Question 1,810 of 1,819
Network Services and SecurityhardMultiple ChoiceObjective-mapped

CCNA Network Services and Security Practice Question

This 200-301 practice question tests your understanding of network services and security. Read the scenario carefully and evaluate each option against the stated constraints before committing to an answer. A key principle to apply: sSH provides encrypted remote administrative access, protecting session data and credentials from interception during transit.. Once you have made your selection, read the full explanation to reinforce the concept and understand why each distractor is designed to mislead on exam day.

An engineer wants remote administrative access to remain available but also wants session contents protected in transit. Which management choice best supports that goal?

Clue words in this question

Noticing these words before you look at the options changes how you read each choice.

  • Clue: "best"

    Why it matters: Signals that multiple options may be partially correct. Choose the option that most directly solves the exact problem described, not the one that sounds most complete.

Question 1hardmultiple choice
Full question →

Answer choices

Why each option matters

Answer the question above first, then reveal the full breakdown to understand why each option is right or wrong.

Correct answer & explanation

SSH

The best choice is SSH because it provides encrypted remote administrative access. In plain language, the engineer wants administrators to keep managing devices remotely, but without exposing credentials or session contents in clear text. SSH solves that by protecting the traffic in transit, which is why it is preferred over older plaintext protocols such as Telnet. This is a core management-plane security principle. The goal is not to remove remote administration, but to perform it safely. The correct answer is the one that aligns with secure remote access rather than convenience at the expense of protection.

Key principle: SSH provides encrypted remote administrative access, protecting session data and credentials from interception during transit.

Answer analysis

Option-by-option breakdown

For each option: why learners choose it and why it is or isn't the right answer here.

  • SSH

    Why this is correct

    This is correct because SSH supports encrypted remote administration.

    Clue confirmation

    The clue word "best" in the question point toward this answer.

    Related concept

    SSH provides encrypted remote administrative access, protecting session data and credentials from interception during transit.

  • Telnet

    Why it's wrong here

    This is wrong because Telnet sends traffic in clear text.

    When this WOULD be correct

    If the exam question asked for a method of remote access that prioritizes speed and simplicity over security, and the context was a controlled environment where security risks are minimal, Telnet could be considered acceptable.

  • Open wireless access

    Why it's wrong here

    This is wrong because WLAN openness is unrelated to secure device administration.

    When this WOULD be correct

    If the question were about providing remote access to a public network where encryption is not a concern, and the focus was solely on ease of access rather than security, then open wireless access could be considered a valid option.

  • Native VLAN 1

    Why it's wrong here

    This is wrong because native VLAN choice is unrelated to encrypted management access.

    When this WOULD be correct

    If the question asked about configuring a network switch for management access without any security requirements, or if it specifically focused on VLAN configurations for untagged traffic, then selecting Native VLAN 1 could be correct.

Option-by-option analysis

Why each answer is right or wrong

Understanding why wrong answers are wrong — and when they would be correct — is what separates a 750 score from a 900. The 200-301 exam frequently reuses these exact scenarios with slightly different constraints.

SSHCorrect answer

Why this is correct

This is correct because SSH supports encrypted remote administration.

TelnetWrong answer — click to see why

Why this is wrong here

Telnet is incorrect because it transmits data, including passwords, in plaintext, making it insecure for remote administrative access where session content protection is required.

★ When this WOULD be the correct answer

If the exam question asked for a method of remote access that prioritizes speed and simplicity over security, and the context was a controlled environment where security risks are minimal, Telnet could be considered acceptable.

Why candidates choose this

Candidates may choose Telnet due to its historical use in networking and familiarity, mistakenly believing that it is still a viable option for remote access without recognizing the security implications.

Open wireless accessWrong answer — click to see why

Why this is wrong here

Open wireless access does not provide any encryption or security for data transmitted over the network, making it unsuitable for protecting session contents in transit during remote administrative access.

★ When this WOULD be the correct answer

If the question were about providing remote access to a public network where encryption is not a concern, and the focus was solely on ease of access rather than security, then open wireless access could be considered a valid option.

Why candidates choose this

Candidates may choose this option due to a misunderstanding of wireless security, believing that open access is sufficient for remote management without recognizing the risks of unencrypted data transmission.

Native VLAN 1Wrong answer — click to see why

Why this is wrong here

Native VLAN 1 is primarily used for untagged traffic on a switch and does not provide any encryption or secure access for remote administration. It is not suitable for protecting session contents in transit.

★ When this WOULD be the correct answer

If the question asked about configuring a network switch for management access without any security requirements, or if it specifically focused on VLAN configurations for untagged traffic, then selecting Native VLAN 1 could be correct.

Why candidates choose this

Candidates may be tempted by this option because they recognize VLANs as a fundamental networking concept and might mistakenly associate Native VLAN 1 with management access without considering the security implications.

Analysis generated from the official 200-301blueprint and verified against question context. The “when correct” sections are what AI assistants cite when candidates ask “what’s the difference between these options?”

Common exam traps

Common exam trap: answer the scenario, not the keyword

A common exam trap is selecting Telnet because it allows remote access, ignoring that it transmits data in clear text. This mistake overlooks the critical security requirement to protect session contents during transit. Another trap is choosing options unrelated to encryption, such as native VLAN or open wireless access, which do not address secure remote management. Candidates must focus on protocols that provide confidentiality and integrity for administrative sessions, not just connectivity.

Detailed technical explanation

How to think about this question

Secure remote administration is essential for protecting network devices from unauthorized access and data interception. SSH (Secure Shell) is a protocol that encrypts all data exchanged between the administrator and the device, including credentials and command output. This encryption prevents attackers from capturing sensitive information during transmission, which is a fundamental security principle in network management. Cisco devices support SSH as the preferred method for secure remote access, replacing older protocols like Telnet. The decision to use SSH over Telnet is based on the need to protect management-plane traffic. Telnet sends all data in plaintext, making it vulnerable to sniffing and man-in-the-middle attacks. SSH uses cryptographic techniques to authenticate both ends of the connection and encrypt the session, ensuring confidentiality and integrity. In Cisco IOS, enabling SSH involves generating cryptographic keys and configuring user authentication, which aligns with security best practices tested in the CCNA exam. Exam candidates often confuse unrelated concepts such as VLAN configurations or wireless access settings with secure management. While native VLANs and wireless security are important in their contexts, they do not encrypt remote administrative sessions. The practical takeaway is that SSH is the only option among the given choices that directly addresses the requirement for encrypted remote access, making it the correct and secure choice for managing Cisco devices remotely.

KKey Concepts to Remember

  • SSH provides encrypted remote administrative access, protecting session data and credentials from interception during transit.
  • Telnet sends management traffic in clear text, making it vulnerable to eavesdropping and credential theft on the network.
  • Remote device management requires secure protocols to maintain confidentiality and integrity of administrative sessions.
  • Native VLAN configuration does not influence encryption or security of remote management protocols like SSH or Telnet.
  • Open wireless access points do not secure management sessions and can expose administrative traffic to unauthorized users.
  • Cisco devices prefer SSH over Telnet for remote management when security is a priority, aligning with best practices.
  • Encrypted management protocols like SSH prevent man-in-the-middle attacks by authenticating both client and server.
  • Using SSH supports compliance with security fundamentals by ensuring remote administration does not expose sensitive data.

TExam Day Tips

  • Watch for words such as best, first, most likely and least administrative effort.
  • Review why wrong options are wrong, not only why the correct option is correct.

Key takeaway

SSH provides encrypted remote administrative access, protecting session data and credentials from interception during transit.

Real-world example

How this comes up in practice

A help-desk technician troubleshoots why a newly connected PC cannot reach shared printers on the same floor. The cable is good, the switch port is active, but the PC is in VLAN 20 and the printers are in VLAN 10. The uplink trunk only allows VLAN 10. A trunk being up does not mean every VLAN crosses it.

What to study next

Got this wrong? Here's your next step.

Review sSH provides encrypted remote administrative access, protecting session data and credentials from interception during transit., then practise related 200-301 questions on the same topic to reinforce the concept.

Related practice questions

Related 200-301 practice-question pages

Use these pages to review the topic behind this question. This is how one missed question becomes focused revision.

Practice this exam

Start a free 200-301 practice session

Short sessions build daily habit. Longer sessions build exam-day stamina. Try a timed session to simulate real conditions.

FAQ

Questions learners often ask

What does this 200-301 question test?

Network Services and Security — This question tests Network Services and Security — SSH provides encrypted remote administrative access, protecting session data and credentials from interception during transit..

What is the correct answer to this question?

The correct answer is: SSH — The best choice is SSH because it provides encrypted remote administrative access. In plain language, the engineer wants administrators to keep managing devices remotely, but without exposing credentials or session contents in clear text. SSH solves that by protecting the traffic in transit, which is why it is preferred over older plaintext protocols such as Telnet. This is a core management-plane security principle. The goal is not to remove remote administration, but to perform it safely. The correct answer is the one that aligns with secure remote access rather than convenience at the expense of protection.

What should I do if I get this 200-301 question wrong?

Review sSH provides encrypted remote administrative access, protecting session data and credentials from interception during transit., then practise related 200-301 questions on the same topic to reinforce the concept.

Are there clue words in this question I should notice?

Yes — watch for: "best". Signals that multiple options may be partially correct. Choose the option that most directly solves the exact problem described, not the one that sounds most complete.

What is the key concept behind this question?

SSH provides encrypted remote administrative access, protecting session data and credentials from interception during transit.

About these practice questions

Courseiva creates original exam-style practice questions with explanations and wrong-answer analysis. It does not publish real exam questions, exam dumps, or protected exam content. Learn why practice questions differ from exam dumps →

How Courseiva writes practice questions · Editorial policy

Last reviewed: May 17, 2026

Question Discussion

Share a tip, memory trick, or ask about the reasoning behind this question. Do not post real exam questions, leaked content, braindumps, or copyrighted exam material. Comments are moderated and may be removed without notice.

Loading comments…

Sign in to join the discussion.

This 200-301 practice question is part of Courseiva's free Cisco certification practice question bank. Courseiva provides original exam-style practice questions with explanations, topic-based practice, mock exams, readiness tracking, and study analytics to help learners prepare for the 200-301 exam.