Latest CCNA 220-120 Real Exam Download 211-220



Which statement about access lists that are applied to an interface is true?


A.      You can place as many access lists as you want on any interface.

B.      You can apply only one access list on any interface.

C.      You can configure one access list, per direction, per Layer 3 protocol.

D.      You can apply multiple access lists with the same protocol or in different directions.


Correct Answer: C




Which item represents the standard IP ACL?


A.      access-list 110 permit ip any any

B.      access-list 50 deny

C.      access list 101 deny tcp any host

D.      access-list 2500 deny tcp any host eq 22


Correct Answer: B




A network administrator is configuring ACLs on a Cisco router, to allow traffic from hosts on networks,,, and only. Which two ACL statements, when combined, would you use to accomplish this task? (Choose two.)


A.      access-list 10 permit ip

B.      access-list 10 permit ip

C.      access-list 10 permit ip

D.      access-list 10 permit ip

E.       access-list 10 permit ip

F.       access-list 10 permit ip


Correct Answer: AC




What can be done to secure the virtual terminal interfaces on a router? (Choose two.)


A.      Administratively shut down the interface.

B.      Physically secure the interface.

C.      Create an access list and apply it to the virtual terminal interfaces with the access-group command.

D.      Configure a virtual terminal password and login process.

E.       Enter an access list and apply it to the virtual terminal interfaces using the access-class command.


Correct Answer: DE




Which two commands correctly verify whether port security has been configured on port FastEthernet 0/12 on a switch? (Choose two.)


A.      SW1#show port-secure interface FastEthernet 0/12

B.      SW1#show switchport port-secure interface FastEthernet 0/12

C.      SW1#show running-config

D.      SW1#show port-security interface FastEthernet 0/12

E.       SW1#show switchport port-security interface FastEthernet 0/12


Correct Answer: CD




Refer to the exhibit. The following commands are executed on interface fa0/1 of 2950Switch.


2950Switch(config-if)# switchport port-security

2950Switch(config-if)# switchport port-security mac-address sticky

2950Switch(config-if)# switchport port-security maximum 1


The Ethernet frame that is shown arrives on interface fa0/1. What two functions will occur when this frame is received by 2950Switch? (Choose two.)



A.      The MAC address table will now have an additional entry of fa0/1 FFFF.FFFF.FFFF.

B.      Only host A will be allowed to transmit frames on fa0/1.

C.      This frame will be discarded when it is received by 2950Switch.

D.      All frames arriving on 2950Switch with a destination of 0000.00aa.aaaa will be forwarded out fa0/1.

E.       Hosts B and C may forward frames out fa0/1 but frames arriving from other switches will not be forwarded out fa0/1.

F.       Only frames from source 0000.00bb.bbbb, the first learned MAC address of 2950Switch, will be forwarded out fa0/1.


Correct Answer: BD




What will be the result if the following configuration commands are implemented on a Cisco switch?


Switch(config-if)# switchport port-security

Switch(config-if)# switchport port-security mac-address sticky


A.      A dynamically learned MAC address is saved in the startup-configuration file.

B.      A dynamically learned MAC address is saved in the running-configuration file.

C.      A dynamically learned MAC address is saved in the VLAN database.

D.      Statically configured MAC addresses are saved in the startup-configuration file if frames from that address are received.

E.       Statically configured MAC addresses are saved in the running-configuration file if frames from that address are received.

Correct Answer: B




Drag and drop.



Correct Answer:





Drag and drop.



Correct Answer:



Refer to the exhibit. A network administrator attempts to ping Host2 from Host1 and receives the results that are shown. What is the problem?




A.      The link between Host1 and Switch1 is down.

B.      TCP/IP is not functioning on Host1

C.      The link between Router1 and Router2 is down.

D.      The default gateway on Host1 is incorrect.

E.       Interface Fa0/0 on Router1 is shutdown.

F.       The link between Switch1 and Router1 is down.


Correct Answer: C

Download Latest CCNA 200-120 Real Free Tests , help you to pass exam 100%.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.