Exam Code: 200 125 ccna v3 0 (Practice Exam Latest Test Questions VCE PDF)
Exam Name: CCNA Cisco Certified Network Associate CCNA (v3.0)
Certification Provider: Cisco
Free Today! Guaranteed Training- Pass 200 125 cisco Exam.
P.S. Simulation 200-125 free samples are available on Google Drive, GET MORE: https://drive.google.com/open?id=1qSmqe9lmg23sR5XECqlhobCqcIIdpdHn
Question No: 6
What can be done to secure the virtual terminal interfaces on a router? (Choose two.)
A. Administratively shut down the interface.
B. Physically secure the interface.
C. Create an access list and apply it to the virtual terminal interfaces with the access-group command.
D. Configure a virtual terminal password and login process.
E. Enter an access list and apply it to the virtual terminal interfaces using the access-class
It is a waste to administratively shut down the interface. Moreover, someone can still access the virtual terminal interfaces via other interfaces ->
We cannot physically secure a virtual interface because it is u201cvirtualu201d ->.
To apply an access list to a virtual terminal interface we must use the u201caccess-classu201d command. The u201caccess-groupu201d command is only used to apply an access list to a physical interface -> C is not correct.
The most simple way to secure the virtual terminal interface is to configure a username & password to prevent unauthorized login.
Question No: 7
CORRECT TEXTThe following have already been configured on the router:
u2711 The basic router configuration
u2711 The appropriate interfaces have been configured for NAT inside and NAT outside.
u2711 The appropriate static routes have also been configured (since the company will be a stub network, no routing protocol will be required)
u2711 All passwords have been temporarily set to u201cciscou201d.
The task is to complete the NAT configuration using all IP addresses assigned by the ISP to provide Internet access for the hosts in the Weaver LAN. Functionality can be tested by clicking on the host provided for testing.
Configuration information: router name u2013 Weaver
inside global addresses u2013 198.18.184.105 - 198.18.184.110/29 inside local addresses - 192.168.100.17 u2013 192.168.100.30/28
number of inside hosts u2013 14
A network associate is configuring a router for the weaver company to provide internet access. The ISP has provided the company six public IP addresses of 198.18.184.105 198.18.184.110. The company has 14 hosts that need to access the internet simultaneously. The hosts in the company LAN have been assigned private space addresses in the range of 192.168.100.17 u2013 192.168.100.30.
The company has 14 hosts that need to access the internet simultaneously but we just have 6 public IP addresses from 198.18.184.105 to 198.18.184.110/29. Therefore we have to use NAT overload (or PAT)
Double click on the Weaver router to open it
Router>enable Router#configure terminal
First you should change the router's name to Weaver
Create a NAT pool of global addresses to be allocated with their netmask. Weaver(config)#ip nat pool mypool 198.18.184.105 198.18.184.110 netmask 255.255.255.248
Create a standard access control list that permits the addresses that are to betranslated.
Weaver(config)#access-list 1 permit 192.168.100.16 0.0.0.15
Establish dynamic source translation, specifying the access list that was definedin the prior step.
Weaver(config)#ip nat inside source list 1 pool mypool overload
This command translates all source addresses that pass access list 1, which means a source address from 192.168.100.17 to 192.168.100.30, into an address from the pool
named mypool (the pool contains addresses from198.18.184.105 to 198.18.184.110). Overloadkeyword allows to map multiple IP addresses to a single registered IPaddress (many-to-one) by using different ports.
The question said that appropriate interfaces have been configured for NAT inside and NAT outside statements.
This is how to configure the NAT inside and NAT outside, just for yourunderstanding:
Weaver(config)#interface fa0/0 Weaver(config-if)#ip nat inside Weaver(config-if)#exit Weaver(config)#interface s0/0 Weaver(config-if)#ip nat outside Weaver(config-if)#end
Finally, we should save all your work with the following command:
Weaver#copy running-config startup-config
Check your configuration by going to "Host for testing" and type:
C :\\>ping 192.0.2.114
The ping should work well and you will be replied from 192.0.2.114
Question No: 8
What are the Populardestinations for syslog messages to be saved? (Choose three)
B. The logging buffer .RAM
C. The console terminal
D. Other terminals
E. Syslog server
By default, switches send the output from system messages and debug privileged EXEC commands to a logging process. The logging process controls the distribution of logging messages to various destinations, such as the logging buffer (on RAM), terminal lines (console terminal), or a UNIX syslog server, depending on your configuration. The process also sends messages to the console.
Note: Syslog messages can be written to a file in Flash memory although it is not a popular place to use. We can configure this feature with the commandlogging file flash:filename.
Question No: 9
What command visualizes the general NetFlow data on the command line?
A. show ip flow export
B. show ip flow top-talkers
C. show ip cache flow
D. show mls sampling
E. show mls netflow ip
The following is an example of how to visualize the NetFlow data using the CLI. There are three methods to visualize the data depending on the version of Cisco IOS Software. The traditional show command for NetFlow is "show ip cache flow" also available are two forms of top talker commands. One of the top talkers commands uses a static configuration to view top talkers in the network and another command called dynamic top talkers allows real-time sorting and aggregation of NetFlow data. Also shown is a show MLS command to view the hardware cache on the Cisco Catalyst 6500 Series Switch.
The following is the original NetFlow show command used for many years in Cisco IOS Software. Information provided includes packet size distribution; basic statistics about number of flows and export timer setting, a view of the protocol distribution statistics and the NetFlow cache.
The u201cshow ip cache flowu201d command displays a summary of the NetFlow accounting statistics.
Question No: 10
What are three reasons to collect Netflow data on a company network? (Choose three.)
A. To identify applications causing congestion.
B. To authorize user network access.
C. To report and alert link up / down instances.
D. To diagnose slow network performance, bandwidth hogs, and bandwidth utilization.
E. To detect suboptimal routing in the network.
F. To confirm the appropriate amount of bandwidth that has been allocated to each Class of Service.
NetFlow facilitates solutions to many common problems encountered by IT professionals.
+ Analyze new applications and their network impact
Identify new application network loads such as VoIP or remote site additions.
+ Reduction in peak WAN traffic
Use NetFlow statistics to measure WAN traffic improvement from application-policy changes; understand who is utilizing the network and the network top talkers.
+ Troubleshooting and understanding network pain points
Diagnose slow network performance, bandwidth hogs and bandwidth utilization quickly with command line interface or reporting tools. -> D is correct.
+ Detection of unauthorized WAN traffic
Avoid costly upgrades by identifying the applications causing congestion. -> A is correct.
+ Security and anomaly detection
NetFlow can be used for anomaly detection and worm diagnosis along with applications such as Cisco CS-Mars.
+ Validation of QoS parameters
Confirm that appropriate bandwidth has been allocated to each Class of Service (CoS) and that no CoS is over- or under-subscribed.-> F is correct.
Question No: 11
How does using the service password-encryption command on a router provide additional security?
A. by encrypting all passwords passing through the router
B. by encrypting passwords in the plain text configuration file
C. by requiring entry of encrypted passwords for access to the device
D. by configuring an MD5 encrypted key to be used by routing protocols to validate routing exchanges
E. by automatically suggesting encrypted passwords for use in configuring the router
By using this command, all the (current and future) passwords are encrypted. This command is primarily useful for keeping unauthorized individuals from viewing your password in your configuration file
Question No: 12
Refer to the exhibit.
HostA cannot ping HostB. Assuming routing is properly configured, what is the cause of this problem?
A. HostA is not on the same subnet as its default gateway.
B. The address of SwitchA is a subnet address.
C. The Fa0/0 interface on RouterA is on a subnet that can't be used.
D. The serial interfaces of the routers are not on the same subnet.
E. The Fa0/0 interface on RouterB is using a broadcast address.
Now letu2019s find out the range of the networks on serial link: For the network 192.168.1.62/27:
Network address: 192.168.1.32
Broadcast address: 192.168.1.63 For the network 192.168.1.65/27: Increment: 32
Network address: 192.168.1.64
Broadcast address: 192.168.1.95
-> These two IP addresses donu2019t belong to the same network and they canu2019t see each other.
Question No: 13
Which two of these statements are true of IPv6 address representation? (Choose two.)
A. There are four types of IPv6 addresses: unicast, multicast, anycast, and broadcast.
B. A single interface may be assigned multiple IPv6 addresses of any type.
C. Every IPv6 interface contains at least one loopback address.
D. The first 64 bits represent the dynamically created interface ID.
E. Leading zeros in an IPv6 16 bit hexadecimal field are mandatory.
u2711 A single interface may be assigned multiple addresses of any type (unicast, anycast, multicast).
u2711 Every IPv6-enabled interface must contain at least one loopback and one link-local
u2711 Optionally, every interface can have multiple unique local and global addresses.
Reference: IPv6 Addressing at a Glance u2013 Cisco PDF
Question No: 14
Refer to the exhibit.
An administrator pings the default gateway at 10.10.10.1 and sees the output as shown. At which OSI layer is the problem?
A. data link layer
B. application layer
C. access layer
D. session layer
E. network layer
The command ping uses ICMP protocol, which is a network layer protocol used to propagate control message between host and router. The command ping is often used to verify the network connectivity, so it works at the network layer.
Question No: 15
Refer to the exhibit.
An attempt to deny web access to a subnet blocks all traffic from the subnet. Which interface command immediately removes the effect of ACL 102?
A. no ip access-class 102 in
B. no ip access-class 102 out
C. no ip access-group 102 in
D. no ip access-group 102 out
E. no ip access-list 102 in
The u201cip access-groupu201d is used to apply and ACL to an interface. From the output shown, we know that the ACL is applied to outbound traffic, so u201cno ip access-group 102 outu201d will remove the effect of this ACL.
To know more about the 200-125, click here.