It is more faster and easier to pass the Cisco ccna 200 125 torrent exam by using Validated Cisco CCNA Cisco Certified Network Associate CCNA (v3.0) questuins and answers. Immediate access to the Latest 125 200 Exam and find the same core area ccna routing and switching 200 125 official cert guide library questions with professionally verified answers, then PASS your exam with a high score now.
Q121. - (Topic 8)
Which three circumstances can cause a GRE tunnel to be in an up/down state? (Choose three.)
A. The tunnel interface IP address is misconfigured.
B. The tunnel interface is down.
C. A valid route to the destination address is missing from the routing table.
D. The tunnel address is routed through the tunnel itself.
E. The ISP is blocking the traffic.
F. An ACL is blocking the outbound traffic.
Q122. - (Topic 5)
Which three features are added in SNMPv3 over SNMPv2?
A. Message Integrity
E. Error Detection
Cisco IOS software supports the following versions of SNMP:
+ SNMPv1 – The Simple Network Management Protocol: A Full Internet Standard, defined in RFC 1157. (RFC 1157 replaces the earlier versions that were published as RFC 1067 and RFC 1098.) Security is based on community strings.
+ SNMPv2c – The community-string based Administrative Framework for SNMPv2. SNMPv2c (the “c” stands for “community”) is an Experimental Internet Protocol defined in RFC 1901, RFC 1905, and RFC 1906. SNMPv2c is an update of the protocol operations and data types of SNMPv2p (SNMPv2 Classic), and uses the community-based security model of SNMPv1.
+ SNMPv3 – Version 3 of SNMP. SNMPv3 is an interoperable standards-based protocol defined in RFCs 2273 to 2275. SNMPv3 provides secure access to devices by a combination of authenticating and encrypting packets over the network. The security features provided in SNMPv3 are as follows:
– Message integrity: Ensuring that a packet has not been tampered with in transit.
– Authentication: Determining that the message is from a valid source.
– Encryption: Scrambling the contents of a packet prevent it from being learned by an unauthorized source.
Q123. - (Topic 8)
Which feature can you use to monitor traffic on a switch by replicating it to another port or ports on the same switch?
A. copy run start
C. the ICMP Echo IP SLA
Explanation: A source port, also called a monitored port, is a switched or routed port that you monitor for network traffic analysis. In a single local SPAN session or RSPAN source session, you can monitor source port traffic, such as received (Rx), transmitted (Tx), or bidirectional (both). The switch supports any number of source ports (up to the maximum
number of available ports on the switch) and any number of source VLANs. A source port has these characteristics:
✑ It can be any port type, such as EtherChannel, Fast Ethernet, Gigabit Ethernet,
and so forth.
✑ It can be monitored in multiple SPAN sessions.
✑ It cannot be a destination port.
✑ Each source port can be configured with a direction (ingress, egress, or both) to monitor. For EtherChannel sources, the monitored direction applies to all physical ports in the group.
✑ Source ports can be in the same or different VLANs.
✑ For VLAN SPAN sources, all active ports in the source VLAN are included as source ports.
Q124. CORRECT TEXT - (Topic 8)
Which protocol authenticates connected devices before allowing them to access the LAN?
802.1X authentication involves three parties: a supplicant, an authenticator, and an authentication server. The supplicant is a client device (such as a laptop) that wishes to attach to the LAN/WLAN. The term 'supplicant' is also used interchangeably to refer to the software running on the client that provides credentials to the authenticator. The
authenticator is a network device, such as an Ethernet switch or wireless access point; and the authentication server is typically a host running software supporting the RADIUS and EAP protocols.
The authenticator acts like a security guard to a protected network. The supplicant (i.e., client device) is not allowed access through the authenticator to the protected side of the network until the supplicant’s identity has been validated and authorized. An analogy to this is providing a valid visa at the airport's arrival immigration before being allowed to enter the country. With 802.1X port-based authentication, the supplicant provides credentials, such as user name/password or digital certificate, to the authenticator, and the authenticator forwards the credentials to the authentication server for verification. If the authentication server determines the credentials are valid, the supplicant (client device) is allowed to access resources located on the protected side of the network.
Q125. - (Topic 7)
Refer to the topology. Your company has decided to connect the main office with three other remote branch offices using point-to-point serial links.
You are required to troubleshoot and resolve OSPF neighbor adjacency issues between the main office and the routers located in the remote branch offices.
An OSPF neighbor adjacency is not formed between R3 in the main office and R5 in the Branch2 office. What is causing the problem?
A. There is an area ID mismatch.
B. There is a PPP authentication issue; a password mismatch.
C. There is an OSPF hello and dead interval mismatch.
D. There is a missing network command in the OSPF process on R5.
The “show ip ospf interface command on R3 and R5 shows that the hello and dead intervals do not match. They are 50 and 200 on R3 and 10 and 40 on R5.
Q126. - (Topic 5)
You are working in a data center environment and are assigned the address range 10.188.31.0/23. You are asked to develop an IP addressing plan to allow the maximum number of subnets with as many as 30 hosts each. Which IP address range meets these requirements?
Each subnet has 30 hosts < 32 = 25 so we need a subnet mask which has at least 5 bit 0s
-> /27. Also the question requires the maximum number of subnets (which minimum the number of hosts-per-subnet) so /27 is the best choice.
Q127. - (Topic 5)
How is an EUI-64 format interface ID created from a 48-bit MAC address?
A. by appending 0xFF to the MAC address
B. by prefixing the MAC address with 0xFFEE
C. by prefixing the MAC address with 0xFF and appending 0xFF to it
D. by inserting 0xFFFE between the upper three bytes and the lower three bytes of the MAC address
E. by prefixing the MAC address with 0xF and inserting 0xF after each of its first three bytes
The modified EUI-64 format interface identifier is derived from the 48-bit link-layer (MAC) address by inserting the hexadecimal number FFFE between the upper three bytes (OUI field) and the lower three bytes (serial number) of the link layer address.
Q128. - (Topic 4)
Refer to the exhibit.
Which statement describes DLCI 17?
A. DLCI 17 describes the ISDN circuit between R2 and R3.
B. DLCI 17 describes a PVC on R2. It cannot be used on R3 or R1.
C. DLCI 17 is the Layer 2 address used by R2 to describe a PVC to R3.
D. DLCI 17 describes the dial-up circuit from R2 and R3 to the service provider.
DLCI-Data Link Connection Identifier Bits: The DLCI serves to identify the virtual connection so that the receiving end knows which information connection a frame belongs to. Note that this DLCI has only local significance. Frame Relay is strictly a Layer 2 protocol suite.
Q129. - (Topic 6)
What will be the result if the following configuration commands are implemented on a Cisco switch?
Switch(config-if)# switchport port-security
Switch(config-if)# switchport port-security mac-address sticky
A. A dynamically learned MAC address is saved in the startup-configuration file.
B. A dynamically learned MAC address is saved in the running-configuration file.
C. A dynamically learned MAC address is saved in the VLAN database.
D. Statically configured MAC addresses are saved in the startup-configuration file if frames from that address are received.
E. Statically configured MAC addresses are saved in the running-configuration file if frames from that address are received.
In the interface configuration mode, the command switchport port-security mac-address sticky enables sticky learning. When entering this command, the interface converts all the dynamic secure MAC addresses to sticky secure MAC addresses.
Q130. - (Topic 5)
You have been asked to come up with a subnet mask that will allow all three web servers to be on the same network while providing the maximum number of subnets. Which network address and subnet mask meet this requirement?
A. 192.168.252.0 255.255.255.252
B. 192.168.252.8 255.255.255.248
C. 192.168.252.8 255.255.255.252
D. 192.168.252.16 255.255.255.240
E. 192.168.252.16 255.255.255.252
A subnet mask of 255.255.255.248 will allow for up to 6 hosts to reside in this network. A subnet mask of 255.255.255.252 will allow for only 2 usable IP addresses, since we cannot
use the network or broadcast address.
To know more about the 200-125, click here.