ENSA (Version 7.00) Final PT Skills Assessment Exam (PTSA) Answers PDF

Preview

Summary

ENSA (Version 7.00) Final PT Skills Assessment Exam (PTSA) Answers...

Description

ENSA Final PT Skills Assessment (PTSA) Af ewt hi ngst okeepi nmi ndwhi l ec ompl et i ngt hi sact i v i t y : 1. Donotus et hebr ows erBackbut t onorc l os eorr el oadanyexam wi ndowsdur i ngt heexam. 2. Donotc l os ePack etTr acerwheny ouar edone.I twi l l cl os eaut omat i cal l y . 3. Cl i c kt heSubmi tAs s ess mentbut t oni nt hebr ows erwi ndowt os ubmi ty ourwor k . Topology

Addressing Table Device Name

G0/0/0

IP Address

Default Gateway

G0/ 0/ 0

198. 51. 100. 1/ 30

N/ A

G0/ 0/ 1

192. 168. 1. 1/ 24

N/ A

G0/ 0/ 2

64. 100. 1. 1/ 29

N/ A

G0/ 0/ 0

198. 51. 100. 2/ 30

N/ A

G0/ 0/ 1

172. 16. 2. 1/ 24

N/ A

R2

G0/ 0/ 2

209. 165. 202. 129/ 27

N/ A

S1

VLAN1

64. 100. 1. 2/ 29

64. 100. 1. 1

S2

VLAN1

192. 168. 1. 2/ 24

192. 168. 1. 1

S3

VLAN1

209. 165. 202. 130/ 27

209. 165. 202. 129

S4

VLAN1

172. 16. 2. 2/ 24

172. 16. 2. 1

DNS/ WebSer v er

NI C

209. 165. 202. 131/ 27

209. 165. 202. 129

R1

Device Name

G0/0/0

IP Address

Default Gateway

PCA

NI C

64. 100. 1. 5/ 29

64. 100. 1. 1

PCB

NI C

192. 168. 1. 5/ 24

192. 168. 1. 1

PCC

NI C

172. 16. 2. 5/ 24

172. 16. 2. 1

Scenario I nt hi sPac ketTr ac erSki l l sAs s ess ment ,y ouwi l lc onfi gur et hedevi cesi nasmal lnet wor k .Youwi l lc ompl et eal l t as ks i nPTPhy s i c al Mode.Youwi l lnothav eac c es st ot hel ogi calt opol ogy . Youwi l lpl acedev i c esi npr operl ocat i onsandpowert hem on.Youwi l lconfi gur er out er s ,s wi t c hes ,andPCst o s uppor tI Pv4c onnec t i v i t yf orhos t s .Ther out er sands wi t c hesmustbemanageds ecur el y .Youwi l l confi gur eSi ngl eAr eaOSPFv 2,NAT ,andac c es scont r oll i s t s .Fur t her ,y ouwi l lbac kupupy ourwor k i ngc onfi gur at i onst oaTFTPs er v er andupl oadawor ki ngc onfi gur at i ont oanot herdev i ce. Fur t her mor e ,di ffer entv er s i onsoft heI OSi magear eus edi ns wi t c hes .Youwi l lupdat eas wi t c ht ous et hel at es tI OS. Instructions Part 1: Place Devices in Proper Locations and Connect them with Proper Cables Step 1: Place devices in proper Locations inside the main wiring closet I nt hePhy s i c al Modepl ac enet wor kdev i c esi nt hef ol l owi ngl ocat i ons :  Or gani z et her ackf oreas eofc onfi gur at i on.Pl ac eR1,R2,S1,S2,S3,andS4f r om t opdown,wi t hs ome s pac ebet weent hedev i c es .  Dr agt wo4331r out er s ,R1andR2,f r om t hes hel ft ot her ack.  Dr agf ourswi t c hes,S1,S2,S3,andS4,f r om t heshel ft ot her ac k .  Mov ePCCt oTabl e1,ont hel ef t ,andpl acei ti nt hel ef t handar eaoft het abl et op  Mov et heDNSs er v ert oT abl e1,ont hel ef t ,andpl acei ti nt her i ght handar eaoft het abl et op.  Mov ePCAt oT abl e2,ont her i ght ,andpl acei ti nt hel ef t handar eaoft het abl et op.  Mov ePCBt oTabl e2,ont her i ght ,andpl ac ei ti nt her i ght handar eaoft het abl et op. Step 2: Make sure all devices are powered on. Poweronal ldevi ces . Step 3: Connect devices according to the network topology.

Us et hel ogi calt opol ogydi agr am t oc onnec tt hedev i c est ot hecor r ectpor t swi t hcor r ec tcabl es.

Part 2: Configure Basic Devices Settings Al lc onfi gur at i onsar emadet hr oughadi r ec tc ons ol ec onnect i on. Step 1: Configure PCs with IPv4 addresses

Us et headdr es s i ngt abl et omanual l yconfi gur et hePCswi t hf ul l I Paddr es s i ng.



PC-A



PC-B



PC-C

Step 2: Configure router R1 and R2 a.Confi gur eR1andR2wi t ht hef ol l owi ng: 1. 2. 3. 4.

Pr ev entt her out erf r om at t empt i ngt or es ol v ei nc or r ec t l yent er edcommandsasdomai nnames . Rout ername:R1 orR2. Enc r ypt edpr i vi l egedEXECs ec r etpass wor d:ciscoenpass. Cons ol eacces spas swor d:ciscoconpass.

5. Sett hemi ni mum pass wor dl engt ht o10 c har act er s . 6. Enc r yptt hec l eart extpas s wor ds. 7. Confi gur eanappr opr i at eMOTDBanner . Answer: 

Router R1



Router R2

Router(config)#no ip domain lookup Router(config)#hostname R1 R1(config)#enable secret ciscoenpass

R1(config)#line console 0 R1(config-line)#password ciscoconpass R1(config-line)#login R1(config-line)#exit

R1(config)#security passwords min-length 10 R1(config)#service password-encryption R1(config)#banner motd #Unauthorized Acess is Prohibited# b.Confi gur et hei nt er f ac esofr out er sR1andR2asf ol l ows . 1. Confi gur ei nt er f ac eG0/ 0/ 0wi t hadesc r i pt i onandI Pv4addr es s i ng. 2. Confi gur ei nt er f ac eG0/ 0/ 1wi t hadesc r i pt i onandI Pv4addr es s i ng. 3. Confi gur ei nt er f ac eG0/ 0/ 2wi t hadesc r i pt i onandI Pv4addr es s i ng. 4. Al li nt er f acesshoul dber eadyt osendandr ec ei v et r affic . Answer: 

Router R1



Router R2

R1(config)#interface GigabitEthernet0/0/0 R1(config-if)#description Connection to R2

R1(config-if)#ip address 198.51.100.1 255.255.255.252 R1(config-if)#no shutdown

R1(config-if)#interface GigabitEthernet0/0/1 R1(config-if)#description Connection to S2 R1(config-if)#ip address 192.168.1.1 255.255.255.0 R1(config-if)#no shutdown

R1(config-if)#interface GigabitEthernet0/0/2 R1(config-if)#description Connection to S1 R1(config-if)#ip address 64.100.1.1 255.255.255.248 R1(config-if)#no shutdown c .Confi gur eSSH. 1. Domai nname:ccna-lab.com. 2. Cr eat eanadmi ni s t r at i v eus eri nt hel ocaldat abase:  Us er name:admin  Secr etPass wor d:admin1pass 3. Setl ogi nonVTYl i nest ous et hel ocaldat abase 4. SetVTYl i nest oac ceptSSHc onnec t i onsonl y 5. Us eanRSAcr ypt ok eywi t ha1024 bi t smodul us . 6. Enabl eSSHusi ngversion 2. Answer: 

Router R1



Router R2

R1(config)#ip domain name ccna-lab.com R1(config)#username admin secret admin1pass

R1(config)#line vty 0 15 R1(config-line)#login local

R1(config-line)#transport input ssh R1(config-line)#exit

R1(config)#crypto key generate rsa 1024

R1(config)#ip ssh version 2 Step 3: Configure switches S1, S2, S3, and S4 a.Confi gur et hehost nameaccor di ngt ot heAddr ess i ngTabl e. b.Confi gur eManagementI nt er f ac e( SVI )f orVLAN1:Sett heI Pv 4addr essandac t i v at et hei nt er f ac e. c .Confi gur edef aul tgat eway . Answer: 

S1



S2



S3



S4

Switch(config)#hostname S1 S1(config)#interface Vlan1 S1(config-if)#ip address 64.100.1.2 255.255.255.248 S1(config-if)#no shutdown

S1(config-if)#ip default-gateway 64.100.1.1 Part 3: Configure Single Area OSPFv2 Step 1: Configure single-area OSPF routing a.Confi gur et heOSPFr out i ngpr oc es s:Usepr oces si d1. b.Manual l yconfi gur et her out eri d:Use0.0.0.1 f orR1 and0.0.0.2 f orR2 c .Confi gur enet wor ks t at ement sf ort heappr opr i at enet wor ksonR1 andR2. Note: Fort hepur posesoft hi sas ses s ment ,ent ery ournet wor ks t at ement si nt hef ol l owi ngor der : OnR1: t heG0/ 0/ 2net wor k t heG0/ 0/ 0net wor k

OnR2: t heG0/ 0/ 2net wor k t heG0/ 0/ 0net wor k Answer: 

Router R1



Router R2

R1(config)#router ospf 1 R1(config-router)#router-id 0.0.0.1 R1(config-router)#network 64.100.1.0 0.0.0.7 area 0 R1(config-router)#network 198.51.100.0 0.0.0.3 area 0 Step 2: Adjust OSPF operation a.Confi gur et heappr opr i at ei nt er f acest onotf or war dOSPFupdat eswher et heyar enotr equi r ed. b.Confi gur et her ef er enc ebandwi dt h:Adj ustt her ef er encebandwi dt ht o1Gi gabi t . c .Confi gur et heOSPFnet wor kasapoi nt t opoi ntnet wor k . d.Confi gur et hehel l ot i mef or30s econds. Answer: 

Router R1



Router R2

R1(config)# router ospf 1 R1(config-router)# passive-interface GigabitEthernet0/0/1 R1(config-router)# passive-interface GigabitEthernet0/0/2 R1(config-router)# auto-cost reference-bandwidth 1000 R1(config-router)# exit

R1(config)# interface GigabitEthernet0/0/0 R1(config-if)# ip ospf network point-to-point R1(config-if)# ip ospf hello-interval 30 Part 4: Configure Access Control and NAT Step 1: Verify connectivity

 PCBc annotv i s i tt hewebs er ver .  PCCc annotpi ngPCA. Step 2: Configure NAT a.Confi gur es t at i cNATonr out erR1 wi t hapubl i cI Paddr es s64. 100. 1. 7t oal l owPCBt oacc es st hewebs er v er . R1(config)# ip nat inside source static 192.168.1.5 64.100.1.7

R1(config)# interface GigabitEthernet0/0/0 R1(config-if)# ip nat outside

R1(config-if)# interface GigabitEthernet0/0/1 R1(config-if)# ip nat inside b.Confi gur ePATonr out erR2 t oenabl es omedev i c esont henet wor kat t ac hedt ot heG0/ 0/ 1i nt er f ac et oacces st he i nt er net 1. Cr eat eaNATpool namedI PNAT1wi t hI Paddr essr angeof209. 165. 202. 140t o209. 165. 202. 150wi t ht he s ubnetmas kof255. 255. 255. 224. 2. Cr eat eanumber edACL( ACL1)t oal l owdev i c eswi t hI Paddr es sr angeof172. 16. 2. 1t hr ough 172. 16. 2. 15t oac c esst hei nt er nett hr oughNAT. 3. Us ePATt oal l owt her angeoft hepubl i cI Paddr es sest obes har ed. R2(config)# ip nat pool IPNAT1 209.165.202.140 209.165.202.150 netmask 255.255.255.224 R2(config)# ip nat inside source list 1 pool IPNAT1 overload R2(config)# access-list 1 permit 172.16.2.0 0.0.0.15

R2(config)# interface GigabitEthernet0/0/1 R2(config-if)# ip nat inside Step 3: Configure access control on R1 a.Cr eat eas t andar dACLR1-VTY-LIMIT t oal l owonl yPCBac c esst ot heR1v t yl i nes . b.Appl yt heACL. R1(config)#ip access-list standard R1-VTY-LIMIT R1(config-std-nacl)#permit host 192.168.1.5 R1(config-std-nacl)# R1(config-std-nacl)#line vty 0 15

R1(config-line)#access-class R1-VTY-LIMIT in Step 4: Configure access control on S1 a.Cr eat eas t andar dACLS1-VTY-LIMIT t oal l owonl yPCBac c es st ot heS1v t yl i nes . b.Appl yt heACL. S1(config)#ip access-list standard S1-VTY-LIMIT S1(config-std-nacl)#permit host 192.168.1.5 S1(config-std-nacl)# S1(config-std-nacl)#line vty 0 15 S1(config-line)#access-class S1-VTY-LIMIT in Step 5: Configure access control on R2 a.Cr eat eas t andar dACLR2-VTY-LIMIT t oal l owonl yPCCacc es st ot heR2v t yl i nes . b.Cr eat eane xt endedACLR2-SECURITY t or es t r i ctac cessf r om t hei nt er net  Al l owFTPconnect i onsf r om t hePCBpubl i cI Paddr es st ot heweb/ DNSs er ver  Denyal lot herFTPconnect i onsf r om t hei nt er nett ot heR2LANs  Denyal lSSHc onnec t i onsf r om t hei nt er net  Al l owal l ot hert ypesofc onnec t i onsf r om t hei nt er net YourACLs houl dc ons i stoffour s t at ement st hatc or r es pondt ot hef ourr equi r ement sabov e. c .Appl yt heACLs R2(config)#ip access-list standard R2-VTY-LIMIT R2(config-std-nacl)#permit host 172.16.2.5 R2(config-std-nacl)# R2(config-std-nacl)#line vty 0 15 R2(config-line)#access-class R2-VTY-LIMIT in R2(config-line)#exit

R2(config)#ip access-list extended R2-SECURITY R2(config-ext-nacl)#permit tcp host 64.100.1.7 host 209.165.202.131 eq ftp R2(config-ext-nacl)#deny tcp any any eq ftp R2(config-ext-nacl)#deny tcp any any eq 22 R2(config-ext-nacl)#permit ip any any

R2(config-ext-nacl)#interface GigabitEthernet0/0/0 R2(config-if)#ip access-group R2-SECURITY in R2(config-if)#ip nat outside Step 6: Configure access control on S3 a.Cr eat eas t andar dACLS3-VTY-LIMIT t oal l owonl yPCCacc es st ot heS3v t yl i nes . b.Appl yt heACL S3(config)#ip access-list standard S3-VTY-LIMIT S3(config-std-nacl)#permit host 172.16.2.5 S3(config-std-nacl)# S3(config-std-nacl)#line vty 0 15 S3(config-line)#access-class S3-VTY-LIMIT in S3(config-line)#login Part 5: Perform Configuration Backup and IOS Update Step 1: Use TFTP server to backup device configurations a.Back upt her unni ngconfi gur at i onsofR1,S1,andS2t ot heTFTPs er v eronPCB. b.Namet heconfi gur at i onfi l esasR1-Run-Config,S1- Run-Config,andS2-Run-Config. Go to R1: R1>en R1#copy running-config tftp Address or name of remote host []? 192.168.1.5 Destination filename [R1-confg]? R1-Run-Config Go to S1: S1>en S1#copy running-config tftp Address or name of remote host []? 192.168.1.5 Destination filename [S1-confg]? S1-Run-Config Go to S2: S2>en S2#copy running-config tftp Address or name of remote host []? 192.168.1.5

Destination filename [S2-confg]? S2-Run-Config Writing running-config....!! [OK - 1122 bytes]

1122 bytes copied in 3.003 secs (373 bytes/sec) Step 2: Use TFTP server to update/upgrade IOS software a.Obt ai nanewerI OSi magef r om t heTFTPser vi ceont heweb/ DNSs er v er . b.Thenewerv er s i onoft hes wi t c hI OSi sc2960l anbas ek 9mz . 1502. SE4. bi n. c .Confi gur eS3t ous et hi snewerver s i onI OSaf t err el oadi ng . S3#copy tftp flash: Address or name of remote host []? 209.165.202.131 Source filename []? c2960-lanbasek9-mz.150-2.SE4.bin Destination filename [c2960-lanbasek9-mz.150-2.SE4.bin]? Accessing tftp://209.165.202.131/c2960-lanbasek9-mz.150-2.SE4.bin.... Loading c2960-lanbasek9-mz.150-2.SE4.bin from 209.165.202.131: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!! [OK - 4670455 bytes]

S3#configure terminal S3(config)#boot system flash:c2960-lanbasek9-mz.150-2.SE4.bin S3(config)#exit S3# %SYS-5-CONFIG_I: Configured from console by console S3#copy running-config startup-config Destination filename [startup-config]? Building configuration... [OK] S3#reload Proceed with reload? [confirm] Answer script R1 enable configure terminal

no ip domain lookup hostname R1 enable secret ciscoenpass line console 0 password ciscoconpass login exit

security passwords min-length 10 service password-encryption banner motd #Unauthorized Acess is Prohibited#

interface GigabitEthernet0/0/0 description Connection to R2 ip address 198.51.100.1 255.255.255.252 no shutdown

interface GigabitEthernet0/0/1 description Connection to S2 ip address 192.168.1.1 255.255.255.0 no shutdown

interface GigabitEthernet0/0/2 description Connection to S1

ip address 64.100.1.1 255.255.255.248 no shutdown

ip domain name ccna-lab.com username admin secret admin1pass

line vty 0 15 login local transport input ssh exit

crypto key generate rsa 1024

ip ssh version 2

router ospf 1 router-id 0.0.0.1 network 64.100.1.0 0.0.0.7 area 0 network 198.51.100.0 0.0.0.3 area 0 exit

router ospf 1 passive-interface GigabitEthernet0/0/1

passive-interface GigabitEthernet0/0/2 auto-cost reference-bandwidth 1000 exit

interface GigabitEthernet0/0/0 ip ospf network point-to-point ip ospf hello-interval 30 exit

ip nat inside source static 192.168.1.5 64.100.1.7

interface GigabitEthernet0/0/0 ip nat outside interface GigabitEthernet0/0/1 ip nat inside

ip access-list standard R1-VTY-LIMIT permit host 192.168.1.5

line vty 0 15 access-class R1-VTY-LIMIT in exit R2 enable

configure terminal

no ip domain lookup hostname R2 enable secret ciscoenpass line console 0 password ciscoconpass login exit

security passwords min-length 10 service password-encryption banner motd #Unauthorized Acess is Prohibited#

interface GigabitEthernet0/0/0 description Connection to R1 ip address 198.51.100.2 255.255.255.252 no shutdown

interface GigabitEthernet0/0/1 description Connection to S4 ip address 172.16.2.1 255.255.255.0 no shutdown

interface GigabitEthernet0/0/2 description Connection to S3 ip address 209.165.202.129 255.255.255.224 no shutdown

ip domain name ccna-lab.com username admin secret admin1pass

line vty 0 15 login local transport input ssh exit

crypto key generate rsa 1024

ip ssh version 2

router ospf 1 router-id 0.0.0.2 network 209.165.202.128 0.0.0.31 area 0 network 198.51.100.0 0.0.0.3 area 0 exit

router ospf 1 passive-interface GigabitEthernet0/0/1 passive-interface GigabitEthernet0/0/2 auto-cost reference-bandwidth 1000 exit

interface GigabitEthernet0/0/0 ip ospf network point-to-point ip ospf hello-interval 30 exit

ip nat pool IPNAT1 209.165.202.140 209.165.202.150 netmask 255.255.255.224 ip nat inside source list 1 pool IPNAT1 overload access-list 1 permit 172.16.2.0 0.0.0.15

interface GigabitEthernet0/0/1 ip nat inside

ip access-list standard R2-VTY-LIMIT permit host 172.16.2.5

line vty 0 15 access-class R2-VTY-LIMIT in exit

ip access-list extended R2-SECURITY permit tcp host 64.100.1.7 host 209.165.202.131 eq ftp deny tcp any any eq ftp deny tcp any any eq 22 permit ip any any

interface GigabitEthernet0/0/0 ip access-group R2-SECURITY in ip nat outside exit S1 enable configure ter configure terminal

hostname S1 interface Vlan1 ip address 64.100.1.2 255.255.255.248 no shutdown

ip default-gateway 64.100.1.1

ip access-list standard S1-VTY-LIMIT

permit host 192.168.1.5

line vty 0 15 access-class S1-VTY-LIMIT in exit S2 enable configure terminal

hostname S2 interface Vlan1 ip address 192.168.1.2 255.255.255.0 no shutdown

ip default-gateway 192.168.1.1 S3 enable config ter

hostname S3 interface Vlan1 ip address 209.165.202.130 255.255.255.224 no shutdown

ip default-gateway 209.165.202.129

ip access-list standard S3-VTY-LIMIT permit host 172.16.2.5

line vty 0 15 access-class S3-VTY-LIMIT in S4 enable config ter hostname S4 interface Vlan1 ip address 172.16.2.2 255.255.255.0 no shutdown

ip default-gateway 172.16.2.1...