[Free] 2017(Oct) Dumps4cert Testinsides Cisco 200-125 Dumps with VCE and PDF Download 261-270

Dumps4Cert 2017 Oct Cisco Official New Released 200-125
100% Free Download! 100% Pass Guaranteed!
http://www.Dumps4Cert.com/200-125.html

CCNA Cisco Certified Network Associate CCNA (v3.0)

Question No: 261 – (Topic 6)

How does using the service password-encryption command on a router provide additional security?

  1. by encrypting all passwords passing through the router

  2. by encrypting passwords in the plain text configuration file

  3. by requiring entry of encrypted passwords for access to the device

  4. by configuring an MD5 encrypted key to be used by routing protocols to validate routing exchanges

  5. by automatically suggesting encrypted passwords for use in configuring the router

Answer: B Explanation:

By using this command, all the (current and future) passwords are encrypted. This command is primarily useful for keeping unauthorized individuals from viewing your password in your configuration file

Question No: 262 – (Topic 6)

Which two commands correctly verify whether port security has been configured on port

FastEthernet 0/12 on a switch? (Choose two.)

  1. SW1#show port-secure interface FastEthernet 0/12

  2. SW1#show switchport port-secure interface FastEthernet 0/12

  3. SW1#show running-config

  4. SW1#show port-security interface FastEthernet 0/12

  5. SW1#show switchport port-security interface FastEthernet 0/12

Answer: C,D Explanation:

We can verify whether port security has been configured by using the “show running- config” or “show port-security interface” for more detail. An example of the output of “show port-security interface” command is shown below:

Dumps4Cert 2017 PDF and VCE

Question No: 263 DRAG DROP – (Topic 6)

Drag the security features on the left to the specific security risks they help protect against on the right. (Not all options are used.)

Dumps4Cert 2017 PDF and VCE

Answer:

Dumps4Cert 2017 PDF and VCE

Question No: 264 – (Topic 6)

Refer to the exhibit.

Dumps4Cert 2017 PDF and VCE

A junior network administrator was given the task of configuring port security on SwitchA to allow only PC_A to access the switched network through port fa0/1. If any other device is detected, the port is to drop frames from this device. The administrator configured the interface and tested it with successful pings from PC_A to RouterA, and then observes the output from these two show commands.

Which two of these changes are necessary for SwitchA to meet the requirements? (Choose two.)

  1. Port security needs to be globally enabled.

  2. Port security needs to be enabled on the interface.

  3. Port security needs to be configured to shut down the interface in the event of a violation.

  4. Port security needs to be configured to allow only one learned MAC address.

  5. Port security interface counters need to be cleared before using the show command.

  6. The port security configuration needs to be saved to NVRAM before it can become active.

Answer: B,D Explanation:

From the output we can see that port security is disabled so this needs to be enabled. Also, the maximum number of devices is set to 2 so this needs to be just one if we want the single host to have access and nothing else.

Question No: 265 – (Topic 6)

A network administrator needs to configure port security on a switch. Which two statements are true? (Choose two.)

  1. The network administrator can apply port security to dynamic access ports.

  2. The network administrator can apply port security to EtherChannels.

  3. When dynamic MAC address learning is enabled on an interface, the switch can learn new addresses, up to the maximum defined.

  4. The sticky learning feature allows the addition of dynamically learned addresses to the running configuration.

  5. The network administrator can configure static secure or sticky secure MAC addresses in the voice VLAN.

Answer: C,D Explanation:

Follow these guidelines when configuring port security:

Port security can only be configured on static access ports, trunk ports, or 802.1Q tunnel ports.

A secure port cannot be a dynamic access port.

A secure port cannot be a destination port for Switched Port Analyzer (SPAN).

A secure port cannot belong to a Fast EtherChannel or Gigabit EtherChannel port group.

You cannot configure static secure or sticky secure MAC addresses on a voice VLAN.

When you enable port security on an interface that is also configured with a voice VLAN, you must set the maximum allowed secure addresses on the port to at least two.

If any type of port security is enabled on the access VLAN, dynamic port security is automatically enabled on the voice VLAN.

When a voice VLAN is configured on a secure port that is also configured as a sticky secure port, all addresses seen on the voice VLAN are learned as dynamic secure addresses, and all addresses seen on the access VLAN (to which the port belongs) are learned as sticky secure addresses.

The switch does not support port security aging of sticky secure MAC addresses.

The protect and restrict options cannot be simultaneously enabled on an interface.

(Reference: http://www.cisco.com/en/US/docs/switches/lan/catalyst3550/software/release/12.1_19_ea1

/configuration/guide/swtrafc.html)

Question No: 266 – (Topic 6)

Refer to the exhibit.

Dumps4Cert 2017 PDF and VCE

An attempt to deny web access to a subnet blocks all traffic from the subnet. Which interface command immediately removes the effect of ACL 102?

  1. no ip access-class 102 in

  2. no ip access-class 102 out

  3. no ip access-group 102 in

  4. no ip access-group 102 out

  5. no ip access-list 102 in

Answer: D Explanation:

The “ip access-group” is used to apply and ACL to an interface. From the output shown, we know that the ACL is applied to outbound traffic, so “no ip access-group 102 out” will remove the effect of this ACL.

Question No: 267 CORRECT TEXT – (Topic 6)

A network associate is adding security to the configuration of the Corp1 router. The user on host C should be able to use a web browser to access financial information from the Finance Web Server. No other hosts from the LAN nor the Core should be able to use a

web browser to access this server. Since there are multiple resources for the corporation at this location including other resources on the Finance Web Server, all other traffic should be allowed.

The task is to create and apply an access-list with no more than three statements that will allow ONLY host C web access to the Finance Web Server. No other hosts will have web access to the Finance Web Server. All other traffic is permitted.

Access to the router CLI can be gained by clicking on the appropriate host. All passwords have been temporarily set to quot;ciscoquot;.

The Core connection uses an IP address of 198.18.196.65.

The computers in the Hosts LAN have been assigned addresses of 192.168.33.1 – 192.168.33.254

->host A 192.168.33.1

->host B 192.168.33.2

->host C 192.168.33.3

->host D 192.168.33.4

The servers in the Server LAN have been assigned addresses of 172.22.242.17 – 172.22.242.30.

The Finance Web Server is assigned an IP address of 172.22.242.23.

Dumps4Cert 2017 PDF and VCE

Answer: Select the console on Corp1 router Configuring ACL

Corp1gt;enable Corp1#configure terminal

comment: To permit only Host C (192.168.33.3){source addr} to access finance server address (172.22.242.23) {destination addr} on port number 80 (web) Corp1(config)#access-list 100 permit tcp host 192.168.33.3 host 172.22.242.23 eq 80 comment: To deny any source to access finance server address (172.22.242.23)

{destination addr} on port number 80 (web)

Corp1(config)#access-list 100 deny tcp any host 172.22.242.23 eq 80

comment: To permit ip protocol from any source to access any destination because of the implicit deny any any statement at the end of ACL.

Corp1(config)#access-list 100 permit ip any any Applying the ACL on the Interface

comment: Check show ip interface brief command to identify the interface type and number by checking the IP address configured.

Corp1(config)#interface fa 0/1

If the ip address configured already is incorrect as well as the subnet mask. This should be corrected in order ACL to work

type this commands at interface mode :

no ip address 192.x.x.x 255.x.x.x (removes incorrect configured ipaddress and subnet mask)

Configure Correct IP Address and subnet mask:

ip address 172.22.242.30 255.255.255.240 ( range of address specified going to server is given as 172.22.242.17 – 172.22.242.30 )

Comment: Place the ACL to check for packets going outside the interface towards the finance web server.

Corp1(config-if)#ip access-group 100 out Corp1(config-if)#end

Important: To save your running config to startup before exit. Corp1#copy running-config startup-config

Verifying the Configuration:

Step1: show ip interface brief command identifies the interface on which to apply access list.

Step2: Click on each host A, B, C, amp; D. Host opens a web browser page, Select address box of the web browser and type the ip address of finance web server (172.22.242.23) to test whether it permits /deny access to the finance web Server.

Step 3: Only Host C (192.168.33.3) has access to the server. If the other host can also access then maybe something went wrong in your configuration. Check whether you configured correctly and in order.

Step 4: If only Host C (192.168.33.3) can access the Finance Web Server you can click on NEXT button to successfully submit the ACL SIM.

Question No: 268 – (Topic 6)

Which item represents the standard IP ACL?

A. access-list 110 permit ip any any

B. access-list 50 deny 192.168.1.1 0.0.0.255

  1. access list 101 deny tcp any host 192.168.1.1

  2. access-list 2500 deny tcp any host 192.168.1.1 eq 22

Answer: B Explanation:

The standard access lists are ranged from 1 to 99 and from 1300 to 1999 so only access list 50 is a standard access list.

Question No: 269 – (Topic 6)

When you are troubleshooting an ACL issue on a router, which command would you use to verify which interfaces are affected by the ACL?

  1. show ip access-lists

  2. show access-lists

  3. show interface

  4. show ip interface

  5. list ip interface

Answer: D Explanation:

Incorrect answer:

show ip access-lists does not show interfaces affected by an ACL.

Question No: 270 – (Topic 6)

Refer to exhibit.

Dumps4Cert 2017 PDF and VCE

A network administrator cannot establish a Telnet session with the indicated router. What is the cause of this failure?

  1. A Level 5 password is not set.

  2. An ACL is blocking Telnet access.

  3. The vty password is missing.

  4. The console password is missing.

Answer: C Explanation:

The login keyword has been set, but not password. This will result in the “password required, but none set” message to users trying to telnet to this router.

100% Free Download!
Download Free Demo:200-125 Demo PDF
100% Pass Guaranteed!
Download 2017 Dumps4Cert 200-125 Full Exam PDF and VCE

Dumps4Cert ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
PDF VCE Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

2017 Dumps4Cert IT Certification PDF and VCE