10 tips on ccna 200 125 ebook

200-125 Royal Pack Testengine pdf

100% Actual & Verified — 100% PASS

Unlimited access to the world's largest Dumps library!

Download 200-125 Dumps Free

Product Description:
Exam Number/Code: 200-125
Exam name: CCNA Cisco Certified Network Associate CCNA (v3.0)
n questions with full explanations
Certification: Cisco Certification

HOW TO GET 200-125 Exam PDF Collection Free?

Act now and download your Cisco ccna 200 125 dumps test today! Do not waste time for the worthless Cisco ccna 200 120 vs 200 125 tutorials. Download Replace Cisco CCNA Cisco Certified Network Associate CCNA (v3.0) exam with real questions and answers and begin to learn Cisco ccna 200 125 ebook with a classic professional.

P.S. Virtual 200-125 answers are available on Google Drive, GET MORE: https://drive.google.com/open?id=1jQmx5oxI6Dh5yoCIPQpEra2L4K5UYNUa


New Cisco 200-125 Exam Dumps Collection (Question 6 - Question 15)

Q1. Refer to exhibit.

A network administrator cannot establish a Telnet session with the indicated router. What is the cause of this failure?

A. A Level 5 password is not set.

B. An ACL is blocking Telnet access.

C. The vty password is missing.

D. The console password is missing.

Answer: C

Explanation:

The login keyword has been set, but not password. This will result in the u201cpassword

required, but none setu201d message to users trying to telnet to this router.


Q2. What authentication type is used by SNMPv2?

A. HMAC-MD5

B. HMAC-SHA

C. CBC-DES

D. community strings

Answer: D

Explanation:

SNMP Versions

Cisco IOS software supports the following versions of SNMP:

u2022SNMPv1 u2014 The Simple Network Management Protocol: A Full Internet Standard, defined in RFC 1157. (RFC 1157 replaces the earlier versions that were published as RFC 1067 and RFC 1098.) Security is based on community strings.

u2022SNMPv2c u2014 The community-string based Administrative Framework for SNMPv2. SNMPv2c (the "c" stands for "community") is an Experimental Internet Protocol defined in RFC 1901, RFC 1905, and RFC 1906. SNMPv2c is an update of the protocol operations and data types of SNMPv2p (SNMPv2 Classic), and uses the community-based security model of SNMPv1.

u2022SNMPv3 u2014 Version 3 of SNMP. SNMPv3 is an interoperable standards-based protocol defined in RFCs 2273 to 2275. SNMPv3 provides secure access to devices by a combination of authenticating and encrypting packets over the network.

SNMP Security Models and Levels

Model Level

Authentication Encryption What Happens v1 noAuthNoPriv

Community String No

Uses a community string match for authentication. v2c

noAuthNoPriv Community String No

Uses a community string match for authentication. v3

noAuthNoPriv Username

No

Uses a username match for authentication. v3

authNoPriv MD5 or SHA

No

Provides authentication based on the HMAC-MD5 or HMAC-SHA algorithms. v3

authPriv MD5 or SHA DES

Provides authentication based on the HMAC-MD5 or HMAC-SHA algorithms. Provides DES 56-bit encryption in addition to authentication based on the CBC-DES (DES-56) standard.

Reference: http://www.cisco.com/c/en/us/td/docs/ios/12_2/configfun/configuration/guide/ffun_c/fcf014.h tml


Q3. What are three approaches that are used when migrating from an IPv4 addressing scheme to an IPv6 scheme. (Choose three.)

A. enable dual-stack routing

B. configure IPv6 directly

C. configure IPv4 tunnels between IPv6 islands

D. use proxying and translation to translate IPv6 packets into IPv4 packets

E. statically map IPv4 addresses to IPv6 addresses

F. use DHCPv6 to map IPv4 addresses to IPv6 addresses

Answer: A,C,D

Explanation:

Several methods are used terms of migration including tunneling, translators, and dual stack. Tunnels are used to carry one protocol inside another, while translators simply translate IPv6 packets into IPv4 packets. Dual stack uses a combination of both native IPv4 and IPv6. With dual stack, devices are able to run IPv4 and IPv6 together and if IPv6 communication is possible that is the preferred protocol. Hosts can simultaneously reach IPv4 and IPv6 content.


Q4. An administrator is trying to ping and telnet from SwitchC to RouterC with the results shown below.

Click the console connected to RouterC and issue the appropriate commands to answer the questions.

Which will fix the issue and allow ONLY ping to work while keeping telnet disabled?

A. Correctly assign an IP address to interface fa0/1.

B. Change the ip access-group command on fa0/0 from u201cinu201d to u201coutu201d.

C. Removeaccess-group 106 infrom interface fa0/0 and addaccess-group 115 in.

D. Removeaccess-group 102 outfrom interface s0/0/0 and addaccess-group 114 in

E. Removeaccess-group 106 infrom interface fa0/0 and addaccess-group 104 in.

Answer: E

Explanation:

Letu2019s have a look at the access list 104:

The question does not ask about ftp traffic so we donu2019t care about the two first lines. The 3rd line denies all telnet traffic and the 4th line allows icmp traffic to be sent (ping). Remember that the access list 104 is applied on the inbound direction so the 5th line u201caccess-list 104 deny icmp any any echo-replyu201d will not affect our icmp traffic because the u201cecho-replyu201d message will be sent over the outbound direction.


Q5. Refer to the exhibit.

A problem with network connectivity has been observed. It is suspected that the cable connected to switch port Fa0/9 on Switch1 is disconnected. What would be an effect of this cable being disconnected?

A. Host B would not be able to access the server in VLAN9 until the cable is reconnected.

B. Communication between VLAN3 and the other VLANs would be disabled.

C. The transfer of files from Host B to the server in VLAN9 would be significantly slower.

D. For less than a minute, Host B would not be able to access the server in VLAN9. Then normal network function would resume.

Answer: D

Explanation:

Spanning-Tree Protocol (STP) is a Layer 2 protocol that utilizes a special-purpose algorithm to discover physical loops in a network and effect a logical loop-free topology. STP creates a loop-free tree structure consisting of leaves and branches that span the

entire Layer 2 network. The actual mechanics of how bridges communicate and how the STP algorithm works will be discussed at length in the following topics. Note that the terms bridge and switch are used interchangeably when discussing STP. In addition, unless otherwise indicated, connections between switches are assumed to be trunks.


Q6. An administrator is trying to ping and telnet from SwitchC to RouterC with the results shown below.

Click the console connected to RouterC and issue the appropriate commands to answer the questions.

What would be the effect of issuing the commandip access-group 114 into the fa0/0 interface?

A. Attempts to telnet to the router would fail.

B. It would allow all traffic from the 10.4.4.0 network.

C. IP traffic would be passed through the interface but TCP and UDP traffic would not.

D. Routing protocol updates for the 10.4.4.0 network would not be accepted from the fa0/0 interface.

Answer: B

Explanation:

From the output of access-list 114: access-list 114 permit ip 10.4.4.0 0.0.0.255 any we can easily understand that this access list allows all traffic (ip) from 10.4.4.0/24 network


Q7. On which options are standard access lists based?

A. destination address and wildcard mask

B. destination address and subnet mask

C. source address and subnet mask

D. source address and wildcard mask

Answer: D

Explanation:

Standard ACLu2019s only examine the source IP address/mask to determine if a match is made. Extended ACLu2019s examine the source and destination address, as well as port information.


Q8. A network engineer wants to allow a temporary entry for a remote user with a specific username and password so that the user can access the entire network over the Internet. Which ACL can be used?

A. standard

B. extended

C. dynamic

D. reflexive

Answer: C

Explanation:

We can use a dynamic access list to authenticate a remote user with a specific username and password. The authentication process is done by the router or a central access server such as a TACACS+ or RADIUS server. The configuration of dynamic ACL can be read here:http://www.cisco.com/en/US/tech/tk583/tk822/technologies_tech_note09186a0080094 524.shtml


Q9. Refer to the exhibit.

A network administrator attempts to ping Host2 from Host1 and receives the results that are shown. What is the problem?

A. The link between Host1 and Switch1 is down.

B. TCP/IP is not functioning on Host1

C. The link between Router1 and Router2 is down.

D. The default gateway on Host1 is incorrect.

E. Interface Fa0/0 on Router1 is shutdown.

F. The link between Switch1 and Router1 is down.

Answer: C

Explanation:

Host1 tries to communicate with Host2. The message destination host unreachable from Router1 indicates that the problem occurs when the data is forwarded from Host1 to Host2. According to the topology, we can infer that the link between Router1 and Router2 is down.


Q10. CORRECT TEXTA network associate is adding security to the configuration of the Corp1 router. The user on host C should be able to use a web browser to access financial information from the Finance Web Server. No other hosts from the LAN nor the Core should be able to use a web browser to access this server. Since there are multiple resources for the corporation at this location including other resources on the Finance Web Server, all other traffic should be allowed.

The task is to create and apply an access-list with no more than three statements that will allow ONLY host C web access to the Finance Web Server. No other hosts will have web access to the Finance Web Server. All other traffic is permitted.

Access to the router CLI can be gained by clicking on the appropriate host. All passwords have been temporarily set to "cisco".

The Core connection uses an IP address of 198.18.196.65.

The computers in the Hosts LAN have been assigned addresses of 192.168.33.1 - 192.168.33.254

u2711 host A 192.168.33.1

u2711 host B 192.168.33.2

u2711 host C 192.168.33.3

u2711 host D 192.168.33.4

The servers in the Server LAN have been assigned addresses of 172.22.242.17 - 172.22.242.30.

The Finance Web Server is assigned an IP address of 172.22.242.23.

Answer:

Select the console on Corp1 router Configuring ACL

Corp1>enable Corp1#configure terminal

comment: To permit only Host C (192.168.33.3){source addr} to access finance server address (172.22.242.23) {destination addr} on port number 80 (web) Corp1(config)#access-list 100 permit tcp host 192.168.33.3 host 172.22.242.23 eq 80 comment: To deny any source to access finance server address (172.22.242.23)

{destination addr} on port number 80 (web)

Corp1(config)#access-list 100 deny tcp any host 172.22.242.23 eq 80

comment: To permit ip protocol from any source to access any destination because of the implicit deny any any statement at the end of ACL.

Corp1(config)#access-list 100 permit ip any any Applying the ACL on the Interface

comment: Check show ip interface brief command to identify the interface type and number by checking the IP address configured.

Corp1(config)#interface fa 0/1

If the ip address configured already is incorrect as well as the subnet mask. This should be corrected in order ACL to work

type this commands at interface mode :

no ip address 192.x.x.x 255.x.x.x (removes incorrect configured ipaddress and subnet mask)

Configure Correct IP Address and subnet mask:

ip address 172.22.242.30 255.255.255.240 ( range of address specified going to server is given as 172.22.242.17 - 172.22.242.30 )

Comment: Place the ACL to check for packets going outside the interface towards the

finance web server.

Corp1(config-if)#ip access-group 100 out Corp1(config-if)#end

Important: To save your running config to startup before exit. Corp1#copy running-config startup-config

Verifying the Configuration:

Step1: show ip interface brief command identifies the interface on which to apply access list.

Step2: Click on each host A, B, C, & D. Host opens a web browser page, Select address box of the web browser and type the ip address of finance web server (172.22.242.23) to test whether it permits /deny access to the finance web Server.

Step 3: Only Host C (192.168.33.3) has access to the server. If the other host can also access then maybe something went wrong in your configuration. Check whether you configured correctly and in order.

Step 4: If only Host C (192.168.33.3) can access the Finance Web Server you can click on NEXT button to successfully submit the ACL SIM.


P.S. Easily pass 200-125 Exam with Allfreedumps Virtual Dumps & pdf vce, Try Free: https://www.allfreedumps.com/200-125-dumps.html (890 New Questions)


[TRY FREE] BUY 200-125 Full version( pdf+software ):
https://www.exambible.com/200-125-exam/