200-101 Icnd2

http://www.ipass4sure.com 200-101 ICND2 Cisco Interconnecting Cisco Networking Devices Part 2 (ICND2) v2.0 http://www.ipass4sure.com/exams.asp?examcode 200-101 The 200-101 practice exam is written and formatted by Certified Senior IT Professionals working in today's prospering companies and data centers all over the world! The 200-101 Practice Test covers all the exam topics and objectives and will prepare you for success quickly and efficiently. The 200-101 exam is very challenging, but with our 200-101 questions and answers practice exam, you can feel confident in obtaining your success on the 200-101 exam on your FIRST TRY! Cisco 200-101 Exam Features - Detailed questions and answers for 200-101 exam - Try a demo before buying any Cisco exam - 200-101 questions and answers, updated regularly - Verified 200-101 answers by Experts and bear almost 100% accuracy - 200-101 tested and verified before publishing - 200-101 exam questions with exhibits - 200-101 same questions as real exam with multiple choice options Acquiring Cisco certifications are becoming a huge task in the field of I.T. More over these exams like 200-101 exam are now continuously updating and accepting this challenge is itself a task. This 200-101 test is an important part of Cisco certifications. We have the resources to prepare you for this. The 200-101 exam is essential and core part of Cisco certifications and once you clear the exam you will be able to solve the real life problems yourself.Want to take advantage of the Real 200-101 Test and save time and money while developing your skills to pass your Cisco 200-101 Exam? Let us help you climb that ladder of success and pass your 200-101 now!

www.ipass4sure.com 200-101 QUESTION: 1 Two iPass4Sure routers are connected together as shown below: m The access list shown should deny all hosts located on network 172.16.1.0, except host 172.16.1.5, from accessing the 172.16.4.0 network. All other networks should be accessible. Which command sequence will correctly apply this access list? Answer: D w w w .ip as s4 su re .co A. iPass4Sure 1(config)#interface fa0/0 iPass4Sure 1(config-if)#ip access-group 10 in B. iPass4Sure 1(config)#interface s0/0 iPass4Sure 1(config-if)#ip access-group 10 out C. iPass4Sure 2(config)#interface fa0/1 iPass4Sure 2(config-if)#ip access-group 10 out D. iPass4Sure 2(config)#interface fa0/0 iPass4Sure 2(config-if)#ip access-group 10 out E. iPass4Sure 2(config)#interface s0/1 iPass4Sure 2(config-if)#ip access-group 10 out Explanation: In order to only deny access to the 172.16.4.0 network while permitting all other access as specified in this question, we need to apply this access list to router iPass4Sure 2, and it must be placed in the outbound direction of interface fa0/0. Applying this access list to any other interface or any other router would result in making other network unreachable from the 172.16.1.0 network, except of course for 172.16.1.5. QUESTION: 2 A network administrator wants to add a line to an access list that will block only Telnet access by the hosts on subnet 192.168.1.128/28 to the server at 192.168.1.5. What command should be issued to accomplish this task? A. access-list 101 deny tcp 192.168.1.128 0.0.0.15 192.168.1.5 0.0.0.0 eq 23 access-list 101 permit ip any any B. access-list 1 deny tcp 192.168.1.128 0.0.0.15 host 192.168.1.5 eq 23 access-list 1 permit ip any any C. access-list 1 deny tcp 192.168.1.128 0.0.0.255 192.168.1.5 0.0.0.0 eq 21 access-list 1 www.ipass4sure.com 245 http://www.iPass4Sure.com

www.ipass4sure.com 200-101 permit ip any any D. access-list 101 deny tcp 192.168.1.128 0.0.0.240 192.168.1.5 0.0.0.0 eq 23 access-list 101 permit ip any any E. access-list 101 deny ip 192.168.1.128 0.0.0.240 192.158.1.5 0.0.0.0 eq 23 access-list 101 permit ip any any F. access-list 101 deny ip 192.168.1.128 0.0.0.15 192.168.1.5 0.0.0.0 eq 23 access-list 101 permit ip any any Answer: A Explanation: Only choice specifies the correct TCT port and wildcard mask, and uses a valid access list number. w .ip as s4 su re .co m Incorrect Answers: B, C. Access list 1 is used for these choices, which is a standard access list. In this example, an extended access list is required. Choice C also specifies port 21, which is used by FTP not Telnet. D, E: These choices use an incorrect wildcard mask of 0.0.0.240. It should be 0.0.0.15 for a /28 subnet. F. IP is specified as the protocol, when it should be TCP. w w QUESTION: 3 You are the network administrator at iPass4Sure. You apply the following access list on the E0 outbound interface connected to the 192.168.1.8/29 LAN: access-list 21 deny tcp 192.168.1.8 0.0.0.7 eq 20 any access-list 21 deny tcp 192.168.1.8 0.0.0.7 eq 21 any What will the effect of this access list be? A. All traffic will be allowed to out of E0 except FTP traffic. B. FTP traffic from 192.168.1.22 to any host will be blocked. C. FTP traffic from 192.168.1.9 to any host will be blocked. D. All traffic will be prevented from leaving E0. E. All FTP traffic to network 192.168.1.9/29 from any host will be blocked. Answer: D Explanation: By default access lists contain an implicit deny statement at the end. In this example there is no permit statement, so it will deny all traffic exiting E0 Interface. Any useful access list must contain at least one permit statement, or everything will be denied. www.ipass4sure.com 246 http://www.iPass4Sure.com

www.ipass4sure.com 200-101 QUESTION: 4 You want to configure an ACL to block only TCP traffic using port 5190 on router CA1 . Which access list statement will block all traffic on this router with a destination TCP port number of 5190 while not affecting other traffic? A. access-list 180 deny ip any eq 5190 any B. access-list 180 deny tcp any any eq 5190 C. access-list 180 deny tcp any eq 5190 D. access-list 180 deny tcp any eq 5190 any E. access-list 180 deny telnet any any 5190 F. None of the above Answer: B w w w .ip as s4 su re .co m Explanation: Creating an extended ACL: These lists are created and applied to an interface as either inbound or outbound packet filters. They are implemented in this format: Access-list [list number] [permit deny] [protocol] [source address] [source-mask] [destination address] [destination-mask] [operator] [port] [log] 1. List Number-A number between 100 and 199 (Think of it as the name of the list.) 2. Permit Deny-Whether to permit or deny this packet of information if conditions match 3. Protocol-Type of protocol for this packet (i.e., IP, ICMP, UDP, TCP, or protocol number) 4. Source Address-Number of the network or host that the packet is from (Use the dotteddecimal format 192.168.1.12 or use the keyword ANY as an abbreviation for an address of 0.0.0.0 255.255.255.255 or use HOST and the dotted-decimal address.) 5. Source Mask-The network mask to use with the source address (Cisco masks are a little different, 0 octet must match exactly; 255 octet is not significant or doesn't matter.) 6. Destination Address-The address that the packet is going to, or ANY 7. Destination Mask-The network mask to use with the destination address (if you specify one) 8. Operator (optional entry)-This applies to TCP or UDP ports only eq equal lt less than gt greater than neq not equal range a range of ports; you must specify two different port numbers est established connections 9. Port (optional entry)-TCP/UDP destination port number or service 10. Log-Whether to log (if logging is enabled) this entry to the console A sample inbound ACL would be: access-list 100 deny ip 10.0.0.0 0.255.255.255 any log access-list 100 deny ip 172.16.0.0 0.15.255.255 any log access-list 100 deny ip 192.168.0.0 0.0.255.255 any log access-list 100 deny ip any host 127.0.0.1 log access-list 100 permit ip any [your network IP address] [your network mask] est access-list 100 deny ip [your network IP address] [your network mask] any log access-list 100 deny tcp any any eq 22222 access-list 100 deny tcp any any range 60000 60020 log access-list 100 deny udp any any eq snmp log access-list 100 permit ip any any www.ipass4sure.com 247 http://www.iPass4Sure.com

www.ipass4sure.com 200-101 Reference: http://articles.techrepublic.com.com/5100-1035 11-1058307.html w Configuration exhibit: w w .ip as s4 su re .co m QUESTION: 5 The iPass4Sure network topology exhibit is shown below: Based on the information shown above, why would the iPass4Sure network administrator configure Router iPass4Sure 1 as shown above? A. To prevent students connected to iPass4Sure 2 from accessing the command prompt of Router iPass4Sure 1 B. To give administrators access to the internet C. To prevent students from accessing the admin network D. To prevent students from accessing the internet E. To give students access to the internet F. To prevent administrators from accessing the console of Router iPass4Sure 1 G. None of the above Answer: A www.ipass4sure.com 248 http://www.iPass4Sure.com

www.ipass4sure.com 200-101 .co m QUESTION: 6 Part of the iPass4Sure network is shown below: w w w .ip as s4 su re In this iPass4Sure network segment, the following ACL was configured on the S0/0 interface of router iPass4Sure 2 in the outbound direction: Access-list 101 deny tcp 192.168.15.32 0.0.0.15 any eq telnet Access-list 101 permit ip any any Based on this onformation which two packets, if routed to the interface, will be denied? (Choose two) A. Source IP address: 192.168.15.5; destination port: 21 B. Source IP Address: 192.168.15.37 destination port: 21 C. Source IP Address: 192.168.15.41 destination port: 21 D. Source IP Address: 192.168.15.36 destination port: 23 E. Source IP Address: 192.168.15.46; destination port: 23 F. Source IP Address: 192.168.15.49 destination port 23 Answer: D, E QUESTION: 7 You want to control all telnet access going through router CA1 . Which one of the access control list statements below will deny all telnet connections to subnet 10.10.1.0/24? A. access-list 15 deny telnet any 10.10.1.0 0.0.0.255 eq 23 B. access-list 115 deny udp any 10.10.1.0 eq telnet C. access-list 15 deny tcp 10.10.1.0 255.255.255.0 eq telnet D. access-list 115 deny tcp any 10.10.1.0 0.0.0.255 eq 23 www.ipass4sure.com 249 http://www.iPass4Sure.com

www.ipass4sure.com 200-101 E. access-list 15 deny udp any 10.10.1.0 255.255.255.0 eq 23 F. None of the above Answer: D Explanation: Telnet uses port TCP port 23. Since we are using source and destination IP address information, an extended access list is required. Extended access lists are access lists in the 100-199 range. Incorrect Answers: A, C, E. These access lists are numbered 15. Standard access lists are numbered 1-99, and in this case an extended access lists is required. B. This access list specifies UDP port 23, and TCP port 23 is the port used by telnet. w .ip as s4 su re .co m QUESTION: 8 You wish to limit telnet access into your iPass4Sure router to only a single host. In order to accomplish this, access list 1 has been written to allow host 172.16.1.224 access to the router vty lines. What command would assign this access- list to the Virtual Terminal Lines? w w A. CA1 (config-line)# ip access-group 1 in B. CA1 (config-line)# access-class 1 in C. CA1 (config-line)# ip access-list 1 in D. CA1 (config-line)# access-line 1 in E. None of the above Answer: B Explanation: To restrict incoming and outgoing connections between a particular vty (into a Cisco device) and the addresses in an access list, use the access-class command in line configuration mode. Example: The following example defines an access list that permits only the host 172.16.1.224 to connect to the virtual terminal ports on the router, as described in this question: access-list 1 permit 172.16.1.224 0.0.0.0line 1 5access-class 1 in QUESTION: 9 The iPass4Sure LAN is depicted below: www.ipass4sure.com 250 http://www.iPass4Sure.com