Courseiva
200-301
Full test
easymultiple choiceObjective-mapped

Why is Telnet generally discouraged for network device administration?

Question 1easymultiple choice
Full question →

Why is Telnet generally discouraged for network device administration?

Full question →

Answer choices

Why each option matters

Good practice is not just finding the correct option. The wrong answers often show the exact trap the exam wants you to fall into.

A

Distractor review

It cannot cross routed networks

Telnet can cross routed networks if connectivity exists.

B

Best answer

It sends credentials and commands in clear text

Correct. Lack of encryption is the key weakness.

C

Distractor review

It supports only local usernames

That is not the core security issue.

D

Distractor review

It works only from the console port

Telnet is a remote protocol, not a console-only method.

Common exam trap

Common exam trap: answer the scenario, not the keyword

A frequent exam trap is assuming Telnet is discouraged because it cannot cross routed networks or only supports local usernames. Candidates might mistakenly focus on connectivity or user database limitations rather than the core security flaw. Telnet can indeed operate over routed networks and supports various authentication methods, but the real problem is that it transmits credentials and commands in clear text. This lack of encryption exposes sensitive information to interception, which is why Telnet is generally discouraged for network device administration in favor of secure protocols like SSH.

Technical deep dive

How to think about this question

Telnet is a legacy network protocol used for remote device management that transmits data, including usernames and passwords, in clear text without encryption. This lack of encryption means that anyone with access to the network path can intercept and read sensitive information, making Telnet inherently insecure for managing Cisco routers and switches. In contrast, secure alternatives like SSH encrypt session data, protecting credentials and commands from eavesdropping. In Cisco networking environments, the decision to avoid Telnet is based on security best practices and compliance with modern standards. Cisco devices support both Telnet and SSH, but SSH is preferred because it uses encryption algorithms to secure the management session. When configuring remote access, network administrators should disable Telnet and enable SSH to ensure confidentiality and integrity of administrative sessions, especially over untrusted or routed networks. A common exam trap is confusing Telnet’s capability to cross routed networks with its security limitations. While Telnet can function across routed networks if connectivity exists, the critical issue is that it sends all data in plain text. Practically, this means Telnet sessions are vulnerable to interception and credential theft, which is unacceptable in secure enterprise environments. Understanding this distinction helps avoid selecting incorrect answers that focus on connectivity rather than security.

KKey Concepts to Remember

  • Telnet transmits usernames, passwords, and commands in clear text, making it vulnerable to interception and eavesdropping on the network.
  • Cisco devices support both Telnet and SSH, but SSH encrypts session data to protect administrative credentials and commands.
  • Network administrators should disable Telnet and enable SSH to secure remote management of Cisco routers and switches.
  • Telnet can operate across routed networks if connectivity exists, so its limitation is not related to routing capabilities.
  • The primary security risk of Telnet is the lack of encryption, which exposes sensitive information to attackers on the network path.
  • SSH uses encryption algorithms such as AES to ensure confidentiality and integrity of remote management sessions.
  • Choosing Telnet over SSH in a Cisco environment increases the risk of credential theft and unauthorized device access.
  • Understanding the difference between connectivity capabilities and security features is critical for Cisco CCNA exam success.

TExam Day Tips

  • Watch for words such as best, first, most likely and least administrative effort.
  • Review why wrong options are wrong, not only why the correct option is correct.

Related practice questions

Related 200-301 practice-question pages

Use these pages to review the topic behind this question. This is how one missed question becomes focused revision.

CCNA subnetting practice questions

Practise IPv4 subnetting, CIDR, masks, host ranges and subnet selection.

CCNA OSPF practice questions

Practise OSPF neighbours, router IDs, metrics, areas and routing-table interpretation.

CCNA VLAN practice questions

Practise VLANs, access ports, trunks, allowed VLANs and switching scenarios.

CCNA STP practice questions

Practise spanning tree, root bridge election, port roles and STP troubleshooting.

CCNA EtherChannel practice questions

Practise LACP, PAgP, port-channel behaviour and bundle requirements.

CCNA ACL practice questions

Practise standard and extended ACLs, permit/deny logic and traffic filtering.

CCNA NAT practice questions

Practise static NAT, dynamic NAT, PAT and inside/outside address translation.

CCNA DHCP practice questions

Practise DHCP scopes, relay, leases and troubleshooting.

CCNA show ip route practice questions

Practise routing-table output, longest-prefix match, AD and route selection.

CCNA show interfaces trunk practice questions

Practise trunk verification and VLAN forwarding across switches.

CCNA wireless security practice questions

Practise WLAN security, authentication and wireless architecture concepts.

CCNA IPv6 practice questions

Practise IPv6 addressing, routes, neighbour discovery and common IPv6 exam traps.

More questions from this exam

Keep practising from the same exam bank, or move into a focused topic page if this question exposed a weak area.

Question 1

A router learns the same prefix from both OSPF and EIGRP. Which route is installed by default?

Question 2

A router shows this output: R1#show ip ospf neighbor Neighbor ID Pri State Dead Time Address Interface 10.1.1.2 1 FULL/DR 00:00:34 192.168.12.2 GigabitEthernet0/0 10.1.1.3 1 2WAY/DROTHER 00:00:39 192.168.12.3 GigabitEthernet0/0 Which statement is correct?

Question 3

What is the OSPF metric called?

Question 4

A non-root switch has two uplinks toward the root bridge. One path has a lower total STP cost than the other. What role will the lower-cost uplink have?

Question 5

A router interface applies this ACL inbound: 10 deny tcp any any eq 80 20 permit ip any any A user reports that web browsing to a server by IP address fails, but ping works. Which statement best explains the behavior?

Question 6

A router learns route 198.51.100.0/24 from OSPF with AD 110 and also has a static route to the same prefix configured with AD 150. Which route is installed?

FAQ

Questions learners often ask

What does this 200-301 question test?

Telnet transmits usernames, passwords, and commands in clear text, making it vulnerable to interception and eavesdropping on the network.

What is the correct answer to this question?

The correct answer is: It sends credentials and commands in clear text — Telnet does not encrypt session data, so usernames, passwords, and commands can be exposed in transit.

What should I do if I get this 200-301 question wrong?

Then try more questions from the same exam bank and focus on understanding why the wrong options are tempting.

Discussion

Loading comments…

Sign in to join the discussion.