Donation

ITExamAnswers is one of the fastest growing website for all kind of CCNA Exam stuff, we as a team spend tons of time and efforts to come up with the useful and easy to understand articles on CCNA, CCNP and IT Exams for all our readers.

ITExamAnswers is a non-profit website that generates income by advertising only. The money is used to pay hosting and bandwidth bills, to purchase hardware equipments or software equipments, to collect questions/dumps and to reward our authors for writing such Unique, knowledgeable and useful article for you. In return all we need is your strong support to stay alive and keep providing our services to you all.

We have also recently started an initiative Questions Bank to make a community where people can find answers to any question their IT Exams related queries, Share or Send question which they are facing in IT Exams and get help with others in a very interactive interface.

If you love ITExamAnswers and you want us to continue our services like as its running before now. Please make a donation to us and encourage others to do so. You can donate us from a single dollar to a couple of dollars. All donations can be made using a credit/debit card and PayPal account.

[elfsight_paypal_button id=”4″]

Bitcoin address:

bc1qu54qt254adq9su0fapj60vyafhpa3eensk4mm7

Please Disable the AdBlock or add ITExamAnswers in Whitelist to Support us. Thanks

Thanks to all donations and advertisements on this website!

guest
41 Comments
Inline Feedbacks
View all comments
brei
brei
3 months ago

It seems questions section has a problem

Arb icuk
Arb icuk
3 months ago

what happened question and answer section ??

k_asif
k_asif
5 months ago

how to purchase the practice vce for ccna 200-301

Engrka
Engrka
5 months ago

hi admin please upload the nw version

Sheraz Riaz
Sheraz Riaz
5 months ago

I need 200-301 updated dumps.

hz x
hz x
7 months ago

hi admin, i purchased the dump, but i didn’t receive any emails or dowload links, i sent email to [email protected], could u double check it for me?

Mariano
Mariano
1 year ago

Good moornig, Hi admin, hope you are doing well. I made a donation, I need help with PTSA, I´m student
Thanks a lot

CCNAv7 PTSA
Background / Scenario Your task is to complete the configuration of the enterprise network for the XYZ Corporation. 
•       The XYZ Corporation is an enterprise company with a headquarters and branch offices.
•       The enterprise is migrating to IPv6 by implementing dual stack (both IPv4 and IPv6) addressing on routers and end devices in order to facilitate this transition.
•       Single-area OSPFv2 is the used to route between the branches and HQ. IPv6 uses static routes.
•       The objective is to complete the tasks given below so that IPv4 and IPv6 end-to-end connectivity is achieved.
Items to note:
•       Some devices are partially configured.
•       All usernames, passwords and DHCP pool/ACL names are case-sensitive.
•       Do not change any preconfigured IP addresses on any router interface.
•       Follow the numbering of subinterfaces as indicated in the Addressing Tables.
•       The Internet cloud is already configured and locked.
•       All IPv6 addresses have a /64 mask.
•       All privileged EXEC mode passwords that you configure should be CCNA_7_secret.
Topology

 

                                                C
 
 
                                                                                                                            

Addressing Table  

Device

Interface

IPv4 address

IPv6 Address

IPv6 Linklocal

HQ
HQ
HQ
HQ

G0/0/0

10.10.1.2/30
2001:db8:1:2::2/64

fe80::1

G0/0/1

10.10.1.6/30
2001:db8:1:6::2/64

fe80::1

S0/1/0

192.168.102.1/30
2001:db8:102::1/64

fe80::1

S0/1/1

192.168.101.1/30
2001:db8:101::1/64

fe80::1

BranchA

BranchA

BranchA

BranchA

BranchA

G0/0/0.10

192.168.10.1/24

2001:db8:acad:10::1/64

fe80::2

G0/0/0.20

192.168.20.1/24

2001:db8:acad:20::1/64

fe80::2

G0/0/0.30

192.168.30.1/24

2001:db8:acad:30::1/64

fe80::2

S0/1/0

192.168.101.2/30
2001:db8:101::2/64

fe80::2

S0/1/1

192.168.103.1/30
2001:db8:103::1/64

fe80::2

BranchB

BranchB

BranchB

BranchB

G0/0/0

192.168.40.1/24

2001:db8:acad:40::1/64

fe80::3

G0/0/1.50

192.168.50.1/24

N/A

N/A

S0/1/0

192.168.103.2/30
2001:db8:103::2/64

fe80::3

S0/1/1

192.168.102.2/30
2001:db8:102::2/64

fe80::3

Switch-3

VLAN 1

192.168.40.253/24

N/A

N/A

ISP1

G0/0/1

10.10.1.1/30

2001:db8:1:2::1/64

N/A

ISP2

G0/0/1

10.10.1.5/30

2001:db8:1:6::1/64

N/A

TFTP Server

NIC

192.168.30.252/24

2001:db8:acad:30::252/64

N/A

Web/NTP Server

NIC

203.0.113.27/24

2001:db8:fefe:251::27/64

N/A

DNS Server

NIC

192.168.100.10

2001:db8:cafe:100::10

N/A
 
Instructions Part 1: Configuration

In this part of the lab you will demonstrate your device configuration skills and knowledge.

Step 1: Configure VLANs and a Trunk Interface•       On Switch-1, create and name the VLANs that are shown in the table below. 
•       Assign static access ports as shown.
•       Configure static trunking on the appropriate interface and disable DTP negotiation.
 
VLAN

Name

Port Assignments

10

MKRT

F0/1

20

ACCT

F0/9

30

ADMIN

F0/17, F0/24

Step 2: Configure routing between VLANsConfigure routing between VLANs on the BranchA router by using the information in the Addressing Table and the table below. 

Interface 

VLAN

IPv4 Address

IPv6 Address

Link Local Address

G0/0/0.10 

10

192.168.10.1/24

2001:db8:acad:10::1/64

fe80::2

G0/0/0.20 

20

192.168.20.1/24

2001:db8:acad:20::1/64

fe80::2

G0/0/0.30 

30

192.168.30.1/24

2001:db8:acad:30::1/64

fe80::2

Step 3: Configure IPv4 DHCPa.     The hosts on LAN 1 (see designation on topology) should receive addressing over DHCP. Configure IPv4 DHCP pools for each VLAN.
•       Use pool names VLAN10, VLAN20, and VLAN30.
•       The hosts should receive addressing that enables them to communicate with hosts that are on other networks.
•       Use a DNS sever address of 192.168.100.10.
•       Configure a domain name of example.com.
•       Exclude the address of the TFTP server from the DHCP pool. See the Addressing Table.
b.     Configure the HQ router interfaces that are connected to the Internet to receive IPv4 addresses from ISP1 and ISP2.
Note: The DNS server will not be reachable in this scenario.
Step 4: Configure IPv6 DHCPThe hosts on LAN 1 should receive addressing automatically. Configure a stateless IPv6 DHCP server to provide addresses and optional IPv6 addressing information for the hosts that are on each VLAN.
              •   Use pool names VLAN10_V6, VLAN20_V6, and VLAN30_V6.

Use a DNS address of 2001:db8:cafe:100::10
Configure a domain name of example.com
Note: The DNS server will not be reachable in this scenario.
Step 5: Configure IPv4 and IPv6 Host Addressing a.     PC-10, PC-20, and PC-30 should be configured to receive IPv4 and IPv6 addresses automatically from DHCP.
b.     Configure static IPv4 addressing on the TFTP Server according the Addressing Table. The TFTP Server should be configured with the appropriate default gateway and DNS server addresses as well.
Note: It is not possible to manually configure a DNS domain suffix on a host in Packet Tracer.
Step 6: Configure Switch SecuritySecure unused ports and enable port security on Switch-1. a. Secure unused ports.
•       Create VLAN 999. Name the VLAN UNUSED.
•       Disable all unused ports.
•       Configure all unused ports in static access mode.
•       Assign all unused ports to VLAN 999.
b. Configure port security on the ports that provide access to hosts.
•       Only allow two MAC addresses to be learned by each port before a violation occurs.
•       Activate sticky learning of MAC addresses.
•       Configure the switchports to retain host MAC addresses in the MAC table for 10 minutes.
•       Configure the ports to send Syslog notification and drop packets from MAC addresses that exceed the maximum number that is permitted. The ports should not shut down.
Step 7: Configure Basic Device HardeningOn BranchA, configure enhanced password security and prevent brute-force password challenges. a. Enhance password security.
•       Configure an enable secret password of CCNA_7_secret.
•       Require that all newly created passwords are at least 8 characters in length.
•       Ensure that all clear text passwords are encrypted.
b. Mitigate brute force password attacks.
If three failed login attempts occur over a 30-second period, block logins for 120 seconds.
Step 8: Configure Secure Switch ManagementOn Switch-3, enable in-band switch management over SSH. a. Configure the switch virtual management interface.
•       Configure the VLAN 1 interface with the IP addressing that is shown in the Addressing Table.
•       Ensure that hosts on other networks can communicate with the switch.
b. Configure the switch to only accept SSH connections on the management interface.
Configure a username of admin with a password of CCNA_7_admin.
Use a crypto key modulus of 1024.
•       Configure SSH version 2.
•       Accept logins on the virtual terminal lines only from the configured user.
•       Ensure that the admin user is able to configure the switch.
•       Configure the hostname and example.com domain name to match the values used in this assessment.
Step 9: Configure EtherchannelConfigure Etherchannel on the links between Switch-2 and Switch-3.
•       Configure ports Fa0/23-24 on both switches into channel group 1.
•       Configure LACP to negotiate the Etherchannel.
•       Switch-3 should initiate negotiation of the channel.
•       Switch-2 should only respond to Switch-3 channel negotiation attempts.
•       All VLAN traffic should be able to travel on the Etherchannel.
•       DTP should be disabled on the Etherchannel.
Step 10: Configure Static RoutingYou will configure IPv4 and IPv6 static, default, and floating default routes.
a.     Configure IPv4 directly-connected default routes to the internet on HQ
•       The route to ISP1 should be configured as the preferred route to the internet. 
•       The route to ISP2 should be a floating backup default route. 
•       Use an AD of 5 for the backup route.
b.     On HQ, configure IPv6 next-hop default routes to the internet.
•       ISP1 should be the preferred route. 
•       ISP2 should be the backup route. 
•       Use an AD of 5 for the backup route.
c.     Configure IPv6 next-hop static routes to the LANs from HQ.
•       Traffic from HQ should be able to find the IPv6 LANs on routers BranchA and BranchB.
•       The routes should take the shortest path to the LANs.
•       Do not use summaries.
d.     Configure IPv6 next-hop default routes to HQ.
•       Configure an IPv6 default route on BranchA that routes directly to HQ.
•       Configure an IPv6 default route on BranchB that routes directly to HQ.
Step 11: Configure Single Area OSPFv2IPv4 dynamic routing will use OSPFv2 in a single area. a. Configure OSPF on HQ, BranchA, and BranchB.
Use a process ID of 1 on all three routers.
Include all XYZ Corporation networks.
• Configure router IDs as follows:
o HQ: 3.3.3.3 o BranchA: 2.2.2.2 o BranchB: 1.1.1.1
b.     On all three routers, prevent OSPF traffic from exiting interfaces where it is not required.
c.     Configure OSPF to propagate the default route to the ISP to the other routers.
d.     Modify the Hello and Dead intervals on all three routers. The values used should be half the default values. Ensure that OSPF adjacencies exist between the routers and that all paths are viable.
e.     Configure OSPFv2 to accurately represent links that are faster than 100 Mbps in its path cost calculations.
Step 12: Configure IPv4 ACLsConfigure ACLs to control network traffic, limit hosts that can connect to the VTY lines, and specify traffic to be translated by NAT. You should use the host and any keywords whenever appropriate. 
a.     On HQ configure a numbered ACL that will permit NAT to translate all internal addresses. Use number 1 for the list.
b.     On BranchA, implement a numbered ACL that will only permit hosts from the ADMIN VLAN to connect to the VTY lines of the router. Use the number 10 for your ACL. The number of packets that are denied should be displayed in the show output for this list.
c.     On BranchB, implement a named ACL to control a variety of traffic. Use the name CONTROL. Please configure your ACL statements in the order of the requirements. An explicit deny statement is not required for this list.
1)    Prevent all hosts that are connected to the Switch-2 LAN from accessing the TFTP Server over HTTP.
2)    Allow all hosts that are connected to the Switch-2 LAN to access the TFTP Server over any other protocol.
3)    Prevent all hosts that are connected to the Switch-2 LAN from accessing any other host on the 192.168.30.0/24 network.
4)    Allow all other traffic.
5)    5) Locate your ACL on the interface, and in the direction, that are most efficient.
Step 13: Configure NATConfigure PAT to translate all XYZ Corporation traffic to the internet that uses the link through ISP1 only. Configuring PAT to use a backup route is beyond the scope of this assessment.
•       Use the previously created ACL to specify that all internal traffic is allowed to be translated.
•       Configure the NAT statement to specify the outside interface as the address source that will be used for translation.
Step 14: Configure Network Management FeaturesConfigure NTP clients and backup a router configuration to TFTP.
a.     Configure all three routers to receive system time from the NTP/Web Server.

b.     Backup the configuration of the BranchA router to the TFTP server. Name the file R1-confg.
Part 2: TroubleshootingThe objective of this portion of the CCNA ITQ is to test the troubleshooting skills of a candidate.
You are given a small topology. Click the cloud in the upper left-hand corner of the topology that is labelled Troubleshooting to access the topology. You can return to the configuration topology by clicking the Back button, which is the first button in the group of buttons on the right-hand side of the blue bar at the top of the PT workspace.
Configuration errors are present in the switches and routers. By using troubleshooting skills, identify and fix the errors. The goal is to have IPv4 and IPv6 end-to-end connectivity between all PCs.
Here are some guidelines to follow when troubleshooting: 
•       Do not change hostnames, usernames, passwords or DHCP pool names.
•       Do not replace or remove protocols. For example, to solve an OSPF error, you cannot replace it with static routing and to solve EtherChannel issues you cannot remove it. 
•       Do not create new interfaces or subinterfaces and do not add routing protocols, NAT, ACL, DHCP, etc. 
•       All PCs should receive IPv4 addresses via DHCP and IPv6 addresses via SLAAC.
•       Do not change any preconfigured IP address on any router interface.
•       Do not change the intention of the configuration. For example, if two interfaces are configured in one way, and a third is configured differently, fix the one that is different, not the other two.
 

Last edited 1 year ago by Mariano
Mara Mendoza
Mara Mendoza
1 year ago

I made the donation, will I receive other questions for the CCNA certification? or are they only the ones already published?

Aiub Omer
Aiub Omer
1 year ago

Hi admin, hope you are doing well. I made a donation but still can’t get the link for CCNA 200-301 VCE. thanks in advance.

Abiodun Ibrahim
Abiodun Ibrahim
1 year ago

Hey Guys, I don’t know why am having difficulties making payment for my exam, I have tried many cards (Debit). but all keeps giving me this error below.
What should I do Please?

CCNA.JPG
Cakay
Cakay
1 year ago

Hello Admin! Do you have VCE files for CCNP ENCOR? Thanks

Mustafa
Mustafa
1 year ago

Thank you for the hard work putting this together, really useful for 350-401, You guys are great! Will purse to 300-410, I hope we get similar group for that as well

Ivan Rudnik
Ivan Rudnik
1 year ago

Hello Admin,

Great work, thank you for this!
I was make some donate to you 8)

Abiodun Ibrahim
Abiodun Ibrahim
1 year ago

Hi, Admin

I have made a donation, but I still cant see any link to download any VCE files for the dumps

Thanks

Cayayo
Cayayo
1 year ago

hey admin i got some enarsi dumps, contact me and i’ll give it to you.
Keep the great work.

Last edited 1 year ago by Cayayo
Ja
Ja
1 year ago

hi admin do you have these answers for NDG Linux Essentials

1) Display the detail information with the human readable size of the /etc/passwd
directory.

2) Display all of the files in a /etc/udev directory as well as all of the files in all subdirectories under that directory.

3) Display the detail information with the sorted file size of the Documents directory.

4) Change the working directory to root directory.

Jai
Jai
1 year ago

Hie admin, do you have any dumps for ccnp enarsi?

Damir
Damir
1 year ago

Hello! Admin big thanks for you!!! Can I donate webmoney. In my country PayPal not working.

pop
pop
1 year ago

Hey admin, I’m planning to take the CCNA exam on 25th Jan, are these dumps reliable to score above 900?
BTW, keep up the good work!! will definitely donate :)

discovery twenty
discovery twenty
1 year ago

Hi guys, just nailed the 350-401 exam with 930 marks. This is a valid dump. There are 4 new questions that is not from this dump. Thank you everyone for the support, specially Kevin and David for their hard work for the correct answers. Admin, donation is on the way for your coffee :). Just giving you heads up, some questions were twisted. Two question I can remember now one: Which statement explains why Type 2 hypervisor is considered more efficient (not type1) – Correct answer: it provide efficient scalability ( i guessed it and I think I got correct answer because I got 100% on virtualization section.)

Another question like Question 130 on dump but twisting the question like
which statement will result an error message if the technician adds on the monitor session

  1. Vlan 10
  2. Interface F01/1 tx
  3. Port-channel 5
  4. Interface f0/2 rx

New Q1. New question: Refer to the exhibit ( Like figure on this dump question 163). why do the traceroute fail?

Someone
Someone
1 year ago

Thanks guys for this forum. It helped.

Please enjoy the coffee.

Davemike
Davemike
1 year ago

Thanks guys for keeping this forum updated with latest questions, I took my exam today and was able to score 953. All valid question and correct dumps.

Jake
Jake
1 year ago

I really had no interest or time to make Cisco exams. A huge thanks and a cup of coffee for helping me with school!

41
0
Would love your thoughts, please comment.x