Question 1mediummultiple choice
Full question →mediummultiple choiceObjective-mapped
Which statement best describes why layered controls are preferred for administrative access instead of relying on only one mechanism?
Answer choices
Why each option matters
Good practice is not just finding the correct option. The wrong answers often show the exact trap the exam wants you to fall into.
A
Best answer
Because different controls address different risks, and using them together reduces security gaps.
This is correct because layered controls provide broader protection than any one control alone.
B
Distractor review
Because one control can never work in networking at all.
This is wrong because single controls can help, but they are usually not sufficient by themselves.
C
Distractor review
Because layered access always removes the need for troubleshooting.
This is wrong because layered security does not eliminate operational troubleshooting.
D
Distractor review
Because layered controls convert all dynamic routes into static routes.
This is wrong because access-control layers do not change routing methods.
Common exam trap
Common exam trap: answer the scenario, not the keyword
A frequent exam trap is believing that a single security mechanism, like authentication or encryption, fully secures administrative access. Candidates might select options implying that one control is sufficient or that layered controls eliminate troubleshooting. However, relying on only one mechanism leaves gaps that attackers can exploit. The exam tests understanding that layered controls address different risks and work together to reduce vulnerabilities. Misinterpreting this can lead to incorrect answers that underestimate the need for defense-in-depth in device administration.
Technical deep dive
How to think about this question
Layered controls in administrative access refer to the use of multiple security mechanisms working together to protect network devices. These layers typically include secure transport protocols like SSH to encrypt sessions, authentication methods such as username/password or multifactor authentication to verify user identity, authorization controls to limit user privileges, and logging to track user actions. Each layer addresses a different aspect of security, reducing the chance that a single vulnerability can be exploited. The decision to implement layered controls follows the defense-in-depth principle, which states that relying on a single security mechanism is insufficient because each control has its own limitations. For example, authentication alone does not prevent session hijacking, and encryption alone does not verify user identity. Combining these controls ensures that if one layer fails or is bypassed, others still provide protection, thereby reducing security gaps in administrative access. A common exam trap is to assume that one strong control, such as authentication or encryption, is enough to secure administrative access. In practice, Cisco devices require multiple layers to ensure comprehensive protection. For instance, enabling SSH without proper authorization or logging leaves the network vulnerable to misuse and undetected breaches. Understanding how these layers complement each other helps avoid this mistake and aligns with CCNA’s emphasis on secure device management.
KKey Concepts to Remember
- Layered security controls combine multiple mechanisms to protect different aspects of administrative access, reducing overall security risks.
- Authentication verifies the identity of users attempting to access network devices, forming the first line of defense.
- Secure transport protocols like SSH encrypt administrative sessions to prevent interception and eavesdropping.
- Authorization restricts what authenticated users can do on a device, limiting potential damage from compromised accounts.
- Logging records administrative actions to provide accountability and support forensic analysis after security incidents.
- Relying on a single security control leaves gaps that attackers can exploit, making layered controls essential for defense-in-depth.
- Cisco’s device management best practices recommend combining authentication, encryption, authorization, and logging for secure administrative access.
- Layered controls do not eliminate troubleshooting needs but improve security by addressing multiple attack vectors simultaneously.
TExam Day Tips
- Watch for words such as best, first, most likely and least administrative effort.
- Review why wrong options are wrong, not only why the correct option is correct.
Related practice questions
Related 200-301 practice-question pages
Use these pages to review the topic behind this question. This is how one missed question becomes focused revision.
CCNA subnetting practice questions
Practise IPv4 subnetting, CIDR, masks, host ranges and subnet selection.
CCNA OSPF practice questions
Practise OSPF neighbours, router IDs, metrics, areas and routing-table interpretation.
CCNA VLAN practice questions
Practise VLANs, access ports, trunks, allowed VLANs and switching scenarios.
CCNA STP practice questions
Practise spanning tree, root bridge election, port roles and STP troubleshooting.
CCNA EtherChannel practice questions
Practise LACP, PAgP, port-channel behaviour and bundle requirements.
CCNA ACL practice questions
Practise standard and extended ACLs, permit/deny logic and traffic filtering.
CCNA NAT practice questions
Practise static NAT, dynamic NAT, PAT and inside/outside address translation.
CCNA DHCP practice questions
Practise DHCP scopes, relay, leases and troubleshooting.
CCNA show ip route practice questions
Practise routing-table output, longest-prefix match, AD and route selection.
CCNA show interfaces trunk practice questions
Practise trunk verification and VLAN forwarding across switches.
CCNA wireless security practice questions
Practise WLAN security, authentication and wireless architecture concepts.
CCNA IPv6 practice questions
Practise IPv6 addressing, routes, neighbour discovery and common IPv6 exam traps.
More questions from this exam
Keep practising from the same exam bank, or move into a focused topic page if this question exposed a weak area.
Question 1
A router learns the same prefix from both OSPF and EIGRP. Which route is installed by default?
Question 2
A router shows this output: R1#show ip ospf neighbor Neighbor ID Pri State Dead Time Address Interface 10.1.1.2 1 FULL/DR 00:00:34 192.168.12.2 GigabitEthernet0/0 10.1.1.3 1 2WAY/DROTHER 00:00:39 192.168.12.3 GigabitEthernet0/0 Which statement is correct?
Question 3
What is the OSPF metric called?
Question 4
A non-root switch has two uplinks toward the root bridge. One path has a lower total STP cost than the other. What role will the lower-cost uplink have?
Question 5
A router interface applies this ACL inbound: 10 deny tcp any any eq 80 20 permit ip any any A user reports that web browsing to a server by IP address fails, but ping works. Which statement best explains the behavior?
Question 6
A router learns route 198.51.100.0/24 from OSPF with AD 110 and also has a static route to the same prefix configured with AD 150. Which route is installed?
FAQ
Questions learners often ask
What does this 200-301 question test?
Layered security controls combine multiple mechanisms to protect different aspects of administrative access, reducing overall security risks.
What is the correct answer to this question?
The correct answer is: Because different controls address different risks, and using them together reduces security gaps. — Layered controls are preferred because different mechanisms protect different parts of the administrative-access problem. In practical terms, secure transport protects the session, authentication verifies identity, authorization limits what can be done, and logging provides accountability. Relying on only one of those leaves gaps. This is a defense-in-depth principle applied to device administration.
What should I do if I get this 200-301 question wrong?
Then try more questions from the same exam bank and focus on understanding why the wrong options are tempting.
Discussion
Loading comments…
Sign in to join the discussion.