we provide Realistic Cisco ccna 200 120 vs 200 125 exam question which are the best for clearing ccna routing and switching 200 125 test, and to get certified by Cisco CCNA Cisco Certified Network Associate CCNA (v3.0). The ccna 200 125 book Questions & Answers covers all the knowledge points of the real ccna 200 125 book exam. Crack your Cisco 200 125 ccna book Exam with latest dumps, guaranteed!
♥♥ 2021 NEW RECOMMEND ♥♥
Free VCE & PDF File for Cisco 200-125 Real Exam (Full Version!)
★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions
Free Instant Download NEW 200-125 Exam Dumps (PDF & VCE):
Available on:
http://www.surepassexam.com/200-125-exam-dumps.html
Q1. - (Topic 5)
What is the default Syslog facility level?
A. local4
B. local5
C. local6
D. local7
Answer: D
Explanation:
By default, Cisco IOS devices, CatOS switches, and VPN 3000 Concentrators use facility local7 while Cisco PIX Firewalls use local4 to send syslog messages. Moreover, most Cisco devices provide options to change the facility level from their default value.
Reference: http://www.ciscopress.com/articles/article.asp?p=426638
Q2. - (Topic 8)
Which feature can you implement to reserve bandwidth for VoIP calls across the call path?
A. PQ
B. CBWFQ
C. round robin
D. RSVP
Answer: D
Q3. - (Topic 5)
How is an EUI-64 format interface ID created from a 48-bit MAC address?
A. by appending 0xFF to the MAC address
B. by prefixing the MAC address with 0xFFEE
C. by prefixing the MAC address with 0xFF and appending 0xFF to it
D. by inserting 0xFFFE between the upper three bytes and the lower three bytes of the MAC address
E. by prefixing the MAC address with 0xF and inserting 0xF after each of its first three bytes
Answer: D
Explanation:
The modified EUI-64 format interface identifier is derived from the 48-bit link-layer (MAC) address by inserting the hexadecimal number FFFE between the upper three bytes (OUI field) and the lower three bytes (serial number) of the link layer address.
Q4. - (Topic 4)
What occurs on a Frame Relay network when the CIR is exceeded?
A. All TCP traffic is marked discard eligible.
B. All UDP traffic is marked discard eligible and a BECN is sent.
C. All TCP traffic is marked discard eligible and a BECN is sent.
D. All traffic exceeding the CIR is marked discard eligible.
Answer: D
Explanation:
Committed information rate (CIR): The minimum guaranteed data transfer rate agreed to by the Frame Relay switch. Frames that are sent in excess of the CIR are marked as discard eligible (DE) which means they can be dropped if the congestion occurs within the Frame Relay network.
Note: In the Frame Relay frame format, there is a bit called Discard eligible (DE) bit that is used to identify frames that are first to be dropped when the CIR is exceeded.
Q5. - (Topic 4)
Which two statements about using the CHAP authentication mechanism in a PPP link are true? (Choose two.)
A. CHAP uses a two-way handshake.
B. CHAP uses a three-way handshake.
C. CHAP authentication periodically occurs after link establishment.
D. CHAP authentication passwords are sent in plaintext.
E. CHAP authentication is performed only upon link establishment.
F. CHAP has no protection from playback attacks.
Answer: B,C
Explanation:
CHAP is an authentication scheme used by Point to Point Protocol (PPP) servers to validate the identity of remote clients. CHAP periodically verifies the identity of the client by using a three-way handshake. This happens at the time of establishing the initial link (LCP), and may happen again at any time afterwards. The verification is based on a shared secret (such as the client user's password).
Q6. . - (Topic 3)
A Cisco router is booting and has just completed the POST process. It is now ready to find and load an IOS image. What function does the router perform next?
A. It checks the configuration register.
B. It attempts to boot from a TFTP server.
C. It loads the first image file in flash memory.
D. It inspects the configuration file in NVRAM for boot instructions.
Answer: A
Explanation:
Default (normal) Boot Sequence
Power on Router - Router does POST - Bootstrap starts IOS load - Check configuration register to see what mode the router should boot up in (usually 0x2102 to read startup- config in NVRAM / or 0x2142 to start in "setup-mode") - check the startup-config file in NVRAM for boot-system commands - load IOS from Flash.
Q7. - (Topic 6)
A network administrator needs to configure port security on a switch. Which two statements are true? (Choose two.)
A. The network administrator can apply port security to dynamic access ports.
B. The network administrator can apply port security to EtherChannels.
C. When dynamic MAC address learning is enabled on an interface, the switch can learn new addresses, up to the maximum defined.
D. The sticky learning feature allows the addition of dynamically learned addresses to the running configuration.
E. The network administrator can configure static secure or sticky secure MAC addresses in the voice VLAN.
Answer: C,D
Explanation:
Follow these guidelines when configuring port security:
+ Port security can only be configured on static access ports, trunk ports, or 802.1Q tunnel ports.
+ A secure port cannot be a dynamic access port.
+ A secure port cannot be a destination port for Switched Port Analyzer (SPAN).
+ A secure port cannot belong to a Fast EtherChannel or Gigabit EtherChannel port group.
+ You cannot configure static secure or sticky secure MAC addresses on a voice VLAN.
+ When you enable port security on an interface that is also configured with a voice VLAN, you must set the maximum allowed secure addresses on the port to at least two.
+ If any type of port security is enabled on the access VLAN, dynamic port security is automatically enabled on the voice VLAN.
+ When a voice VLAN is configured on a secure port that is also configured as a sticky secure port, all addresses seen on the voice VLAN are learned as dynamic secure addresses, and all addresses seen on the access VLAN (to which the port belongs) are learned as sticky secure addresses.
+ The switch does not support port security aging of sticky secure MAC addresses.
+ The protect and restrict options cannot be simultaneously enabled on an interface.
(Reference: http://www.cisco.com/en/US/docs/switches/lan/catalyst3550/software/release/12.1_19_ea1
/configuration/guide/swtrafc.html)
Q8. - (Topic 5)
What are three benefits of GLBP? (Choose three.)
A. GLBP supports up to eight virtual forwarders per GLBP group.
B. GLBP supports clear text and MD5 password authentication between GLBP group members.
C. GLBP is an open source standardized protocol that can be used with multiple vendors.
D. GLBP supports up to 1024 virtual routers.
E. GLBP can load share traffic across a maximum of four routers.
F. GLBP elects two AVGs and two standby AVGs for redundancy.
Answer: B,D,E
Q9. - (Topic 8)
Which two statements about IPv6 and routing protocols are true? (Choose two.)
A. Link-local addresses are used to form routing adjacencies.
B. OSPFv3 was developed to support IPv6 routing.
C. EIGRP, OSPF, and BGP are the only routing protocols that support IPv6.
D. Loopback addresses are used to form routing adjacencies.
E. EIGRPv3 was developed to support IPv6 routing.
Answer: A,B
Q10. - (Topic 3)
Which command encrypts all plaintext passwords?
A. Router# service password-encryption
B. Router(config)# password-encryption
C. Router(config)# service password-encryption
D. Router# password-encryption
Answer: C
Explanation:
Command
The “service password-encryption” command allows you to encrypt all passwords on your router so they cannot be easily guessed from your running-config. This command uses a very weak encryption because the router has to be very quickly decode the passwords for its operation.
It is meant to prevent someone from looking over your shoulder and seeing the password, that is all. This is configured in global configuration mode.
