Cause all that matters here is passing the Cisco 200 125 ccna book exam. Cause all that you need is a high score of ccna 200 125 study guide CCNA Cisco Certified Network Associate CCNA (v3.0) exam. The only one thing you need to do is downloading Exambible 200 125 ccna book exam study guides now. We will not let you down with our money-back guarantee.
Q21. DRAG DROP - (Topic 7)
A user is unable to connect to the Internet. Based on the layered approach to troubleshooting and beginning with the lowest layer, drag each procedure on the left to its proper category on the right.
The question asks us to “begin with the lowest layer” so we have to begin with Layer 1: verify physical connection; in this case an Ethernet cable connection. For your information, “verify Ethernet cable connection” means that we check if the type of connection (crossover, straight-through, rollover…) is correct, the RJ45 headers are plugged in, the signal on the cable is acceptable…
Next we “verify NIC operation”. We do this by simply making a ping to the loopback interface 127.0.0.1. If it works then the NIC card (layer 1, 2) and TCP/IP stack (layer 3) are working properly.
Verify IP configuration belongs to layer 3. For example, checking if the IP can be assignable for host, the PC’s IP is in the same network with the gateway…
Verifying the URL by typing in your browser some popular websites like google.com, microsoft.com to assure that the far end server is not down (it sometimes make we think we can’t access to the Internet). We are using a URL so this step belongs to layer 7 of the OSI model.
Q22. - (Topic 6)
How does using the service password-encryption command on a router provide additional security?
A. by encrypting all passwords passing through the router
B. by encrypting passwords in the plain text configuration file
C. by requiring entry of encrypted passwords for access to the device
D. by configuring an MD5 encrypted key to be used by routing protocols to validate routing exchanges
E. by automatically suggesting encrypted passwords for use in configuring the router
By using this command, all the (current and future) passwords are encrypted. This command is primarily useful for keeping unauthorized individuals from viewing your password in your configuration file
Q23. - (Topic 8)
While troubleshooting a connection problem on a computer, you determined that the computer can ping a specific web server but it cannot connect to TCP port 80 on that server. Which reason for the problem is most likely true?
A. A VLAN number is incorrect.
B. A Route is missing
C. An ARP table entry is missing.
D. An ACL is blocking the TCP port.
Q24. - (Topic 5)
Which three statements about the features of SNMPv2 and SNMPv3 are true? (Choose three.)
A. SNMPv3 enhanced SNMPv2 security features.
B. SNMPv3 added the Inform protocol message to SNMP.
C. SNMPv2 added the Inform protocol message to SNMP.
D. SNMPv3 added the GetBulk protocol messages to SNMP.
E. SNMPv2 added the GetBulk protocol message to SNMP.
F. SNMPv2 added the GetNext protocol message to SNMP.
SNMPv1/v2 can neither authenticate the source of a management message nor provide encryption. Without authentication, it is possible for nonauthorized users to exercise SNMP network management functions. It is also possible for nonauthorized users to eavesdrop on management information as it passes from managed systems to the management system. Because of these deficiencies, many SNMPv1/v2 implementations are limited to simply a read-only capability, reducing their utility to that of a network monitor; no network control applications can be supported. To correct the security deficiencies of SNMPv1/v2, SNMPv3 was issued as a set of Proposed Standards in January 1998. -> A is correct.
The two additional messages are added in SNMP2 (compared to SNMPv1)
GetBulkRequest The GetBulkRequest message enables an SNMP manager to access large chunks of data. GetBulkRequest allows an agent to respond with as much information as will fit in the response PDU. Agents that cannot provide values for all variables in a list will send partial information. -> E is correct.
InformRequest The InformRequest message allows NMS stations to share trap information. (Traps are issued by SNMP agents when a device change occurs.) InformRequest messages are generally used between NMS stations, not between NMS stations and agents. -> C is correct.
Note: These two messages are carried over SNMPv3.
Q25. - (Topic 5)
A network engineer wants to allow a temporary entry for a remote user with a specific username and password so that the user can access the entire network over the Internet.
Which ACL can be used?
We can use a dynamic access list to authenticate a remote user with a specific username and password. The authentication process is done by the router or a central access server such as a TACACS+ or RADIUS server. The configuration of dynamic ACL can be read here: http://www.cisco.com/en/US/tech/tk583/tk822/technologies_tech_note09186a0080094524. shtml
Q26. - (Topic 5)
Which IPv6 address is valid?
An IPv6 address is represented as eight groups of four hexadecimal digits, each group
representing 16 bits (two octets). The groups are separated by colons (:). An example of an IPv6 address is 2001:0db8:85a3:0000:0000:8a2e:0370:7334. The leading 0’s in a group can be collapsed using ::, but this can only be done once in an IP address.
Topic 6, Infrastructure Security
261. - (Topic 6)
Which set of commands is recommended to prevent the use of a hub in the access layer?
A. switch(config-if)#switchport mode trunk switch(config-if)#switchport port-security maximum 1
B. switch(config-if)#switchport mode trunk
switch(config-if)#switchport port-security mac-address 1
C. switch(config-if)#switchport mode access switch(config-if)#switchport port-security maximum 1
D. switch(config-if)#switchport mode access switch(config-if)#switchport port-security mac-address 1
This question is to examine the layer 2 security configuration.
In order to satisfy the requirements of this question, you should perform the following configurations in the interface mode:
First, configure the interface mode as the access mode
Second, enable the port security and set the maximum number of connections to 1.
Q27. - (Topic 5)
What are the alert messages generated by SNMP agents called?
A TRAP is a SNMP message sent from one application to another (which is typically on a remote host). Their purpose is merely to notify the other application that something has happened, has been noticed, etc. The big problem with TRAPs is that they’re
unacknowledged so you don’t actually know if the remote application received your oh-so- important message to it. SNMPv2 PDUs fixed this by introducing the notion of an INFORM, which is nothing more than an acknowledged TRAP.
Q28. - (Topic 5)
Refer to the exhibit.
What statement is true of the configuration for this network?
A. The configuration that is shown provides inadequate outside address space for translation of the number of inside addresses that are supported.
B. Because of the addressing on interface FastEthernet0/1, the Serial0/0 interface address will not support the NAT configuration as shown.
C. The number 1 referred to in the ip nat inside source command references access-list number 1.
D. ExternalRouter must be configured with static routes to networks 172.16.1.0/24 and 172.16.2.0/24.
The “list 1 refers to the access-list number 1.
Q29. - (Topic 8)
What is the default VLAN on an access port?
Q30. - (Topic 8)
Which IPV6 function serves the same purpose as ARP entry verification on an IPv4 network?
A. interface ip address verification.
B. MAC address table verification
C. neighbor discovery verification
D. routing table entry verification