Cisco 640-802 Actual Free Exam Questions & Community Discussion
CORRECT TEXT
A network associate is adding security to the configuration of the Corp1 router. The user on host C should be able to use a web browser to access financial information from the Finance Web Server. No other hosts from the LAN nor the Core should be able to use a web browser to access this server. Since there are multiple resources for the corporation at this location including other resources on the Finance Web Server, all other traffic should be allowed.
The task is to create and apply an access-list with no more than three statements that will allow ONLY host C web access to the Finance Web Server. No other hosts will have web access to the Finance Web Server. All other traffic is permitted.
Access to the router CLI can be gained by clicking on the appropriate host.
All passwords have been temporarily set to "cisco". The Core connection uses an IP address of 198.18.196.65 The computers in the Hosts LAN have been assigned addresses of 192.168.33.1
192.168.33.254 Host A 192.168.33.1 Host B 192.168.33.2 Host C 192.168.33.3 Host D 192.168.33.4
The servers in the Server LAN have been assigned addresses of 172.22.242.17 - 172.22.242.30 The Finance Web Server is assigned an IP address of 172.22.242.23.
A network associate is adding security to the configuration of the Corp1 router. The user on host C should be able to use a web browser to access financial information from the Finance Web Server. No other hosts from the LAN nor the Core should be able to use a web browser to access this server. Since there are multiple resources for the corporation at this location including other resources on the Finance Web Server, all other traffic should be allowed.
The task is to create and apply an access-list with no more than three statements that will allow ONLY host C web access to the Finance Web Server. No other hosts will have web access to the Finance Web Server. All other traffic is permitted.
Access to the router CLI can be gained by clicking on the appropriate host.
All passwords have been temporarily set to "cisco". The Core connection uses an IP address of 198.18.196.65 The computers in the Hosts LAN have been assigned addresses of 192.168.33.1
192.168.33.254 Host A 192.168.33.1 Host B 192.168.33.2 Host C 192.168.33.3 Host D 192.168.33.4
The servers in the Server LAN have been assigned addresses of 172.22.242.17 - 172.22.242.30 The Finance Web Server is assigned an IP address of 172.22.242.23.
Correct Answer:
the console on Corp1 router Configuring ACL Corp1>enable Corp1#configure terminal comment: To permit only Host C (192.168.33.3){source addr} to access finance server address
(172.22.242.23) {destination addr} on port number 80 (web) Corp1(config)#access-list 100 permit tcp host 192.168.33.3 host 172.22.242.23 eq 80 comment: To deny any source to access finance server address (172.22.242.23) {destination addr} on port number 80 (web) Corp1(config)#access-list 100 deny tcp any host 172.22.242.23 eq 80 comment: To permit ip protocol from any source to access any destination because of the implicit deny any any statement at the end of ACL. Corp1(config)#access-list 100 permit ip any any Applying the ACL on the Interface comment: Check show ip interface brief command to identify the interface type and number by checking the IP address configured. Corp1(config)#interface fa 0/1 If the ip address configured already is incorrect as well as the subnet mask. This should be corrected in order ACL to work type this commands at interface mode: no ip address 192.x.x.x
255.x.x.x (removes incorrect configured ipaddress and subnet mask)
Configure Correct IP Address and subnet mask :
ip address 172.22.242.30 255.255.255.240 ( range of address specified going to server is given as
172.22.242.17 - 172.22.242.30 )
comment: Place the ACL to check for packets going outside the interface towards the finance web
server.
Corp1(config-if)#ip access-group 100 out
Corp1(config-if)#end
Important: To save your running config to startup before exit.
Corp1#copy running-config startup-config
Verifying the Configuration :
Step1: show ip interface brief command identifies the interface on which to apply access list.
Step2: Click on each host A, B, C & D . Host opens a web browser page , Select address box of
the web browser and type the ip address of finance web server(172.22.242.23) to test whether it
permits /deny access to the finance web Server .
Step 3: Only Host C (192.168.33.3) has access to the server . If the other host can also access
then maybe something went wrong in your configuration . check whether you configured correctly
and in order.
Step 4: If only Host C (192.168.33.3) can access the Finance Web Server you can click on NEXT
button to successfully submit the ACL SIM.
(172.22.242.23) {destination addr} on port number 80 (web) Corp1(config)#access-list 100 permit tcp host 192.168.33.3 host 172.22.242.23 eq 80 comment: To deny any source to access finance server address (172.22.242.23) {destination addr} on port number 80 (web) Corp1(config)#access-list 100 deny tcp any host 172.22.242.23 eq 80 comment: To permit ip protocol from any source to access any destination because of the implicit deny any any statement at the end of ACL. Corp1(config)#access-list 100 permit ip any any Applying the ACL on the Interface comment: Check show ip interface brief command to identify the interface type and number by checking the IP address configured. Corp1(config)#interface fa 0/1 If the ip address configured already is incorrect as well as the subnet mask. This should be corrected in order ACL to work type this commands at interface mode: no ip address 192.x.x.x
255.x.x.x (removes incorrect configured ipaddress and subnet mask)
Configure Correct IP Address and subnet mask :
ip address 172.22.242.30 255.255.255.240 ( range of address specified going to server is given as
172.22.242.17 - 172.22.242.30 )
comment: Place the ACL to check for packets going outside the interface towards the finance web
server.
Corp1(config-if)#ip access-group 100 out
Corp1(config-if)#end
Important: To save your running config to startup before exit.
Corp1#copy running-config startup-config
Verifying the Configuration :
Step1: show ip interface brief command identifies the interface on which to apply access list.
Step2: Click on each host A, B, C & D . Host opens a web browser page , Select address box of
the web browser and type the ip address of finance web server(172.22.242.23) to test whether it
permits /deny access to the finance web Server .
Step 3: Only Host C (192.168.33.3) has access to the server . If the other host can also access
then maybe something went wrong in your configuration . check whether you configured correctly
and in order.
Step 4: If only Host C (192.168.33.3) can access the Finance Web Server you can click on NEXT
button to successfully submit the ACL SIM.
An administrator must assign static IP addresses to the servers in a network. For network 192.168.20.24/29, the router is assigned the first usable host address while the sales server is given the last usable host address. Which of the following should be entered into the IP properties box for the sales server?
Correct Answer: D
Vote an answer
Refer to the exhibit. What statement is true of the configuration for this network?
Based on the information shown above, Which of the following correctly describe the configuration for this network?
Based on the information shown above, Which of the following correctly describe the configuration for this network?
Correct Answer: A
Vote an answer
Which two topologies are using the correct type of twisted-pair cables? (Choose two.)
Correct Answer: B,D
Vote an answer
Explanation: Only visible for EduDump members. You can sign-up / login (it's free).
The network administrator has asked you to check the status of the workstation's IP stack by pinging the loopback address. Which address would you ping to perform this task?
Correct Answer: C
Vote an answer
Two switches are connected through a trunk link. Which two commands show that there is a native VLAN mismatch on that link? (Choose two)
Correct Answer: E,G
Vote an answer
Which two addresses can be assigned to a host with a subnet mask of 255.255.254.0? (Choose two.)
Correct Answer: B,C
Vote an answer
Which parameter can be tuned to affect the selection of a static route as a backup, when a dynamic protocol is also being used?
Correct Answer: D
Vote an answer
An administrator would like to configure a switch over a virtual terminal connection from locations outside of the local LAN. Which of the following are required in order for the switch to be configured from a remote location? (Choose two.)
Correct Answer: A,E
Vote an answer
Which three of these statements regarding 802.1 Q trunking are correct? (Choose three.)
Correct Answer: A,D,E
Vote an answer
Explanation: Only visible for EduDump members. You can sign-up / login (it's free).
Refer to the exhibit. Which WAN protocol is being used?
Correct Answer: D
Vote an answer
Explanation: Only visible for EduDump members. You can sign-up / login (it's free).
At which layer of the OSI model is RSTP used to prevent loops?
Correct Answer: A
Vote an answer
If all OSPF routers in a single area are configured with the same priority value, what value does a router use for the OSPF router ID in the absence of a loopback interface?
Correct Answer: B
Vote an answer
Explanation: Only visible for EduDump members. You can sign-up / login (it's free).
0
0
0
10