200-125 | Leading Cisco 200-125 exam dumps

New Questions 9

CORRECT TEXTA corporation wants to add security to its network. The requirements are:

u2711 Host B should be able to use a web browser (HTTP) to access the Finance Web Server.

u2711 Other types of access from host B to the Finance Web Server should be blocked.

u2711 All access from hosts in the Core or local LAN to the Finance Web Server should be blocked.

u2711 All hosts in the Core and on local LAN should be able to access the Public Web Server.

You have been tasked to create and apply anumbered access listto a single outbound interface. This access list can contain no more thanthreestatements that meet these requirements.

Access to the router CLI can be gained by clicking on the appropriate host.

u2711 All passwords have been temporarily set to u201cciscou201d.

u2711 The Core connection uses an IP address of 198.18.132.65.

u2711 The computers in the Hosts LAN have been assigned addresses of 192.168.201.1

u2013 192.168.201.254.

u2711 host A 192.168.201.1

u2711 host B 192.168.201.2

u2711 host C 192.168.201.3

u2711 host D 192.168.201.4

u2711 The Finance Web Server has been assigned an address of 172.22.237.17.

u2711 The Public Web Server in the Server LAN has been assigned an address of 172.22.237.18.

Answer:

Please check the below explanation for all details.

Explanation:

We should create an access-list and apply it to the interface that is connected to the Server LAN because it can filter out traffic from both S2 and Core networks. To see which interface this is, use the u201cshow ip interface briefu201d command:

From this, we know that the servers are located on the fa0/1 interface, so we will place our numbered access list here in the outbound direction.

Corp1#configure terminal

Our access-list needs to allow host B u2013 192.168125.2 to the Finance Web Server 172.22.109.17 via HTTP (port 80), so our first line is this:

Corp1(config)#access-list 100 permit tcp host 192.168.125.2 host 172.22.109.17 eq 80

Then, our next two instructions are these:

u2711 Other types of access from host B to the Finance Web Server should be blocked.

u2711 All access from hosts in the Core or local LAN to the Finance Web Server should be blocked.

This can be accomplished with one command (which we need to do as our ACL needs to

be no more than 3 lines long), blocking all other access to the finance web server:

Corp1(config)#access-list 100 deny ip any host 172.22.109.17

Our last instruction is to allow all hosts in the Core and on the local LAN access to the Public Web Server (172.22.109.18)

Corp1(config)#access-list 100 permit ip host 172.22.109.18 any Finally, apply this access-list to Fa0/1 interface (outbound direction) Corp1(config)#interface fa0/1

Corp1(config-if)#ip access-group 100 out

Notice: We have to apply the access-list to Fa0/1 interface (not Fa0/0 interface) so that the access-list can filter traffic coming from both the LAN and the Core networks.

To verify, just click on host B to open its web browser. In the address box type http://172.22.109.17 to check if you are allowed to access Finance Web Server or not. If your configuration is correct then you can access it.

Click on other hosts (A, C and D) and check to make sure you canu2021t access Finance Web Server from these hosts. Then, repeat to make sure they can reach the public server at 172.22.109.18. Finally, save the configuration

Corp1(config-if)#end

Corp1#copy running-config startup-config

New Questions 10

Refer to the exhibit.

Why is flash memory erased prior to upgrading the IOS image from the TFTP server?

A. The router cannot verify that the Cisco IOS image currently in flash is valid.

B. Flash memory on Cisco routers can contain only a single IOS image.

C. Erasing current flash content is requested during the copy dialog.

D. In order for the router to use the new image as the default, it must be the only IOS image in flash.

Answer: C

Explanation:

During the copy process, the router asked u201cErasing flash before copying? [confirm]u201d and the administrator confirmed (by pressing Enter) so the flash was deleted.

Note: In this case, the flash has enough space to copy a new IOS without deleting the current one. The current IOS is deleted just because the administrator wants to do so. If the flash does not have enough space you will see an error message like this:

%Error copying tftp://192.168.2.167/ c1600-k8sy-mz.l23-16a.bin (Not enough space on device)

New Questions 11

Why will a switch never learn a broadcast address?

A. Broadcasts only use network layer addressing.

B. A broadcast frame is never forwarded by a switch.

C. A broadcast address will never be the source address of a frame.

D. Broadcast addresses use an incorrect format for the switching table.

E. Broadcast frames are never sent to switches.

Answer: C

Explanation:

Switches dynamically learn MAC addresses based on the source MAC addresses that it sees, and since a broadcast is never the source, it will never learn the broadcast address.

New Questions 12

Refer to the exhibit.

The company uses EIGRP as the routing protocol. What path will packets take from a host on the 192.168.10.192/26 network to a host on the LAN attached to router R1?

A. The path of the packets will be R3 to R2 to R1.

B. The path of the packets will be R3 to R1 to R2.

C. The path of the packets will be both R3 to R2 to R1 AND R3 to R1.

D. The path of the packets will be R3 to R1.

Answer: D

Explanation:

Host on the LAN attached to router R1 belongs to 192.168.10.64/26 subnet. From the output of the routing table of R3 we learn this network can be reach via 192.168.10.9, which is an IP address in 192.168.10.8/30 network (the network between R1 & R3) -> packets destined for 192.168.10.64 will be routed from R3 -> R1 -> LAN on R1.

New Questions 13

Which command displays CPU utilization?

A. show protocols

B. show process

C. show system

D. show version

Answer: B

Explanation:

The u201cshow processu201d (in fact, the full command is u201cshow processesu201d) command gives us lots of information about each process but in fact it is not easy to read. Below shows the output of this command (some next pages are omitted).

A more friendly way to check the CPU utilization is the command u201cshow processes cpu historyu201d, in which the total CPU usage on the router over a period of time: one minute, one hour, and 72 hours are clearly shown:

+ The Y-axis of the graph is the CPU utilization.

+ The X-axis of the graph is the increment within the period displayed in the graph.

For example, from the last graph (last 72 hours) we learn that the highest CPU utilization within 72 hours is 37% about six hours ago.

New Questions 14

An administrator must assign static IP addresses to the servers in a network. For network 192.168.20.24/29, the router is assigned the first usable host address while the sales server is given the last usable host address. Which of the following should be entered into the IP properties box for the sales server?

A. IP address: 192.168.20.14

Subnet Mask: 255.255.255.248

Default Gateway: 192.168.20.9

B. IP address: 192.168.20.254

Subnet Mask: 255.255.255.0

Default Gateway: 192.168.20.1

C. IP address: 192.168.20.30

Subnet Mask: 255.255.255.248

Default Gateway: 192.168.20.25

D. IP address: 192.168.20.30

Subnet Mask: 255.255.255.240

Default Gateway: 192.168.20.17

E. IP address: 192.168.20.30

Subnet Mask: 255.255.255.240

Default Gateway: 192.168.20.25

Answer: C

Explanation:

For the 192.168.20.24/29 network, the usable hosts are 192.168.24.25 (router) u2013 192.168.24.30 (used for the sales server).

New Questions 15

Refer to the exhibit.

What is the effect of the configuration that is shown?

A. It configures SSH globally for all logins.

B. It tells the router or switch to try to establish an SSh connection first and if that fails to use Telnet.

C. It configures the virtual terminal lines with the password 030752180500.

D. It configures a Cisco network device to use the SSH protocol on incoming communications via the virtual terminal ports.

E. It allows seven failed login attempts before the VTY lines are temporarily shutdown.

Answer: D

Explanation:

Secure Shell (SSH) is a protocol which provides a secure remote access connection to network devices. Communication between the client and server is encrypted in both SSH version 1 and SSH version 2. If you want to prevent non-SSH connections, add the

u201ctransport input sshu201d command under the lines to limit the router to SSH connections only. Straight (non-SSH) Telnets are refused.

Reference:www.cisco.com/warp/public/707/ssh.shtml

New Questions 16

Which statement describes the process ID that is used to run OSPF on a router?

A. It is globally significant and is used to represent the AS number.

B. It is locally significant and is used to identify an instance of the OSPF database.

C. It is globally significant and is used to identify OSPF stub areas.

D. It is locally significant and must be the same throughout an area.

Answer: B

Explanation:

The Process ID for OSPF on a router is only locally significant and you can use the same number on each router, or each router can have a different number-it just doesn't matter. The numbers you can use are from 1 to 65,535. Don't get this confused with area numbers, which can be from 0 to 4.2 billion.

New Questions 17

What value is primarily used to determine which port becomes the root port on each nonroot switch in a spanning-tree topology?

A. path cost

B. lowest port MAC address

C. VTP revision number

D. highest port priority number

E. port priority number and MAC address

Answer: A

Explanation:

The path cost to the root bridge is the most important value to determine which port will become the root port on each non-root switch. In particular, the port with lowest cost to the root bridge will become root port (on non-root switch).

New Questions 18

What are two enhancements that OSPFv3 supports over OSPFv2? (Choose two.)

A. It requires the use of ARP.

B. It can support multiple IPv6 subnets on a single link.

C. It supports up to 2 instances of OSPFv3 over a common link.

D. It routes over links rather than over networks.

Answer: B,D