200-125.pdf - Cisco 200-125 Exam 200-125 Title CCNA Cisco Certified Network Associate CCNA(v3.0 Updated Version 28.0 Product Type 890 Q&A \u201cBest

200-125.pdf - Cisco 200-125 Exam 200-125 Title CCNA Cisco...

This preview shows page 1 out of 648 pages.

You've reached the end of your free preview.

Want to read all 648 pages?

Unformatted text preview: Cisco 200-125 Exam 200-125 Title CCNA Cisco Certified Network Associate CCNA (v3.0) Updated Version: 28.0 Product Type 890 Q&A “Best Material, Great Results”. 1 Cisco 200-125 QUESTION 1 - (Topic 1) Which two spanning-tree port states does RSTP combine to allow faster convergence? (Choose two.) A. blocking B. listening C. learning D. forwarding E. discarding Answer: A,B QUESTION 2 - (Topic 1) After you configure the Loopback0 interface, which command can you enter to verify the status of the interface and determine whether fast switching is enabled? A. Router#show ip interface loopback 0 B. Router#show run C. Router#show interface loopback 0 D. Router#show ip interface brief Answer: A QUESTION 3 - (Topic 1) Which three commands can you use to set a router boot image? (Choose three.) A. Router(config)# boot system flash c4500-p-mz.121-20.bin B. Router(config)# boot system tftp c7300-js-mz.122-33.SB8a.bin C. Router(config)#boot system rom c7301-advipservicesk9-mz.124-24.T4.bin D. Router> boot flash:c180x-adventerprisek9-mz-124-6T.bin E. Router(config)#boot flash:c180x-adventerprisek9-mz-124-6T.bin F. Router(config)#boot bootldr bootflash:c4500-jk9s-mz.122-23f.bin Answer: A,B,C QUESTION 4 - (Topic 1) Which three statements about link-state routing are true? (Choose three.) A. Routes are updated when a change in topology occurs. B. Updates are sent to a multicast address by default. C. OSPF is a link-state protocol. D. Updates are sent to a broadcast address. E. RIP is a link-state protocol. F. It uses split horizon. Answer: A,B,C “Best Material, Great Results”. 2 Cisco 200-125 QUESTION 5 - (Topic 1) Which type of address is the public IP address of a NAT device? A. outside global B. outside local C. inside global D. inside local E. outside public F. inside public Answer: C QUESTION 6 - (Topic 1) Which two Cisco IOS commands, used in troubleshooting, can enable debug output to a remote location? (Choose two) A. no logging console B. logging host ip-address C. terminal monitor D. show logging | redirect flashioutput.txt E. snmp-server enable traps syslog Answer: B,C QUESTION 7 - (Topic 1) Which protocol is the Cisco proprietary implementation of FHRP? A. HSRP B. VRRP C. GLBP D. CARP Answer: A QUESTION 8 - (Topic 1) Which IPv6 header field is equivalent to the TTL? A. Hop Limit B. Flow Label C. TTD D. Hop Count E. Scan Timer Answer: A QUESTION 9 - (Topic 1) What is the purpose of the POST operation on a router? A. determine whether additional hardware has been added “Best Material, Great Results”. 3 Cisco 200-125 B. locate an IOS image for booting C. enable a TFTP server D. set the configuration register Answer: A QUESTION 10 - (Topic 1) Which command sequence can you enter to create VLAN 20 and assign it to an interface on a switch? A. Switch(config)#vlan 20 Switch(config)#Interface gig x/y Switch(config-if)#switchport access vlan 20 B. Switch(config)#Interface gig x/y Switch(config-if)#vlan 20 Switch(config-vlan)#switchport access vlan 20 C. Switch(config)#vlan 20 Switch(config)#Interface vlan 20 Switch(config-if)#switchport trunk native vlan 20 D. Switch(config)#vlan 20 Switch(config)#Interface vlan 20 Switch(config-if)#switchport access vlan 20 E. Switch(config)#vlan 20 Switch(config)#Interface vlan 20 Switch(config-if)#switchport trunk allowed vlan 20 Answer: A QUESTION 11 - (Topic 1) Which command can you enter to view the ports that are assigned to VLAN 20? A. Switch#show vlan id 20 B. Switch#show ip interface brief C. Switch#show interface vlan 20 D. Switch#show ip interface vlan 20 Answer: A QUESTION 12 - (Topic 1) Which two features can dynamically assign IPv6 addresses? (Choose two.) A. IPv6 stateless autoconfiguration B. DHCP C. NHRP D. IPv6 stateful autoconfiguration E. ISATAP tunneling Answer: A,B QUESTION 13 - (Topic 1) What is the effect of using the service password-encryption command? A. Only the enable password will be encrypted. B. It will encrypt all current and future passwords. C. It will encrypt the secret password and remove the enable secret password from the configuration. D. Only the enable secret password will be encrypted. E. Only passwords configured after the command has been entered will be encrypted. Answer: B “Best Material, Great Results”. 4 Cisco 200-125 Explanation: Enable vty, console, AUX passwords are configured on the Cisco device. Use the show run command to show most passwords in clear text. If the service password-encryption is used, all the passwords are encrypted. As a result, the security of device access is improved. QUESTION 14 - (Topic 1) What should be part of a comprehensive network security plan? A. Allow users to develop their own approach to network security. B. Physically secure network equipment from potential access by unauthorized individuals. C. Encourage users to use personal information in their passwords to minimize the likelihood of passwords being forgotten. D. Delay deployment of software patches and updates until their effect on end-user equipment is well known and widely reported E. Minimize network overhead by deactivating automatic antivirus client updates. Answer: B Explanation: Computer systems and networks are vulnerable to physical attack; therefore, procedures should be implemented to ensure that systems and networks are physically secure. Physical access to a system or network provides the opportunity for an intruder to damage, steal, or corrupt computer equipment, software, and information. When computer systems are networked with other departments or agencies for the purpose of sharing information, it is critical that each party to the network take appropriate measures to ensure that its system will not be physically breached, thereby compromising the entire network. Physical security procedures may be the least expensive to implement but can also be the most costly if not implemented. The most expensive and sophisticated computer protection software can be overcome once an intruder obtains physical access to the network. QUESTION 15 - (Topic 1) Which two security appliances will you use in a network? (Choose two.) A. ATM B. IDS C. IOS D. IOX E. IPS F. SDM Answer: B,E QUESTION 16 - (Topic 1) Which condition does the err-disabled status indicate on an Ethernet interface? A. There is a duplex mismatch. B. The device at the other end of the connection is powered off. C. The serial interface is disabled. D. The interface is configured with theshutdowncommand. E. Port security has disabled the interface. F. The interface is fully functioning. “Best Material, Great Results”. 5 Cisco 200-125 Answer: A QUESTION 17 - (Topic 1) Which logging command can enable administrators to correlate syslog messages with millisecond precision? A. no logging console B. logging buffered 4 C. no logging monitor D. service timestamps log datetime msec E. logging host 10.2.0.21 Answer: D QUESTION 18 - (Topic 1) Which tow options describe benefits of aggregated chassis technology? (Choose two.) A. It requires only three IP addresses per VLAN. B. It reduces management overhead. C. It requires only one IP address per VLAN. D. It supports redundant configuration files. E. It supports HSRP, VRRP, and GLBP. F. Switches can be located anywhere regardless of their physical distance from one another. Answer: B,C QUESTION 19 - (Topic 1) What are three characteristics of satellite Internet connections? (Choose three.) A. Their upload speed is about 10 percent of their download speed. B. They are frequently used by rural users without access to other high-speed connections. C. They are usually at least 10 times faster than analog modem connections. D. They are usually faster than cable and DSL connections. E. They require a WiMax tower within 30 miles of the user location. F. They use radio waves to communicate with cellular phone towers. Answer: A,B,C QUESTION 20 - (Topic 1) Which two statements about the tunnel mode ipv6ip command are true? (Choose two.) A. It enables the transmission of IPv6 packets within the configured tunnel. B. It specifies IPv4 as the encapsulation protocol. C. It specifies IPv6 as the encapsulation protocol. D. It specifies IPv6 as the transport protocol. E. It specifies that the tunnel is a Teredo tunnel. Answer: A,B “Best Material, Great Results”. 6 Cisco 200-125 QUESTION 21 - (Topic 1) Which two passwords must be supplied in order to connect by Telnet to a properly secured Cisco switch and make changes to the device configuration? (Choose two.) A. tty password B. enable secret password C. vty password D. aux password E. console password F. username password Answer: B,C Explanation: Telnet presents a potential security risk, so Telnet uses vty for connecting a remote Cisco switch. For access security, the vty password and enable password must be configured. QUESTION 22 CORRECT TEXT - (Topic 1) A corporation wants to add security to its network. The requirements are: ? Host C should be able to use a web browser (HTTP) to access the Finance Web Server. ? Other types of access from host C to the Finance Web Server should be blocked. ? All access from hosts in the Core or local LAN to the Finance Web Server should be blocked. ? All hosts in the Core and on local LAN should be able to access the Public Web Server. You have been tasked to create and apply anumbered access listto a single outbound interface. This access list can contain no more thanthreestatements that meet these requirements. Access to the router CLI can be gained by clicking on the appropriate host. ? All passwords have been temporarily set to “cisco”. ? The Core connection uses an IP address .18.209.65. ? The computers in the Hosts LAN have been assigned addresses .168.78.1 – 192.168.78.254. ? host A 192.168.78.1 ? host B 192.168.78.2 ? host C 192.168.78.3 ? host D 192.168.78.4 ? The Finance Web Server has been assigned an address .22.146.17. ? The Public Web Server in the Server LAN has been assigned an address .22.146.18. “Best Material, Great Results”. 7 Cisco 200-125 “Best Material, Great Results”. 8 Cisco 200-125 “Best Material, Great Results”. 9 Cisco 200-125 “Best Material, Great Results”. 10 Cisco 200-125 Answer: Please see below explanation part for details answer steps: Explanation: We should create an access-list and apply it to the interface that is connected to the Server LAN because it can filter out traffic from both S2 and Core networks. To see which interface this is, use the “show ip int brief” command: “Best Material, Great Results”. 11 Cisco 200-125 From this, we know that the servers are located on the fa0/1 interface, so we will place our numbered access list here in the outbound direction. Corp1#configure terminal Our access-list needs to allow host C – 192.168125.3 to the Finance Web Server 172.22.109.17 via HTTP (port 80), so our first line is this: Corp1(config)#access-list 100 permit tcp host 192.168.125.3 host 172.22.109.17 eq 80 Then, our next two instructions are these: ? Other types of access from host C to the Finance Web Server should be blocked. ? All access from hosts in the Core or local LAN to the Finance Web Server should be blocked. This can be accomplished with one command (which we need to do as our ACL needs to be no more than 3 lines long), blocking all other access to the finance web server: Corp1(config)#access-list 100 deny ip any host 172.22.109.17 Our last instruction is to allow all hosts in the Core and on the local LAN access to the Public Web Server (172.22.109.18) Corp1(config)#access-list 100 permit ip host 172.22.109.18 any Finally, apply this access-list to Fa0/1 interface (outbound direction) Corp1(config)#interface fa0/1 Corp1(config-if)#ip access-group 100 out Notice: We have to apply the access-list to Fa0/1 interface (not Fa0/0 interface) so that the access-list can filter traffic coming from both the LAN and the Core networks. To verify, just click on host C to open its web browser. In the address box type to check if you are allowed to access Finance Web Server or not. If your configuration is correct then you can access it. Click on other hosts (A, B and D) and check to make sure you can’t access Finance Web Server from these hosts. Then, repeat to make sure they can reach the public server at 172.22.109.18. Finally, save the configuration Corp1(config-if)#end Corp1#copy running-config startup-config QUESTION 23 - (Topic 1) Which condition indicates that service password-encryption is enabled? A. The local username password is encrypted in the configuration. B. The enable secret is encrypted in the configuration. C. The local username password is in clear text in the configuration. D. The enable secret is in clear text in the configuration. Answer: A QUESTION 24 - (Topic 1) Which protocol advertises a virtual IP address to facilitate transparent failover of a Cisco routing device? A. FHRP “Best Material, Great Results”. 12 Cisco 200-125 B. DHCP C. RSMLT D. ESRP Answer: A QUESTION 25 - (Topic 1) What are two reasons that duplex mismatches can be difficult to diagnose? (Choose two.) A. The interface displays a connected (up/up) state even when the duplex settings are mismatched. B. The symptoms of a duplex mismatch may be intermittent. C. Autonegotiation is disabled. D. Full-duplex interfaces use CSMA/CD logic, so mismatches may be disguised by collisions. E. 1-Gbps interfaces are full-duplex by default. Answer: A,B QUESTION 26 - (Topic 1) Which command can you execute to set the user inactivity timer to 10 seconds? A. SW1(config-line)#exec-timeout 0 10 B. SW1(config-line)#exec-timeout 10 C. SW1(config-line)#absolute-timeout 0 10 D. SW1(config-line)#absolute-timeout 10 Answer: A QUESTION 27 - (Topic 1) In which byte of an IP packet can traffic be marked? A. the ToS byte B. the QoS byte C. the DSCP byte D. the CoS byte Answer: A QUESTION 28 - (Topic 1) What are two requirements for an HSRP group? (Choose two.) A. exactly one active router B. one or more standby routers C. one or more backup virtual routers D. exactly one standby active router E. exactly one backup virtual router Answer: A,B “Best Material, Great Results”. 13 Cisco 200-125 QUESTION 29 - (Topic 1) Which step in the router boot process searches for an IOS image to load into the router? A. bootstrap B. POST C. mini-IOS D. ROMMON mode Answer: A QUESTION 30 - (Topic 1) What is the danger of the permit any entry in a NAT access list? A. It can lead to overloaded resources on the router. B. It can cause too many addresses to be assigned to the same interface. C. It can disable the overload command. D. It prevents the correct translation of IP addresses on the inside network. Answer: A QUESTION 31 - (Topic 1) If router R1 knows a static route to a destination network and then learn about the same destination network through a dynamic routing protocol, how does R1 respond? A. It sends a withdrawal notification to the neighboring router. B. It refuses to advertise the dynamic route to other neighbors. C. It disables the routing protocol. D. It prefers the static route. Answer: D QUESTION 32 - (Topic 1) If the primary root bridge experiences a power loss, which switch takes over? A. switch 0004.9A1A.C182 B. switch 00E0.F90B.6BE3 C. switch 00E0.F726.3DC6 D. switch 0040.0BC0.90C5 Answer: A QUESTION 33 - (Topic 1) Which command is necessary to permit SSH or Telnet access to a cisco switch that is otherwise configured for these vty line protocols? A. transport type all B. transport output all C. transport preferred all D. transport input all “Best Material, Great Results”. 14 Cisco 200-125 Answer: D QUESTION 34 - (Topic 1) Which command can you enter to set the default route for all traffic to an interface? A. router(config)#ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/1 B. router(config)#ip route 0.0.0.0 255.255.255.255 GigabitEthernet0/1 C. router(config-router)#default-information originate D. router(config-router)#default-information originate always Answer: A QUESTION 35 - (Topic 1) Which technology can enable multiple VLANs to communicate with one another? A. inter-VLAN routing using a Layer 3 switch B. inter-VLAN routing using a Layer 2 switch C. intra-VLAN routing using router on a stick D. intra-VLAN routing using a Layer 3 switch Answer: A QUESTION 36 - (Topic 1) Which switching method duplicates the first six bytes of a frame before making a switching decision? A. fragment-free switching B. store and-forward switching C. cut through switching D. ASIC switching Answer: C Explanation: Cut and Through method has lowest latency. In this method Switch only read first six bytes from frame after the preamble. These six bytes are the destination address of frame. This is the fastest method of switching. This method also processes invalid frames. Only advantage of this method is speed. QUESTION 37 - (Topic 1) In which three ways is an IPv6 header simpler than an IPv4 header? (Choose three.) A. Unlike IPv4 headers, IPv6 headers have a fixed length. B. IPv6 uses an extension header instead of the IPv4 Fragmentation field. C. IPv6 headers eliminate the IPv4 Checksum field. D. IPv6 headers use the Fragment Offset field in place of the IPv4 Fragmentation field. E. IPv6 headers use a smaller Option field size than IPv4 headers. F. IPv6 headers use a 4-bit TTL field, and IPv4 headers use an 8-bit TTL field. Answer: A,B,C “Best Material, Great Results”. 15 Cisco 200-125 QUESTION 38 - (Topic 1) Which interface counter can you use to diagnose a duplex mismatch problem? A. no earner B. late collisions C. giants D. CRC errors E. deferred F. runts Answer: B QUESTION 39 - (Topic 1) Which three characteristics are representative of a link-state routing protocol? (Choose three.) A. provides common view of entire topology B. exchanges routing tables with neighbors C. calculates shortest path D. utilizes event-triggered updates E. utilizes frequent periodic updates Answer: A,C,D QUESTION 40 - (Topic 1) Which feature builds a FIB and an adjacency table to expedite packet forwarding? A. Cisco Express Forwarding B. process switching C. fast switching D. cut-through Answer: A QUESTION 41 - (Topic 1) What is the effect of the overload keyword in a static NAT translation configuration? A. It enables port address translation. B. It enables the use of a secondary pool of IP addresses when the first pool is depleted. C. It enables the inside interface to receive traffic. D. It enables the outside interface to forward traffic. Answer: A QUESTION 42 - (Topic 1) Which NAT function can map multiple inside addresses to a single outside address? A. PAT “Best Material, Great Results”. 16 Cisco 200-125 B. SFTP C. RARP D. ARP E. TFTP Answer: A QUESTION 43 - (Topic 1) In which two formats can the IPv6 address fd15:0db8:0000:0000:0700:0003:400F:572B be written? (Choose two.) A. fd15:0db8:0000:0000:700:3:400F:527B B. fd15::db8::700:3:400F:527B C. fd15:db8:0::700:3:4F:527B D. fd15:0db8::7:3:4F:527B E. fd15:db8::700:3:400F:572B Answer: A,E QUESTION 44 - (Topic 1) Which two statements about late collisions are true? (Choose two.) A. They may indicate a duplex mismatch. B. By definition, they occur after the 512th bit of the frame has been transmitted. C. They indicate received frames that did not pass the FCS match. D. They are frames that exceed 1518 bytes. E. They occur when CRC errors and interference occur on the cable. Answer: A,B QUESTION 45 - (Topic 1) Refer to the exhibit. Which user-mode password has just been set? A. Telnet B. Auxiliary C. SSH “Best Material, Great Results”. 17 Cisco 200-125 D. Console Answer: A QUESTION 46 - (Topic 1) Which command sets and automatically encrypts the privileged enable mode password? A. Enable password c1sc0 B. Secret enable c1sc0 C. Password enable c1sc0 D. Enable secret c1sc0 Answer: D QUESTION 47 - (Topic 1) Which command can you enter to display the hits counter for NAT traffic? A. show ip nat statistics B. debug ip nat C. show ip debug nat D. clear ip nat statistics Answer: A QUESTION 48 - (Topic 1) What is the correct routing match to rea...
View Full Document

  • Fall '19
  • IP address

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture