encrypted remote administrative access, protecting session data and credentials from interception during transit.
Real-world example
How this comes up in practice
A help-desk technician troubleshoots why a newly connected PC cannot reach shared printers on the same floor. The cable is good, the switch port is active, but the PC is in VLAN 20 and the printers are in VLAN 10. The uplink trunk only allows VLAN 10. A trunk being up does not mean every VLAN crosses it.
What to study next
Got this wrong? Here's your next step.
Review sSH provides encrypted remote administrative access, protecting session data and credentials from interception during transit., then practise related 200-301 questions on the same topic to reinforce the concept.
- →
Network Services and Security — study guide chapter
Learn the concepts, then practise the questions
- →
Network Services and Security practice questions
Targeted practice on this topic area only
- →
All 200-301 questions
1,819 questions across all exam domains
- →
CCNA 200-301 v2 study guide
Full concept coverage aligned to exam objectives
- →
200-301 practice test guide
How to use practice tests most effectively before exam day
Related practice questions
Related 200-301 practice-question pages
Use these pages to review the topic behind this question. This is how one missed question becomes focused revision.
Network Infrastructure and Connectivity practice questions
Practise 200-301 questions linked to Network Infrastructure and Connectivity.
Switching and Network Access practice questions
Practise 200-301 questions linked to Switching and Network Access.
IP Routing practice questions
Practise 200-301 questions linked to IP Routing.
Network Services and Security practice questions
Practise 200-301 questions linked to Network Services and Security.
AI and Network Operations practice questions
Practise 200-301 questions linked to AI and Network Operations.
CCNA subnetting practice questions
Practise IPv4 subnetting, CIDR, masks, host ranges and subnet selection.
CCNA OSPF practice questions
Practise OSPF neighbours, router IDs, metrics, areas and routing-table interpretation.
CCNA VLAN practice questions
Practise VLANs, access ports, trunks, allowed VLANs and switching scenarios.
CCNA STP practice questions
Practise spanning tree, root bridge election, port roles and STP troubleshooting.
CCNA EtherChannel practice questions
Practise LACP, PAgP, port-channel behaviour and bundle requirements.
CCNA ACL practice questions
Practise standard and extended ACLs, permit/deny logic and traffic filtering.
CCNA NAT practice questions
Practise static NAT, dynamic NAT, PAT and inside/outside address translation.
Practice this exam
Start a free 200-301 practice session
Short sessions build daily habit. Longer sessions build exam-day stamina. Try a timed session to simulate real conditions.
FAQ
Questions learners often ask
What does this 200-301 question test?
Network Services and Security — This question tests Network Services and Security — SSH provides encrypted remote administrative access, protecting session data and credentials from interception during transit..
What is the correct answer to this question?
The correct answer is: SSH — The best choice is SSH because it provides encrypted remote administrative access. In plain language, the engineer wants administrators to keep managing devices remotely, but without exposing credentials or session contents in clear text. SSH solves that by protecting the traffic in transit, which is why it is preferred over older plaintext protocols such as Telnet. This is a core management-plane security principle. The goal is not to remove remote administration, but to perform it safely. The correct answer is the one that aligns with secure remote access rather than convenience at the expense of protection.
What should I do if I get this 200-301 question wrong?
Review sSH provides encrypted remote administrative access, protecting session data and credentials from interception during transit., then practise related 200-301 questions on the same topic to reinforce the concept.
Are there clue words in this question I should notice?
Yes — watch for: "best". Signals that multiple options may be partially correct. Choose the option that most directly solves the exact problem described, not the one that sounds most complete.
What is the key concept behind this question?
SSH provides encrypted remote administrative access, protecting session data and credentials from interception during transit.
About these practice questions
Courseiva creates original exam-style practice questions with explanations and wrong-answer analysis. It does not publish real exam questions, exam dumps, or protected exam content. Learn why practice questions differ from exam dumps →
Last reviewed: May 17, 2026
This 200-301 practice question is part of Courseiva's free Cisco certification practice question bank. Courseiva provides original exam-style practice questions with explanations, topic-based practice, mock exams, readiness tracking, and study analytics to help learners prepare for the 200-301 exam.
Question Discussion
Share a tip, memory trick, or ask about the reasoning behind this question. Do not post real exam questions, leaked content, braindumps, or copyrighted exam material. Comments are moderated and may be removed without notice.
Sign in to join the discussion.