QUESTION 201
Drag and Drop
Correct Answer:
QUESTION 202
Refer to the exhibit. A junior network administrator was given the task of configuring port security on SwitchA to allow only PC_A to access the switched network through port fa0/1. If any other device is detected, the port is to drop frames from this device. The administrator configured the interface and tested it with successful pings from PC_A to RouterA, and then observes the output from these two show commands. Which two of these changes are necessary for SwitchA to meet the requirements? (Choose two.)
A. Port security needs to be globally enabled.
B. Port security needs to be enabled on the interface.
C. Port security needs to be configured to shut down the interface in the event of a violation.
D. Port security needs to be configured to allow only one learned MAC address.
E. Port security interface counters need to be cleared before using the show command.
F. The port security configuration needs to be saved to NVRAM before it can become active.
Correct Answer: BD
QUESTION 203
Which set of commands is recommended to prevent the use of a hub in the access layer?
A. switch(config-if)#switchport mode trunk
switch(config-if)#switchport port-security maximum 1
B. switch(config-if)#switchport mode trunk
switch(config-if)#switchport port-security mac-address 1
C. t>switch(config-if)#switchport mode access
switch(config-if)#switchport port-security maximum 1
D. switch(config-if)#switchport mode access
switch(config-if)#switchport port-security mac-address 1
Correct Answer: C
QUESTION 204
How does using the service password-encryption command on a router provide additional security?
A. by encrypting all passwords passing through the router
B. by encrypting passwords in the plain text configuration file
C. by requiring entry of encrypted passwords for access to the device
D. by configuring an MD5 encrypted key to be used by routing protocols to validate routing exchanges
E. by automatically suggesting encrypted passwords for use in configuring the router
Correct Answer: B
QUESTION 205
Which Cisco Catalyst feature automatically disables the port in an operational PortFast upon receipt of a BPDU?
A. BackboneFast
B. UplinkFast
C. Root Guard
D. BPDU Guard
E. BPDU Filter
Correct Answer: D
QUESTION 206
When you are troubleshooting an ACL issue on a router, which command would you use to verify which interfaces are affected by the ACL?
A. show ip access-lists
B. show access-lists
C. show interface
D. show ip interface
E. list ip interface
Correct Answer: D
QUESTION 207
Refer to the exhibit. Statements A, B, C, and D of ACL 10 have been entered in the shown order and applied to interface E0 inbound, to prevent all hosts (except those whose addresses are the first and last IP of subnet 172.21.1.128/28) from accessing the network. But as is, the ACL does not restrict anyone from the network. How can the ACL statements be re-arranged so that the system works as intended?
A. ACDB
B. BADC
C. DBAC
D. CDBA
Correct Answer: D
QUESTION 208
Refer to the exhibit. An attempt to deny web access to a subnet blocks all traffic from the subnet. Which interface command immediately removes the effect of ACL 102?
A. no ip access-class 102 in
B. no ip access-class 102 out
C. no ip access-group 102 in
D. no ip access-group 102 out
E. no ip access-list 102 in
Correct Answer: D
QUESTION 209
Lab-ACL
A network associate is adding security to the configuration of the Corp1 router. The user on host C should be able to use a web browser to access financial information from the Finance Web Server. No other hosts from the LAN nor the Core should be able to use a web browser to access this server. Since there are multiple resources for the corporation at this location including other resources on the Finance Web Server, all other traffic should be allowed.
The task is to create and apply a numbered access-list with no more than three statements that will allow ONLY host C web access to the Finance Web Server. No other hosts will have web access to the Finance Web Server. All other traffic is permitted.
Access to the router CLI can be gained by clicking on the appropriate host.
All passwords have been temporarily set to “cisco”.
The Core connection uses an IP address of 198.18.196.65
The computers in the Hosts LAN have been assigned addresses of 192.168.33.1 – 192.168.33.254
Host A 192.168.33.1
Host B 192.168.33.2
Host C 192.168.33.3
Host D 192.168.33.4
The servers in the Server LAN have been assigned addresses of 172.22.242.17 – 172.22.242.30
The Finance Web Server is assigned an IP address of 172.22.242.23.
The Public Web Server is assigned an IP address of 172.22.242.17.
Correct Answer:
Router Corp1 S-interface IP address, when you use the show test command to check whether correct, if the IP address is wrong, you need to use the command to change the IP address.
Corp1>enable
Corp1#configure terminal
Corp1(config)#int s1/0
Corresponding port number using the command show run to check.
Corp1(config-if)#ip add 198.18.196.65 255.255.255.252
IP address changes as specified in the title, by using the command show run to get the original wrong network mask.
Corp1(config-if)#end
Here you cannot delete the wrong IP address, directly enter the new IP address can be old cover, and finally do not forget to save.
Corp1>enable (Need to enter the password cisco)
Corp1#show running-config
pan lang="EN-US">
Sure to connect the server’s interface F0/1
Corp1#configure terminal
Corp1(config)#access-list 100 permit tcp host 192.168.33.3 host 172.22.242.23 eq 80
Corp1(config)#access-list 100 deny tcp any host 172.22.242.23 eq 80
Corp1(config)#access-list 100 permit ip any any
Corp1(config)#interface fa0/1
Corp1(config-if)#ip access-group 100 out
Corp1(config-if)#end
Corp1#copy run start
Check the results with the PC browser, enter the server’s IP address.
QUESTION 210
Refer to exhibit. A network administrator cannot establish a Telnet session with the indicated router. What is the cause of this failure?
A. A Level 5 password is not set.
B. An ACL is blocking Telnet access.
C.
The vty password is missing.
D. The console password is missing.
Correct Answer: C
Free VCE & PDF File for Cisco 200-120 Real Exam
Instant Access to Free VCE Files: CCNA | CCNP | CCIE …
Instant Access to Free PDF Files: CCNA | CCNP | CCIE …