ExamTopics Logo
Mail Us[email protected]
Menu
Cisco Discussions
exam questions

Exam 200-301 All Questions

View all questions & answers for the 200-301 exam
Go to Exam

Exam 200-301 topic 1 question 568 discussion

Actual exam question from Cisco's 200-301
Question #: 568
Topic #: 1
[All 200-301 Questions]

R1 as an NTP server must have:
✑ NTP authentication enabled
✑ NTP packets sourced from Interface loopback 0
✑ NTP stratum 2
✑ NTP packets only permitted to client IP 209.165.200.225
How should R1 be configured?

  • A. ntp authenticate ntp authentication-key 2 sha1 CISCO123 ntp source Loopback0 ntp access-group server-only 10 ntp master 2 ! access-list 10 permit udp host 209.165.200.225 any eq 123
  • B. ntp authenticate ntp authentication-key 2 md5 CISCO123 ntp interface Loopback0 ntp access-group server-only 10 ntp stratum 2 ! access-list 10 permit 209.165.200.225
  • C. ntp authenticate ntp authentication-key 2 md5 CISCO123 ntp source Loopback0 ntp access-group server-only 10 ntp master 2 ! access-list 10 permit 209.165.200.225
  • D. ntp authenticate ntp authentication-key 2 md5 CISCO123 ntp source Loopback0 ntp access-group server-only 10 ntp stratum 2 ! access-list 10 permit udp host 209.165.200.225 any eq 123
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by iGlitch at May 31, 2022, 11:47 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
splashy
Highly Voted 2 years, 9 months ago
C seems correct, its an acl question. 10 is standard acl number so A and D are wrong cause they are extended acls. NTP Master 2 makes the router an ntp server with stratum lvl 2.
upvoted 21 times
AbdullahMohammad251
1 year, 5 months ago
Also since the NTP access group is set to server-only, time requests are allowed only from a device whose IP address passes the access list criteria.
upvoted 1 times
...
...
oatmealturkey
Highly Voted 2 years, 2 months ago
Selected Answer: C
It cannot be D because stratum is not a valid command.
upvoted 7 times
...
3040636
Most Recent 7 months, 3 weeks ago
C is the correct answer. In D configuration of startum value is wrong.
upvoted 1 times
...
schmidt97
9 months, 3 weeks ago
D is correct NTP uses UDP port 514
upvoted 2 times
...
BTK0311
12 months ago
NTP stratus is NOT a valid cisco command. NTP master [stratum level]
upvoted 1 times
...
[Removed]
1 year, 1 month ago
Selected Answer: C
C is correct ntp master 2 is the right configuration.
upvoted 1 times
...
[Removed]
1 year, 4 months ago
Selected Answer: C
NTP does not support extended ACLs when using the "ntp access-group" command. It also does not need an extended access list; the fact that it's configured on a per-protocol basis means that the implicit deny only applies to NTP anyway. https://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus9000/sw/93x/system-management/b-cisco-nexus-9000-series-nx-os-system-management-configuration-guide-93x/b-cisco-nexus-9000-series-nx-os-system-management-configuration-guide-93x_chapter_0101.html
upvoted 3 times
...
Nmk3216
1 year, 5 months ago
C is correct. standard access lists do not specifically filter by protocol.
upvoted 2 times
yass40
1 year, 5 months ago
But they have missed the word "host" or the wildcard mask (0.0.0.0) in the ACL: access-list 10 permit 209.165.200.225
upvoted 1 times
...
...
[Removed]
1 year, 7 months ago
Selected Answer: C
ntp master command is correct but ntp stratum command is not
upvoted 3 times
...
Elmasquentona963
1 year, 7 months ago
Selected Answer: C
ntp master <stratum-level> global configuration command is the correct way to set the stratum value.
upvoted 2 times
...
sijan
2 years, 1 month ago
C should be correct
upvoted 2 times
...
iampogiian
2 years, 4 months ago
Letter C ang sagot
upvoted 2 times
...
Aiman_Abdullah
2 years, 6 months ago
try to login to any router, i think we cannot insert any stratum 2 , only master 2 can. and for ntp access-group server-only 10,, i should serve-only 10.. anyway Answer is C. agree with MDK94
upvoted 3 times
...
splashy
2 years, 7 months ago
Selected Answer: C
explained below
upvoted 4 times
...
beskardrip
2 years, 10 months ago
Selected Answer: D
Pretty sure its D because it says Only NTP packets are allowed and on the access list command on D it specifies only allow traffic on port 123.
upvoted 1 times
RougePotatoe
2 years, 6 months ago
D has the command NTP stratum 2 (not a real command) it is suppose to be ntp master 2
upvoted 6 times
...
alejandro12
2 years, 5 months ago
Its not d, because the access list 10 is standar and cannot configure ports on this
upvoted 5 times
...
...
MDK94
2 years, 10 months ago
Note ntp access-group serve-only is the correct command not server-only, but its incorrect on every answer so it shouldn't matter. Source: https://www.cisco.com/c/en/us/td/docs/routers/crs/software/crs_r4-0/system_management/command/reference/yr40crs_chapter10.html#wp1797670550:~:text=Allows%20only%20time%20requests. A. Incorrect because sha1 isn't used for NTP authentication, must be MD5 ntp authenticate ntp authentication-key 2 sha1 CISCO123 ntp source Loopback0 ntp access-group server-only 10 ntp master 2 access-list 10 permit udp host 209.165.200.225 any eq 123
upvoted 3 times
MDK94
2 years, 10 months ago
B. Incorrect because it isn't using the NTP source command (uses ntp interface Loopback0) instead ntp authenticate ntp authentication-key 2 md5 CISCO123 ntp interface Loopback0 ntp access-group server-only 10 ntp stratum 2 access-list 10 permit 209.165.200.225
upvoted 3 times
MDK94
2 years, 10 months ago
Both C and D are correct answers in my opinion, the only difference is that the access-list is more granular for D, meaning C is probably the best option. C. ntp authenticate ntp authentication-key 2 md5 CISCO123 ntp source Loopback0 ntp access-group server-only 10 ntp master 2 access-list 10 permit 209.165.200.225 D. ntp authenticate ntp authentication-key 2 md5 CISCO123 ntp source Loopback0 ntp access-group server-only 10 ntp stratum 2 access-list 10 permit udp host 209.165.200.225 any eq 123
upvoted 4 times
MDK94
2 years, 10 months ago
Granularity of the ACL shouldn't be required as the acl is being applied to "serve-only" aka only allow time requests Source: https://www.cisco.com/c/en/us/td/docs/routers/crs/software/crs_r4-0/system_management/command/reference/yr40crs_chapter10.html#wp1797670550:~:text=Allows%20only%20time%20requests.
upvoted 2 times
MDK94
2 years, 10 months ago
I just realised, its 100% C because the access-list 10 is a standard access-list, meaning that specifying the protocol (udp) and destination address as any with the eq port number wouldn't be allowed. C is the correct answer 100%
upvoted 6 times
ratu68
2 years, 10 months ago
Good Catch !
upvoted 3 times
...
...
...
BOFA
2 years, 9 months ago
you got a point but there is something pops up on my mind the acl command is using standard numbered acl which ranges between 1 to 99 and as i studied the standard use only source ip so correct me if im wrong
upvoted 2 times
...
...
...
...
iGlitch
2 years, 11 months ago
I thought the question is about NTP, but it's NOT.
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago