Category - New CCNA 200-120

Get latest Cisco Exams Dumps : https://www.ciscoforall.com/cisco-premium-pdf/

Security Questions CCNA 200-120

QUESTION 161

Refer to the exhibit. The following commands are executed on interface fa0/1 of 2950Switch.
2950Switch(config-if)#switchport port-security
2950Switch(config-if)#switchport port-security mac-address sticky
2950Switch(config-if)#switchport port-security maximum 1
The Ethernet frame that is shown arrives on interface fa0/1. What two functions will occur when this frame is
received by 2950Switch? (Choose two)
A. The MAC address table will now have an additional entry of fa0/1 FFFF.FFFF.FFFF.
B. Only host A will be allowed to transmit frames on fa0/1.
C. This frame will be discarded when it is received by 2950Switch.
D. All frames arriving on 2950Switch with a destination of 0000.00aa.aaaa will be forwarded out fa0/1.
E. Hosts B and C may forward frames out fa0/1 but frames arriving from other switches will not be forwarded
out fa0/1.
F. Only frames from source 0000.00bb.bbbb, the first learned MAC address of 2950Switch, will be forwarded
out fa0/1.

Correct Answer: BD

QUESTION 162
Which set of commands is recommended to prevent the use of a hub in the access layer?
A. switch(config-if)#switchport mode trunk
switch(config-if)#switchport port-security maximum 1
B. switch(config-if)#switchport mode trunk
switch(config-if)#switchport port-security mac-address 1
C. switch(config-if)#switchport mode access
switch(config-if)#switchport port-security maximum 1
D. switch(config-if)#switchport mode access
switch(config-if)#switchport port-security mac-address 1

Correct Answer: C

QUESTION 163
Refer to the exhibit. A junior network administrator was given the task of configuring port security on SwitchA to
allow only PC_A to access the switched network through port fa0/1. If any other device is dvcected, the port is
to drop frames from this device. The administrator configured the interface and tested it with successful pings
from PC_A to RouterA, and then observes the output from these two show commands.

security questions

Which two of these changes are necessary for SwitchA to meet the requirements? (Choose two)
A. Port security needs to be globally enabled.
B. Port security needs to be enabled on the interface.
C. Port security needs to be configured to shut down the interface in the event of a violation.
D. Port security needs to be configured to allow only one learned MAC address.
E. Port security interface counters need to be cleared before using the show command
F. The port security configuration needs to be saved to NVRAM before it can become active.

Correct Answer: BD

QUESTION 164
A network administrator needs to configure port security on a switch. Which two statements are true? (Choose
two)
A. The network administrator can apply port security to dynamic access ports
B. The network administrator can configure static secure or sticky secure mac addresses in the voice vlan.
C. The sticky learning feature allows the addition of dynamically learned addresses to the running
configuration.
D. The network administrator can apply port security to EtherChannels.
E. When dynamic mac address learning is enabled on an interface, the switch can learn new addresses up to
the maximum defined.

Correct Answer: CE

QUESTION 165
Which protocol is an open standard protocol framework that is commonly used in VPNs to provide secure endto-end
connections?
A. PPTP
B. IPsec
C. RSA
D. L2TP
Correct Answer: B

QUESTION 166
Which command would you use on a Cisco router to verify the Layer 3 path to a host?
A. traced address
B. traceroute address
C. telnet address
D. ssh address

Correct Answer: B

QUESTION 168
What are three reasons that an organization with multiple branch offices and roaming users might implement a
Cisco VPN solution instead of point-to-point WAN links? (Choose three)
A. reduced cost
B. better throughput
C. broadband incompatibility
D. increased security
E. scalability
F. reduced latency

Correct Answer: ADE

Back

Operation Questions CCNA 200-120

QUESTION 169
What two things will a router do when running a distance vector routing protocol? (Choose two)
A. Send periodic updates regardless of topology changes.
B. Send entire routing table to all routers in the routing domain.
C. Use the shortest-path algorithm to the dvcermine best path.
D. Update the routing table based on updates from their neighbors.
E. Maintain the topology of the entire network in its database.

Correct Answer: AD

QUESTION 170
What is the purpose of the inverse ARP?
A. to map a known DLCI to an IP address
B. to map a known IP address to a MAC address
C. to map known SPID to a MACaddress
D. to map a known DLCI to a MAC address
E. to map a known IP address to a SPID.
F. to map a known MAC address to an IP address

Correct Answer: A

QUESTION 172
Refer to the exhibit. For what two reasons has the router loaded its IOS image from the location that is shown?
(Choose two)
Router1> show version
Cisco Internetwork Operating System Software
IOS ™ 7200 Software (C7200-J-M), Experimental Version 11.3tl997091S:1647S2)
[hampton-nitro-baseline 249] Copyright (c) 1986-1997 by cisco Systems, Inc.
Compiled Wed 08-0ct-97 06:39 by hampton
Image text-base: 0×60008900, data-base: 0x60B98000
ROM: System Bootstrap, Version 11.1(11855) [beta 2], INTERIM SOFTWARE
BOOTPLASH: 7200 Software (C7200-BOOT-M), Version 11.1(472), RELEASE SOFTWARE (fcl)
Router1 uptime is 23 hours, 33 minutes
System restarted by abort at PC 0x6022322C at 10:50:SS PDT Tue Oct 21 1997
System image file is “tftp://112.16.1.129/hampton/nitro/c7200-j-mz”
cisco 7206 (NPE150) processor with 57344K/8192K bytes of memory.

Configuration register is 0×2102
A. Router1 has specific boot system command that instruct it to load IOS from TFTP server.
B. Router1 is acting as a TFTP server for other routers.
C. Router1 cannot locate a valid IOS image in flash memory.
D. Router1 defaulted to ROMMON mode and loaded the IOS image from a TFTP server.
E. Cisco routers will first attempt to load a image from TFTP for management purposes.

Correct Answer: AC

QUESTION 174
How is an EUI-64 format interface ID created from a 48-bit MAC address?
A. by appending 0xFF to the MAC address.
B. by prefixing the MAC address with 0xFFEE.
C. by prefixing the MAC address with 0xFF and appending 0xFF to it.
D. by inserting 0xFFFE between the upper three bytes and the lower three bytes of the MAC address
E. by prefixing the MAC address with 0xF and inserting 0xF after each of its first three bytes.

Correct Answer: D

QUESTION 176
Refer to the exhibit. A network technician is asked to design a small network with redundancy. The exhibit
represents this design, with all hosts configured in the same VLAN. What conclusions can be made about this
design?

operation questions

A. The design will function as intended
B. Spanning-tree will need to be used.
C. The router will not accept the addressing scheme.
D. The connection between switches should be a trunk.
E. The router interfaces must be encapsulated with the 802.1Q protocol.

Correct Answer: C

QUESTION 178
Which command displays CPU utilization?
A. show protocols
B. show process
C. show system
D. show version

Correct Answer: B

QUESTION 181
Which command reveals the last method used to powercycle a router?
A. show reload
B. show boot
C. show running-config
D. show version

Correct Answer: D

QUESTION 182
When you are troubleshooting an ACL issue on a router, which command would you use to verify which
interfaces are affected by the ACL?
A. show ip access-lists
B. show access-lists
C. show interface
D. show ip interface
E. list ip interface

Correct Answer: D

Back

EIGRP Questions CCNA 200-120

QUESTION 156
Which type of EIGRP route entry describes a feasible successor?
A. a primary route,stored in the routing table
B. a backup route,stored in the routing table
C. a backup route,stored in the topology table
D. a primary route,stored in the topology table

Correct Answer: C

QUESTION 157
Which Cisco Catalyst feature automatically disables the port in an operational PortFast upon receipt of a
BPDU?
A. BackboneFast
B. UplinkFast
C. Root Guard
D. BPDU Guard
E. BPDU Filter

Correct Answer: D

QUESTION 158

Which two commands correctly verily whether port security has been configured on port FastEthernet 0/12 on a
switch? (Choose two)
A. SW1# show switchport port-security interface FastEthernet 0/12
B. SW1# show switchport port-secure interface FastEthernet 0/12
C. SW1# show port-security interface FastEthernet 0/12
D. SW1# show running-config

Correct Answer: CD

QUESTION 159

Select the action that results from executing these commands:
Switch(config-if)# switchport port-security
Switch(config-if)# switchport port-security mac-address sticky
A. A dynamically learned MAC address is saved in the startup-configuration file.
B. A dynamically learned MAC address is saved in the running-configuration file.
C. A dynamically learned MAC address is saved in the VLAN database.
D. Statically configured MAC addresses are saved in the startup-configuration file if frames from that address
are received.
E. Statically configured MAC addresses are saved in the running-configuration file if frames from that address
are received.

Correct Answer: B

Back

Copyright ©2010 - 2022 Ciscoforall.com | Privacy Policy | Terms & Conditions