Advanced Guide: 125 200

200-125 Guide

200-125 Exam Royal Pack (In Stock.)

 
  • Cisco
  • Exam Number/Code 200-125
  • Product Name CCNA Cisco Certified Network Associate CCNA (v3.0)
  • Questions and Answers
  • 635 Q&As
  • Last Updated
  • Nov 06,2018
  • List Price
  • $128.99
  • Price
  • Today 49.99 USD

Free TrialVersion: demo Buy Now 50% OFF

Advanced Guide: 125 200

Act now and download your Cisco ccna 200 125 ebook test today! Do not waste time for the worthless Cisco ccna 200 125 tutorials. Download Renew Cisco CCNA Cisco Certified Network Associate CCNA (v3.0) exam with real questions and answers and begin to learn Cisco 200 125 ccna pdf with a classic professional.

P.S. Tested 200-125 keys are available on Google Drive, GET MORE: https://drive.google.com/open?id=1G0OQvn58oVaFHU8QUjdLariF4zPSu0BB


New Cisco 200-125 Exam Dumps Collection (Question 4 - Question 13)

Question No: 4

What are three values that must be the same within a sequence of packets for Netflow to consider them a network flow? (Choose three.)

A. source IP address

B. source MAC address

C. egress interface

D. ingress interface

E. destination IP address

F. IP next-hop

Answer: A,D,E

Explanation:

Each packet that is forwarded within a router or switch is examined for a set of IP packet attributes. These attributes are the IP packet identity or fingerprint of the packet and determine if the packet is unique or similar to other packets.

Traditionally, an IP Flow is based on a set of 5 and up to 7 IP packet attributes. IP Packet attributes used by NetFlow:

u2022 IP source address

u2022 IP destination address

u2022 Source port

u2022 Destination port

u2022 Layer 3 protocol type

u2022 Class of Service

u2022 Router or switch interface

All packets with the same source/destination IP address, source/destination ports, protocol interface and class of service are grouped into a flow and then packets and bytes are tallied. This methodology of fingerprinting or determining a flow is scalable because a large

amount of network information is condensed into a database of NetFlow information called the NetFlow cache.

Reference: http://www.cisco.com/c/en/us/products/collateral/ios-nx-os-software/ios-netflow/prod_white_paper0900aecd80406232.html


Question No: 5

Refer to the exhibit.

A junior network administrator was given the task of configuring port security on SwitchA to allow only PC_A to access the switched network through port fa0/1. If any other device is

detected, the port is to drop frames from this device. The administrator configured the interface and tested it with successful pings from PC_A to RouterA, and then observes the output from these two show commands.

Which two of these changes are necessary for SwitchA to meet the requirements? (Choose two.)

A. Port security needs to be globally enabled.

B. Port security needs to be enabled on the interface.

C. Port security needs to be configured to shut down the interface in the event of a violation.

D. Port security needs to be configured to allow only one learned MAC address.

E. Port security interface counters need to be cleared before using the show command.

F. The port security configuration needs to be saved to NVRAM before it can become active.

Answer: B,D

Explanation:

From the output we can see that port security is disabled so this needs to be enabled. Also, the maximum number of devices is set to 2 so this needs to be just one if we want the single host to have access and nothing else.


Question No: 6

Which three features are added in SNMPv3 over SNMPv2?

A. Message Integrity

B. Compression

C. Authentication

D. Encryption

E. Error Detection

Answer: A,C,D

Explanation:

Cisco IOS software supports the following versions of SNMP:

+ SNMPv1 u2013 The Simple Network Management Protocol: A Full Internet Standard, defined

in RFC 1157. (RFC 1157 replaces the earlier versions that were published as RFC 1067 and RFC 1098.) Security is based on community strings.

+ SNMPv2c u2013 The community-string based Administrative Framework for SNMPv2. SNMPv2c (the u201ccu201d stands for u201ccommunityu201d) is an Experimental Internet Protocol defined in RFC 1901, RFC 1905, and RFC 1906. SNMPv2c is an update of the protocol operations and data types of SNMPv2p (SNMPv2 Classic), and uses the community-based security model of SNMPv1.

+ SNMPv3 u2013 Version 3 of SNMP. SNMPv3 is an interoperable standards-based protocol defined in RFCs 2273 to 2275. SNMPv3 provides secure access to devices by a combination of authenticating and encrypting packets over the network. The security features provided in SNMPv3 are as follows:

u2013 Message integrity: Ensuring that a packet has not been tampered with in transit.

u2013 Authentication: Determining that the message is from a valid source.

u2013 Encryption: Scrambling the contents of a packet prevent it from being learned by an unauthorized source.


Question No: 7

CORRECT TEXTA network associate is adding security to the configuration of the Corp1 router. The user on host C should be able to use a web browser to access financial information from the Finance Web Server. No other hosts from the LAN nor the Core should be able to use a web browser to access this server. Since there are multiple resources for the corporation at this location including other resources on the Finance Web Server, all other traffic should be allowed.

The task is to create and apply an access-list with no more than three statements that will allow ONLY host C web access to the Finance Web Server. No other hosts will have web access to the Finance Web Server. All other traffic is permitted.

Access to the router CLI can be gained by clicking on the appropriate host.

All passwords have been temporarily set to "cisco".

The Core connection uses an IP address of 198.18.247.65

The computers in the Hosts LAN have been assigned addresses of 192.168.240.1 - 192.168.240.254

u2711 host A 192.168.240.1

u2711 host B 192.168.240.2

u2711 host C 192.168.240.3

Answer:

Corp1#conf t

Corp1(config)# access-list 128 permit tcp host 192.168.240.1 host 172.22.141.26 eq www

Corp1(config)# access-list 128 deny tcp any host 172.22.141.26 eq www

Corp1(config)# access-list 128 permit ip any any

Corp1(config)#int fa0/1

Corp1(config-if)#ip access-group 128 out

Corp1(config-if)#end

Corp1#copy run startup-config


Question No: 8

Which option is a valid IPv6 address?

A. 2001:0000:130F::099a::12a

B. 2002:7654:A1AD:61:81AF:CCC1

C. FEC0:ABCD:WXYZ:0067::2A4

D. 2004:1:25A4:886F::1

Answer: D

Explanation:

An IPv6 address is represented as eight groups of four hexadecimal digits, each group representing 16 bits (two octets). The groups are separated by colons (:). An example of an IPv6 address is 2001:0db8:85a3:0000:0000:8a2e:0370:7334. The leading 0u2019s in a group can be collapsed using ::, but this can only be done once in an IP address.


Question No: 9

What Cisco IOS feature can be enabled to pinpoint an application that is causing slow network performance?

A. SNMP

B. Netflow

C. WCCP

D. IP SLA

Answer: B

Explanation:

Netflow can be used to diagnose slow network performance, bandwidth hogs and bandwidth utilization quickly with command line interface or reporting tools.

Reference: http://www.cisco.com/c/en/us/products/collateral/ios-nx-os-software/ios-netflow/prod_white_paper0900aecd80406232.html


Question No: 10

Refer to the exhibit.

The network shown in the diagram is experiencing connectivity problems. Which of the following will correct the problems? (Choose two.)

A. Configure the gateway on Host A as 10.1.1.1.

B. Configure the gateway on Host B as 10.1.2.254.

C. Configure the IP address of Host A as 10.1.2.2.

D. Configure the IP address of Host B as 10.1.2.2.

E. Configure the masks on both hosts to be 255.255.255.224.

F. Configure the masks on both hosts to be 255.255.255.240.

Answer: B,D

Explanation:

The switch 1 is configured with two VLANs: VLAN1 and VLAN2. The IP information of member Host A in VLAN1 is as follows: Address : 10.1.1.126

Mask : 255.255.255.0

Gateway : 10.1.1.254

The IP information of member Host B in VLAN2 is as follows: Address : 10.1.1.12

Mask : 255.255.255.0

Gateway : 10.1.1.254

The configuration of sub-interface on router 2 is as follows: Fa0/0.1 -- 10.1.1.254/24 VLAN1

Fa0/0.2 -- 10.1.2.254/24 VLAN2

It is obvious that the configurations of the gateways of members in VLAN2 and the associated network segments are wrong. The layer3 addressing information of Host B should be modified as follows:

Address : 10.1.2.X Mask : 255.255.255.0


Question No: 11

Which statement about access lists that are applied to an interface is true?

A. You can place as many access lists as you want on any interface.

B. You can apply only one access list on any interface.

C. You can configure one access list, per direction, per Layer 3 protocol.

D. You can apply multiple access lists with the same protocol or in different directions.

Answer: C

Explanation:

We can have only 1 access list per protocol, per direction and per interface. It means:

+ We cannot have 2 inbound access lists on an interface

+ We can have 1 inbound and 1 outbound access list on an interface


Question No: 12

CORRECT TEXTA network associate is adding security to the configuration of the Corp1 router. The user on host C should be able to use a web browser to access financial information from the Finance Web Server. No other hosts from the LAN nor the Core should be able to use a web browser to access this server. Since there are multiple resources for the corporation at this location including other resources on the Finance Web Server, all other traffic should be allowed.

The task is to create and apply an access-list with no more than three statements that will allow ONLY host C web access to the Finance Web Server. No other hosts will have web access to the Finance Web Server. All other traffic is permitted.

Access to the router CLI can be gained by clicking on the appropriate host. All passwords have been temporarily set to "cisco".

The Core connection uses an IP address of 198.18.196.65.

The computers in the Hosts LAN have been assigned addresses of 192.168.33.1 - 192.168.33.254

u2711 host A 192.168.33.1

u2711 host B 192.168.33.2

u2711 host C 192.168.33.3

u2711 host D 192.168.33.4

The servers in the Server LAN have been assigned addresses of 172.22.242.17 - 172.22.242.30.

The Finance Web Server is assigned an IP address of 172.22.242.23.

Answer:

Select the console on Corp1 router Configuring ACL

Corp1>enable Corp1#configure terminal

comment: To permit only Host C (192.168.33.3){source addr} to access finance server address (172.22.242.23) {destination addr} on port number 80 (web) Corp1(config)#access-list 100 permit tcp host 192.168.33.3 host 172.22.242.23 eq 80 comment: To deny any source to access finance server address (172.22.242.23)

{destination addr} on port number 80 (web)

Corp1(config)#access-list 100 deny tcp any host 172.22.242.23 eq 80

comment: To permit ip protocol from any source to access any destination because of the implicit deny any any statement at the end of ACL.

Corp1(config)#access-list 100 permit ip any any Applying the ACL on the Interface

comment: Check show ip interface brief command to identify the interface type and number by checking the IP address configured.

Corp1(config)#interface fa 0/1

If the ip address configured already is incorrect as well as the subnet mask. This should be corrected in order ACL to work

type this commands at interface mode :

no ip address 192.x.x.x 255.x.x.x (removes incorrect configured ipaddress and subnet mask)

Configure Correct IP Address and subnet mask:

ip address 172.22.242.30 255.255.255.240 ( range of address specified going to server is given as 172.22.242.17 - 172.22.242.30 )

Comment: Place the ACL to check for packets going outside the interface towards the

finance web server.

Corp1(config-if)#ip access-group 100 out Corp1(config-if)#end

Important: To save your running config to startup before exit. Corp1#copy running-config startup-config

Verifying the Configuration:

Step1: show ip interface brief command identifies the interface on which to apply access list.

Step2: Click on each host A, B, C, & D. Host opens a web browser page, Select address box of the web browser and type the ip address of finance web server (172.22.242.23) to test whether it permits /deny access to the finance web Server.

Step 3: Only Host C (192.168.33.3) has access to the server. If the other host can also access then maybe something went wrong in your configuration. Check whether you configured correctly and in order.

Step 4: If only Host C (192.168.33.3) can access the Finance Web Server you can click on NEXT button to successfully submit the ACL SIM.


Question No: 13

In which circumstance are multiple copies of the same unicast frame likely to be transmitted in a switched LAN?

A. during high traffic periods

B. after broken links are re-established

C. when upper-layer protocols require high reliability

D. in an improperly implemented redundant topology

E. when a dual ring topology is in use

Answer: D

Explanation:

If we connect two switches via 2 or more links and do not enable STP on these switches then a loop (which creates multiple copies of the same unicast frame) will occur. It is an example of an improperly implemented redundant topology.


P.S. Easily pass 200-125 Exam with Surepassexam Tested Dumps & pdf vce, Try Free: https://www.surepassexam.com/200-125-exam-dumps.html (890 New Questions)


To know more about the 200-125, click here.

Tagged as : Cisco 200-125 Dumps, Download 200-125 pdf, 200-125 VCE, 200-125 pass4sure, examcollection 200-125