New Updated Cisco CCNA R&S 200-120 Real Exam Download 201-210

Ensurepass

QUESTION 201

Drag and drop.

 

Correct Answer:

 

 

QUESTION 202

Refer to the exhibit. A junior network administrator was given the task of configuring port security on SwitchA to allow only PC_A to access the switched network through port fa0/1. If any other device is detected, the port is to drop frames from this device. The administrator configured the interface and tested it with successful pings from PC_A to RouterA, and then observes the output from these two show commands. Which two of these changes are necessary for SwitchA to meet the requirements? (Choose two.)

 

 

A.      Port security needs to be globally enabled.

B.      Port security needs to be enabled on the interface.

C.      Port security needs to be configured to shut down the interface in the event of a violation.

D.      Port security needs to be configured to allow only one learned MAC address.

E.       Port security interface counters need to be cleared before using the show command.

F.       The port security configuration needs to be saved to NVRAM before it can become active.

 

Correct Answer: BD

 

 

QUESTION 203

Which set of commands is recommended to prevent the use of a hub in the access layer?

 

A.      switch(config-if)#switchport mode trunk

switch(config-if)#switchport port-security maximum 1

B.      switch(config-if)#switchport mode trunk

switch(config-if)#switchport port-security mac-address 1

C.      switch(config-if)#switchport mode access

switch(config-if)#switchport port-security maximum 1

D.      switch(config-if)#switchport mode access

switch(config-if)#switchport port-security mac-address 1

 

Correct Answer: C

 

 

QUESTION 204

How does using the service password-encryption command on a router provide additional security?

 

A.      by encrypting all passwords passing through the router

B.      by encrypting passwords in the plain text configuration file

C.      by requiring entry of encrypted passwords for access to the device

D.      by configuring an MD5 encrypted key to be used by routing protocols to validate routing exchanges

E.       by automatically suggesting encrypted passwords for use in configuring the router

 

Correct Answer: B

 

 

QUESTION 205

Which Cisco Catalyst feature automatically disables the port in an operational PortFast upon receipt of a BPDU?

 

A.      BackboneFast

B.      UplinkFast

C.      Root Guard

D.      BPDU Guard

E.       BPDU Filter

 

Correct Answer: D

 

 

QUESTION 206

When you are troubleshooting an ACL issue on a router, which command would you use to verify which interfaces are affected by the ACL?

 

A.      show ip access-lists

B.      show access-lists

C.      show interface

D.      show ip interface

E.       list ip interface

 

Correct Answer: D

 

 

QUESTION 207

Refer to the exhibit. Statements A, B, C, and D of ACL 10 have been entered in the shown order and applied to interface E0 inbound, to prevent all hosts (except those whose addresses are the first and last IP of subnet 172.21.1.128/28) from accessing the network. But as is, the ACL does not restrict anyone from the network. How can the ACL statements be re-arranged so that the system works as intended?

 

 

A.      ACDB

B.      BADC

C.      DBAC

D.      CDBA

 

Correct Answer: D

 

 

QUESTION 208

Refer to the exhibit. An attempt to deny web access to a subnet blocks all traffic from the subnet. Which interface command immediately removes the effect of ACL 102?

 

 

A.      no ip access-class 102 in

B.      no ip access-class 102 out

C.      no ip access-group 102 in

D.      no ip access-group 102 out

E.       no ip access-list 102 in

 

Correct Answer: D

 

 

QUESTION 209

Lab-ACL

A network associate is adding security to the configuration of the Corp1 router. The user on host C should be able to use a web browser to access financial information from the Finance Web Server. No other hosts from the LAN nor the Core should be able to use a web browser to access this server. Since there are multiple resources for the corporation at this location including other resources on the Finance Web Server, all other traffic should be allowed.

 

The task is to create and apply a numbered access-list with no more than three statements that will allow ONLY host C web access to the Finance Web Server. No other hosts will have web access to the Finance Web Server. All other traffic is permitted.

 

Access to the router CLI can be gained by clicking on the appropriate host.

All passwords have been temporarily set to “cisco”.

The Core connection uses an IP address of 198.18.196.65

 

The computers in the Hosts LAN have been assigned addresses of 192.168.33.1 – 192.168.33.254

 

Ÿ   Host A 192.168.33.1

Ÿ   Host B 192.168.33.2

Ÿ   Host C 192.168.33.3

Ÿ   Host D 192.168.33.4

 

The servers in the Server LAN have been assigned addresses of 172.22.242.17 – 172.22.242.30

The Finance Web Server is assigned an IP address of 172.22.242.23.

The Public Web Server is assigned an IP address of 172.22.242.17.

 

 

Correct Answer:

Router Corp1 S-interface IP address, when you use the show test command to check whether correct, if the IP address is wrong, you need to use the command to change the IP address.

 

Corp1>enable

Corp1#configure terminal

Corp1(config)#int s1/0

Corresponding port number using the command show run to check.

 

Corp1(config-if)#ip add 198.18.196.65 255.255.255.252

IP address changes as specified in the title, by using the command show run to get the original wrong network mask.

 

Corp1(config-if)#end

Here you cannot delete the wrong IP address, directly enter the new IP address can be old cover, and finally do not forget to save.

 

Corp1>enable (Need to enter the password cisco)

 

Corp1#show running-config

 

 

Sure to connect the server’s interface F0/1

 

Corp1#configure terminal

Corp1(config)#access-list 100 permit tcp host 192.168.33.3 host 172.22.242.23 eq 80

Corp1(config)#access-list 100 deny tcp any host 172.22.242.23 eq 80

Corp1(config)#access-list 100 permit ip any any

Corp1(config)#interface fa0/1

Corp1(config-if)#ip access-group 100 out

Corp1(config-if)#end

Corp1#copy run start

 

 

Check the results with the PC browser, enter the server’s IP address.

 

 

QUESTION 210

Refer to exhibit. A network administrator cannot establish a Telnet session with the indicated router. What is the cause of this failure?

 

 

A.      A Level 5 password is not set.

B.      An ACL is blocking Telnet access.

C.      The vty password is missing.

D.      The console password is missing.

 

Correct Answer: C

 

Download Latest Complete Collection of CCNA R&S 200-120 Real Exam ,help you to pass exam 100%.

Ensurepass Cisco Certifications Exam Questions and Answers
Ensurepass CCNA R&S Exams Questions and Answers

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.