Valid 200-125 Dumps shared by ExamDiscuss.com for Helping Passing 200-125 Exam! ExamDiscuss.com now offer the newest 200-125 exam dumps, the ExamDiscuss.com 200-125 exam questions have been updated and answers have been corrected get the newest ExamDiscuss.com 200-125 dumps with Test Engine here:
Access 200-125 Dumps Premium Version
(754 Q&As Dumps, 35%OFF Special Discount Code: freecram)
<< Prev Question Next Question >>
Question 133/159
SIMULATION
A corporation want to add security to its network. The requirements are:
- Host C should be able to use a web browser (HTTP) to access the Finance Web Server.
- Other types of access from host C to the Finance Web Server should be blocked.
- All access from hosts in the Core or local LAN to the Finance Web Server should be blocked.
- All hosts in the Core and on local LAN should be able to access the Public Web Server.
You have been tasked to create and apply a numbered access list to a single outbound interface. This access list can contain no more than three statements that meets these requirements.
Access to the router CLI can be gained by clicking on the appropriate host.
1. All passwords have been temporarily set to "cisco".
2. The core connection uses an IP address of 192.168.228.65.
3. The computers in the hosts LAN been assigned addresses of 192.168.40.1 - 192.168.40.254.
- host A 192.168.40.1
- host B 192.168.40.2
- host C 192.168.40.3
- host D 192.168.40.4
4. The Finance Web Server has been assigned an addresses of 172.22.135.17.
5. The Public Web Server in the Server LAN has been assigned an addresses of 172.22.135.18.
Note: - You may need to scroll this window and the problem statement window.
- Click on picture of cost connected to the specified router and select the CiscoTerminal option to configure the router. If you select the wrong host, click on the show topology button and select a different host.
- To access a host, simply click on picture of host that you want to use and configure it. Certain hosts have dotted lines that represent the serial "console" cables.
- The help command does not display all commands of the help system. The help supports the first level of help system and selected lower layers.
A corporation want to add security to its network. The requirements are:
- Host C should be able to use a web browser (HTTP) to access the Finance Web Server.
- Other types of access from host C to the Finance Web Server should be blocked.
- All access from hosts in the Core or local LAN to the Finance Web Server should be blocked.
- All hosts in the Core and on local LAN should be able to access the Public Web Server.
You have been tasked to create and apply a numbered access list to a single outbound interface. This access list can contain no more than three statements that meets these requirements.
Access to the router CLI can be gained by clicking on the appropriate host.
1. All passwords have been temporarily set to "cisco".
2. The core connection uses an IP address of 192.168.228.65.
3. The computers in the hosts LAN been assigned addresses of 192.168.40.1 - 192.168.40.254.
- host A 192.168.40.1
- host B 192.168.40.2
- host C 192.168.40.3
- host D 192.168.40.4
4. The Finance Web Server has been assigned an addresses of 172.22.135.17.
5. The Public Web Server in the Server LAN has been assigned an addresses of 172.22.135.18.
Note: - You may need to scroll this window and the problem statement window.
- Click on picture of cost connected to the specified router and select the CiscoTerminal option to configure the router. If you select the wrong host, click on the show topology button and select a different host.
- To access a host, simply click on picture of host that you want to use and configure it. Certain hosts have dotted lines that represent the serial "console" cables.
- The help command does not display all commands of the help system. The help supports the first level of help system and selected lower layers.
Correct Answer:
See the solution below
Explanation/Reference:
Corp1>enable (you may enter "cisco" as it passwords here)
We should create an access-list and apply it to the interface which is connected to the Server LAN because it can filter out traffic from both Sw-2 and Core networks. The Server LAN network has been assigned addresses of 172.22.242.17 - 172.22.242.30 so we can guess the interface connected to them has an IP address of 172.22.242.30 (.30 is the number shown in the figure). Use the "show running-config" command to check which interface has the IP address of 172.22.242.30.
Corp1#show running-config
We learn that interface FastEthernet0/1 is the interface connected to Server LAN network. It is the interface we will apply our access-list (for outbound direction).
Corp1#configure terminal
Our access-list needs to allow host C - 192.168.33.3 to the Finance Web Server 172.22.242.23 via web (port 80)
Corp1(config)#access-list 100 permit tcp host 192.168.33.3 host 172.22.242.23 eq 80 Deny other hosts access to the Finance Web Server via web
Corp1(config)#access-list 100 deny tcp any host 172.22.242.23 eq 80
All other traffic is permitted
Corp1(config)#access-list 100 permit ip any any
Apply this access-list to Fa0/1 interface (outbound direction)
Corp1(config)#interface fa0/1
Corp1(config-if)#ip access-group 100 out
Notice: We have to apply the access-list to Fa0/1 interface (not Fa0/0 interface) so that the access-list can filter traffic coming from both the LAN and the Core networks. If we apply access list to the inbound interface we can only filter traffic from the LAN network.
In the exam, just click on host C to open its web browser. In the address box type http://172.22.242.23 to check if you are allowed to access Finance Web Server via HTTP or not. If your configuration is correct then you can access it.
Click on other hosts (A, B and D) and check to make sure you can't access Finance Web Server from these hosts.
Finally, save the configuration
Corp1(config-if)#end
Corp1#copy running-config startup-config
(This configuration only prevents hosts from accessing Finance Web Server via web but if this server supports other traffic - like FTP, SMTP... then other hosts can access it, too.) Notice: You might be asked to allow other host (A, B or D) to access the Finance Web Server so please read the requirement carefully.
Some modifications (mods):
Modification 1 (Mod 1):
Modification 2 (Mod 2):
Modification 3 (Mod 3):2
Modification 4 (Mod 4):
* There are some reports about the command of "All hosts in the core and on the local LAN should be able to access the Public web server" saying that the correct command should be "access-list 100 permit ip any any", not "access-list 100 permit ip any host (IP of Public Web Server)". Although I believe the second command is better but maybe you should use the first command "access-list 100 permit ip any any" instead as some reports said they got 100% when using this command (even if the question gives you the IP address of Public Web Server). It is a bug in this sim.
(Note: Don't forget to apply this access list to the suitable interface or you will lose points interface fa0/1
ip access-group 100 out
And in the exam, they may slightly change the requirements, for example host A, host B instead of host
C... so make sure you read the requirement carefully and use the access-list correctly)
Explanation/Reference:
Corp1>enable (you may enter "cisco" as it passwords here)
We should create an access-list and apply it to the interface which is connected to the Server LAN because it can filter out traffic from both Sw-2 and Core networks. The Server LAN network has been assigned addresses of 172.22.242.17 - 172.22.242.30 so we can guess the interface connected to them has an IP address of 172.22.242.30 (.30 is the number shown in the figure). Use the "show running-config" command to check which interface has the IP address of 172.22.242.30.
Corp1#show running-config
We learn that interface FastEthernet0/1 is the interface connected to Server LAN network. It is the interface we will apply our access-list (for outbound direction).
Corp1#configure terminal
Our access-list needs to allow host C - 192.168.33.3 to the Finance Web Server 172.22.242.23 via web (port 80)
Corp1(config)#access-list 100 permit tcp host 192.168.33.3 host 172.22.242.23 eq 80 Deny other hosts access to the Finance Web Server via web
Corp1(config)#access-list 100 deny tcp any host 172.22.242.23 eq 80
All other traffic is permitted
Corp1(config)#access-list 100 permit ip any any
Apply this access-list to Fa0/1 interface (outbound direction)
Corp1(config)#interface fa0/1
Corp1(config-if)#ip access-group 100 out
Notice: We have to apply the access-list to Fa0/1 interface (not Fa0/0 interface) so that the access-list can filter traffic coming from both the LAN and the Core networks. If we apply access list to the inbound interface we can only filter traffic from the LAN network.
In the exam, just click on host C to open its web browser. In the address box type http://172.22.242.23 to check if you are allowed to access Finance Web Server via HTTP or not. If your configuration is correct then you can access it.
Click on other hosts (A, B and D) and check to make sure you can't access Finance Web Server from these hosts.
Finally, save the configuration
Corp1(config-if)#end
Corp1#copy running-config startup-config
(This configuration only prevents hosts from accessing Finance Web Server via web but if this server supports other traffic - like FTP, SMTP... then other hosts can access it, too.) Notice: You might be asked to allow other host (A, B or D) to access the Finance Web Server so please read the requirement carefully.
Some modifications (mods):
Modification 1 (Mod 1):
Modification 2 (Mod 2):
Modification 3 (Mod 3):2
Modification 4 (Mod 4):
* There are some reports about the command of "All hosts in the core and on the local LAN should be able to access the Public web server" saying that the correct command should be "access-list 100 permit ip any any", not "access-list 100 permit ip any host (IP of Public Web Server)". Although I believe the second command is better but maybe you should use the first command "access-list 100 permit ip any any" instead as some reports said they got 100% when using this command (even if the question gives you the IP address of Public Web Server). It is a bug in this sim.
(Note: Don't forget to apply this access list to the suitable interface or you will lose points interface fa0/1
ip access-group 100 out
And in the exam, they may slightly change the requirements, for example host A, host B instead of host
C... so make sure you read the requirement carefully and use the access-list correctly)
- Question List (159q)
- Question 1: Which feature can you implement to reserve bandwidth for VoI...
- Question 2: Refer to the exhibit. (Exhibit) Which three ports will be ST...
- Question 3: Which two of these statements regarding RSTP are correct? (C...
- Question 4: Which two statements about using leased lines for your WAN i...
- Question 5: Instructions: - Enter IOS commands on the device to verify n...
- Question 6: Which command would you configure globally on a Cisco router...
- Question 7: When you enable PortFast on a switch port, the port immediat...
- Question 8: Which two options are valid numbers for a standard access li...
- Question 9: Which three statements about link-state routing are true? (C...
- Question 10: (Exhibit) Refer to the exhibit. What is the metric for the r...
- Question 11: Which function of the IP SLAs ICMP jitter operation can you ...
- Question 12: Which two statements about IPv6 and routing protocols are tr...
- Question 13: While viewing the running configuration of a router, you obs...
- Question 14: What is known as "one-to-nearest" addressing in IPv6?...
- Question 15: Which two statements about data VLANs on access ports are tr...
- Question 16: A router has learned three possible routes that could be use...
- Question 17: Which interface counter can you use to diagnose a duplex mis...
- Question 18: Which HSRP feature was new in HSRPv2?...
- Question 19: Scenario Refer to the topology. Your company has decided to ...
- Question 20: Which three circumstances can cause a GRE tunnel to be in an...
- Question 21: Which two statements about IPv4 multicast traffic are true? ...
- Question 22: Which protocol advertises a virtual IP address to facilitate...
- Question 23: Which command can you enter to display the operational statu...
- Question 24: Which statement about RADIUS security is true?...
- Question 25: Which utility can you use to identify the cause of a traffic...
- Question 26: Which two correctly describe steps in the OSI data encapsula...
- Question 27: (Exhibit) Refer to the exhibit. After you apply the given co...
- Question 28: Which utility can you use to determine whether a switch can ...
- Question 29: In which two formats can the IPv6 address fd15:0db8:0000:000...
- Question 30: Refer to the exhibit. (Exhibit) Each of these four switches ...
- Question 31: What will happen if a private IP address is assigned to a pu...
- Question 32: Under normal operations, Cisco recommends that you configure...
- Question 33: (Exhibit) Refer to the exhibit. You have determined that com...
- Question 34: DRAG DROP Drag the cable type on the left to the purpose for...
- Question 35: Which two spanning-tree port states does RSTP combine to all...
- Question 36: Which command can you enter to configure the switch as an au...
- Question 37: Which VTP mode prevents you from making changes to VLANs?...
- Question 38: You are a junior network engineer for a financial company, a...
- Question 39: Which statement about DHCP snooping is true?...
- Question 40: Which command can you enter to verify that a 128-bit address...
- Question 41: Which two statements about the extended traceroute command a...
- Question 42: You are a junior network engineer for a financial company, a...
- Question 43: If router R1 knows a static route to a destination network a...
- Question 44: Which two steps must you perform to enable router-on-a-stick...
- Question 45: Which three technical services support cloud computing? (Cho...
- Question 46: Which two statements about wireless LAN controllers are true...
- Question 47: Which option is the correct CIDR notation for 192.168.0.0 su...
- Question 48: What are three reasons that an organization with multiple br...
- Question 49: Scenario Refer to the topology. Your company has decided to ...
- Question 50: Which two options describe benefits of aggregated chassis te...
- Question 51: Which function does the IP SLAs ICMP Echo operation perform ...
- Question 52: Instructions: - Enter IOS commands on the device to verify n...
- Question 53: Instructions: - Enter IOS commands on the device to verify n...
- Question 54: Instructions: - Enter IOS commands on the device to verify n...
- Question 55: How does NAT overloading provide one-to-many address transla...
- Question 56: What are two reasons that duplex mismatches can be difficult...
- Question 57: If the primary root bridge experiences a power loss, which s...
- Question 58: (Exhibit) Refer to the exhibit. Which switch provides the sp...
- Question 59: Which statement about Cisco Discovery Protocol is true?...
- Question 60: A network administrator needs to configure port security on ...
- Question 61: Which three statements about DTP are true? (Choose three.)...
- Question 62: What is the purpose of the POST operation on a router?...
- Question 63: Which command can you enter to troubleshoot the failure of a...
- Question 64: Which condition indicates that service password-encryption i...
- Question 65: When troubleshooting client DNS issues, which two tasks must...
- Question 66: In which byte of an IP packet can traffic be marked?...
- Question 67: Instructions: - Enter IOS commands on the device to verify n...
- Question 68: What are two benefits of private IPv4 IP addresses? (Choose ...
- Question 69: Which set of commands is recommended to prevent the use of a...
- Question 70: Which two statements about Ethernet standards are true? (Cho...
- Question 71: Which logging command can enable administrators to correlate...
- Question 72: How many host addresses are available on the network 192.168...
- Question 73: Which switching method duplicates the first six bytes of a f...
- Question 74: Instructions: - Enter IOS commands on the device to verify n...
- Question 75: Which command can you enter to display duplicate IP addresse...
- Question 76: Scenario Refer to the topology. Your company has decided to ...
- Question 77: Which two statements about syslog logging are true? (Choose ...
- Question 78: Which option describes a benefit of a point-to-point leased ...
- Question 79: Which definition of a host route is true?...
- Question 80: Which two EtherChannel PAgP modes can you configure? (Choose...
- Question 81: Which two statements about northbound and southbound APIs ar...
- Question 82: Which two statements about floating static routes are true? ...
- Question 83: Which condition does the err-disabled status indicate on an ...
- Question 84: Which two authentication methods are compatible with MLPPP o...
- Question 85: A network administrator is troubleshooting an EIGRP problem ...
- Question 86: Refer to the exhibit. (Exhibit) All of the routers in the ne...
- Question 87: Which three statements about IPv6 prefixes are true? (Choose...
- Question 88: Which statement about EIGRP on IPv6 devices is true?...
- Question 89: You are a junior network engineer for a financial company, a...
- Question 90: Which two statements about unique local IPv6 addresses are t...
- Question 91: Which command can you enter to view the ports that are assig...
- Question 92: Refer to the exhibit. (Exhibit) Which of these statements co...
- Question 93: Scenario Refer to the topology. Your company has decided to ...
- Question 94: Which command can you enter to block HTTPS traffic from the ...
- Question 95: Which type of device can be replaced by the use of subinterf...
- Question 96: Which statement about SNMPv2 is true?...
- Question 97: Which feature is configured by setting a variance that is at...
- Question 98: Which command enables IPv6 forwarding on a Cisco router?...
- Question 99: Which address prefix does OSPFv3 use when multiple IPv6 addr...
- Question 100: Which three options are switchport configurations that can a...
- Question 101: Which two options are requirements for configuring RIPv2 on ...
- Question 102: Which command can you enter to set the default route for all...
- Question 103: You are a junior network engineer for a financial company, a...
- Question 104: Which command can you enter to determine whether serial inte...
- Question 105: (Exhibit) Refer to the exhibit. If R1 receives a packet dest...
- Question 106: What are three benefits of implementing VLANs? (Choose three...
- Question 107: If you configure syslog messages without specifying the logg...
- Question 108: If all switches are configured with default values, which sw...
- Question 109: Which feature facilitates the tagging of frames on a specifi...
- Question 110: Which Layer 2 protocol encapsulation type supports synchrono...
- Question 111: Refer to the exhibit. (Exhibit) The network administrator no...
- Question 112: Which symptom most commonly indicates that two connecting in...
- Question 113: Scenario Refer to the topology. Your company has decided to ...
- Question 114: (Exhibit) Refer to the exhibit. Which command can you enter ...
- Question 115: Which command can you enter to verify that a BGP connection ...
- Question 116: Which command can you use to test whether a switch supports ...
- Question 117: Which type of routing protocol operates by using first-hand ...
- Question 118: What are three characteristics of the TCP protocol? (Choose ...
- Question 119: Refer to the exhibit. (Exhibit) The two connected ports on t...
- Question 120: For what two purposes does the Ethernet protocol use physica...
- Question 121: To enable router on a stick on a router subinterface, which ...
- Question 122: Which IEEE mechanism is responsible for the authentication o...
- Question 123: Scenario Refer to the topology. Your company has decided to ...
- Question 124: What are the two minimum required components of a DHCP bindi...
- Question 125: Scenario Refer to the topology. Your company has decided to ...
- Question 126: On which type of port can switches interconnect for multi-VL...
- Question 127: Which value indicates the distance from the NTP authoritativ...
- Question 128: (Exhibit) Refer to the exhibit. If RTR01 is configured as sh...
- Question 129: Which type of MAC address is aged automatically by the switc...
- Question 130: Which command can you enter in global configuration mode to ...
- Question 131: (Exhibit) Refer to the exhibit. R1 is unable to establish an...
- Question 132: Which command can you enter to determine whether a switch is...
- Question 133: SIMULATION A corporation want to add security to its network...
- Question 134: Which statement about LLDP is true?...
- Question 135: How does a router handle an incoming packet whose destinatio...
- Question 136: If three devices are plugged into one port on a switch and t...
- Question 137: Instructions: - Enter IOS commands on the device to verify n...
- Question 138: Which statement about VLAN operation on Cisco Catalyst switc...
- Question 139: During which phase of PPPoE is PPP authentication performed?...
- Question 140: Instructions: - Enter IOS commands on the device to verify n...
- Question 141: When an interface is configured with PortFast BPDU guard, ho...
- Question 142: Refer to the exhibit. (Exhibit) The network administrator ca...
- Question 143: Which three commands must you enter to create a trunk that a...
- Question 144: DRAG DROP Refer to the exhibit. Select and Place: (Exhibit)...
- Question 145: Which MAC protocol sets a random timer to reattempt communic...
- Question 146: Which feature builds a FIB and an adjacency table to expedit...
- Question 147: Which two options are benefits of DHCP snooping? (Choose two...
- Question 148: Which functionality does split horizon provide?...
- Question 149: When a router is unable to find a known route in the routing...
- Question 150: Which DTP switch port mode allows the port to create a trunk...
- Question 151: Which step in the router boot process searches for an IOS im...
- Question 152: (Exhibit) Refer to the exhibit. If R1 sends traffic to 192.1...
- Question 153: What is the authoritative source for an address lookup?...
- Question 154: Which port security mode can assist with troubleshooting by ...
- Question 155: Which configuration command can you apply to a HSRP router s...
- Question 156: Which statement about spanning-tree root-bridge election is ...
- Question 157: (Exhibit) Refer to the exhibit. If computer A is sending tra...
- Question 158: Which two protocols can detect native VLAN mismatch errors? ...
- Question 159: (Exhibit) Refer to the exhibit. Which command do you enter s...
