|
Home > Archive > CCNP > November 2004 > Fail 642-831 ,me too (I need everybody help me to correct answer)
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Fail 642-831 ,me too (I need everybody help me to correct answer)
|
|
| emagic 2004-10-28, 2:46 am |
| In the exam, I have some problem that is similar testking sheet.
QUESTION NO: 91
You work as a network technician at TestKing.com. testking.com migrated to a new ISP provider some weeks ago. A non-TestKing technician configure the GATE router to compensate for the new address space being issued and implemented a basic ACL for required security purposes. Since the move, reports from employees indicate that there is no access to the Internet. Customer have also reported that the Web server cannot be accessed. Nevertheless, testking employees, local to the site, have been able to access
the Web server. testking.com company polices have enforced an implementation of NAT and Security ACL has been taken place on the GATE routers Internet connection interface. The security policy indicates that the traffic to the inside hosts most be explicitly defined in the ACL. Command
authorizations put in place will not allow for the usage of debug commands. Use the topology provided and the following information to find and current the current issues.
LAN
Fa0/0: 10.10.11.2/24
Fa0/1: 10.20.0.1/16
GATE
FA0/0: 10.10.11.1/24
FA0/1: 10.10.10.1/24
INTERNET
S0/1: 172.16.0.1/30
Web Server
Internal: 10.10.10.10/24 (Inside local Address)
External: 198.133.219.10/24 (Inside Global Address)
LAN
Inside Global Address: 198.133.219.1/24
All passwords: testking
To configure the router click on the host icon that is connected to a router by a serial cable.
Answer:
Disable access list 101 from Serial 0/1 on GATE router.
No ip access-group 101 in
Create a new ACL 130 ( example )
Access-list 130 permit tcp any host 198.133.219.10 255.255.255.255 eq 80
(allows Any access from internet by port 80 to the Web server which has NAT to 10.10.10.10 )
Access-list 130 permit ip any host 198.133.219.1 255.255.255.255 ( loopback interface IP Address )
The GATE router is configured so that any outgoing access from Internal LAN addresses gets translated to the Loopback
Interface IP address. The question does not specify which ports and therefore allowing IP is the best option.
Apply access list 130 to the Serial0/1
Ip access-group 130 in
TEST:
Ping from internal router to the Internet Router. ( Out going access to Internet Checked )
Telnet from the Internet router to the web server external IP by port 80. ( Incoming access to Web server from customers)
checked )
In the exam, I just follow the above method.
But I cannot "Ping from internal router to the Internet Router. ( Out going access to Internet Checked )" and "Telnet from the Internet router to the web server external IP by port 80. ( Incoming access to Web server from customers)"
do you have any idea about this Question answer:
In the exam, If I need "no access-list 101" except the "no ip access-group 101 in" in serial interface.
QUESTION NO: 172
When troubleshooting copper cabling, what should you check?
A. Category 5 cable us used for all Ethernet connections.
B. Straight-through cables are used for inter-switch links.
C. Category 5 cables do not exceed 100 meters in length.
D. Cross-over cables are used between switches and routers
TestKing Answer:A,C
For exam only single answer: what do you think the answer is the best? I think "D" but I don't know if it is correct.
PS: topology see my attach files
Thanks
Best Regards,
My email address: e.myth@seed.net.tw | |
| darthfeces 2004-10-28, 11:47 pm |
| 42 | |
| Just Visiting 2004-11-01, 5:28 am |
| Log a TAC case.
-JV | |
| sandy7000 2004-11-04, 9:19 pm |
| Although his source is questionable, he's making a strong effort to understand rather than memorize.
I would recommend "Cisco IOS Essentials" by John Alibritton (ccie #2833), rather than TestKing. It will give you a better foundation. | |
|
| quote:
Originally posted by sandy7000
Although his source is questionable, he's making a strong effort to understand rather than memorize.
1st time poster - he could just be advertising his products?? | |
| sandy7000 2004-11-05, 5:11 pm |
| 
Actually, he's stating he thinks the answers are wrong & he's questioning why.
Not much of a sales pitch. | |
| Traust 2004-11-08, 2:29 pm |
| First one sounds like theres some routing missing. Or the nats wrong
Second one is C. All the others are false.
A) Other cats can be used.
B) Cross over
D) Straight through |
|
|
|
|