This page was exported from Lead2pass New Updated Exam Questions [ https://www.getfreevce.com ] Export date:Mon Dec 23 3:28:16 2024 / +0000 GMT ___________________________________________________ Title: [2017 New] Lead2pass 200-125 Exam Questions Free Download (126-150) --------------------------------------------------- 2017 June Cisco Official New Released 200-125 Dumps in Lead2pass.com! 100% Free Download! 100% Pass Guaranteed! There are many companies that provide 200-125 braindumps but those are not accurate and latest ones. Preparation with Lead2pass 200-125 new questions is a best way to pass this certification exam in easy way. Following questions and answers are all new published by Cisco Official Exam Center: http://www.lead2pass.com/200-125.html QUESTION 126 Which commands are required to properly configure a router to run OSPF and to add network 192.168.16.0/24 to OSPF area 0? (Choose two.) A.    Router(config)# router ospf 0 B.    Router(config)# router ospf 1 C.    Router(config)# router ospf area 0 D.    Router(config-router)# network 192.168.16.0 0.0.0.255 0 E.    Router(config-router)# network 192.168.16.0 0.0.0.255 area 0 F.    Router(config-router)# network 192.168.16.0 255.255.255.0 area 0Answer: BE Explanation: In the router ospf command, the ranges from 1 to 65535 so o is an invalid number -> but To configure OSPF, we need a wildcard in the "network" statement, not a subnet mask. We also need to assgin an area to this process -> . QUESTION 127 A router receives information about network 192.168.10.0/24 from multiple sources. What will the router consider the most reliable information about the path to that network? A.    a directly connected interface with an address of 192.168.10.254/24 B.    a static route to network 192.168.10.0/24 C.    a RIP update for network 192.168.10.0/24 D.    an OSPF update for network 192.168.0.0/16 E.    a default route with a next hop address of 192.168.10.1 F.    a static route to network 192.168.10.0/24 with a local serial interface configured as the next hop Answer: A Explanation: When there is more than one way to reach a destination, it will choose the best one based on a couple of things. First, it will choose the route that has the longest match; meaning the most specific route. So, in this case the /24 routes will be chosen over the /16 routes. Next, from all the /24 routes it will choose the one with the lowest administrative distance. Directly connected routes have an AD of 1 so this will be the route chosen. QUESTION 128 What is the default maximum number of equal-cost paths that can be placed into the routing table of a Cisco OSPF router? A.    2 B.    4 C.    16 D.    unlimited Answer: B Explanation: maximum-paths (OSPF) To control the maximum number of parallel routes that Open Shortest Path First (OSPF) can support, use the maximum-paths command. Syntax Description maximum Maximum number of parallel routes that OSPF can install in a routing table. The range is from 1 to 16 routes. Command Default 8 paths QUESTION 129 Which command shows your active Telnet connections? A.    show cdp neigbors B.    show session C.    show users D.    show vty logins Answer: B Explanation: The "show users" shows telnet/ssh connections to your router while "show sessions" shows telnet/ssh connections from your router (to other devices). The question asks about "your active Telnet connections", meaning connections from your router so the answer should be A. QUESTION 130 Refer to the exhibit. What statement is true of the configuration for this network?   A.    The configuration that is shown provides inadequate outside address space for translation of the number of inside addresses that are supported. B.    Because of the addressing on interface FastEthernet0/1, the Serial0/0 interface address will not support the NAT configuration as shown. C.    The number 1 referred to in the ip nat inside source command references access-list number 1. D.    ExternalRouter must be configured with static routes to networks 172.16.1.0/24 and 172.16.2.0/24. Answer: C Explanation: The "list 1 refers to the access-list number 1. QUESTION 131 Which type of EIGRP route entry describes a feasible successor? A.    a backup route, stored in the routing table B.    a primary route, stored in the routing table C.    a backup route, stored in the topology table D.    a primary route, stored in the topology table Answer: C Explanation: EIGRP uses the Neighbor Table to list adjacent routers. The Topology Table list all the learned routers to destination whilst the Routing Table contains the best route to a destination, which is known as the Successor. The Feasible Successor is a backup route to a destination which is kept in the Topology Table. QUESTION 132 Which statement describes the process of dynamically assigning IP addresses by the DHCP server? A.    Addresses are allocated after a negotiation between the server and the host to determine the length of the agreement. B.    Addresses are permanently assigned so that the hosts uses the same address at all times. C.    Addresses are assigned for a fixed period of time, at the end of the period, a new request for an address must be made. D.    Addresses are leased to hosts, which periodically contact the DHCP server to renew the lease. Answer: D Explanation: The DHCP lifecycle consists of the following: Release: The client may decide at any time that it no longer wishes to use the IP address it was assigned, and may terminate the lease, releasing the IP address. QUESTION 133 What are two benefits of using NAT? (Choose two.) A.    NAT facilitates end-to-end communication when IPsec is enabled. B.    NAT eliminates the need to re-address all hosts that require external access. C.    NAT conserves addresses through host MAC-level multiplexing. D.    Dynamic NAT facilitates connections from the outside of the network. E.    NAT accelerates the routing process because no modifications are made on the packets. F.    NAT protects network security because private networks are not advertised. Answer: BF Explanation: By not revealing the internal Ip addresses, NAT adds some security to the inside network -> F is correct. NAT has to modify the source IP addresses in the packets -> E is not correct. Connection from the outside of the network through a "NAT" network is more difficult than a more network because IP addresses of inside hosts are hidden -> C is not correct. In order for IPsec to work with NAT we need to allow additional protocols, including Internet Key Exchange (IKE), Encapsulating Security Payload (ESP) and Authentication Header (AH) -> more complex -> A is not correct. By allocating specific public IP addresses to inside hosts, NAT eliminates the need to re-address the inside hosts -> B is correct. NAT does conserve addresses but not through host MAC-level multiplexing. It conserves addresses by allowing many private IP addresses to use the same public IP address to go to the Internet -> C is not correct. QUESTION 134 On which options are standard access lists based? A.    destination address and wildcard mask B.    destination address and subnet mask C.    source address and subnet mask D.    source address and wildcard mask Answer: D Explanation: Standard ACL's only examine the source IP address/mask to determine if a match is made. Extended ACL's examine the source and destination address, as well as port information. QUESTION 135 A network engineer wants to allow a temporary entry for a remote user with a specific username and password so that the user can access the entire network over the Internet. Which ACL can be used? A.    standard B.    extended C.    dynamic D.    reflexive Answer: C Explanation: We can use a dynamic access list to authenticate a remote user with a specific username and password. The authentication process is done by the router or a central access server such as a TACACS+ or RADIUS server. The configuration of dynamic ACL can be read here: http://www.cisco.com/en/US/tech/tk583/tk822/technologies_tech_note09186a0080094524.shtml QUESTION 136 How does a DHCP server dynamically assign IP addresses to hosts? A.    Addresses are permanently assigned so that the host uses the same address at all times. B.    Addresses are assigned for a fixed period of time. At the end of the period, a new request for an address must be made, and another address is then assigned. C.    Addresses are leased to hosts. A host will usually keep the same address by periodically contacting the DHCP server to renew the lease. D.    Addresses are allocated after a negotiation between the server and the host to determine the length of the agreement. Answer: C Explanation: DHCP works in a client/server mode and operates like any other client/server relationship. When a PC connects to a DHCP server, the server assigns or leases an IP address to that PC. The PC connects to the network with that leased IP address until the lease expires. The host must contact the DHCP server periodically to extend the lease. This lease mechanism ensures that hosts that move or power off do not hold onto addresses that they do not need. The DHCP server returns these addresses to the address pool and reallocates them as necessary. QUESTION 137 Refer to the exhibit. Which rule does the DHCP server use when there is an IP address conflict?   A.    The address is removed from the pool until the conflict is resolved. B.    The address remains in the pool until the conflict is resolved. C.    Only the IP detected by Gratuitous ARP is removed from the pool. D.    Only the IP detected by Ping is removed from the pool. E.    The IP will be shown, even after the conflict is resolved. Answer: A Explanation: An address conflict occurs when two hosts use the same IP address. During address assignment, DHCP checks for conflicts using ping and gratuitous ARP. If a conflict is detected, the address is removed from the pool. The address will not be assigned until the administrator resolves the conflict. http://www.cisco.com/en/US/docs/ios/12_1/iproute/configuration/guide/1cddhcp.html QUESTION 138 Which two tasks does the Dynamic Host Configuration Protocol perform? (Choose two.) A.    Set the IP gateway to be used by the network. B.    Perform host discovery used DHCPDISCOVER message. C.    Configure IP address parameters from DHCP server to a host. D.    Provide an easy management of layer 3 devices. E.    Monitor IP performance using the DHCP server. F.    Assign and renew IP address from the default pool. Answer: CF Explanation: The Dynamic Host Configuration Protocol (DHCP) is a network protocol used to configure devices that are connected to a network (known as hosts) so they can communicate on that network using the Internet Protocol (IP). It involves clients and a server operating in a client-server model. DHCP servers assigns IP addresses from a pool of addresses and also assigns other parameters such as DNS and default gateways to hosts. QUESTION 139 Refer to the exhibit. What statement is true of the configuration for this network?   A.    The configuration that is shown provides inadequate outside address space for translation of the number of inside addresses that are supported. B.    Because of the addressing on interface FastEthernet0/1, the Serial0/0 interface address will not support the NAT configuration as shown. C.    The number 1 referred to in the ip nat inside source command references access-list number 1. D.    ExternalRouter must be configured with static routes to networks 172.16.1.0/24 and 172.16.2.0/24. Answer: C Explanation: The "list 1 refers to the access-list number 1. QUESTION 140 When a DHCP server is configured, which two IP addresses should never be assignable to hosts? (Choose two.) A.    network or subnetwork IP address B.    broadcast address on the network C.    IP address leased to the LAN D.    IP address used by the interfaces E.    manually assigned address to the clients F.    designated IP address to the DHCP server Answer: AB Explanation: Network or subnetwork IP address (for example 11.0.0.0/8 or 13.1.0.0/16) and broadcast address (for example 23.2.1.255/24) should never be assignable to hosts. When try to assign these addresses to hosts, you will receive an error message saying that they can't be assignable. QUESTION 141 Which two statements about static NAT translations are true? (Choose two.) A.    They allow connections to be initiated from the outside. B.    They require no inside or outside interface markings because addresses are statically defined. C.    They are always present in the NAT table. D.    They can be configured with access lists, to allow two or more connections to be initiated from the outside. Answer: AC Explanation: Static NAT is to map a single outside IP address to a single inside IP address. This is typically done to allow incoming connections from the outside (Internet) to the inside. Since these are static, they are always present in the NAT table even if they are not actively in use. QUESTION 142 Which statement about access lists that are applied to an interface is true? A.    You can place as many access lists as you want on any interface. B.    You can apply only one access list on any interface. C.    You can configure one access list, per direction, per Layer 3 protocol. D.    You can apply multiple access lists with the same protocol or in different directions. Answer: C Explanation: We can have only 1 access list per protocol, per direction and per interface. It means: + We can not have 2 inbound access lists on an interface + We can have 1 inbound and 1 outbound access list on an interface QUESTION 143 Which item represents the standard IP ACL? A.    access-list 110 permit ip any any B.    access-list 50 deny 192.168.1.1 0.0.0.255 C.    access list 101 deny tcp any host 192.168.1.1 D.    access-list 2500 deny tcp any host 192.168.1.1 eq 22 Answer: B Explanation: The standard access lists are ranged from 1 to 99 and from 1300 to 1999 so only access list 50 is a standard access list. QUESTION 144 A network administrator is configuring ACLs on a Cisco router, to allow traffic from hosts on networks 192.168.146.0, 192.168.147.0, 192.168.148.0, and 192.168.149.0 only. Which two ACL statements, when combined, would you use to accomplish this task? (Choose two.) A.    access-list 10 permit ip 192.168.146.0 0.0.1.255 B.    access-list 10 permit ip 192.168.147.0 0.0.255.255 C.    access-list 10 permit ip 192.168.148.0 0.0.1.255 D.    access-list 10 permit ip 192.168.149.0 0.0.255.255 E.    access-list 10 permit ip 192.168.146.0 0.0.0.255 F.    access-list 10 permit ip 192.168.146.0 255.255.255.0 Answer: AC Explanation: access-list 10 permit ip 192.168.146.0 0.0.1.255 will include the 192.168.146.0 and 192.168.147.0 subnets, while access-list 10 permit ip 192.168.148.0 0.0.1.255 will include QUESTION 145 What can be done to secure the virtual terminal interfaces on a router? (Choose two.) A.    Administratively shut down the interface. B.    Physically secure the interface. C.    Create an access list and apply it to the virtual terminal interfaces with the access-group command. D.    Configure a virtual terminal password and login process. E.    Enter an access list and apply it to the virtual terminal interfaces using the access-class command. Answer: DE Explanation: It is a waste to administratively shut down the interface. Moreover, someone can still access the virtual terminal interfaces via other interfaces -> We can not physically secure a virtual interface because it is "virtual" -> To apply an access list to a virtual terminal interface we must use the "access-class" command. The "access-group" command is only used to apply an access list to a physical interface -> C is not correct. The most simple way to secure the virtual terminal interface is to configure a username & password to prevent unauthorized login. QUESTION 146 Which two commands correctly verify whether port security has been configured on port FastEthernet 0/12 on a switch? (Choose two.) A.    SW1#show port-secure interface FastEthernet 0/12 B.    SW1#show switchport port-secure interface FastEthernet 0/12 C.    SW1#show running-config D.    SW1#show port-security interface FastEthernet 0/12 E.    SW1#show switchport port-security interface FastEthernet 0/12 Answer: CD Explanation: We can verify whether port security has been configured by using the "show running-config" or "show port-security interface " for more detail. An example of the output of "show port-security interface " command is shown below:   QUESTION 147 Refer to the exhibit. The following commands are executed on interface fa0/1 of 2950Switch. 2950Switch(config-if)# switchport port-security 2950Switch(config-if)# switchport port-security mac-address sticky 2950Switch(config-if)# switchport port-security maximum 1 The Ethernet frame that is shown arrives on interface fa0/1. What two functions will occur when this frame is received by 2950Switch? (Choose two.)   A.    The MAC address table will now have an additional entry of fa0/1 FFFF.FFFF.FFFF. B.    Only host A will be allowed to transmit frames on fa0/1. C.    This frame will be discarded when it is received by 2950Switch. D.    All frames arriving on 2950Switch with a destination of 0000.00aa.aaaa will be forwarded out fa0/1. E.    Hosts B and C may forward frames out fa0/1 but frames arriving from other switches will not be forwarded out fa0/1. F.    Only frames from source 0000.00bb.bbbb, the first learned MAC address of 2950Switch, will be forwarded out fa0/1. Answer: BD Explanation: The configuration shown here is an example of port security, specifically port security using sticky addresses. You can use port security with dynamically learned and static MAC addresses to restrict a port's ingress traffic by limiting the MAC addresses that are allowed to send traffic into the port. When you assign secure MAC addresses to a secure port, the port does not forward ingress traffic that has source addresses outside the group of defined addresses. If you limit the number of secure MAC addresses to one and assign a single secure MAC address, the device attached to that port has the full bandwidth of the port. Port security with sticky MAC addresses provides many of the same benefits as port security with static MAC addresses, but sticky MAC addresses can be learned dynamically. Port security with sticky MAC addresses retains dynamically learned MAC addresses during a link-down condition. QUESTION 148 What will be the result if the following configuration commands are implemented on a Cisco switch? Switch(config-if)# switchport port-security Switch(config-if)# switchport port-security mac-address sticky A.    A dynamically learned MAC address is saved in the startup-configuration file. B.    A dynamically learned MAC address is saved in the running-configuration file. C.    A dynamically learned MAC address is saved in the VLAN database. D.    Statically configured MAC addresses are saved in the startup-configuration file if frames from that address are received. E.    Statically configured MAC addresses are saved in the running-configuration file if frames from that address are received. Answer: B Explanation: In the interface configuration mode, the command switchport port-security mac-address sticky enables sticky learning. When entering this command, the interface converts all the dynamic secure MAC addresses to sticky secure MAC addresses. QUESTION 149 The network administrator cannot connect to Switch1 over a Telnet session, although the hosts attached to Switch1 can ping the interface Fa0/0 of the router. Given the information in the graphic and assuming that the router and Switch2 are configured properly, which of the following commands should be issued on Switch1 to correct this problem?   A.    Switch1(config)# line con0 Switch1(config-line)# password cisco Switch1(config-line)#login B.    Switch1(config)# interface fa0/1 Switch1(config-if)# ip address 192.168.24.3 255.255.255.0 C.    Switch1(config)# ip default-gateway 192.168.24.1 D.    Switch1(config)# interface fa0/1 Switch1(config-if)# duplex full Switch1(config-if)# speed 100 E.    Switch1(config)# interface fa0/1 Switch1(config-if)# switchport mode trunk Answer: C Explanation: Since we know hosts can reach the router through the switch, we know that connectivity, duplex. Speed, etc. are good. However, for the switch itself to reach networks outside the local one, the ip default-gateway command must be used. QUESTION 150 Refer to the exhibit. Which of these statements correctly describes the state of the switch once the boot process has been completed?   A.    As FastEthernet0/12 will be the last to come up, it will be blocked by STP. B.    Remote access management of this switch will not be possible without configuration change. C.    More VLANs will need to be created for this switch. D.    The switch will need a different IOS code in order to support VLANs and STP. Answer: B Explanation: Notice the line, which says "Interface VLAN1, changed state to administratively down". This shows that VLAN1 is shut down. Hence remote management of this switch is not possible unless VLAN1 is brought back up. Since VLAN1 is the only interface shown in the output, you have to assume that no other VLAN interface has been configured with an IP Address. We give you the proper and complete training with free 200-125 Lead2pass updates. Our braindumps will defiantly make you perfect to that level you can easily pass the exam in first attempt. 200-125 new questions on Google Drive: https://drive.google.com/open?id=0B3Syig5i8gpDUG9MR3ZFUDNqeDQ 2017 Cisco 200-125 exam dumps (All 765 Q&As) from Lead2pass: http://www.lead2pass.com/200-125.html [100% Exam Pass Guaranteed] --------------------------------------------------- Images: --------------------------------------------------- --------------------------------------------------- Post date: 2017-06-26 07:18:09 Post date GMT: 2017-06-26 07:18:09 Post modified date: 2017-06-26 07:18:09 Post modified date GMT: 2017-06-26 07:18:09 ____________________________________________________________________________________________ Export of Post and Page as text file has been powered by [ Universal Post Manager ] plugin from www.gconverters.com