Examcollection ccna 200 125 Questions are updated and all 200 125 cisco answers are verified by experts. Once you have completely prepared with our cisco ccna 200 125 exam prep kits you will be ready for the real ccna 200 125 study guide exam without a problem. We have Up to the minute Cisco 200 125 ccna pdf dumps study guide. PASSED 200 125 ccna pdf First attempt! Here What I Did.
P.S. Actual 200-125 preparation exams are available on Google Drive, GET MORE: https://drive.google.com/open?id=1qSmqe9lmg23sR5XECqlhobCqcIIdpdHn
New Cisco 200-125 Exam Dumps Collection (Question 1 - Question 10)
Q1. Refer to the exhibit.
Statements A, B, C, and D of ACL 10 have been entered in the shown order and applied to interface E0 inbound, to prevent all hosts (except those whose addresses are the first and last IP of subnet 172.21.1.128/28) from accessing the network. But as is, the ACL does not restrict anyone from the network. How can the ACL statements be re-arranged so that the system works as intended?
Routers go line by line through an access list until a match is found and then will not look any further, even if a more specific of better match is found later on in the access list. So, it it best to begin with the most specific entries first, in this cast the two hosts in line C and D. Then, include the subnet (B) and then finally the rest of the traffic (A).
Q2. What can be done to secure the virtual terminal interfaces on a router? (Choose two.)
A. Administratively shut down the interface.
B. Physically secure the interface.
C. Create an access list and apply it to the virtual terminal interfaces with the access-group command.
D. Configure a virtual terminal password and login process.
E. Enter an access list and apply it to the virtual terminal interfaces using the access-class
It is a waste to administratively shut down the interface. Moreover, someone can still access the virtual terminal interfaces via other interfaces ->
We cannot physically secure a virtual interface because it is u201cvirtualu201d ->.
To apply an access list to a virtual terminal interface we must use the u201caccess-classu201d command. The u201caccess-groupu201d command is only used to apply an access list to a physical interface -> C is not correct.
The most simple way to secure the virtual terminal interface is to configure a username & password to prevent unauthorized login.
Q3. Refer to the exhibit.
HostA cannot ping HostB. Assuming routing is properly configured, what is the cause of this problem?
A. HostA is not on the same subnet as its default gateway.
B. The address of SwitchA is a subnet address.
C. The Fa0/0 interface on RouterA is on a subnet that can't be used.
D. The serial interfaces of the routers are not on the same subnet.
E. The Fa0/0 interface on RouterB is using a broadcast address.
Now letu2019s find out the range of the networks on serial link: For the network 192.168.1.62/27:
Network address: 192.168.1.32
Broadcast address: 192.168.1.63 For the network 192.168.1.65/27: Increment: 32
Network address: 192.168.1.64
Broadcast address: 192.168.1.95
-> These two IP addresses donu2019t belong to the same network and they canu2019t see each other.
Q4. Which set of commands is recommended to prevent the use of a hub in the access layer?
A. switch(config-if)#switchport mode trunk switch(config-if)#switchport port-security maximum 1
B. switch(config-if)#switchport mode trunk
switch(config-if)#switchport port-security mac-address 1
C. switch(config-if)#switchport mode access switch(config-if)#switchport port-security maximum 1
D. switch(config-if)#switchport mode access switch(config-if)#switchport port-security mac-address 1
This question is to examine the layer 2 security configuration.
In order to satisfy the requirements of this question, you should perform the following
configurations in the interface mode:
First, configure the interface mode as the access mode
Second, enable the port security and set the maximum number of connections to 1.
Q5. A network engineer wants to allow a temporary entry for a remote user with a specific username and password so that the user can access the entire network over the Internet. Which ACL can be used?
We can use a dynamic access list to authenticate a remote user with a specific username and password. The authentication process is done by the router or a central access server such as a TACACS+ or RADIUS server. The configuration of dynamic ACL can be read here:http://www.cisco.com/en/US/tech/tk583/tk822/technologies_tech_note09186a0080094 524.shtml
Q6. You have been asked to come up with a subnet mask that will allow all three web servers to be on the same network while providing the maximum number of subnets. Which network address and subnet mask meet this requirement?
A. 192.168.252.0 255.255.255.252
B. 192.168.252.8 255.255.255.248
C. 192.168.252.8 255.255.255.252
D. 192.168.252.16 255.255.255.240
E. 192.168.252.16 255.255.255.252
A subnet mask of 255.255.255.248 will allow for up to 6 hosts to reside in this network. A subnet mask of 255.255.255.252 will allow for only 2 usable IP addresses, since we cannot use the network or broadcast address.
Q7. An administrator is trying to ping and telnet from SwitchC to RouterC with the results shown below.
Click the console connected to RouterC and issue the appropriate commands to answer the questions.
Which will fix the issue and allow ONLY ping to work while keeping telnet disabled?
A. Correctly assign an IP address to interface fa0/1.
B. Change the ip access-group command on fa0/0 from u201cinu201d to u201coutu201d.
C. Removeaccess-group 106 infrom interface fa0/0 and addaccess-group 115 in.
D. Removeaccess-group 102 outfrom interface s0/0/0 and addaccess-group 114 in
E. Removeaccess-group 106 infrom interface fa0/0 and addaccess-group 104 in.
Letu2019s have a look at the access list 104:
The question does not ask about ftp traffic so we donu2019t care about the two first lines. The 3rd line denies all telnet traffic and the 4th line allows icmp traffic to be sent (ping). Remember that the access list 104 is applied on the inbound direction so the 5th line u201caccess-list 104 deny icmp any any echo-replyu201d will not affect our icmp traffic because the u201cecho-replyu201d message will be sent over the outbound direction.
Q8. What are three approaches that are used when migrating from an IPv4 addressing scheme to an IPv6 scheme. (Choose three.)
A. enable dual-stack routing
B. configure IPv6 directly
C. configure IPv4 tunnels between IPv6 islands
D. use proxying and translation to translate IPv6 packets into IPv4 packets
E. statically map IPv4 addresses to IPv6 addresses
F. use DHCPv6 to map IPv4 addresses to IPv6 addresses
Several methods are used terms of migration including tunneling, translators, and dual stack. Tunnels are used to carry one protocol inside another, while translators simply translate IPv6 packets into IPv4 packets. Dual stack uses a combination of both native IPv4 and IPv6. With dual stack, devices are able to run IPv4 and IPv6 together and if IPv6 communication is possible that is the preferred protocol. Hosts can simultaneously reach IPv4 and IPv6 content.
Q9. Refer to the exhibit.
An attempt to deny web access to a subnet blocks all traffic from the subnet. Which interface command immediately removes the effect of ACL 102?
A. no ip access-class 102 in
B. no ip access-class 102 out
C. no ip access-group 102 in
D. no ip access-group 102 out
E. no ip access-list 102 in
The u201cip access-groupu201d is used to apply and ACL to an interface. From the output shown, we know that the ACL is applied to outbound traffic, so u201cno ip access-group 102 outu201d will remove the effect of this ACL.
Q10. What are the three things that the Netflow uses to consider the traffic to be in a same flow? (Choose three)
A. IP address
B. Interface name
C. Port numbers
D. L3 protocol type
E. MAC address
What is an IP Flow?
Each packet that is forwarded within a router or switch is examined for a set of IP packet attributes. These attributes are the IP packet identity or fingerprint of the packet and determine if the packet is unique or similar to other packets.
Traditionally, an IP Flow is based on a set of 5 and up to 7 IP packet attributes. IP Packet attributes used by NetFlow:
+ IP source address
+ IP destination address
+ Source port
+ Destination port
+ Layer 3 protocol type
+ Class of Service
+ Router or switch interface
Recommend!! Get the Actual 200-125 dumps in VCE and PDF From 2passeasy, Welcome to download: https://www.2passeasy.com/dumps/200-125/ (New 890 Q&As Version)