200-301 Question #1687: Real Exam Question with Answer & Explanation

Question

Lab Simulation 56 Please use the "Tasks" and "Topology" tabs to complete this lablet. Topology Tasks Connectivity between the devices has been established. IP services must be configured to complete the implementation. Router R2 has partial configurations for NAT and DHCP. Task 1 Router R2 is partially configured for Port Address Translation (PAT) for IP 10.0.122.1. - Configure PAT so that 10.0.122.1 uses the IP address of Ethernet0/0 as the Public routable IP. - A ping from Sw1 to 209.165.200.224 should be used to verify the translation is successful. Task 2 Set the Sw1 switch to use NTP as a client using the NTP server on R2. - Do not use ntp broadcast client or ntp broadcast commands. Task 3 Complete the DHCP configuration. - Configure Sw1 to forward DHCP requests from clients in VLAN 220 to the DHCP server on R2. - Configure the LAN interface on router R3 as a DHCP client. - Ensure the R3 router receives an IP address from the DHCP server. Task 4 Configure R2 as an SSH server. - Use a 2048 bit RSA key. - Configure ssh session authentication timeout value to 30 seconds. Answer: See the below explanation

Explanation

This lab simulation tests hands-on configuration of four core IP services on Cisco IOS devices: PAT (overload NAT), NTP client setup, DHCP relay and client configuration, and SSH server hardening. All tasks build on a partially pre-configured topology to complete a realistic enterprise edge deployment.

Approach. Task 1 – PAT: Add the missing 'overload' keyword and 'ip nat inside/outside' interface statements. On R2: 'ip nat inside source list <ACL> interface Ethernet0/0 overload' ties the translation to E0/0's public IP dynamically. Task 2 – NTP: On Sw1 issue 'ntp server <R2-IP>' (unicast only, no broadcast commands), making Sw1 a unicast NTP client syncing to R2. Task 3 – DHCP Relay & Client: On Sw1's VLAN 220 SVI use 'ip helper-address <R2-IP>' to forward DHCP broadcasts; on R3's LAN interface use 'ip address dhcp' to request an address from R2's DHCP pool. Task 4 – SSH: Generate a 2048-bit RSA key with 'crypto key generate rsa modulus 2048', set 'ip ssh time-out 30', configure 'ip ssh version 2', and apply 'transport input ssh' on the VTY lines.

Concept tested. Integrated IP services configuration on Cisco IOS: Port Address Translation (PAT/NAT overload) using an interface IP, unicast NTP client peering, DHCP relay (ip helper-address) and DHCP client interface assignment, and SSH server configuration with RSA key generation and session timeout hardening.

Reference. Cisco IOS IP Addressing Services Configuration Guide; CompTIA Network+ / CCNA (200-301) – IP Services domain covering NAT, NTP, DHCP, and SSH

No community discussion yet for this question.