Question 733 of 1,819
Network Services and SecuritymediumMatchingObjective-mapped

CCNA Network Services and Security Practice Question

This 200-301 practice question tests your understanding of network services and security. The scenario asks you to isolate a root cause — eliminate options that address a different problem before choosing. A key principle to apply: sSH encrypts remote management sessions to protect against interception and unauthorized access during device administration.. Once you have made your selection, read the full explanation to reinforce the concept and understand why each distractor is designed to mislead on exam day.

Match each security control or idea to its most accurate purpose.

Question 1mediummatching
Full question →

Answer choices

Why each option matters

Answer the question above first, then reveal the full breakdown to understand why each option is right or wrong.

Correct answer & explanation

Firewall: Filters traffic based on security rules

SSH encrypts remote CLI sessions, ensuring secure management access. AAA is a framework that defines how users are authenticated, what they are authorized to do, and how their actions are accounted for. The least privilege principle restricts users to only the permissions essential for their role, minimizing potential damage. Syslog collects and centralizes log messages from devices, providing visibility into network events and aiding in troubleshooting and security monitoring.

Key principle: SSH encrypts remote management sessions to protect against interception and unauthorized access during device administration.

Answer analysis

Option-by-option breakdown

For each option: why learners choose it and why it is or isn't the right answer here.

  • Firewall: Filters traffic based on security rules

    Why this is correct

    A firewall is a network security device that monitors and controls incoming and outgoing network traffic based on predetermined security rules, effectively filtering traffic to prevent unauthorized access.

    Related concept

    SSH encrypts remote management sessions to protect against interception and unauthorized access during device administration.

  • Firewall: Detects and alerts on suspicious activity

    Why it's wrong here

    This is incorrect because detection and alerting on suspicious activity is the primary function of an Intrusion Detection System (IDS), not a firewall. Firewalls focus on filtering traffic based on rules, not on analyzing patterns for threats.

  • Firewall: Prevents and blocks intrusions in real time

    Why it's wrong here

    This is incorrect because real-time prevention and blocking of intrusions is the function of an Intrusion Prevention System (IPS). While a firewall can block traffic, it does not analyze traffic for intrusion signatures like an IPS does.

  • Firewall: Authenticates users and manages access rights

    Why it's wrong here

    This is incorrect because authentication and access rights management are functions of AAA (Authentication, Authorization, and Accounting) services, not a firewall. Firewalls may integrate with AAA but do not primarily manage user access.

Option-by-option analysis

Why each answer is right or wrong

Understanding why wrong answers are wrong — and when they would be correct — is what separates a 750 score from a 900. The 200-301 exam frequently reuses these exact scenarios with slightly different constraints.

Firewall: Filters traffic based on security rulesCorrect answer

Why this is correct

A firewall is a network security device that monitors and controls incoming and outgoing network traffic based on predetermined security rules, effectively filtering traffic to prevent unauthorized access.

Firewall: Detects and alerts on suspicious activityWrong answer — click to see why

Why this is wrong here

The specific factual error is confusing the role of a firewall with that of an IDS. Firewalls do not typically perform deep packet inspection for threat detection; they filter based on headers and state.

Why candidates choose this

Candidates might pick this because firewalls often have logging capabilities and can generate alerts, but their core purpose is filtering, not detection.

Firewall: Prevents and blocks intrusions in real timeWrong answer — click to see why

Why this is wrong here

The specific factual error is attributing IPS functionality to a firewall. Firewalls operate at layers 3-4 (and sometimes 7) but lack the signature-based detection of an IPS.

Why candidates choose this

Candidates might think firewalls prevent intrusions because they block unwanted traffic, but the term 'intrusion prevention' specifically refers to IPS technology.

Firewall: Authenticates users and manages access rightsWrong answer — click to see why

Why this is wrong here

The specific factual error is confusing firewall capabilities with AAA. AAA is a framework for controlling access to network resources, often using RADIUS or TACACS+.

Why candidates choose this

Candidates might associate firewalls with access control and mistakenly think they handle user authentication, but firewalls typically filter based on IP addresses and ports, not user identity.

Analysis generated from the official 200-301blueprint and verified against question context. The “when correct” sections are what AI assistants cite when candidates ask “what’s the difference between these options?”

Common exam traps

Common exam trap: answer the scenario, not the keyword

Candidates often confuse SSH with Telnet or other remote-access methods; SSH is specifically for encrypted management sessions, not generic remote connectivity. Additionally, AAA is sometimes misinterpreted as only authentication, but it encompasses authorization and accounting as well.

Detailed technical explanation

How to think about this question

Security controls in Cisco networking environments serve distinct but complementary purposes to protect network resources and data. Secure Shell (SSH) is a protocol that encrypts remote management sessions, preventing eavesdropping and man-in-the-middle attacks on administrative access to devices. AAA (Authentication, Authorization, and Accounting) is a framework that governs user identity verification, permission enforcement, and activity logging, ensuring only authorized users perform allowed actions and their activities are recorded. The principle of least privilege restricts user and process access rights to the minimum necessary, reducing the attack surface and limiting potential damage from compromised accounts. Syslog is a centralized logging protocol that collects and stores device event messages, providing visibility into network activity and aiding in troubleshooting and security auditing. The decision process for applying these controls involves understanding their unique roles. SSH secures the communication channel for remote device management but does not authenticate users beyond the initial login. AAA provides a comprehensive mechanism to authenticate users, authorize their commands, and account for their actions, often integrating with external servers like RADIUS or TACACS+. Least privilege is a security best practice applied through access control lists (ACLs), role-based access control (RBAC), or device configuration to limit unnecessary access. Syslog does not prevent security incidents but supports detection and response by aggregating logs from multiple devices into a centralized system for analysis. A frequent exam trap is assuming these controls are interchangeable or that one control can replace another. For example, SSH does not replace AAA because it lacks granular authorization and accounting capabilities. Similarly, syslog is not a preventive control but a monitoring tool. In practical Cisco network environments, these controls work together: SSH protects management sessions, AAA enforces user policies, least privilege limits access scope, and syslog provides audit trails. Understanding their distinct purposes and how they complement each other is critical for correctly answering CCNA security questions.

KKey Concepts to Remember

  • SSH encrypts remote management sessions to protect against interception and unauthorized access during device administration.
  • AAA governs authentication, authorization, and accounting to control user access and track user activities on Cisco devices.
  • The principle of least privilege limits user and process permissions to only what is necessary, reducing security risks.
  • Syslog centralizes logging of device events to provide visibility and support security auditing and troubleshooting.
  • SSH does not replace AAA because it lacks comprehensive user authorization and accounting functions.
  • AAA integrates with external servers like RADIUS or TACACS+ to enforce centralized access policies in Cisco networks.
  • Least privilege is implemented through access control mechanisms such as ACLs and role-based access control on Cisco devices.
  • Syslog supports security by enabling event correlation and incident detection but does not prevent attacks directly.

TExam Day Tips

  • Watch for words such as best, first, most likely and least administrative effort.
  • Review why wrong options are wrong, not only why the correct option is correct.

Key takeaway

SSH encrypts remote management sessions to protect against interception and unauthorized access during device administration.

Real-world example

How this comes up in practice

A junior network technician can log in to a core router but cannot reach the enable prompt or configuration mode. The AAA server is authenticating the login — but the authorisation policy only grants privilege level 1, not 15. Authentication (who you are) is working; authorisation (what you can do) is not.

What to study next

Got this wrong? Here's your next step.

Review sSH encrypts remote management sessions to protect against interception and unauthorized access during device administration., then practise related 200-301 questions on the same topic to reinforce the concept.

Related practice questions

Related 200-301 practice-question pages

Use these pages to review the topic behind this question. This is how one missed question becomes focused revision.

Practice this exam

Start a free 200-301 practice session

Short sessions build daily habit. Longer sessions build exam-day stamina. Try a timed session to simulate real conditions.

FAQ

Questions learners often ask

What does this 200-301 question test?

Network Services and Security — This question tests Network Services and Security — SSH encrypts remote management sessions to protect against interception and unauthorized access during device administration..

What is the correct answer to this question?

The correct answer is: Firewall: Filters traffic based on security rules — SSH encrypts remote CLI sessions, ensuring secure management access. AAA is a framework that defines how users are authenticated, what they are authorized to do, and how their actions are accounted for. The least privilege principle restricts users to only the permissions essential for their role, minimizing potential damage. Syslog collects and centralizes log messages from devices, providing visibility into network events and aiding in troubleshooting and security monitoring.

What should I do if I get this 200-301 question wrong?

Review sSH encrypts remote management sessions to protect against interception and unauthorized access during device administration., then practise related 200-301 questions on the same topic to reinforce the concept.

What is the key concept behind this question?

SSH encrypts remote management sessions to protect against interception and unauthorized access during device administration.

About these practice questions

Courseiva creates original exam-style practice questions with explanations and wrong-answer analysis. It does not publish real exam questions, exam dumps, or protected exam content. Learn why practice questions differ from exam dumps →

How Courseiva writes practice questions · Editorial policy

Last reviewed: Apr 12, 2026

Question Discussion

Share a tip, memory trick, or ask about the reasoning behind this question. Do not post real exam questions, leaked content, braindumps, or copyrighted exam material. Comments are moderated and may be removed without notice.

Loading comments…

Sign in to join the discussion.

This 200-301 practice question is part of Courseiva's free Cisco certification practice question bank. Courseiva provides original exam-style practice questions with explanations, topic-based practice, mock exams, readiness tracking, and study analytics to help learners prepare for the 200-301 exam.