Latest CCNA 220-120 Real Exam Download 201-210

Ensurepass

QUESTION 201

Drag and drop.

clip_image002

 

Correct Answer:

clip_image004

 

 

QUESTION 202

Refer to the exhibit. A junior network administrator was given the task of configuring port security on SwitchA to allow only PC_A to access the switched network through port fa0/1. If any other device is detected, the port is to drop frames from this device. The administrator configured the interface and tested it with successful pings from PC_A to RouterA, and then observes the output from these two show commands. Which two of these changes are necessary for SwitchA to meet the requirements? (Choose two.)

clip_image006

 

A.      Port security needs to be globally enabled.

B.      Port security needs to be enabled on the interface.

C.      Port security needs to be configured to shut down the interface in the event of a violation.

D.      Port security needs to be configured to allow only one learned MAC address.

E.       Port security interface counters need to be cleared before using the show command.

F.       The port security configuration needs to be saved to NVRAM before it can become active.

 

Correct Answer: BD

 

 

QUESTION 203

Which set of commands is recommended to prevent the use of a hub in the access layer?

 

A.      switch(config-if)#switchport mode trunk

switch(config-if)#switchport port-security maximum 1

B.      switch(config-if)#switchport mode trunk

switch(config-if)#switchport port-security mac-address 1

C.      switch(config-if)#switchport mode access

switch(config-if)#switchport port-security maximum 1

D.      switch(config-if)#switchport mode access

switch(config-if)#switchport port-security mac-address 1

 

Correct Answer: C

QUESTION 204

How does using the service password-encryption command on a router provide additional security?

 

A.      by encrypting all passwords passing through the router

B.      by encrypting passwords in the plain text configuration file

C.      by requiring entry of encrypted passwords for access to the device

D.      by configuring an MD5 encrypted key to be used by routing protocols to validate routing exchanges

E.       by automatically suggesting encrypted passwords for use in configuring the router

 

Correct Answer: B

 

 

QUESTION 205

Refer to the exhibit. Statements A, B, C, and D of ACL 10 have been entered in the shown order and applied to interface E0 inbound, to prevent all hosts (except those whose addresses are the first and last IP of subnet 172.21.1.128/28) from accessing the network. But as is, the ACL does not restrict anyone from the network. How can the ACL statements be re-arranged so that the system works as intended?

 

clip_image008

 

A.      ACDB

B.      BADC

C.      DBAC

D.      CDBA

 

Correct Answer: D

 

QUESTION 206

Refer to the exhibit. An attempt to deny web access to a subnet blocks all traffic from the subnet. Which interface command immediately removes the effect of ACL 102?

 

clip_image010

 

A.      no ip access-class 102 in

B.      no ip access-class 102 out

C.      no ip access-group 102 in

D.      no ip access-group 102 out

E.       no ip access-list 102 in

 

Correct Answer: D

 

 

QUESTION 207

Which Cisco Catalyst feature automatically disables the port in an operational PortFast upon receipt of a BPDU?

 

A.      BackboneFast

B.      UplinkFast

C.      Root Guard

D.      BPDU Guard

E.       BPDU Filter

 

Correct Answer: D

QUESTION 208

When you are troubleshooting an ACL issue on a router, which command would you use to verify which interfaces are affected by the ACL?

 

A.      show ip access-lists

B.      show access-lists

C.      show interface

D.      show ip interface

E.       list ip interface

 

Correct Answer: D

 

QUESTION 209

CORRECT TEXT

A network associate is adding security to the configuration of the Corp1 router. The user on host C should be able to use a web browser to access financial information from the Finance Web Server. No other hosts from the LAN nor the Core should be able to use a web browser to access this server. Since there are multiple resources for the corporation at this location including other resources on the Finance Web Server, all other traffic should be allowed.

 

The task is to create and apply an access-list with no more than three statements that will allow ONLY host C web access to the Finance Web Server. No other hosts will have web access to the Finance Web Server. All other traffic is permitted.

 

Access to the router CLI can be gained by clicking on the appropriate host.

 

All passwords have been temporarily set to "cisco".

 

The Core connection uses an IP address of 198.18.196.65

 

The computers in the Hosts LAN have been assigned addresses of 192.168.33.1 – 192.168.33.254

 

Host A 192.168.33.1

Host B 192.168.33.2

Host C 192.168.33.3

Host D 192.168.33.4

 

The servers in the Server LAN have been assigned addresses of 172.22.242.17 – 172.22.242.30

 

The Finance Web Server is assigned an IP address of 172.22.242.23.

 

clip_image012

clip_image014

 

Correct Answer:

Select the console on Corp1 router

Configuring ACL Corp1>enable

Corp1#configure terminal

comment: To permit only Host C (192.168.33.3){source addr} to access finance server address

(172.22.242.23) {destination addr} on port number 80 (web)

Corp1(config)#access-list 100 permit tcp host 192.168.33.3 host 172.22.242.23 eq 80 comment: To deny any source to access finance server address (172.22.242.23) {destination addr} on port number 80 (web)

Corp1(config)#access-list 100 deny tcp any host 172.22.242.23 eq 80

comment: To permit ip protocol from any source to access any destination because of the implicit deny any any statement at the end of ACL.

Corp1(config)#access-list 100 permit ip any any

Applying the ACL on the Interface

comment: Check show ip interface brief command to identify the interface type and number by checking the IP address configured.

Corp1(config)#interface fa 0/1

If the ip address configured already is incorrect as well as the subnet mask. This should be corrected in order ACL to work type this commands at interface mode:

no ip address 192.x.x.x 255.x.x.x (removes incorrect configured ip address and subnet mask)

Configure Correct IP Address and subnet mask:

ip address 172.22.242.30 255.255.255.240 ( range of address specified going to server is given as

172.22.242.17 – 172.22.242.30)

Comment: Place the ACL to check for packets going outside the interface towards the finance web server.

Corp1(config-if)#ip access-group 100 out

Corp1(config-if)#end

Important: To save your running config to startup before exit.

Corp1#copy running-config startup-config

 

Verifying the Configuration:

Step1: show ip interface brief command identifies the interface on which to apply access list. Step2: Click on each host A, B, C, & D. Host opens a web browser page, Select address box of the web browser and type the ip address of finance web server (172.22.242.23) to test whether it permits /deny access to the finance web Server.

Step 3: Only Host C (192.168.33.3) has access to the server. If the other host can also access then maybe something went wrong in your configuration. Check whether you configured correctly and in order.

Step 4: If only Host C (192.168.33.3) can access the Finance Web Server you can click on NEXT button to successfully submit the ACL SIM.

 

QUESTION 210

Refer to exhibit. A network administrator cannot establish a Telnet session with the indicated router. What is the cause of this failure?

 

clip_image016

 

A.      A Level 5 password is not set.

B.      An ACL is blocking Telnet access.

C.      The vty password is missing.

D.      The console password is missing.

 

Correct Answer: C

Download Latest CCNA 200-120 Real Free Tests , help you to pass exam 100%.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.