[Free] 2017(July) EnsurePass Examcollection Cisco 200-120 Dumps with VCE and PDF 241-250

Ensurepass.com : Ensure you pass the IT Exams
2017 July Cisco Official New Released 200-120
100% Free Download! 100% Pass Guaranteed!

CCNA Cisco Certified Network Associate CCNA

Question No: 241 – (Topic 6)

Which item represents the standard IP ACL?

A. access-list 110 permit ip any any

B. access-list 50 deny

  1. access list 101 deny tcp any host

  2. access-list 2500 deny tcp any host eq 22

Answer: B

Question No: 242 – (Topic 6)

What can be done to secure the virtual terminal interfaces on a router? (Choose two.)

  1. Administratively shut down the interface.

  2. Physically secure the interface.

  3. Create an access list and apply it to the virtual terminal interfaces with the access-group command.

  4. Configure a virtual terminal password and login process.

  5. Enter an access list and apply it to the virtual terminal interfaces using the access-class command.

Answer: D,E

Question No: 243 – (Topic 6)

What will be the result if the following configuration commands are implemented on a Cisco switch?

Switch(config-if)# switchport port-security

Switch(config-if)# switchport port-security mac-address sticky

  1. A dynamically learned MAC address is saved in the startup-configuration file.

  2. A dynamically learned MAC address is saved in the running-configuration file.

  3. A dynamically learned MAC address is saved in the VLAN database.

  4. Statically configured MAC addresses are saved in the startup-configuration file if frames from that address are received.

  5. Statically configured MAC addresses are saved in the running-configuration file if frames from that address are received.

Answer: B

Question No: 244 – (Topic 6)

A network administrator is configuring ACLs on a Cisco router, to allow traffic from hosts on networks,,, and only. Which

two ACL statements, when combined, would you use to accomplish this task? (Choose two.)

A. access-list 10 permit ip

B. access-list 10 permit ip

C. access-list 10 permit ip

D. access-list 10 permit ip

E. access-list 10 permit ip

F. access-list 10 permit ip

Answer: A,C

Question No: 245 – (Topic 6)

A network administrator needs to configure port security on a switch. Which two statements are true? (Choose two.)

  1. The network administrator can apply port security to dynamic access ports.

  2. The network administrator can apply port security to EtherChannels.

  3. When dynamic MAC address learning is enabled on an interface, the switch can learn new addresses, up to the maximum defined.

  4. The sticky learning feature allows the addition of dynamically learned addresses to the running configuration.

  5. The network administrator can configure static secure or sticky secure MAC addresses in the voice VLAN.

Answer: C,D

Question No: 246 CORRECT TEXT – (Topic 6)

A network associate is adding security to the configuration of the Corp1 router. The user on host C should be able to use a web browser to access financial information from the Finance Web Server. No other hosts from the LAN nor the Core should be able to use a web browser to access this server. Since there are multiple resources for the corporation at this location including other resources on the Finance Web Server, all other traffic should be allowed.

The task is to create and apply an access-list with no more than three statements that will allow ONLY host C web access to the Finance Web Server. No other hosts will have web access to the Finance Web Server. All other traffic is permitted.

Access to the router CLI can be gained by clicking on the appropriate host.

All passwords have been temporarily set to quot;ciscoquot;.

The Core connection uses an IP address of

The computers in the Hosts LAN have been assigned addresses of –

Host A

Host B

Host C

Host D

The servers in the Server LAN have been assigned addresses of –

The Finance Web Server is assigned an IP address of



Answer: Select the console on Corp1 router Configuring ACL

Corp1gt;enable Corp1#configure terminal

comment: To permit only Host C ({source addr} to access finance server address ( {destination addr} on port number 80 (web) Corp1(config)#access-list 100 permit tcp host host eq 80 comment: To deny any source to access finance server address (

{destination addr} on port number 80 (web)

Corp1(config)#access-list 100 deny tcp any host eq 80

comment: To permit ip protocol from any source to access any destination because of the implicit deny any any statement at the end of ACL.

Corp1(config)#access-list 100 permit ip any any Applying the ACL on the Interface

comment: Check show ip interface brief command to identify the interface type and number by checking the IP address configured.

Corp1(config)#interface fa 0/1

If the ip address configured already is incorrect as well as the subnet mask. this should be corrected in order ACL to work

type this commands at interface mode :

no ip address 192.x.x.x 255.x.x.x (removes incorrect configured ipaddress and subnet mask)

Configure Correct IP Address and subnet mask :

ip address ( range of address specified going to server is given as – )

Comment: Place the ACL to check for packets going outside the interface towards the

finance web server.

Corp1(config-if)#ip access-group 100 out Corp1(config-if)#end

Important: To save your running config to startup before exit. Corp1#copy running-config startup-config

Verifying the Configuration:

Step1: show ip interface brief command identifies the interface on which to apply access list.

Step2: Click on each host A, B, C, amp; D. Host opens a web browser page, Select address box of the web browser and type the ip address of finance web server ( to test whether it permits /deny access to the finance web Server.

Step 3: Only Host C ( has access to the server. If the other host can also access then maybe something went wrong in your configuration. Check whether you configured correctly and in order.

Step 4: If only Host C ( can access the Finance Web Server you can click on NEXT button to successfully submit the ACL SIM.

Question No: 247 – (Topic 6)

Which statement about access lists that are applied to an interface is true?

  1. You can place as many access lists as you want on any interface.

  2. You can apply only one access list on any interface.

  3. You can configure one access list, per direction, per Layer 3 protocol.

  4. You can apply multiple access lists with the same protocol or in different directions.

Answer: C

Question No: 248 – (Topic 6)

Refer to the exhibit.


An attempt to deny web access to a subnet blocks all traffic from the subnet. Which interface command immediately removes the effect of ACL 102?

  1. no ip access-class 102 in

  2. no ip access-class 102 out

  3. no ip access-group 102 in

  4. no ip access-group 102 out

  5. no ip access-list 102 in

Answer: D

Question No: 249 – (Topic 6)

Which two commands correctly verify whether port security has been configured on port FastEthernet 0/12 on a switch? (Choose two.)

  1. SW1#show port-secure interface FastEthernet 0/12

  2. SW1#show switchport port-secure interface FastEthernet 0/12

  3. SW1#show running-config

  4. SW1#show port-security interface FastEthernet 0/12

  5. SW1#show switchport port-security interface FastEthernet 0/12

Answer: C,D

Question No: 250 – (Topic 6)

Refer to exhibit.


A network administrator cannot establish a Telnet session with the indicated router. What is the cause of this failure?

  1. A Level 5 password is not set.

  2. An ACL is blocking Telnet access.

  3. The vty password is missing.

  4. The console password is missing.

Answer: C

100% Ensurepass Free Download!
Download Free Demo:200-120 Demo PDF
100% Ensurepass Free Guaranteed!
Download 2017 EnsurePass 200-120 Dumps
Get 10% off your purchase! Copy it:TJDN-947R-9CCD [2017.07.01-2017.07.31]

EnsurePass ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

2017 EnsurePass IT Certification PDF and VCE

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.