CCNA 200-120 Questions: Security

QUESTION 1
On which options are standard access lists based?

A. destination address and wildcard mask
B. destination address and subnet mask
C. source address and subnet mask
D. source address and wildcard mask*

Correct Answer: D

QUESTION 2
A network engineer wants to allow a temporary entry for a remote user with a specific username and password so that the user can access the entire network over the Internet. Which ACL can be used?

A. reflexive
B. extended
C. standard
D. dynamic*

Correct Answer: D

QUESTION 3
Which statement about access lists that are applied to an interface is true?

A. You can configure one access list, per direction, per Layer 3 protocol*
B. You can apply multiple access lists with the same protocol in different directions
C. You can apply only one access list on any interface
D. You can apply as many access lists as you want on any interface

Correct Answer: A

QUESTION 4
Which item represents the standard IP ACL?

A. access-list 50 deny 192.168.1.1 0.0.0.255*
B. access-list 110 permit ip any any
C. access-list 2500 deny tcp any host 192.168.1.1 eq 22
D. access-list 101 deny tcp any host 192.168.1.1

Correct Answer: A

QUESTION 5
A network administrator is configuring ACLs on a Cisco router, to allow IP access from the 192.168.146.0/24, 192.168.147.0/24, 192.168.148.0/2,. and 192.168.149.0/24 networks only. Which two ACLs, when combined, should be used?

A. access-list 10 permit ip 192.168.146.0 0.0.0.255
B. access-list 10 permit ip 192.168.146.0 255 255.255.0
C. access-list 10 permit ip 192.168.147.0 0.0.255 255
D. access-list 10 permit ip 192.168.149.0 0.0.255.255.0
E. access-list 10 permit ip 192.168.148.0 0.0.1.255*
F. access-list 10 permit ip 192.168.146.0 0.0.1.255*

Correct Answer: EF

QUESTION 6
What can be done to secure the virtual terminal interfaces on a router? (Choose two.)

A. Administratively shut down the interface.
B. Physically secure the interface.
C. Create an access list and apply to the virtual terminal interfaces with the access-group command.
D. Configure a virtual terminal password and login process.*
E. Enter an access list and apply it to the virtual terminal interfaces using the access-class command.*

Correct Answer: DE

QUESTION 7

Refer to the exhibit.
A network administrator cannot establish a Telnet session with the indicated router. What is the cause of this failure?

A. A Level 5 password is not set.
B. An ACL is blocking Telnet access.
C. The vty password is missing.*
D. The console password is missing.

Correct Answer: C

QUESTION 8

Refer to the exhibit.
An attempt to deny web access to a subnet blocks all traffic from the subnet. Which interface command immediately removes the effect of ACL 102?

A. no ip access-class 102 out
B. no ip access-group 102 out*
C. no ip access-group 102 in
D. no ip access-list 102 in
E. no ip access-class 102 in

Correct Answer: B

QUESTION 9

Refer to the exhibit.
Statements A, B, C, and D of ACL 10 have been entered in the shown order and applied to interface E0 inbound, to prevent all hosts (except those whose address are the first and last IP of subnet 172.21.1.128/28) from accessing the network. But, as is, the ACL does not restrict anyone from the network. How can the ACL statements be re-arranged so that the system works as intended?

A. CDBA*
B. ACDB
C. BADC
D. DBAC

Correct Answer: A

CCNA 200-120 Questions: Security

Leave a Reply