An administrator is trying to ping and telnet from Switch to Router with the results shown below:
For this question we only need to use the show running-config command to answer all the questions below:
Router>enable
Router#show running-config
Question 1
Which will fix the issue and allow ONLY ping to work while keeping telnet disabled?
A. Correctly assign an IP address to interface fa0/1
B. Change the ip access-group command on fa0/0 from “in” to “out”
C. Remove access-group 106 in from interface fa0/0 and add access-group 115 in.
D. Remove access-group 102 out from interface s0/0/0 and add access-group 114 in
E. Remove access-group 106 in from interface fa0/0 and add access-group 104 in
Answer : E
Explanation:
The question was not about FTP so skip line #1 and line #2.
The line #3 denies telnet traffic and line #4 permits icmp-echo traffic.
Line #5 denies echo-reply traffic. If any device pings a device that attached to Fa0/0, the packet will be denied.
Line #6 permits all other traffic.
Question 2:
What would be the effect of issuing the command ip access-group 114 in to the fa0/0 interface?
A. Attempts to telnet to the router would fail
B. It would allow all traffic from the 10.4.4.0 network
C. IP traffic would be passed through the interface but TCP and UDP traffic would not
D. Routing protocol updates for the 10.4.4.0 network would not be accepted from the fa0/0 interface
Answer: B
Explanation:
There is only one command that is associated with access-list 114 and it is access-list 114 permit ip 10.4.4.0 0.0.0.255 any. This command will permit traffic from 10.4.4.0 /24 network.
Question 3:
What would be the effect of issuing the command access-group 115 in on the s0/0/1 interface?
A. No host could connect to Router through s0/0/1
B. Telnet and ping would work but routing updates would fail.
C. FTP, FTP-DATA, echo, and www would work but telnet would fail
D. Only traffic from the 10.4.4.0 network would pass through the interface
Answer: A
Explanation:
The above command will only the IP (0.0.0.0). Also there is no such IP address exists.
The wildcard mask of access-list 115 is 255.255.255.0, means that only host with IP addresses x.x.x.0 will be accepted. If the 4th part of an IP address is 0, then definitely it would be a network address. So no host can communicate with other network using S0/0/1 interface.
But it will accept the packet with source IP address – 10.10.0.0/8. The 4th octet is 0, and is not a network address but a valid IP address. So confusion... confusion... Anyhow other 3 choices (B, C, D) will definitely not the answer and Choice A is closest to the result, So the Answer is A.
Hi!Regarding question 3. The ACL 115 how you wrote it is equal to permit ip any any.It is a WILDCARD not s subnet mask. Thus it is not the source 0.0.0.0 how you said. In this case your logic fails. Rather i would choose d in this case.
ReplyDeleteI have also found the version with access-list 115 permit ip 0.0.0.0 255.255.255.0 any .This would result in host of format x.x.x.0 and for the given topology it will result kinda complicated in answer A.
Any opinions?
Thanks dude. I will correct this bug.
ReplyDeleteSo guys whats the ans for question no 3 ? A or D ?
ReplyDelete@Amir Khan: A. as the wildcard mask is wrongly assigned
ReplyDeleteJust passed This Friday Oct 4. Test Is valid. Thank you.
ReplyDeleteHello Guys I hope you will be fine there.Now New CCNA (200-120) and CCNA security (640-554) Vouchers on special discount of 58% for World wide, with six months expiry date till you purchase. Each voucher cost 70USD.
ReplyDeleteDetails Required For CCNA Voucher For Discount Processing:
1-Full Name. 1st Name & Last Name (as you want to appear on certificate & documents)
2-Country.
3-City.
4-State.
5-Pin Code (or Area Code)
6-Residential Address (or where you can collect your Certificate or further correspondence
can be received)
7-Date of birth
Add me on Skype through this information which is written below:
Skype Name: rockon660
you can also email me at this email address which is written below:
madeelqaiser@gmail.com
If you have any Questions feel free to contact me.
Thanks,
Best regards,
Adeel
can we get the topology in packet tracer format?
ReplyDeleteThanks
ALI
This comment has been removed by a blog administrator.
ReplyDeleteThis comment has been removed by a blog administrator.
ReplyDeleteCorrect Answer is A: A network address cannot be permitted(No match for the access list).
ReplyDeletei had passed my ccna exam with 972/1000 score on 12 feb.
ReplyDeletethe labs were acl1,acl2 and eigrp
acl 1 (same as it is)
eigrp (just change od AS and advertising a network (same as it is) with NO issue about passive interfaces and default network )
acl 2 (with bit modification)
"The task is to create and apply a numbered access-list with no more than three statements that
-> will allow ONLY host A web access to the Finance Web Server.
->All other traffic from A to finance server is denied.
->All traffic from lan servers(B,C,D) and core to the Finance Web Server is denied.
-> All other traffic is permitted to public server.
Alhumdolillah just passed the exam with 931/1000 score. Labs are 100% valid. if anyone have query plz contact aa.usman at skype.
ReplyDeleteat Q1, access-list 102 wouldnt work too?? it does not deny icmp echo and at last permit ip any any..
ReplyDeletehello everybody… im planning to tke the exam nextweek… but i cant hardly understand this LAb can anyone pls elaborate it to me? thanks… i can ping but i cant telnet… tnx in advance… alfechekurt@gmail.com… my email
ReplyDeleteACL1 ACL2 EIGRP
ReplyDeletehttps://www.youtube.com/watch?v=FO3eD6oAIRQ&index=2&list=PLW2Xk7jJ5ZSoFn2G_x0ql_S5AlKvaDaOZ
Any video link is avalilable for thi sim?
ReplyDeletefull ccna exam and dump
ReplyDeletehttps://www.youtube.com/watch?v=Q7cTJsVxebc&list=UUyppZ-pXVGuzXQEq8L8HEhg
kindly sm one tells me....
ReplyDeletewe have to answer with just A b or c?? in this lab?
For question 3 the correct answer is A, "No host could connect to Router through s0/0/1." But the reason is because of the implicit deny all statement at the end of all ACLs. The only other statement for access-list 115 does not have a valid wildcard mask, so it would do nothing.
ReplyDeleteQ1 - why is there a "deny icmp echo replay"? build the lab in packet tracer and got echo replays as usual. what is the purpose for that line?
ReplyDeleteHey Adi..How can i get this vouvher coupon.?
ReplyDeleteHello Guys good news for you that CCNA discounted and Microsoft vouchers are now available. Now New CCNA (200-120) vouchers on special discount of 58% for World wide, with six months expiry date till you purchase.
Details Required For CCNA Voucher For Discount Processing:
1-First Name.
Last Name. (as your name written in your National Identity card)
2-Country.
3-City.
4-State.
5-Pin Code (or Area Code)
6-Residential Address (or where you can collect your Certificate or further correspondence
can be received)
7-Date of birth
Add me on Skype through this information which is written below:
Skype Name: rockon660
you can also email me at this email address which is written below:
madeelqaiser@gmail.com
If you have any Questions feel free to contact me.
Thanks,
Best regards,
Adeel
I hope you can help me
ReplyDeleteRegards
Hi guys, what does the acl 115 mean here,
ReplyDeleteip access-list 115 0.0.0.0 255.255.255.0, is it incorrectly written subnet mask?
IF so, what would happen if 115 was as following,
ip access-list 115 0.0.0.0 0.0.0.255 and it is applied in inbound interface instead?
I am very confused why no host could connect to se0/0/1 when applying acl 115 in question no 3 ?
I would appreciate if someone clarifies me.
thanks in advance.
I passed the written CCNP Routing and Switching 200-120 exam exam by scoring 95%. Most of the questions are from the www.grades4sure.com/200-120-exam-questions.html dumps, though the sequences of choices are changed, so it is better to understand the concepts beforehand and go through the dumps so that you will not be surprised in the exam.
ReplyDeleteI recommended http://www.cisexams.com/200-120-dumps dumps is Valid. I took the test on Monday. 92% questions were from the Cisexams dumps. All questions and answers are valid, You’d better have to understand the technologies.
ReplyDeletePreparation of Cisco CCIE Free 400-101 exam without having dumps is very difficult. If you need to prepare your exam in a easy way then i recommended you to download your exam dumps from Dumps4Download website.
ReplyDeletewatch video and share,
How To Prepare Free Cisco 400-101 Dumps - Dumps4download.com
We have been giving amazing examination guide and readiness material to the majority of our clients for quite a while now. Our dedicated specialists are working enthusiastically to give excellent test guide and concentrate material for the clients who need to pass affirmation tests in a solitary endeavor.
ReplyDeleteCertsmarket
As AN toughened author, teacher, I will offer you facilitate in learning a way to bring home the bacon exam success. I've been through a lot of exams myself, at school, university, through the university and additionally through different distance learning courses. My last 2 results were each distinction, however in class, I had very little clue of however I should be editing, or approaching my exams!
ReplyDeleteDumps4prep
When I could not see any light of hope for the preparation of Cisco 400-101 study guide then my friend was there to suggest me to use real 400-101 exam dumps guide. This guide proved to be a really useful source of preparation. All the students can achieve success in their IT exam by training at DumpsSure.com.
ReplyDelete# 100% Passing Guarantee of 200-101 Exam
# 90 Days Free Updates of 200-101 Exam
# Full Money Back Guarantee on 200-101 Exam
Discount Offer! Use this Coupon Code to get 20% OFF ( Off20 )
HOT EXAMS
AZ-300 Dumps
HPE6-A67 Dumps
220-702 Dumps
SCS-C01 Dumps
AZ-100 Dumps
A00-240 Dumps
JK0-023 Dumps
300-370 Dumps
700-505 Dumps
1V0-605 Dumps
PMI-100 Dumps
2020 Latest DumpsSure Real Exam Dumps (PDF) Instant Download:
https://www.dumpssure.com