Master the 200 125 ccna CCNA Cisco Certified Network Associate CCNA (v3.0) content and be ready for exam day success quickly with this Exambible 125 200 exam prep. We guarantee it!We make it a reality and give you real ccna routing and switching 200 125 questions in our Cisco 200 125 ccna book braindumps.Latest 100% VALID Cisco ccna 200 120 vs 200 125 Exam Questions Dumps at below page. You can use our Cisco ccna 200 125 pdf braindumps and pass your exam.
Q131. - (Topic 8)
You are a junior network engineer for a financial company, and the main office network is experiencing network issues. Troubleshoot the network issues.
Router R1 connects the main office to the internet, and routers R2 and R3 are internal routers.
NAT is enabled on router R1.
The routing protocol that is enabled between routers R1, R2 and R3 is RIPv2.
R1 sends the default route into RIPv2 for the internal routers to forward internet traffic to R1.
You have console access on R1, R2 and R3 devices. Use only show commands to troubleshoot the issues.
Users complain that they are unable to reach internet sites. You are troubleshooting internet connectivity problem at main office. Which statement correctly identifies the problem on Router R1?
A. Interesting traffic for NAT ACL is incorrectly configured.
B. NAT configurations on the interfaces are incorrectly configured
C. NAT translation statement incorrectly configured.
D. Only static NAT translation configured for the server, missing Dynamic NAT or Dynamic NAT overloading for internal networks.
Q132. - (Topic 5)
Which three features are added in SNMPv3 over SNMPv2?
A. Message Integrity
E. Error Detection
Cisco IOS software supports the following versions of SNMP:
+ SNMPv1 – The Simple Network Management Protocol: A Full Internet Standard, defined in RFC 1157. (RFC 1157 replaces the earlier versions that were published as RFC 1067 and RFC 1098.) Security is based on community strings.
+ SNMPv2c – The community-string based Administrative Framework for SNMPv2. SNMPv2c (the “c” stands for “community”) is an Experimental Internet Protocol defined in RFC 1901, RFC 1905, and RFC 1906. SNMPv2c is an update of the protocol operations and data types of SNMPv2p (SNMPv2 Classic), and uses the community-based security model of SNMPv1.
+ SNMPv3 – Version 3 of SNMP. SNMPv3 is an interoperable standards-based protocol defined in RFCs 2273 to 2275. SNMPv3 provides secure access to devices by a combination of authenticating and encrypting packets over the network. The security features provided in SNMPv3 are as follows:
– Message integrity: Ensuring that a packet has not been tampered with in transit.
– Authentication: Determining that the message is from a valid source.
– Encryption: Scrambling the contents of a packet prevent it from being learned by an unauthorized source.
Q133. - (Topic 6)
Refer to the exhibit.
The following commands are executed on interface fa0/1 of 2950Switch. 2950Switch(config-if)# switchport port-security
2950Switch(config-if)# switchport port-security mac-address sticky 2950Switch(config-if)# switchport port-security maximum 1
The Ethernet frame that is shown arrives on interface fa0/1. What two functions will occur when this frame is received by 2950Switch? (Choose two.)
A. The MAC address table will now have an additional entry of fa0/1 FFFF.FFFF.FFFF.
B. Only host A will be allowed to transmit frames on fa0/1.
C. This frame will be discarded when it is received by 2950Switch.
D. All frames arriving on 2950Switch with a destination of 0000.00aa.aaaa will be forwarded out fa0/1.
E. Hosts B and C may forward frames out fa0/1 but frames arriving from other switches will not be forwarded out fa0/1.
F. Only frames from source 0000.00bb.bbbb, the first learned MAC address of 2950Switch, will be forwarded out fa0/1.
The configuration shown here is an example of port security, specifically port security using sticky addresses. You can use port security with dynamically learned and static MAC addresses to restrict a port's ingress traffic by limiting the MAC addresses that are allowed to send traffic into the port. When you assign secure MAC addresses to a secure port, the port does not forward ingress traffic that has source addresses outside the group of defined addresses. If you limit the number of secure MAC addresses to one and assign a single secure MAC address, the device attached to that port has the full bandwidth of the port.
Port security with sticky MAC addresses provides many of the same benefits as port security with static MAC addresses, but sticky MAC addresses can be learned dynamically. Port security with sticky MAC addresses retains dynamically learned MAC addresses during a link-down condition.
Q134. - (Topic 5)
Refer to the exhibit.
Which rule does the DHCP server use when there is an IP address conflict?
A. The address is removed from the pool until the conflict is resolved.
B. The address remains in the pool until the conflict is resolved.
C. Only the IP detected by Gratuitous ARP is removed from the pool.
D. Only the IP detected by Ping is removed from the pool.
E. The IP will be shown, even after the conflict is resolved.
An address conflict occurs when two hosts use the same IP address. During address assignment, DHCP checks for conflicts using ping and gratuitous ARP. If a conflict is detected, the address is removed from the pool. The address will not be assigned until the administrator resolves the conflict.
Q135. - (Topic 8)
Which two statements about unique local IPv6 addresses are true?
A. They are identical to IPv4 private addresses.
B. They are defined by RFC 1884.
C. They use the prefix FEC0::/10
D. They use the prefix FC00::/7
E. They can be routed on the IPv6 global internet.
Q136. - (Topic 7)
What Cisco IOS feature can be enabled to pinpoint an application that is causing slow network performance?
D. IP SLA
Netflow can be used to diagnose slow network performance, bandwidth hogs and bandwidth utilization quickly with command line interface or reporting tools.
Reference: http://www.cisco.com/c/en/us/products/collateral/ios-nx-os-software/ios- netflow/prod_white_paper0900aecd80406232.html
Q137. - (Topic 8)
Which address class includes network 220.127.116.11/27?
A. Class C
B. Class B
C. Class D
D. Class A
Q138. - (Topic 8)
In which three ways is an IPv6 header simpler than an IPv4 header? (Choose three.)
A. Unlike IPv4 headers, IPv6 headers have a fixed length.
B. IPv6 uses an extension header instead of the IPv4 Fragmentation field.
C. IPv6 headers eliminate the IPv4 Checksum field.
D. IPv6 headers use the Fragment Offset field in place of the IPv4 Fragmentation field.
E. IPv6 headers use a smaller Option field size than IPv4 headers.
F. IPv6 headers use a 4-bit TTL field, and IPv4 headers use an 8-bit TTL field.
Q139. - (Topic 5)
What authentication type is used by SNMPv2?
D. community strings
Cisco IOS software supports the following versions of SNMP:
•SNMPv1 — The Simple Network Management Protocol: A Full Internet Standard, defined in RFC 1157. (RFC 1157 replaces the earlier versions that were published as RFC 1067 and RFC 1098.) Security is based on community strings.
•SNMPv2c — The community-string based Administrative Framework for SNMPv2. SNMPv2c (the "c" stands for "community") is an Experimental Internet Protocol defined in RFC 1901, RFC 1905, and RFC 1906. SNMPv2c is an update of the protocol operations and data types of SNMPv2p (SNMPv2 Classic), and uses the community-based security model of SNMPv1.
•SNMPv3 — Version 3 of SNMP. SNMPv3 is an interoperable standards-based protocol defined in RFCs 2273 to 2275. SNMPv3 provides secure access to devices by a combination of authenticating and encrypting packets over the network.
SNMP Security Models and Levels
Authentication Encryption What Happens v1 noAuthNoPriv
Community String No
Uses a community string match for authentication. v2c
noAuthNoPriv Community String No
Uses a community string match for authentication. v3
Uses a username match for authentication. v3
authNoPriv MD5 or SHA
Provides authentication based on the HMAC-MD5 or HMAC-SHA algorithms. v3
authPriv MD5 or SHA DES
Provides authentication based on the HMAC-MD5 or HMAC-SHA algorithms. Provides DES 56-bit encryption in addition to authentication based on the CBC-DES (DES-56) standard.
Reference: http://www.cisco.com/c/en/us/td/docs/ios/12_2/configfun/configuration/guide/ffun_c/fcf014.h tml
Q140. - (Topic 5)
Refer to the diagram.
All hosts have connectivity with one another. Which statements describe the addressing scheme that is in use in the network? (Choose three.)
A. The subnet mask in use is 255.255.255.192.
B. The subnet mask in use is 255.255.255.128.
C. The IP address 172.16.1.25 can be assigned to hosts in VLAN1
D. The IP address 172.16.1.205 can be assigned to hosts in VLAN1
E. The LAN interface of the router is configured with one IP address.
F. The LAN interface of the router is configured with multiple IP addresses.
The subnet mask in use is 255.255.255.128: This is subnet mask will support up to 126 hosts, which is needed.
The IP address 172.16.1.25 can be assigned to hosts in VLAN1: The usable host range in this subnet is 172.16.1.1-172.16.1.126
The LAN interface of the router is configured with multiple IP addresses: The router will need 2 subinterfaces for the single physical interface, one with an IP address that belongs in each VLAN.