Which statement about access lists that are applied to an interface is true?
A. You can place as many access lists as you want on any interface.
B. You can apply only one access list on any interface.
C. You can configure one access list, per direction, per Layer 3 protocol.
D. You can apply multiple access lists with the same protocol or in different directions.
We can have only 1 access list per protocol, per direction and per interface. It means:
+ We can not have 2 inbound access lists on an interface + We can have 1 inbound and 1 outbound access list on an interface
Which item represents the standard IP ACL?
A. access-list 110 permit ip any any
B. access-list 50 deny 192.168.1.1 0.0.0.255
C. access list 101 deny tcp any host 192.168.1.1
D. access-list 2500 deny tcp any host 192.168.1.1 eq 22
The standard access lists are ranged from 1 to 99 and from 1300 to 1999 so only access list 50 is a standard access list.
A network administrator is configuring ACLs on a Cisco router, to allow traffic from hosts on networks 192.168.146.0, 192.168.147.0, 192.168.148.0, and 192.168.149.0 only. Which two ACL statements, when combined, would you use to accomplish this task? (Choose two.)
A. access-list 10 permit ip 192.168.146.0 0.0.1.255
B. access-list 10 permit ip 192.168.147.0 0.0.255.255
C. access-list 10 permit ip 192.168.148.0 0.0.1.255
D. access-list 10 permit ip 192.168.149.0 0.0.255.255
E. access-list 10 permit ip 192.168.146.0 0.0.0.255
F. access-list 10 permit ip 192.168.146.0 255.255.255.0
access-list 10 permit ip 192.168.146.0 0.0.1.255 will include the 192.168.146.0 and 192.168.147.0 subnets, while access-list 10 permit ip 192.168.148.0 0.0.1.255 will include
What can be done to secure the virtual terminal interfaces on a router? (Choose two.)
A. Administratively shut down the interface.
B. Physically secure the interface.
C. Create an access list and apply it to the virtual terminal interfaces with the access-group command.
D. Configure a virtual terminal password and login process.
E. Enter an access list and apply it to the virtual terminal interfaces using the access-class command.
It is a waste to administratively shut down the interface. Moreover, someone can still access the virtual terminal interfaces via other interfaces ->
We can not physically secure a virtual interface because it is “virtual” -> To apply an access list to a virtual terminal interface we must use the “access-class” command. The “access-group” command is only used to apply an access list to a physical interface -> C is not correct.
The most simple way to secure the virtual terminal interface is to configure a username & password to prevent unauthorized login.
Which two commands correctly verify whether port security has been configured on port FastEthernet 0/12 on a switch? (Choose two.)
A. SW1#show port-secure interface FastEthernet 0/12
B. SW1#show switchport port-secure interface FastEthernet 0/12
C. SW1#show running-config
D. SW1#show port-security interface FastEthernet 0/12
E. SW1#show switchport port-security interface FastEthernet 0/12
We can verify whether port security has been configured by using the “show running-config” or “show port-security interface ” for more detail. An example of the output of “show port-security interface ” command is shown below:
What will be the result if the following configuration commands are implemented on a Cisco switch? Switch(config-if)# switchport port-security
Switch(config-if)# switchport port-security mac-address sticky
A. A dynamically learned MAC address is saved in the startup-configuration file.
B. A dynamically learned MAC address is saved in the running-configuration file.
C. A dynamically learned MAC address is saved in the VLAN database.
D. Statically configured MAC addresses are saved in the startup-configuration file if frames from that address
E. Statically configured MAC addresses are saved in the running-configuration file if frames from that address
In the interface configuration mode, the command switchport port-security mac-address sticky enables sticky learning. When entering this command, the interface converts all the dynamic secure MAC addresses to sticky secure MAC addresses.
The network administrator cannot connect to Switch1 over a Telnet session, although the hosts attached to Switch1 can ping the interface Fa0/0 of the router. Given the information in the graphic and assuming that the router and Switch2 are configured properly, which of the following commands should be issued on Switch1 to correct this problem?
A. Switch1(config)# line con0
Switch1(config-line)# password cisco
B. Switch1(config)# interface fa0/1
Switch1(config-if)# ip address 192.168.24.3 255.255.255.0
C. Switch1(config)# ip default-gateway 192.168.24.1
D. Switch1(config)# interface fa0/1
Switch1(config-if)# duplex full
Switch1(config-if)# speed 100
E. Switch1(config)# interface fa0/1
Switch1(config-if)# switchport mode trunk
Since we know hosts can reach the router through the switch, we know that connectivity, duplex. Speed, etc. are good. However, for the switch itself to reach networks outside the local one, the ip default-gateway command must be used.
A router has two Fast Ethernet interfaces and needs to connect to four VLANs in the local network. How can you accomplish this task, using the fewest physical interfaces and without decreasing network performance?
A. Use a hub to connect the four VLANS with a Fast Ethernet interface on the router.
B. Add a second router to handle the VLAN traffic.
C. Add two more Fast Ethernet interfaces.
D. Implement a router-on-a-stick configuration.
A router on a stick allows you to use sub-interfaces to create multiple logical networks on a single physical interface.
A network administrator is trying to add a new router into an established OSPF network. The networks attached to the new router do not appear in the routing tables of the other OSPF routers. Given the information in the partial configuration shown below, what configuration error is causing this problem?
Router(config)# router ospf 1
Router(config-router)# network 10.0.0.0 255.0.0.0 area 0
A. The process id is configured improperly.
B. The OSPF area is configured improperly.
C. The network wildcard mask is configured improperly.
D. The network number is configured improperly.
E. The AS is configured improperly.
F. The network subnet mask is configured improperly.
When configuring OSPF, the mask used for the network statement is a wildcard mask similar to an access list. In this specific example, the correct syntax would have been “network 10.0.0.0 0.0.0.255 area 0.”
Which Cisco Catalyst feature automatically disables the port in an operational PortFast upon receipt of a BPDU?
C. Root Guard
D. BPDU Guard
E. BPDU Filter
We only enable PortFast feature on access ports (ports connected to end stations). But if someone does not know he can accidentally plug that port to another switch and a loop may occur when BPDUs are being transmitted and received on these ports. With BPDU Guard, when a PortFast receives a BPDU, it will be shut down to prevent a loop.
If you want to pass the Cisco 200-120 Exam sucessfully, recommend to read latestCisco 200-120 Dum full version.