♥♥ 2017 NEW RECOMMEND ♥♥

Free VCE & PDF File for Cisco 200-125 Real Exam (Full Version!)

★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions

Free Instant Download NEW 200-125 Exam Dumps (PDF & VCE):
Available on: http://www.surepassexam.com/200-125-exam-dumps.html

Q111.  - (Topic 8)

Which option is the default switch port port-security violation mode?

A. shutdown

B. protect

C. shutdown vlan

D. restrict

Answer: A


Shutdown—This mode is the default violation mode; when in this mode, the switch will automatically force the switchport into an error disabled (err-disable) state when a violation occurs. While in this state, the switchport forwards no traffic. The switchport can be brought out of this error disabled state by issuing the errdisable recovery cause CLI command or by disabling and reenabling the switchport.

Shutdown VLAN—This mode mimics the behavior of the shutdown mode but limits the error disabled state the specific violating VLAN.

Q112.  - (Topic 5)

Which option is a valid IPv6 address?

A. 2001:0000:130F::099a::12a

B. 2002:7654:A1AD:61:81AF:CCC1

C. FEC0:ABCD:WXYZ:0067::2A4

D. 2004:1:25A4:886F::1

Answer: D


An IPv6 address is represented as eight groups of four hexadecimal digits, each group representing 16 bits (two octets). The groups are separated by colons (:). An example of an IPv6 address is 2001:0db8:85a3:0000:0000:8a2e:0370:7334. The leading 0’s in a group can be collapsed using ::, but this can only be done once in an IP address.

Q113.  - (Topic 5)

How does a DHCP server dynamically assign IP addresses to hosts?

A. Addresses are permanently assigned so that the host uses the same address at all times.

B. Addresses are assigned for a fixed period of time. At the end of the period, a new request for an address must be made, and another address is then assigned.

C. Addresses are leased to hosts. A host will usually keep the same address by periodically contacting the DHCP server to renew the lease.

D. Addresses are allocated after a negotiation between the server and the host to determine the length of the agreement.

Answer: C


DHCP works in a client/server mode and operates like any other client/server relationship. When a PC connects to a DHCP server, the server assigns or leases an IP address to that PC. The PC connects to the network with that leased IP address until the lease expires. The host must contact the DHCP server periodically to extend the lease. This lease mechanism ensures that hosts that move or power off do not hold onto addresses that they do not need. The DHCP server returns these addresses to the address pool and reallocates them as necessary.

Q114.  - (Topic 8)

Refer to the exhibit.

You have discovered that computers on the 192 168 10 0/24 network can ping their default gateway, but they cannot connect to any resources on a remote network Which reason for the problem is most likely true?

A. The 192.168.12 0/24 network is missing from OSPF

B. The OSPF process ID is incorrect

C. The OSPF area number is incorrect.

D. An ARP table entry is missing for

E. A VLAN number is incorrect for

Answer: C

Q115.  - (Topic 5)

Given an IP address with a subnet mask of, what is the correct network address?





Answer: A


For this example, the network range is -, the network address is and the broadcast IP address is

Q116. .  - (Topic 3)

A Cisco router is booting and has just completed the POST process. It is now ready to find and load an IOS image. What function does the router perform next?

A. It checks the configuration register.

B. It attempts to boot from a TFTP server.

C. It loads the first image file in flash memory.

D. It inspects the configuration file in NVRAM for boot instructions.

Answer: A


Default (normal) Boot Sequence

Power on Router - Router does POST - Bootstrap starts IOS load - Check configuration register to see what mode the router should boot up in (usually 0x2102 to read startup- config in NVRAM / or 0x2142 to start in "setup-mode") - check the startup-config file in NVRAM for boot-system commands - load IOS from Flash.

Q117.  - (Topic 8)

Which routing protocol has the smallest default administrative distance?






Answer: D

Explanation: http://www.cisco.com/c/en/us/support/docs/ip/border-gateway-protocol-bgp/15986-admin-distance.html

Default Distance Value TableThis table lists the administrative distance default values of the protocols that Cisco supports:

Route Source

Default Distance Values

Connected interface 0

Static route 1

Enhanced Interior Gateway Routing Protocol (EIGRP) summary route 5

External Border Gateway Protocol (BGP) 20

Internal EIGRP 90

IGRP 100 OSPF 110

Intermediate System-to-Intermediate System (IS-IS) 115

Routing Information Protocol (RIP) 120

Exterior Gateway Protocol (EGP) 140

On Demand Routing (ODR) 160

External EIGRP 170

Internal BGP 200

Unknown* 255

Q118.  - (Topic 8)

Which feature is configured by setting a variance that is at least two times the metric?

A. equal cost load balancing

B. unequal cost load balancing

C. Path selection

D. path count

Answer: B

Q119. CORRECT TEXT - (Topic 4)

A corporation wants to add security to its network. The requirements are:

✑ Host B should be able to use a web browser (HTTP) to access the Finance Web Server.

✑ Other types of access from host B to the Finance Web Server should be blocked.

✑ All access from hosts in the Core or local LAN to the Finance Web Server should be blocked.

✑ All hosts in the Core and on local LAN should be able to access the Public Web Server.

You have been tasked to create and apply a numbered access list to a single outbound interface. This access list can contain no more than three statements that meet these requirements.

Access to the router CLI can be gained by clicking on the appropriate host.

✑ All passwords have been temporarily set to “cisco”.

✑ The Core connection uses an IP address of

✑ The computers in the Hosts LAN have been assigned addresses of


✑ host A

✑ host B

✑ host C

✑ host D

✑ The Finance Web Server has been assigned an address of

✑ The Public Web Server in the Server LAN has been assigned an address of


Please check the below explanation for all details.


We should create an access-list and apply it to the interface that is connected to the Server LAN because it can filter out traffic from both S2 and Core networks. To see which interface this is, use the “show ip interface brief” command:

Macintosh HD:Users:danielkeller:Desktop:Screen Shot 2015-11-17 at 3.24.34 PM.png From this, we know that the servers are located on the fa0/1 interface, so we will place our numbered access list here in the outbound direction.

Corp1#configure terminal

Our access-list needs to allow host B – 192.168125.2 to the Finance Web Server via HTTP (port 80), so our first line is this:

Corp1(config)#access-list 100 permit tcp host host eq 80

Then, our next two instructions are these:

✑ Other types of access from host B to the Finance Web Server should be blocked.

✑ All access from hosts in the Core or local LAN to the Finance Web Server should be blocked.

This can be accomplished with one command (which we need to do as our ACL needs to be no more than 3 lines long), blocking all other access to the finance web server: Corp1(config)#access-list 100 deny ip any host

Our last instruction is to allow all hosts in the Core and on the local LAN access to the Public Web Server (

Corp1(config)#access-list 100 permit ip host any Finally, apply this access-list to Fa0/1 interface (outbound direction) Corp1(config)#interface fa0/1

Corp1(config-if)#ip access-group 100 out

Notice: We have to apply the access-list to Fa0/1 interface (not Fa0/0 interface) so that the access-list can filter traffic coming from both the LAN and the Core networks.

To verify, just click on host B to open its web browser. In the address box type to check if you are allowed to access Finance Web Server or not. If

your configuration is correct then you can access it.

Click on other hosts (A, C and D) and check to make sure you can’t access Finance Web Server from these hosts. Then, repeat to make sure they can reach the public server at Finally, save the configuration


Corp1#copy running-config startup-config

Q120.  - (Topic 5)

What is the default Syslog facility level?

A. local4

B. local5

C. local6

D. local7

Answer: D


By default, Cisco IOS devices, CatOS switches, and VPN 3000 Concentrators use facility local7 while Cisco PIX Firewalls use local4 to send syslog messages. Moreover, most Cisco devices provide options to change the facility level from their default value.

Reference: http://www.ciscopress.com/articles/article.asp?p=426638