PArt 4 Flashcards
Assuming the WLC’s interfaces are not in the same subnet as the RADIUS server, which interface would the WLC use as the source for all RADIUS-related traffic?
A. the controller management interface
B. the controller virtual interface
C. the interface specified on the WLAN configuration
D. any interface configured on the WLC
C. the interface specified on the WLAN configuration
An engineer must deny Telnet traffic from the loopback interface of router R3 to the loopback interface of router R2 during the weekend hours. All other traffic between the loopback interfaces of routers R3 and R2 must be allowed at all times.
Which command set accomplishes this task?
A. R3(config)#time-range WEEKEND R3(config-time-range)#periodic Saturday Sunday 00:00 to 23:59 R3(config)#access-list 150 deny tcp host 10.3.3.3 host 10.2.2.2 eq 23 time-range WEEKEND R3(config)#access-list 150 permit ip any any time-range WEEKEND R3(config)#interface G0/1 R3(config-if)#ip access-group 150 out
B. R1(config)#time-range WEEKEND R1(config-time-range)#periodic weekend 00:00 to 23:59 R1(config)#access-list 150 deny tcp host 10.3.3.3 host 10.2.2.2 eq 23 time-range WEEKEND R1(config)#access-list 150 permit ip any any R1(config)#interface G0/1 R1(config-if)#ip access-group 150 in
C. R3(config)#time-range WEEKEND R3(config-time-range)#periodic weekend 00:00 to 23:59 R3(config)#access-list 150 permit tcp host 10.3.3.3 host 10.2.2.2 eq 23 time-range WEEKEND R3(config)#access-list 150 permit ip any any time-range WEEKEND R3(config)#interface G0/1 R3(config-if)#ip access-group 150 out
D. R1(config)#time-range WEEKEND R1(config-time-range)#periodic Friday Sunday 00:00 to 00:00 R1(config)#access-list 150 deny tcp host 10.3.3.3 host 10.2.2.2 eq 23 time-range WEEKEND R1(config)#access-list 150 permit ip any any R1(config)#interface G0/1 R1(config-if)#ip access-group 150 in
B. R1(config)#time-range WEEKEND R1(config-time-range)#periodic weekend 00:00 to 23:59 R1(config)#access-list 150 deny tcp host 10.3.3.3 host 10.2.2.2 eq 23 time-range WEEKEND R1(config)#access-list 150 permit ip any any R1(config)#interface G0/1 R1(config-if)#ip access-group 150 in
Refer to the exhibit. PC-1 must access the web server on port 8080. To allow this traffic, which statement must be added to an access control list that is applied on
SW2 port G0/0 in the inbound direction?
A. permit tcp host 172.16.0.2 host 192.168.0.5 eq 8080
B. permit tcp host 192.168.0.5 host 172.16.0.2 eq 8080
C. permit tcp host 192.168.0.5 eq 8080 host 172.16.0.2
D. permit tcp host 192.168.0.5 lt 8080 host 172.16.0.2
A. permit tcp host 172.16.0.2 host 192.168.0.5 eq 8080
Refer to the exhibit. An engineer must create a configuration that executes the show run command and then terminates the session when user CCNP logs in.
Which configuration change is required?
A. Add the access-class keyword to the username command.
B. Add the autocommand keyword to the aaa authentication command.
C. Add the access-class keyword to the aaa authentication command.
D. Add the autocommand keyword to the username command.
D. Add the autocommand keyword to the username command.
Refer to the exhibit. An engineer configures CoPP and enters the show command to verify the implementation. What is the result of the configuration?
A. All traffic will be policed based on access-list 120.
B. If traffic exceeds the specified rate, it will be transmitted and remarked.
C. Class-default traffic will be dropped.
D. ICMP will be denied based on this configuration.
A. All traffic will be policed based on access-list 120.
What is the effect of this configuration?
A. The device will allow users at 192.168.0.202 to connect to vty lines 0 through 4 using the password ciscotestkey.
B. The device will authenticate all users connecting to vty lines 0 through 4 against TACACS+.
C. The device will allow only users at 192.168.0.202 to connect to vty lines 0 through 4.
D. When users attempt to connect to vty lines 0 through 4, the device will authenticate them against TACACS+ if local authentication fails.
B. The device will authenticate all users connecting to vty lines 0 through 4 against TACACS+.
DRAG DROP -
An engineer creates the configuration below. Drag and drop the authentication methods from the left into the order of priority on the right. Not all options are used.
R1#sh run | i aaa -
aaa new-model
aaa authentication login default group ACE group AAA_RADIUS local-case aaa session-id common
R1#
Select and Place:
Refer to the exhibit.
An engineer must modify the access control list EGRESS to allow all IP traffic from subnet 10.1.10.0/24 to 10.1.2.0/24. The access control list is applied in the outbound direction on router interface GigabitEthernet 0/1.
Which configuration command set will allow this traffic without disrupting existing traffic flows?
(Should be 2 pics here)
Which configuration restricts the amount of SSH traffic that a router accepts to 100 kbps?
Refer to the exhibit. What step resolves the authentication issue?
A. use basic authentication
B. change the port to 12446
C. target 192.168.100.82 in the URI
D. restart the vsmart host
D. restart the vsmart host
Security policy requires all idle exec sessions to be terminated in 600 seconds.
Which configuration achieves this goal?
A. line vty 0 15 absolute-timeout 600
B. line vty 0 15 no exec-timeout
C. line vty 0 15 exec-timeout 10 0
D. line vty 0 4 exec-timeout 600
C. line vty 0 15 exec-timeout 10 0
An engineer must block all traffic from a router to its directly connected subnet 209.165.200.0/24. The engineer applies access control list EGRESS in the outbound direction on the GigabitEthernet0/0 interface of the router. However, the router can still ping hosts on the 209.165.200.0/24 subnet.
Which explanation of this behavior is true?
A. Access control lists that are applied outbound to a router interface do not affect traffic that is sourced from the router.
B. After an access control list is applied to an interface, that interface must be shut and no shut for the access control list to take effect.
C. Only standard access control lists can block traffic from a source IP address.
D. The access control list must contain an explicit deny to block traffic from the router.
A. Access control lists that are applied outbound to a router interface do not affect traffic that is sourced from the router.