we provide Verified Cisco 200 125 cisco free download which are the best for clearing 200 125 ccna test, and to get certified by Cisco CCNA Cisco Certified Network Associate CCNA (v3.0). The ccna 200 125 ebook Questions & Answers covers all the knowledge points of the real 125 200 exam. Crack your Cisco ccna 200 125 pdf Exam with latest dumps, guaranteed!

♥♥ 2017 NEW RECOMMEND ♥♥

Free VCE & PDF File for Cisco 200-125 Real Exam (Full Version!)

★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions

Free Instant Download NEW 200-125 Exam Dumps (PDF & VCE):
Available on: http://www.surepassexam.com/200-125-exam-dumps.html

Q71.  - (Topic 6)

How does using the service password-encryption command on a router provide additional security?

A. by encrypting all passwords passing through the router

B. by encrypting passwords in the plain text configuration file

C. by requiring entry of encrypted passwords for access to the device

D. by configuring an MD5 encrypted key to be used by routing protocols to validate routing exchanges

E. by automatically suggesting encrypted passwords for use in configuring the router

Answer: B


By using this command, all the (current and future) passwords are encrypted. This command is primarily useful for keeping unauthorized individuals from viewing your password in your configuration file

Q72.  - (Topic 6)

A network administrator needs to configure port security on a switch. Which two statements are true? (Choose two.)

A. The network administrator can apply port security to dynamic access ports.

B. The network administrator can apply port security to EtherChannels.

C. When dynamic MAC address learning is enabled on an interface, the switch can learn new addresses, up to the maximum defined.

D. The sticky learning feature allows the addition of dynamically learned addresses to the running configuration.

E. The network administrator can configure static secure or sticky secure MAC addresses in the voice VLAN.

Answer: C,D


Follow these guidelines when configuring port security:

+ Port security can only be configured on static access ports, trunk ports, or 802.1Q tunnel ports.

+ A secure port cannot be a dynamic access port.

+ A secure port cannot be a destination port for Switched Port Analyzer (SPAN).

+ A secure port cannot belong to a Fast EtherChannel or Gigabit EtherChannel port group.

+ You cannot configure static secure or sticky secure MAC addresses on a voice VLAN.

+ When you enable port security on an interface that is also configured with a voice VLAN, you must set the maximum allowed secure addresses on the port to at least two.

+ If any type of port security is enabled on the access VLAN, dynamic port security is automatically enabled on the voice VLAN.

+ When a voice VLAN is configured on a secure port that is also configured as a sticky secure port, all addresses seen on the voice VLAN are learned as dynamic secure addresses, and all addresses seen on the access VLAN (to which the port belongs) are learned as sticky secure addresses.

+ The switch does not support port security aging of sticky secure MAC addresses.

+ The protect and restrict options cannot be simultaneously enabled on an interface.

(Reference: http://www.cisco.com/en/US/docs/switches/lan/catalyst3550/software/release/12.1_19_ea1


Q73.  - (Topic 8)

Which command can you enter to set the default route for all traffic to an interface?

A. router(config)#ip route GigabitEthernet0/1

B. router(config)#ip route GigabitEthernet0/1

C. router(config-router)#default-information originate

D. router(config-router)#default-information originate always

Answer: A

Q74.  - (Topic 8)

Which standards-based First Hop Redundancy Protocol is a Cisco supported alternative to Hot Standby Router Protocol?





Answer: A

Q75.  - (Topic 8)

Which command can you execute to set the user inactivity timer to 10 seconds?

A. SW1(config-line)#exec-timeout 0 10

B. SW1(config-line)#exec-timeout 10

C. SW1(config-line)#absolute-timeout 0 10

D. SW1(config-line)#absolute-timeout 10

Answer: A

Q76.  - (Topic 7)

What are three values that must be the same within a sequence of packets for Netflow to consider them a network flow? (Choose three.)

A. source IP address

B. source MAC address

C. egress interface

D. ingress interface

E. destination IP address

F. IP next-hop

Answer: A,D,E


Each packet that is forwarded within a router or switch is examined for a set of IP packet attributes. These attributes are the IP packet identity or fingerprint of the packet and determine if the packet is unique or similar to other packets.

Traditionally, an IP Flow is based on a set of 5 and up to 7 IP packet attributes. IP Packet attributes used by NetFlow:

• IP source address

• IP destination address

• Source port

• Destination port

• Layer 3 protocol type

• Class of Service

• Router or switch interface

All packets with the same source/destination IP address, source/destination ports, protocol interface and class of service are grouped into a flow and then packets and bytes are tallied. This methodology of fingerprinting or determining a flow is scalable because a large amount of network information is condensed into a database of NetFlow information called the NetFlow cache.

Reference: http://www.cisco.com/c/en/us/products/collateral/ios-nx-os-software/ios- netflow/prod_white_paper0900aecd80406232.html

Q77.  - (Topic 7)

An administrator is trying to ping and telnet from SwitchC to RouterC with the results shown below.

Click the console connected to RouterC and issue the appropriate commands to answer the questions.

What would be the effect of issuing the command ip access-group 114 in to the fa0/0 interface?

A. Attempts to telnet to the router would fail.

B. It would allow all traffic from the network.

C. IP traffic would be passed through the interface but TCP and UDP traffic would not.

D. Routing protocol updates for the network would not be accepted from the fa0/0 interface.

Answer: B


From the output of access-list 114: access-list 114 permit ip any we can easily understand that this access list allows all traffic (ip) from network

Q78.  - (Topic 5)

The network administrator has been asked to give reasons for moving from IPv4 to IPv6. What are two valid reasons for adopting IPv6 over IPv4? (Choose two.)

A. no broadcast

B. change of source address in the IPv6 header

C. change of destination address in the IPv6 header

D. Telnet access does not require a password

E. autoconfiguration


Answer: A,E


IPv6 does not use broadcasts, and autoconfiguration is a feature of IPV6 that allows for hosts to automatically obtain an IPv6 address.

Q79. CORRECT TEXT - (Topic 7)

CCNA.com has a small network that is using EIGRP as its IGP. All routers should be running an EIGRP AS number of 12. Router MGT is also running static routing to the ISP.

CCNA.com has recently added the ENG router. Currently, the ENG router does not have connectivity to the ISP router. All over interconnectivity and Internet access for the existing locations of the company are working properly.

The task is to identify the fault(s) and correct the router configuration(s) to provide full connectivity between the routers.

Access to the router CLI can be gained by clicking on the appropriate host.

All passwords on all routers are cisco.

IP addresses are listed in the chart below.


Fa0/0 –

S1/0 –

S0/0 –

S0/1 –


Fa0/0 –

Fa1/0 –

Fa0/1 –


Fa0/0 –

Fa0/1 –

S0/0 –


Fa0/0 –

Fa0/1 –

S0/1 –


On the MGT Router: Config t

Router eigrp 12


Q80.  - (Topic 5)

Which three are characteristics of an IPv6 anycast address? (Choose three.)

A. one-to-many communication model

B. one-to-nearest communication model

C. any-to-many communication model

D. a unique IPv6 address for each device in the group

E. the same address for multiple devices in the group

F. delivery of packets to the group interface that is closest to the sending device

Answer: B,E,F


A new address type made specifically for IPv6 is called the Anycast Address. These IPv6 addresses are global addresses, these addresses can be assigned to more than one interface unlike an IPv6 unicast address. Anycast is designed to send a packet to the nearest interface that is a part of that anycast group.

The sender creates a packet and forwards the packet to the anycast address as the destination address which goes to the nearest router. The nearest router or interface is found by using the metric of a routing protocol currently running on the network. However in a LAN setting the nearest interface is found depending on the order the neighbors were learned. The anycast packet in a LAN setting forwards the packet to the neighbor it learned about first.