R1 as an NTP server must have: ✑ NTP authentication enabled ✑ NTP packets sourced from Interface loopback 0 ✑ NTP stratum 2 ✑ NTP packets only permitted to client IP 209.165.200.225 How should R1 be configured?
C seems correct, its an acl question.
10 is standard acl number so A and D are wrong cause they are extended acls.
NTP Master 2 makes the router an ntp server with stratum lvl 2.
try to login to any router, i think we cannot insert any stratum 2 , only master 2 can. and for ntp access-group server-only 10,, i should serve-only 10.. anyway Answer is C. agree with MDK94
Note ntp access-group serve-only is the correct command not server-only, but its incorrect on every answer so it shouldn't matter.
Source: https://www.cisco.com/c/en/us/td/docs/routers/crs/software/crs_r4-0/system_management/command/reference/yr40crs_chapter10.html#wp1797670550:~:text=Allows%20only%20time%20requests.
A. Incorrect because sha1 isn't used for NTP authentication, must be MD5
ntp authenticate
ntp authentication-key 2 sha1 CISCO123
ntp source Loopback0
ntp access-group server-only 10
ntp master 2
access-list 10 permit udp host 209.165.200.225 any eq 123
Both C and D are correct answers in my opinion, the only difference is that the access-list is more granular for D, meaning C is probably the best option.
C.
ntp authenticate
ntp authentication-key 2 md5 CISCO123
ntp source Loopback0
ntp access-group server-only 10
ntp master 2
access-list 10 permit 209.165.200.225
D.
ntp authenticate
ntp authentication-key 2 md5 CISCO123
ntp source Loopback0
ntp access-group server-only 10
ntp stratum 2
access-list 10 permit udp host 209.165.200.225 any eq 123
Granularity of the ACL shouldn't be required as the acl is being applied to "serve-only" aka only allow time requests
Source: https://www.cisco.com/c/en/us/td/docs/routers/crs/software/crs_r4-0/system_management/command/reference/yr40crs_chapter10.html#wp1797670550:~:text=Allows%20only%20time%20requests.
I just realised, its 100% C because the access-list 10 is a standard access-list, meaning that specifying the protocol (udp) and destination address as any with the eq port number wouldn't be allowed.
C is the correct answer 100%
you got a point but there is something pops up on my mind the acl command is using standard numbered acl which ranges between 1 to 99 and as i studied the standard use only source ip so correct me if im wrong
I thought the question is about NTP, but it's NOT.
upvoted 1 times
...
This section is not available anymore. Please use the main Exam Page.200-301 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
splashy
Highly Voted 2 years, 12 months agoAbdullahMohammad251
1 year, 8 months agooatmealturkey
Highly Voted 2 years, 5 months ago3040636
Most Recent 10 months, 1 week agoschmidt97
1 year agoBTK0311
1 year, 2 months agoNmk3216
1 year, 8 months agoyass40
1 year, 8 months agoElmasquentona963
1 year, 10 months agosijan
2 years, 4 months agoiampogiian
2 years, 7 months agoAiman_Abdullah
2 years, 9 months agosplashy
2 years, 10 months agobeskardrip
3 years agoRougePotatoe
2 years, 8 months agoalejandro12
2 years, 8 months agoMDK94
3 years agoMDK94
3 years agoMDK94
3 years agoMDK94
3 years agoMDK94
3 years agoratu68
3 years agoBOFA
2 years, 12 months agoiGlitch
3 years, 1 month ago