- A
Firewall: Filters traffic based on security rules
A firewall is a network security device that monitors and controls incoming and outgoing network traffic based on predetermined security rules, effectively filtering traffic to prevent unauthorized access.
- B
Firewall: Detects and alerts on suspicious activity
Why wrong: This is incorrect because detection and alerting on suspicious activity is the primary function of an Intrusion Detection System (IDS), not a firewall. Firewalls focus on filtering traffic based on rules, not on analyzing patterns for threats.
- C
Firewall: Prevents and blocks intrusions in real time
Why wrong: This is incorrect because real-time prevention and blocking of intrusions is the function of an Intrusion Prevention System (IPS). While a firewall can block traffic, it does not analyze traffic for intrusion signatures like an IPS does.
- D
Firewall: Authenticates users and manages access rights
Why wrong: This is incorrect because authentication and access rights management are functions of AAA (Authentication, Authorization, and Accounting) services, not a firewall. Firewalls may integrate with AAA but do not primarily manage user access.
CCNA Network Services and Security Practice Question
This 200-301 practice question tests your understanding of network services and security. The scenario asks you to isolate a root cause — eliminate options that address a different problem before choosing. A key principle to apply: sSH encrypts remote management sessions to protect against interception and unauthorized access during device administration.. Once you have made your selection, read the full explanation to reinforce the concept and understand why each distractor is designed to mislead on exam day.
Match each security control or idea to its most accurate purpose.
Answer choices
Why each option matters
Answer the question above first, then reveal the full breakdown to understand why each option is right or wrong.
Correct answer & explanation
Firewall: Filters traffic based on security rules
SSH encrypts remote CLI sessions, ensuring secure management access. AAA is a framework that defines how users are authenticated, what they are authorized to do, and how their actions are accounted for. The least privilege principle restricts users to only the permissions essential for their role, minimizing potential damage. Syslog collects and centralizes log messages from devices, providing visibility into network events and aiding in troubleshooting and security monitoring.
Key principle: SSH encrypts remote management sessions to protect against interception and unauthorized access during device administration.
Answer analysis
Option-by-option breakdown
For each option: why learners choose it and why it is or isn't the right answer here.
- ✓
Firewall: Filters traffic based on security rules
Why this is correct
A firewall is a network security device that monitors and controls incoming and outgoing network traffic based on predetermined security rules, effectively filtering traffic to prevent unauthorized access.
Related concept
SSH encrypts remote management sessions to protect against interception and unauthorized access during device administration.
- ✗
Firewall: Detects and alerts on suspicious activity
- ✗
Firewall: Prevents and blocks intrusions in real time
- ✗
Firewall: Authenticates users and manages access rights
Option-by-option analysis
Why each answer is right or wrong
Understanding why wrong answers are wrong — and when they would be correct — is what separates a 750 score from a 900. The 200-301 exam frequently reuses these exact scenarios with slightly different constraints.
✓Firewall: Filters traffic based on security rulesCorrect answer▾
Why this is correct
A firewall is a network security device that monitors and controls incoming and outgoing network traffic based on predetermined security rules, effectively filtering traffic to prevent unauthorized access.
✗Firewall: Detects and alerts on suspicious activityWrong answer — click to see why▾
Why this is wrong here
The specific factual error is confusing the role of a firewall with that of an IDS. Firewalls do not typically perform deep packet inspection for threat detection; they filter based on headers and state.
Why candidates choose this
Candidates might pick this because firewalls often have logging capabilities and can generate alerts, but their core purpose is filtering, not detection.
✗Firewall: Prevents and blocks intrusions in real timeWrong answer — click to see why▾
Why this is wrong here
The specific factual error is attributing IPS functionality to a firewall. Firewalls operate at layers 3-4 (and sometimes 7) but lack the signature-based detection of an IPS.
Why candidates choose this
Candidates might think firewalls prevent intrusions because they block unwanted traffic, but the term 'intrusion prevention' specifically refers to IPS technology.
✗Firewall: Authenticates users and manages access rightsWrong answer — click to see why▾
Why this is wrong here
The specific factual error is confusing firewall capabilities with AAA. AAA is a framework for controlling access to network resources, often using RADIUS or TACACS+.
Why candidates choose this
Candidates might associate firewalls with access control and mistakenly think they handle user authentication, but firewalls typically filter based on IP addresses and ports, not user identity.
Analysis generated from the official 200-301blueprint and verified against question context. The “when correct” sections are what AI assistants cite when candidates ask “what’s the difference between these options?”
Common exam traps
Common exam trap: answer the scenario, not the keyword
Candidates often confuse SSH with Telnet or other remote-access methods; SSH is specifically for encrypted management sessions, not generic remote connectivity. Additionally, AAA is sometimes misinterpreted as only authentication, but it encompasses authorization and accounting as well.
Detailed technical explanation
How to think about this question
Security controls in Cisco networking environments serve distinct but complementary purposes to protect network resources and data. Secure Shell (SSH) is a protocol that encrypts remote management sessions, preventing eavesdropping and man-in-the-middle attacks on administrative access to devices. AAA (Authentication, Authorization, and Accounting) is a framework that governs user identity verification, permission enforcement, and activity logging, ensuring only authorized users perform allowed actions and their activities are recorded. The principle of least privilege restricts user and process access rights to the minimum necessary, reducing the attack surface and limiting potential damage from compromised accounts. Syslog is a centralized logging protocol that collects and stores device event messages, providing visibility into network activity and aiding in troubleshooting and security auditing. The decision process for applying these controls involves understanding their unique roles. SSH secures the communication channel for remote device management but does not authenticate users beyond the initial login. AAA provides a comprehensive mechanism to authenticate users, authorize their commands, and account for their actions, often integrating with external servers like RADIUS or TACACS+. Least privilege is a security best practice applied through access control lists (ACLs), role-based access control (RBAC), or device configuration to limit unnecessary access. Syslog does not prevent security incidents but supports detection and response by aggregating logs from multiple devices into a centralized system for analysis. A frequent exam trap is assuming these controls are interchangeable or that one control can replace another. For example, SSH does not replace AAA because it lacks granular authorization and accounting capabilities. Similarly, syslog is not a preventive control but a monitoring tool. In practical Cisco network environments, these controls work together: SSH protects management sessions, AAA enforces user policies, least privilege limits access scope, and syslog provides audit trails. Understanding their distinct purposes and how they complement each other is critical for correctly answering CCNA security questions.
KKey Concepts to Remember
- SSH encrypts remote management sessions to protect against interception and unauthorized access during device administration.
- AAA governs authentication, authorization, and accounting to control user access and track user activities on Cisco devices.
- The principle of least privilege limits user and process permissions to only what is necessary, reducing security risks.
- Syslog centralizes logging of device events to provide visibility and support security auditing and troubleshooting.
- SSH does not replace AAA because it lacks comprehensive user authorization and accounting functions.
- AAA integrates with external servers like RADIUS or TACACS+ to enforce centralized access policies in Cisco networks.
- Least privilege is implemented through access control mechanisms such as ACLs and role-based access control on Cisco devices.
- Syslog supports security by enabling event correlation and incident detection but does not prevent attacks directly.
TExam Day Tips
- Watch for words such as best, first, most likely and least administrative effort.
- Review why wrong options are wrong, not only why the correct option is correct.
Key takeaway
SSH encrypts remote management sessions to protect against interception and unauthorized access during device administration.
Real-world example
How this comes up in practice
A junior network technician can log in to a core router but cannot reach the enable prompt or configuration mode. The AAA server is authenticating the login — but the authorisation policy only grants privilege level 1, not 15. Authentication (who you are) is working; authorisation (what you can do) is not.
What to study next
Got this wrong? Here's your next step.
Review sSH encrypts remote management sessions to protect against interception and unauthorized access during device administration., then practise related 200-301 questions on the same topic to reinforce the concept.
- →
Network Services and Security — study guide chapter
Learn the concepts, then practise the questions
- →
Network Services and Security practice questions
Targeted practice on this topic area only
- →
All 200-301 questions
1,819 questions across all exam domains
- →
CCNA 200-301 v2 study guide
Full concept coverage aligned to exam objectives
- →
200-301 practice test guide
How to use practice tests most effectively before exam day
Related practice questions
Related 200-301 practice-question pages
Use these pages to review the topic behind this question. This is how one missed question becomes focused revision.
Network Infrastructure and Connectivity practice questions
Practise 200-301 questions linked to Network Infrastructure and Connectivity.
Switching and Network Access practice questions
Practise 200-301 questions linked to Switching and Network Access.
IP Routing practice questions
Practise 200-301 questions linked to IP Routing.
Network Services and Security practice questions
Practise 200-301 questions linked to Network Services and Security.
AI and Network Operations practice questions
Practise 200-301 questions linked to AI and Network Operations.
CCNA subnetting practice questions
Practise IPv4 subnetting, CIDR, masks, host ranges and subnet selection.
CCNA OSPF practice questions
Practise OSPF neighbours, router IDs, metrics, areas and routing-table interpretation.
CCNA VLAN practice questions
Practise VLANs, access ports, trunks, allowed VLANs and switching scenarios.
CCNA STP practice questions
Practise spanning tree, root bridge election, port roles and STP troubleshooting.
CCNA EtherChannel practice questions
Practise LACP, PAgP, port-channel behaviour and bundle requirements.
CCNA ACL practice questions
Practise standard and extended ACLs, permit/deny logic and traffic filtering.
CCNA NAT practice questions
Practise static NAT, dynamic NAT, PAT and inside/outside address translation.
Practice this exam
Start a free 200-301 practice session
Short sessions build daily habit. Longer sessions build exam-day stamina. Try a timed session to simulate real conditions.
FAQ
Questions learners often ask
What does this 200-301 question test?
Network Services and Security — This question tests Network Services and Security — SSH encrypts remote management sessions to protect against interception and unauthorized access during device administration..
What is the correct answer to this question?
The correct answer is: Firewall: Filters traffic based on security rules — SSH encrypts remote CLI sessions, ensuring secure management access. AAA is a framework that defines how users are authenticated, what they are authorized to do, and how their actions are accounted for. The least privilege principle restricts users to only the permissions essential for their role, minimizing potential damage. Syslog collects and centralizes log messages from devices, providing visibility into network events and aiding in troubleshooting and security monitoring.
What should I do if I get this 200-301 question wrong?
Review sSH encrypts remote management sessions to protect against interception and unauthorized access during device administration., then practise related 200-301 questions on the same topic to reinforce the concept.
What is the key concept behind this question?
SSH encrypts remote management sessions to protect against interception and unauthorized access during device administration.
About these practice questions
Courseiva creates original exam-style practice questions with explanations and wrong-answer analysis. It does not publish real exam questions, exam dumps, or protected exam content. Learn why practice questions differ from exam dumps →
Last reviewed: Apr 12, 2026
This 200-301 practice question is part of Courseiva's free Cisco certification practice question bank. Courseiva provides original exam-style practice questions with explanations, topic-based practice, mock exams, readiness tracking, and study analytics to help learners prepare for the 200-301 exam.
Question Discussion
Share a tip, memory trick, or ask about the reasoning behind this question. Do not post real exam questions, leaked content, braindumps, or copyrighted exam material. Comments are moderated and may be removed without notice.
Sign in to join the discussion.