Ucertify is a known Cisco 200-125 exam questions and answers supplier. Youll get a high score which ensure your success and get certified. We promise 100% funds back unless you get by way of at 1st time. Your Cisco Cisco exam practice tests are revised and upgraded by each of our experienced professionals in accordance with all the real Cisco Cisco 200-125. Hurry as much as get the Cisco 200-125 training materials and make total preparation for the Cisco certification.

2017 Apr 200-125 question

Q161. CORRECT TEXT - (Topic 6)

A network associate is adding security to the configuration of the Corp1 router. The user on host C should be able to use a web browser to access financial information from the Finance Web Server. No other hosts from the LAN nor the Core should be able to use a web browser to access this server. Since there are multiple resources for the corporation at this location including other resources on the Finance Web Server, all other traffic should be allowed.

The task is to create and apply an access-list with no more than three statements that will allow ONLY host C web access to the Finance Web Server. No other hosts will have web access to the Finance Web Server. All other traffic is permitted.

Access to the router CLI can be gained by clicking on the appropriate host. All passwords have been temporarily set to "cisco".

The Core connection uses an IP address of 198.18.196.65.

The computers in the Hosts LAN have been assigned addresses of 192.168.33.1 - 192.168.33.254

✑ host A 192.168.33.1

✑ host B 192.168.33.2

✑ host C 192.168.33.3

✑ host D 192.168.33.4

The servers in the Server LAN have been assigned addresses of 172.22.242.17 - 172.22.242.30.

The Finance Web Server is assigned an IP address of 172.22.242.23.

Answer: 

Select the console on Corp1 router Configuring ACL

Corp1>enable Corp1#configure terminal

comment: To permit only Host C (192.168.33.3){source addr} to access finance server address (172.22.242.23) {destination addr} on port number 80 (web) Corp1(config)#access-list 100 permit tcp host 192.168.33.3 host 172.22.242.23 eq 80 comment: To deny any source to access finance server address (172.22.242.23)

{destination addr} on port number 80 (web)

Corp1(config)#access-list 100 deny tcp any host 172.22.242.23 eq 80

comment: To permit ip protocol from any source to access any destination because of the implicit deny any any statement at the end of ACL.

Corp1(config)#access-list 100 permit ip any any Applying the ACL on the Interface

comment: Check show ip interface brief command to identify the interface type and number by checking the IP address configured.

Corp1(config)#interface fa 0/1

If the ip address configured already is incorrect as well as the subnet mask. This should be corrected in order ACL to work

type this commands at interface mode :

no ip address 192.x.x.x 255.x.x.x (removes incorrect configured ipaddress and subnet mask)

Configure Correct IP Address and subnet mask:

ip address 172.22.242.30 255.255.255.240 ( range of address specified going to server is given as 172.22.242.17 - 172.22.242.30 )

Comment: Place the ACL to check for packets going outside the interface towards the

finance web server.

Corp1(config-if)#ip access-group 100 out Corp1(config-if)#end

Important: To save your running config to startup before exit. Corp1#copy running-config startup-config

Verifying the Configuration:

Step1: show ip interface brief command identifies the interface on which to apply access list.

Step2: Click on each host A, B, C, & D. Host opens a web browser page, Select address box of the web browser and type the ip address of finance web server (172.22.242.23) to test whether it permits /deny access to the finance web Server.

Step 3: Only Host C (192.168.33.3) has access to the server. If the other host can also access then maybe something went wrong in your configuration. Check whether you configured correctly and in order.

Step 4: If only Host C (192.168.33.3) can access the Finance Web Server you can click on NEXT button to successfully submit the ACL SIM.


Q162.  - (Topic 5)

What are the alert messages generated by SNMP agents called?

A. TRAP

B. INFORM

C. GET

D. SET

Answer: A,B

Explanation:

A TRAP is a SNMP message sent from one application to another (which is typically on a remote host). Their purpose is merely to notify the other application that something has happened, has been noticed, etc. The big problem with TRAPs is that they’re

unacknowledged so you don’t actually know if the remote application received your oh-so- important message to it. SNMPv2 PDUs fixed this by introducing the notion of an INFORM, which is nothing more than an acknowledged TRAP.


Q163.  - (Topic 8)

Which two circumstances can cause collision domain issues on VLAN domain? (Choose two.)

A. duplex mismatches on Ethernet segments in the same VLAN

B. multiple errors on switchport interfaces

C. congestion on the switch inband path

D. a failing NIC in an end device

E. an overloaded shared segment

Answer: A,C 

Explanation: Collision Domains

A collision domain is an area of a single LAN where end stations contend for access to the network because all end stations are connected to a shared physical medium. If two connected devices transmit onto the media at the same time, a collision occurs. When a collision occurs, a JAM signal is sent on the network, indicating that a collision has occurred and that devices should ignore any fragmented data associated with the collision. Both sending devices back off sending their data for a random amount and then try again if the medium is free for transmission. Therefore, collisions effectively delay transmission of

data, lowering the effective throughput available to a device. The more devices that are attached to a collision domain, the greater the chances of collisions; this results in lower bandwidth and performance for each device attached to the collision domain. Bridges and switches terminate the physical signal path of a collision domain, allowing you to segment separate collision domains, breaking them up into multiple smaller pieces to provide more bandwidth per user within the new collision domains formed.


Q164.  - (Topic 5)

Which IPv6 address is the all-router multicast group?

A. FF02::1

B. FF02::2

C. FF02::3

D. FF02::4

Answer: B

Explanation:

Well-known IPv6 multicast addresses:

Address Description ff02::1

All nodes on the local network segment

ff02::2

All routers on the local network segment


Renew 200-125 practice test:

Q165.  - (Topic 5)

Which three statements about HSRP operation are true? (Choose three.)

A. The virtual IP address and virtual MA+K44C address are active on the HSRP Master router.

B. The HSRP default timers are a 3 second hello interval and a 10 second dead interval.

C. HSRP supports only clear-text authentication.

D. The HSRP virtual IP address must be on a different subnet than the routers' interfaces on the same LAN.

E. The HSRP virtual IP address must be the same as one of the router's interface addresses on the LAN.

F. HSRP supports up to 255 groups per interface, enabling an administrative form of load balancing.

Answer: A,B,F

Explanation:

The virtual MAC address of HSRP version 1 is 0000.0C07.ACxx, where xx is the HSRP group number in hexadecimal based on the respective interface. For example, HSRP group 10 uses the HSRP virtual MAC address of 0000.0C07.AC0A. HSRP version 2 uses a virtual MAC address of 0000.0C9F.FXXX (XXX: HSRP group in hexadecimal).


Q166.  - (Topic 7)

What Netflow component can be applied to an interface to track IPv4 traffic?

A. flow monitor

B. flow record

C. flow sampler

D. flow exporter

Answer: A

Explanation:

Flow monitors are the Flexible NetFlow component that is applied to interfaces to perform network traffic monitoring. Flow monitors consist of a record and a cache. You add the record to the flow monitor after you create the flow monitor. The flow monitor cache is automatically created at the time the flow monitor is applied to the first interface. Flow data

is collected from the network traffic during the monitoring process based on the key and nonkey fields in the record, which is configured for the flow monitor and stored in the flow monitor cache.

For example, the following example creates a flow monitor named FLOW-MONITOR-1 and enters Flexible NetFlow flow monitor configuration mode:

Router(config)# flow monitor FLOW-MONITOR-1 Router(config-flow-monitor)#


Q167.  - (Topic 4)

A network administrator needs to configure a serial link between the main office and a remote location. The router at the remote office is a non-Cisco router. How should the network administrator configure the serial interface of the main office router to make the connection?

A. Main(config)# interface serial 0/0

Main(config-if)# ip address 172.16.1.1 255.255.255.252 Main(config-if)# no shut

B. Main(config)# interface serial 0/0

Main(config-if)# ip address 172.16.1.1 255.255.255.252 Main(config-if)# encapsulation ppp

Main(config-if)# no shut

C. Main(config)# interface serial 0/0

Main(config-if)# ip address 172.16.1.1 255.255.255.252 Main(config-if)# encapsulation frame-relay

Main(config-if)# authentication chap Main(config-if)# no shut

D. Main(config)# interface serial 0/0

Main(config-if)#ip address 172.16.1.1 255.255.255.252 Main(config-if)#encapsulation ietf

Main(config-if)# no shut

Answer: B

Explanation:

With serial point to point links there are two options for the encapsulation. The default, HDLC, is Cisco proprietary and works only with other Cisco routers. The other option is PPP which is standards based and supported by all vendors.


Q168.  - (Topic 8)

Which statement about LLDP is true?

A. It is a Cisco proprietary protocol.

B. It is configured in global configuration mode.

C. The LLDP update frequency is a fixed value.

D. It runs over the transport layer.

Answer: B