web analytics

High Quality Cisco 200-120 Questions and Answers Verified By Experts Ensure Your Exam Pass (91-100)

A network administrator is configuring ACLs on a Cisco router, to allow traffic from hosts on networks,,, and only. Which two ACL statements, when combined, would you use to accomplish this task? (Choose two.)

A.    access-list 10 permit ip
B.    access-list 10 permit ip
C.    access-list 10 permit ip
D.    access-list 10 permit ip
E.    access-list 10 permit ip
F.    access-list 10 permit ip

Answer: AC
access-list 10 permit ip will include the and subnets, while access-list 10 permit ip will include

What can be done to secure the virtual terminal interfaces on a router? (Choose two.)

A.    Administratively shut down the interface.
B.    Physically secure the interface.
C.    Create an access list and apply it to the virtual terminal interfaces with the access-group command.
D.    Configure a virtual terminal password and login process.
E.    Enter an access list and apply it to the virtual terminal interfaces using the access-class command.

Answer: DE
It is a waste to administratively shut down the interface. Moreover, someone can still access the virtual terminal interfaces via other interfaces ->
We can not physically secure a virtual interface because it is “virtual” -> To apply an access list to a virtual terminal interface we must use the “access-class” command. The “access-group” command is only used to apply an access list to a physical interface -> C is not correct.
The most simple way to secure the virtual terminal interface is to configure a username & password to prevent unauthorized login.

Which two commands correctly verify whether port security has been configured on port FastEthernet 0/12 on a switch? (Choose two.)

A.    SW1#show port-secure interface FastEthernet 0/12
B.    SW1#show switchport port-secure interface FastEthernet 0/12
C.    SW1#show running-config
D.    SW1#show port-security interface FastEthernet 0/12
E.    SW1#show switchport port-security interface FastEthernet 0/12

Answer: CD

What will be the result if the following configuration commands are implemented on a Cisco switch? Switch(config-if)# switchport port-security
Switch(config-if)# switchport port-security mac-address sticky

A.    A dynamically learned MAC address is saved in the startup-configuration file.
B.    A dynamically learned MAC address is saved in the running-configuration file.
C.    A dynamically learned MAC address is saved in the VLAN database.
D.    Statically configured MAC addresses are saved in the startup-configuration file if frames from that address are received.
E.    Statically configured MAC addresses are saved in the running-configuration file if frames from that address are received.

Answer: B
In the interface configuration mode, the command switchport port-security mac-address sticky enables sticky learning. When entering this command, the interface converts all the dynamic secure MAC addresses to sticky secure MAC addresses.

The network administrator cannot connect to Switch1 over a Telnet session, although the hosts attached to Switch1 can ping the interface Fa0/0 of the router. Given the information in the graphic and assuming that the router and Switch2 are configured properly, which of the following commands should be issued on Switch1 to correct this problem?

A.    Switch1(config)# line con0
Switch1(config-line)# password cisco
B.    Switch1(config)# interface fa0/1
Switch1(config-if)# ip address
C.    Switch1(config)# ip default-gateway
D.    Switch1(config)# interface fa0/1
Switch1(config-if)# duplex full
Switch1(config-if)# speed 100
E.    Switch1(config)# interface fa0/1
Switch1(config-if)# switchport mode trunk

Answer: C
Since we know hosts can reach the router through the switch, we know that connectivity, duplex. Speed, etc. are good. However, for the switch itself to reach networks outside the local one, the ip default-gateway command must be used.



A router has two Fast Ethernet interfaces and needs to connect to four VLANs in the local network. How can you accomplish this task, using the fewest physical interfaces and without decreasing network performance?

A.    Use a hub to connect the four VLANS with a Fast Ethernet interface on the router.
B.    Add a second router to handle the VLAN traffic.
C.    Add two more Fast Ethernet interfaces.
D.    Implement a router-on-a-stick configuration.

Answer: D
A router on a stick allows you to use sub-interfaces to create multiple logical networks on a single physical interface.

A network administrator is trying to add a new router into an established OSPF network. The networks attached to the new router do not appear in the routing tables of the other OSPF routers. Given the information in the partial configuration shown below, what configuration error is causing this problem?
Router(config)# router ospf 1
Router(config-router)# network area 0

A.    The process id is configured improperly.
B.    The OSPF area is configured improperly.
C.    The network wildcard mask is configured improperly.
D.    The network number is configured improperly.
E.    The AS is configured improperly.
F.    The network subnet mask is configured improperly.

Answer: C
When configuring OSPF, the mask used for the network statement is a wildcard mask similar to an access list. In this specific example, the correct syntax would have been “network area 0.”

Which Cisco Catalyst feature automatically disables the port in an operational PortFast upon receipt of a BPDU?

A.    BackboneFast
B.    UplinkFast
C.    Root Guard
D.    BPDU Guard
E.    BPDU Filter

Answer: D
We only enable PortFast feature on access ports (ports connected to end stations). But if someone does not know he can accidentally plug that port to another switch and a loop may occur when BPDUs are being transmitted and received on these ports. With BPDU Guard, when a PortFast receives a BPDU, it will be shut down to prevent a loop.

When you are troubleshooting an ACL issue on a router, which command would you use to verify which interfaces are affected by the ACL?

A.    show ip access-lists
B.    show access-lists
C.    show interface
D.    show ip interface
E.    list ip interface

Answer: D
Incorrect answer:
show ip access-lists does not show interfaces affected by an ACL.

Cisco Catalyst switches CAT1 and CAT2 have a connection between them using ports FA0/13. An 802.1Q trunk is configured between the two switches. On CAT1, VLAN 10 is chosen as native, but on CAT2 the native VLAN is not specified. What will happen in this scenario?

A.    802.1Q giants frames could saturate the link.
B.    VLAN 10 on CAT1 and VLAN 1 on CAT2 will send untagged frames.
C.    A native VLAN mismatch error message will appear.
D.    VLAN 10 on CAT1 and VLAN 1 on CAT2 will send tagged frames.

Answer: C
A “native VLAN mismatch” error will appear by CDP if there is a native VLAN mismatch on an 802.1Q link. “VLAN mismatch” can cause traffic from one vlan to leak into another vlan.

High Quality Cisco 200-120 Questions and Answers Verified By Experts Ensure Your Exam Pass