Cause all that matters here is passing the Cisco ccna 200 125 torrent exam. Cause all that you need is a high score of cisco ccna 200 125 CCNA Cisco Certified Network Associate CCNA (v3.0) exam. The only one thing you need to do is downloading Pass4sure ccna routing and switching 200 125 pdf exam study guides now. We will not let you down with our money-back guarantee.

Q21. CORRECT TEXT - (Topic 7)

Central Florida Widgets recently installed a new router in their office. Complete the network installation by performing the initial router configurations and configuring R1PV2 routing using the router command line interface (CLI) on the RC.

Configure the router per the following requirements: Name of the router is R2

Enable. secret password is cisco

The password to access user EXEC mode using the console is cisco2 The password to allow telnet access to the router is cisco3

IPV4 addresses must be configured as follows:

Ethernet network 209.165.201.0/27 - router has fourth assignable host address in subnet Serial network is 192.0.2.176/28 - router has last assignable host address in the subnet. Interfaces should be enabled.

Router protocol is RIPV2

Attention:

In practical examinations, please note the following, the actual information will prevail.

1. Name or the router is xxx

2. Enable. secret password is xxx

3. Password In access user EXEC mode using the console is xxx

4. The password to allow telnet access to the router is xxx

5. IP information

Answer: 

Router>enable Router#config terminal Router(config)#hostname R2 R2(config)#enable secret Cisco 1 R2(config)#line console 0

R2(config-line)#password Cisco 2 R2(config-line)#exit R2(config)#line vty 0 4

R2(config-line)#password Cisco 3 R2(config-line)#login

R2(config-line)#exit R2(config)#interface faO/0

R2(config-if)#ip address 209.165.201.4 255.255.255.224 R2(config)#interface s0/0/0

R2(config-if)#ip address 192.0.2.190 255.255.255.240 R2(config-if)#no shutdown

R2(config-if)#exit R2(config)#router rip R2(config-router)#version 2

R2(config-router)#network 209.165.201.0

R2(config-router)#network 192.0.2.176

R2(config-router)#end R2#copy run start


Q22.  - (Topic 8)

Which two options are primary responsibilities of the APIC-EM controller? (Choose two.)

A. It automates network actions between different device types.

B. It provides robust asset management.

C. It tracks license usage and Cisco IOS versions.

D. It automates network actions between legacy equipment.

E. It makes network functions programmable.

Answer: A,E


Q23.  - (Topic 8)

Which routing protocol has the smallest default administrative distance?

A. IBGP

B. OSPF

C. IS-IS

D. EIGRP

E. RIP

Answer: D

Explanation: http://www.cisco.com/c/en/us/support/docs/ip/border-gateway-protocol-bgp/15986-admin-distance.html

Default Distance Value TableThis table lists the administrative distance default values of the protocols that Cisco supports:

Route Source

Default Distance Values

Connected interface 0

Static route 1

Enhanced Interior Gateway Routing Protocol (EIGRP) summary route 5

External Border Gateway Protocol (BGP) 20

Internal EIGRP 90

IGRP 100 OSPF 110

Intermediate System-to-Intermediate System (IS-IS) 115

Routing Information Protocol (RIP) 120

Exterior Gateway Protocol (EGP) 140

On Demand Routing (ODR) 160

External EIGRP 170

Internal BGP 200

Unknown* 255


Q24.  - (Topic 5)

What are two benefits of using NAT? (Choose two.)

A. NAT facilitates end-to-end communication when IPsec is enabled.

B. NAT eliminates the need to re-address all hosts that require external access.

C. NAT conserves addresses through host MAC-level multiplexing.

D. Dynamic NAT facilitates connections from the outside of the network.

E. NAT accelerates the routing process because no modifications are made on the packets.

F. NAT protects network security because private networks are not advertised.

Answer: B,F

Explanation:

By not revealing the internal IP addresses, NAT adds some security to the inside network -

> F is correct.

NAT has to modify the source IP addresses in the packets -> E is not correct.

Connection from the outside of the network through a “NAT” network is more difficult than a more network because IP addresses of inside hosts are hidden -> C is not correct.

In order for IPsec to work with NAT we need to allow additional protocols, including Internet Key Exchange (IKE), Encapsulating Security Payload (ESP) and Authentication Header (AH) -> more complex -> A is not correct.

By allocating specific public IP addresses to inside hosts, NAT eliminates the need to re- address the inside hosts -> B is correct.

NAT does conserve addresses but not through host MAC-level multiplexing. It conserves addresses by allowing many private IP addresses to use the same public IP address to go to the Internet -> C is not correct.


Q25.  - (Topic 3)

On a corporate network, hosts on the same VLAN can communicate with each other, but they are unable to communicate with hosts on different VLANs. What is needed to allow communication between the VLANs?

A. a router with subinterfaces configured on the physical interface that is connected to the switch

B. a router with an IP address on the physical interface connected to the switch

C. a switch with an access link that is configured between the switches

D. a switch with a trunk link that is configured between the switches

Answer: A

Explanation:

Different VLANs can't communicate with each other, they can communicate with the help of Layer3 router. Hence, it is needed to connect a router to a switch, then make the sub- interface on the router to connect to the switch, establishing Trunking links to achieve communications of devices which belong to different VLANs.

When using VLANs in networks that have multiple interconnected switches, you need to use VLAN trunking between the switches. With VLAN trunking, the switches tag each frame sent between switches so that the receiving switch knows to what VLAN the frame belongs. End user devices connect to switch ports that provide simple connectivity to a single VLAN each. The attached devices are unaware of any VLAN structure.

By default, only hosts that are members of the same VLAN can communicate. To change this and allow inter-VLAN communication, you need a router or a layer 3 switch.

Here is the example of configuring the router for inter-vlan communication

RouterA(config)#int f0/0.1 RouterA(config-subif)#encapsulation ? dot1Q IEEE 802.1Q Virtual LAN

RouterA(config-subif)#encapsulation dot1Q or isl VLAN ID RouterA(config-subif)# ip address x.x.x.x y.y.y.y


Q26.  - (Topic 5)

Which two of these statements are true of IPv6 address representation? (Choose two.)

A. There are four types of IPv6 addresses: unicast, multicast, anycast, and broadcast.

B. A single interface may be assigned multiple IPv6 addresses of any type.

C. Every IPv6 interface contains at least one loopback address.

D. The first 64 bits represent the dynamically created interface ID.

E. Leading zeros in an IPv6 16 bit hexadecimal field are mandatory.

Answer: B,C

Explanation:

✑ A single interface may be assigned multiple addresses of any type (unicast, anycast, multicast).

✑ Every IPv6-enabled interface must contain at least one loopback and one link-local

address.

✑ Optionally, every interface can have multiple unique local and global addresses.

Reference: IPv6 Addressing at a Glance – Cisco PDF


Q27.  - (Topic 7)

What are the benefits of using Netflow? (Choose three.)

A. Network, Application & User Monitoring

B. Network Planning

C. Security Analysis

D. Accounting/Billing

Answer: A,C,D

Explanation:

NetFlow traditionally enables several key customer applications including:

+ Network Monitoring – NetFlow data enables extensive near real time network monitoring capabilities. Flow-based analysis techniques may be utilized to visualize traffic patterns

associated with individual routers and switches as well as on a network-wide basis (providing aggregate traffic or application based views) to provide proactive problem detection, efficient troubleshooting, and rapid problem resolution.

+ Application Monitoring and Profiling – NetFlow data enables network managers to gain a detailed, time-based, view of application usage over the network. This information is used to plan, understand new services, and allocate network and application resources (e.g. Web server sizing and VoIP deployment) to responsively meet customer demands.

+ User Monitoring and Profiling – NetFlow data enables network engineers to gain detailed understanding of customer/user utilization of network and application resources. This information may then be utilized to efficiently plan and allocate access, backbone and application resources as well as to detect and resolve potential security and policy violations.

+ Network Planning – NetFlow can be used to capture data over a long period of time producing the opportunity to track and anticipate network growth and plan upgrades to increase the number of routing devices, ports, or higher- bandwidth interfaces. NetFlow services data optimizes network planning including peering, backbone upgrade planning, and routing policy planning. NetFlow helps to minimize the total cost of network operations while maximizing network performance, capacity, and reliability. NetFlow detects unwanted WAN traffic, validates bandwidth and Quality of Service (QOS) and allows the analysis of new network applications. NetFlow will give you valuable information to reduce the cost of operating your network.

+ Security Analysis – NetFlow identifies and classifies DDOS attacks, viruses and worms in real-time. Changes in network behavior indicate anomalies that are clearly demonstrated in NetFlow data. The data is also a valuable forensic tool to understand and replay the history of security incidents.

+ Accounting/Billing – NetFlow data provides fine-grained metering (e.g. flow data includes details such as IP addresses, packet and byte counts, timestamps, type-of-service and application ports, etc.) for highly flexible and detailed resource utilization accounting. Service providers may utilize the information for billing based on time-of-day, bandwidth usage, application usage, quality of service, etc. Enterprise customers may utilize the information for departmental charge-back or cost allocation for resource utilization.


Q28.  - (Topic 5)

What is known as "one-to-nearest" addressing in IPv6?

A. global unicast

B. anycast

C. multicast

D. unspecified address

Answer: B

Explanation:

IPv6 Anycast addresses are used for one-to-nearest communication, meaning an Anycast address is used by a device to send data to one specific recipient (interface) that is the closest out of a group of recipients (interfaces).


Q29. CORRECT TEXT - (Topic 6)

A network associate is adding security to the configuration of the Corp1 router. The user on host C should be able to use a web browser to access financial information from the Finance Web Server. No other hosts from the LAN nor the Core should be able to use a web browser to access this server. Since there are multiple resources for the corporation at this location including other resources on the Finance Web Server, all other traffic should be allowed.

The task is to create and apply an access-list with no more than three statements that will allow ONLY host C web access to the Finance Web Server. No other hosts will have web access to the Finance Web Server. All other traffic is permitted.

Access to the router CLI can be gained by clicking on the appropriate host. All passwords have been temporarily set to "cisco".

The Core connection uses an IP address of 198.18.196.65.

The computers in the Hosts LAN have been assigned addresses of 192.168.33.1 - 192.168.33.254

✑ host A 192.168.33.1

✑ host B 192.168.33.2

✑ host C 192.168.33.3

✑ host D 192.168.33.4

The servers in the Server LAN have been assigned addresses of 172.22.242.17 - 172.22.242.30.

The Finance Web Server is assigned an IP address of 172.22.242.23.

Answer: 

Select the console on Corp1 router Configuring ACL

Corp1>enable Corp1#configure terminal

comment: To permit only Host C (192.168.33.3){source addr} to access finance server address (172.22.242.23) {destination addr} on port number 80 (web) Corp1(config)#access-list 100 permit tcp host 192.168.33.3 host 172.22.242.23 eq 80 comment: To deny any source to access finance server address (172.22.242.23)

{destination addr} on port number 80 (web)

Corp1(config)#access-list 100 deny tcp any host 172.22.242.23 eq 80

comment: To permit ip protocol from any source to access any destination because of the implicit deny any any statement at the end of ACL.

Corp1(config)#access-list 100 permit ip any any Applying the ACL on the Interface

comment: Check show ip interface brief command to identify the interface type and number by checking the IP address configured.

Corp1(config)#interface fa 0/1

If the ip address configured already is incorrect as well as the subnet mask. This should be corrected in order ACL to work

type this commands at interface mode :

no ip address 192.x.x.x 255.x.x.x (removes incorrect configured ipaddress and subnet mask)

Configure Correct IP Address and subnet mask:

ip address 172.22.242.30 255.255.255.240 ( range of address specified going to server is given as 172.22.242.17 - 172.22.242.30 )

Comment: Place the ACL to check for packets going outside the interface towards the

finance web server.

Corp1(config-if)#ip access-group 100 out Corp1(config-if)#end

Important: To save your running config to startup before exit. Corp1#copy running-config startup-config

Verifying the Configuration:

Step1: show ip interface brief command identifies the interface on which to apply access list.

Step2: Click on each host A, B, C, & D. Host opens a web browser page, Select address box of the web browser and type the ip address of finance web server (172.22.242.23) to test whether it permits /deny access to the finance web Server.

Step 3: Only Host C (192.168.33.3) has access to the server. If the other host can also access then maybe something went wrong in your configuration. Check whether you configured correctly and in order.

Step 4: If only Host C (192.168.33.3) can access the Finance Web Server you can click on NEXT button to successfully submit the ACL SIM.


Q30.  - (Topic 5)

Which IPv6 address is valid?

A. 2001:0db8:0000:130F:0000:0000:08GC:140B

B. 2001:0db8:0:130H::87C:140B 

C. 2031::130F::9C0:876A:130B 

D. 2031:0:130F::9C0:876A:130B

Answer: D

Explanation:

An IPv6 address is represented as eight groups of four hexadecimal digits, each group

representing 16 bits (two octets). The groups are separated by colons (:). An example of an IPv6 address is 2001:0db8:85a3:0000:0000:8a2e:0370:7334. The leading 0’s in a group can be collapsed using ::, but this can only be done once in an IP address.

Topic 6, Infrastructure Security

261.  - (Topic 6)

Which set of commands is recommended to prevent the use of a hub in the access layer?

A. switch(config-if)#switchport mode trunk switch(config-if)#switchport port-security maximum 1

B. switch(config-if)#switchport mode trunk

switch(config-if)#switchport port-security mac-address 1

C. switch(config-if)#switchport mode access switch(config-if)#switchport port-security maximum 1

D. switch(config-if)#switchport mode access switch(config-if)#switchport port-security mac-address 1

Answer: C

Explanation:

This question is to examine the layer 2 security configuration.

In order to satisfy the requirements of this question, you should perform the following configurations in the interface mode:

First, configure the interface mode as the access mode

Second, enable the port security and set the maximum number of connections to 1.