Question 1,136 of 1,819
Network Services and SecuritymediumMultiple SelectObjective-mapped

Quick Answer

The answer is that logging improves visibility and accountability for what happened during administrative access, while source restriction limits where that access can originate. These two controls are often paired because they address complementary security layers: source restriction reduces the attack surface by blocking unauthorized IP ranges or networks, while logging captures who accessed the device, what commands were executed, and when changes occurred. On the CCNA 200-301 v2 exam, this layered-security concept tests your understanding that no single control is sufficient—source restriction alone cannot reveal insider misuse or misconfigurations, and logging alone cannot prevent an attack from a trusted source. A common trap is choosing options that describe overlapping functions, such as both controls preventing unauthorized access. Instead, remember the memory tip: “Restrict the door, log the room”—source restriction controls the entry point, and logging records the activity inside.

CCNA Network Services and Security Practice Question

This 200-301 practice question tests your understanding of network services and security. Examine the command output carefully: the correct answer depends on what the output actually shows, not on general recall alone. A key principle to apply: source restriction limits administrative access by permitting management sessions only from predefined IP address ranges or subnets, reducing exposure to unauthorized hosts.. Once you have made your selection, read the full explanation to reinforce the concept and understand why each distractor is designed to mislead on exam day.

Which two statements accurately describe why source restriction and logging are often used together for administrative access?

Question 1mediummulti select
Full question →

Answer choices

Why each option matters

Answer the question above first, then reveal the full breakdown to understand why each option is right or wrong.

Correct answer & explanation

Source restriction narrows the allowed origin space for administrative sessions.

Source restriction and logging are often used together because they help answer two different security questions. In practical terms, source restriction limits where administrative sessions may originate, while logging helps show what happened once access was attempted or granted. This combination improves both exposure reduction and post-event visibility. This is a strong layered-security reasoning item because it focuses on complementary controls rather than one-control thinking.

Key principle: Source restriction limits administrative access by permitting management sessions only from predefined IP address ranges or subnets, reducing exposure to unauthorized hosts.

Answer analysis

Option-by-option breakdown

For each option: why learners choose it and why it is or isn't the right answer here.

  • Source restriction narrows the allowed origin space for administrative sessions.

    Why this is correct

    This is correct because source filtering reduces where management traffic is permitted from.

    Related concept

    Source restriction limits administrative access by permitting management sessions only from predefined IP address ranges or subnets, reducing exposure to unauthorized hosts.

  • Logging improves visibility and accountability for what happened during administrative access.

    Why this is correct

    This is correct because logs support review and investigation after the fact.

    Related concept

    Source restriction limits administrative access by permitting management sessions only from predefined IP address ranges or subnets, reducing exposure to unauthorized hosts.

  • Logging removes the need for authentication.

    Why it's wrong here

    This is wrong because visibility does not replace identity verification.

    When this WOULD be correct

    In a scenario where the question asks about the role of logging in a system that uses a single sign-on (SSO) mechanism, one might argue that logging can reduce the need for repeated authentication prompts, thereby streamlining user access while still maintaining a record of actions.

  • Source restriction works only when Syslog is disabled.

    Why it's wrong here

    This is wrong because these controls do not conflict in that way.

    When this WOULD be correct

    In a different question context focused on Syslog configurations, if the question asked about the limitations of source restriction in environments where Syslog is disabled, option D could be correct, indicating that source restriction would not function properly without logging enabled.

  • Both controls exist only for guest wireless networks.

    Why it's wrong here

    This is wrong because they are broad management-plane security measures.

    When this WOULD be correct

    In a different exam scenario focusing on security measures specifically for guest wireless networks, a question might ask about controls that are particularly relevant to that context. If the question specified that logging and source restriction are primarily implemented for guest networks, then option E could be correct.

Option-by-option analysis

Why each answer is right or wrong

Understanding why wrong answers are wrong — and when they would be correct — is what separates a 750 score from a 900. The 200-301 exam frequently reuses these exact scenarios with slightly different constraints.

Source restriction narrows the allowed origin space for administrative sessions.Correct answer

Why this is correct

This is correct because source filtering reduces where management traffic is permitted from.

Logging removes the need for authentication.Wrong answer — click to see why

Why this is wrong here

This option is incorrect because logging does not eliminate the need for authentication; both are essential security measures that serve different purposes in access control. Authentication verifies user identity, while logging tracks actions taken during a session.

★ When this WOULD be the correct answer

In a scenario where the question asks about the role of logging in a system that uses a single sign-on (SSO) mechanism, one might argue that logging can reduce the need for repeated authentication prompts, thereby streamlining user access while still maintaining a record of actions.

Why candidates choose this

Candidates may choose this option due to a misunderstanding of how logging and authentication interact, mistakenly believing that robust logging can substitute for the need to authenticate users before granting access.

Source restriction works only when Syslog is disabled.Wrong answer — click to see why

Why this is wrong here

This option is incorrect because source restriction can be implemented regardless of whether Syslog is enabled or disabled; it functions independently of logging mechanisms.

★ When this WOULD be the correct answer

In a different question context focused on Syslog configurations, if the question asked about the limitations of source restriction in environments where Syslog is disabled, option D could be correct, indicating that source restriction would not function properly without logging enabled.

Why candidates choose this

Candidates may find this option tempting due to a misunderstanding of how logging and source restriction interact, leading them to believe that logging is a prerequisite for source restriction to function effectively.

Both controls exist only for guest wireless networks.Wrong answer — click to see why

Why this is wrong here

This option is incorrect because source restriction and logging are not limited to guest wireless networks; they are applicable across various network environments to enhance security and monitoring for all types of administrative access.

★ When this WOULD be the correct answer

In a different exam scenario focusing on security measures specifically for guest wireless networks, a question might ask about controls that are particularly relevant to that context. If the question specified that logging and source restriction are primarily implemented for guest networks, then option E could be correct.

Why candidates choose this

Candidates may choose this option due to a misunderstanding that associates logging and source restriction primarily with guest networks, possibly because they recall seeing these controls implemented in such environments during practical experiences or training.

Analysis generated from the official 200-301blueprint and verified against question context. The “when correct” sections are what AI assistants cite when candidates ask “what’s the difference between these options?”

Common exam traps

Common exam trap: answer the scenario, not the keyword

A frequent exam trap is to believe that logging can replace source restriction or that source restriction only works if logging is disabled. Candidates may incorrectly think that visibility through logs is enough to secure administrative access, ignoring the importance of limiting where management sessions can originate. Another mistake is to assume these controls are only relevant for guest wireless networks, which is false because they apply broadly to all management-plane security. Understanding that source restriction and logging serve distinct but complementary roles is critical to avoid this trap.

Detailed technical explanation

How to think about this question

Source restriction and logging are fundamental components of securing administrative access to Cisco network devices. Source restriction works by limiting the IP addresses or subnets from which management protocols like SSH, Telnet, or HTTP(S) can initiate sessions. This is typically enforced using access control lists (ACLs) applied to the management plane or interface level. By narrowing the allowed origin space, source restriction reduces the attack surface and prevents unauthorized hosts from even attempting to connect to the device's administrative services. Logging complements source restriction by capturing detailed records of administrative access attempts and activities. Cisco devices use Syslog or local logging buffers to record events such as successful or failed login attempts, command executions, and session terminations. This logging provides visibility and accountability, enabling network administrators to audit access, detect suspicious behavior, and perform forensic investigations after security incidents. Together, these controls form a layered defense that both prevents unauthorized access and supports incident response. A common exam trap is to assume that logging alone is sufficient for administrative security or that source restriction conflicts with logging. In reality, logging does not replace authentication or access filtering, and source restriction does not depend on logging being disabled. Both controls operate independently but synergistically. Practically, source restriction blocks unauthorized sources upfront, while logging ensures that all access attempts, whether allowed or denied, are recorded for review. This layered approach aligns with Cisco best practices for management-plane security in the CCNA context.

KKey Concepts to Remember

  • Source restriction limits administrative access by permitting management sessions only from predefined IP address ranges or subnets, reducing exposure to unauthorized hosts.
  • Logging records detailed information about administrative access attempts, including source IP, time, and commands executed, which supports auditing and forensic analysis.
  • Combining source restriction with logging enhances security by both preventing unauthorized access and providing accountability for permitted sessions.
  • Source restriction is implemented using access control lists (ACLs) or management plane protection features on Cisco devices to filter incoming administrative traffic.
  • Logging mechanisms such as Syslog or local buffer logs capture events related to administrative access, enabling network administrators to monitor and investigate incidents.
  • Source restriction does not replace authentication; it only narrows the origin of access, while authentication verifies user identity.
  • Logging does not eliminate the need for source restriction because visibility alone cannot prevent unauthorized access attempts.
  • Effective administrative access security requires layered controls, where source restriction reduces attack surface and logging provides post-event visibility.

TExam Day Tips

  • Watch for words such as best, first, most likely and least administrative effort.
  • Review why wrong options are wrong, not only why the correct option is correct.

Key takeaway

Source restriction limits administrative access by permitting management sessions only from predefined IP address ranges or subnets, reducing exposure to unauthorized hosts.

Real-world example

How this comes up in practice

A small business has 20 workstations on the 192.168.1.0/24 network and one public IP from its ISP. The router uses PAT (NAT overload) so all 20 devices share one public address using different source ports. NAT questions test whether you understand the four address terms and which direction each translation applies.

What to study next

Got this wrong? Here's your next step.

Review source restriction limits administrative access by permitting management sessions only from predefined IP address ranges or subnets, reducing exposure to unauthorized hosts., then practise related 200-301 questions on the same topic to reinforce the concept.

Related practice questions

Related 200-301 practice-question pages

Use these pages to review the topic behind this question. This is how one missed question becomes focused revision.

Practice this exam

Start a free 200-301 practice session

Short sessions build daily habit. Longer sessions build exam-day stamina. Try a timed session to simulate real conditions.

FAQ

Questions learners often ask

What does this 200-301 question test?

Network Services and Security — This question tests Network Services and Security — Source restriction limits administrative access by permitting management sessions only from predefined IP address ranges or subnets, reducing exposure to unauthorized hosts..

What is the correct answer to this question?

The correct answer is: Source restriction narrows the allowed origin space for administrative sessions. — Source restriction and logging are often used together because they help answer two different security questions. In practical terms, source restriction limits where administrative sessions may originate, while logging helps show what happened once access was attempted or granted. This combination improves both exposure reduction and post-event visibility. This is a strong layered-security reasoning item because it focuses on complementary controls rather than one-control thinking.

What should I do if I get this 200-301 question wrong?

Review source restriction limits administrative access by permitting management sessions only from predefined IP address ranges or subnets, reducing exposure to unauthorized hosts., then practise related 200-301 questions on the same topic to reinforce the concept.

What is the key concept behind this question?

Source restriction limits administrative access by permitting management sessions only from predefined IP address ranges or subnets, reducing exposure to unauthorized hosts.

About these practice questions

Courseiva creates original exam-style practice questions with explanations and wrong-answer analysis. It does not publish real exam questions, exam dumps, or protected exam content. Learn why practice questions differ from exam dumps →

How Courseiva writes practice questions · Editorial policy

Keep practising

More 200-301 practice questions

Last reviewed: May 17, 2026

Question Discussion

Share a tip, memory trick, or ask about the reasoning behind this question. Do not post real exam questions, leaked content, braindumps, or copyrighted exam material. Comments are moderated and may be removed without notice.

Loading comments…

Sign in to join the discussion.

This 200-301 practice question is part of Courseiva's free Cisco certification practice question bank. Courseiva provides original exam-style practice questions with explanations, topic-based practice, mock exams, readiness tracking, and study analytics to help learners prepare for the 200-301 exam.