ExamTopics Logo
Mail Us[email protected]
Menu
Cisco Discussions
exam questions

Exam 200-301 All Questions

View all questions & answers for the 200-301 exam
Go to Exam

Exam 200-301 topic 1 question 1351 discussion

Actual exam question from Cisco's 200-301
Question #: 1351
Topic #: 1
[All 200-301 Questions]

SIMULATION
-


Guidelines
-

This is a lab item in which tasks will be performed on virtual devices.

• Refer to the Tasks tab to view the tasks for this lab item.
• Refer to the Topology tab to access the device console(s) and perform the tasks.
• Console access is available for all required devices by clicking the device icon or using the tab(s) above the console window.
• All necessary preconfigurations have been applied.
• Do not change the enable password or hostname for any device.
• Save your configurations to NVRAM before moving to the next item.
• Click Next at the bottom of the screen to submit this lab and move to the next question.
• When Next is clicked, the lab doses and cannot be reopened.


Topology
-




Tasks
-

Refer to the topology. All physical cabling is in place. Configure a local user account, a Named ACL (NACL) and security.

1. Configure a local account on Sw101 with telnet access only on virtual ports 0-4. Use the following information:

o Username: netops
o Password: ipsec4all
o Algorithm: "Vigenere"
o Privilege level: Exec mode

2. Configure and apply a single NACL on Sw103 using the following:

o name: ENT_ACL
o Restrict only PC1 on VLAN 10 from pinging PC2
o Allow only PC1 on VLAN 10 to telnet to R1 (172.16.30.2)
o Prevent all other devices from telnetting from VLAN 10
o Allow all other network traffic from VLAN 10

3. Configure security on interface Ethernet 0/0 of Sw102:

o Set the maximum number of secure MAC addresses to two
o Ensure that the port discards the packet, counts the number of violations and sends a syslog message
o Allow secure mac addresses to be learned dynamically

Show Suggested Answer Hide Answer
Suggested Answer:
by matass_md at Aug. 15, 2024, 7:06 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Joshua25
6 months, 1 week ago
For task 3, it shouldn't use sticky, because it requires mac addresses be learned dynamically. If sticky, once the first is learned, it won't be able to learn further addresses.
upvoted 1 times
...
exiledwl
7 months, 3 weeks ago
Task 1) [vigerence means use 'service password-encryption', no cryptokeys/domain cause its telnet not ssh] en conf t username netops password ipsec4all service password-encrption line vty 0 4 login local transport input telnet Task 2) ["restrict only pc1" is worded weird but I believe SnowWhiteYeti is correct and we are meant to use a deny statement] ip access-list extended ENT_ACL deny icmp host 172.16.10.10 host 172.16.20.10 permit tcp host 172.16.10.10 host 172.16.30.2 eq 23 deny tcp any any eq 23 permit ip any any exit int vlan 10 ip acces0gr ENT_ACL in ex Task 3) int e0/0 switchport port-security max 2 sw port-sec violation restrict sw port-sec mac sticky This makes sense to me but let me know your thoughts
upvoted 4 times
MinSun600
3 weeks, 1 day ago
deny icmp host 172.16.10.10 host 172.16.20.10 echo the word of echo should be in the end of the line of the deny icmp
upvoted 1 times
...
Hov13
3 months, 4 weeks ago
for step 1 I think you need the "privilege 15" at the end of the username line username netops password ipsec4all privilege 15 or second line username netops privilege 15 otherwise you just connect to telnet and wont be able to enter the exec mode step 1 is asking o Username: netops o Password: ipsec4all o Algorithm: "Vigenere" --- service password-encryption takes care of this o Privilege level: Exec mode - privilege 15 takes care of this
upvoted 1 times
...
...
SnowWhiteYeti
8 months, 1 week ago
o Restrict only PC1 on VLAN 10 from pinging PC2 If it restricts only PC1, then wouldn't it be: deny icmp host 172.16.10.10 host 172.16.20.10 (instead of permit)?
upvoted 1 times
...
matass_md
9 months, 1 week ago
With Task number 2 , my only problem here if we use SW103 we can't be sure if another PC is added that all requirements are met , plus this looks to me as a router on a stick , the Router changes from VLAN 10 to VLAN 20 , I would put he ACL on subinterface of vlan 10 of the router in . show ip interface brief > see the interface for vlan 10 access-group ENT_ACL in . I do understand that and extended ACL must be put as close to the source as possible and a normal ACL as close to the destination . opinions ?
upvoted 1 times
...
matass_md
9 months, 1 week ago
# Enable encryption for passwords using Vigenère cipher - service password-encryption - this what it means chatGPT did not knew the meaning , I've scouted the internet found the answer then updated chatGPT :)) .
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel