Cisco CCNA 200-125 Certification Exam Answers 70 questions last 2018 Part 3
1. which 2 statement about EIGRP on IPv6 device is true?
It is configured on the interface .*
It is globally configured .
If is configured using a network statement .
It is vendor agnostic.
It supports a shutdown feature.*
2. which command can you enter to troubleshoot the failure of address assignment?
sh ip dhcp database
sh ip dhcp pool*
sh ip dhcp import
sh ip dhcp server statistics
3. which three technical services support cloud computing?
network-monitored power sources
layer 3 network routing
ip localization
redundant connections*
VPN connectivity*
extended SAN services*
4. which two steps must you perform to enbale router- on- stick on a switch?
connect the router to a trunk port*
config the subint number exactly the same as the matching VLAN
config full duplex
cofigure an ip route to the vlan destn net
assign the access port to the vlan*
5. which add prefix does OSPFv3 use when multiple IPv6 address are configured on a single interface?
all prefix on the interface*
the prefix that the administrator configure for OSPFv3 use
the lowest prefix on the interface
the highest prefix on the interface
“In IPv6, you can configure many address prefixes on an interface. In OSPFv3, all address prefixes on an
interface are included by default. You cannot select some address prefixes to be imported into OSPFv3;
either all address prefixes on an interface are imported, or no address prefixes on an interface are
imported.”
6. Which feature is config by setting a variance that is at least 2 times the metric?
unequal cost load balancing*
path selection
equal cost load balancing
path count
7. Standard industrialized protocol of etherchannel?
LACP*
PAGP
PRP
REP
8. Two features of the extended ping command? (Choose two)
It can send a specific number of packet*
It can send packet from specified interface of IP address*
It can resolve the destination host name
It can ping multiple host at the same time
9. What command is used to configure a switch as authoritative NTP server?
Switch(config)#ntp master 3*
Switch(config)#ntp peer IP
Switch(config)#ntp server IP
Switch(config)#ntp source IP
10. Which two statements about syslog logging are true?
Syslog logging is disabled by default
Messages are stored in the internal memory of device*
Messages can be erased when device reboots*
Messages are stored external to the device
The size of the log file is dependent on the resources of the device.
Router2801#sh logging
Syslog logging: enabled (11 messages dropped, 1 messages rate-limited,
0 flushes, 0 overruns, xml disabled, filtering disabled)
No Active Message Discriminator.
No Inactive Message Discriminator
Console logging: level debugging, 348 messages logged, xml disabled,
filtering disabled
Monitor logging: level debugging, 0 messages logged, xml disabled,
filtering disabled
Buffer logging: level warnings, 56 messages logged, xml disabled,
filtering disabled
Logging Exception size (4096 bytes)
Count and timestamp logging messages: disabled
Persistent logging: disabled
No active filter modules.
ESM: 0 messages dropped
Trap logging: level informational, 343 message lines logged
Log Buffer (51200 bytes):
*May 16 08:11:45: %LINK-3-UPDOWN: Interface Virtual-Access1, changed state to up
*May 16 08:11:49: %LINK-3-UPDOWN: Interface Virtual-Access2, changed state to up
May 16 08:22:11: %LINK-3-UPDOWN: Interface Virtual-Access2, changed state to down
May 16 08:22:45: %LINK-3-UPDOWN: Interface Virtual-Access2, changed state to up
May 16 08:35:25: %LINK-3-UPDOWN: Interface Virtual-Access2, changed state to down
May 16 08:36:49: %LINK-3-UPDOWN: Interface Virtual-Access2, changed state to up
May 16 10:25:02: %LINK-3-UPDOWN: Interface Virtual-Access2, changed state to down
May 16 10:25:53: %LINK-3-UPDOWN: Interface Virtual-Access2, changed state to up
May 16 17:49:46: %LINK-3-UPDOWN: Interface Virtual-Access2, changed state to down
May 16 17:50:22: %LINK-3-UPDOWN: Interface Virtual-Access2, changed state to up
Router2801#
————————————————————————–
After reload:
Router2801#sh logging
Syslog logging: enabled (11 messages dropped, 1 messages rate-limited,
0 flushes, 0 overruns, xml disabled, filtering disabled)
No Active Message Discriminator.
No Inactive Message Discriminator.
Console logging: level debugging, 26 messages logged, xml disabled,
filtering disabled
Monitor logging: level debugging, 0 messages logged, xml disabled,
filtering disabled
Buffer logging: level warnings, 2 messages logged, xml disabled,
filtering disabled
Logging Exception size (4096 bytes)
Count and timestamp logging messages: disabled
Persistent logging: disabled
No active filter modules.
ESM: 0 messages dropped
Trap logging: level informational, 30 message lines logged
Log Buffer (51200 bytes):
*May 17 11:39:45: %LINK-3-UPDOWN: Interface Virtual-Access1, changed state to up
*May 17 11:39:49: %LINK-3-UPDOWN: Interface Virtual-Access2, changed state to up
Router2801#
11. How to enable vlans automatically across multiple switches?
Configure VLAN
Confiture NTP
Configure each VLAN
Configure VTP*
12. Which password types are encrypted?
SSH
Telnet
enable secret*
enable password
13. What is the binary pattern of unique ipv6 unique local address?
00000000
11111100*
11111111
11111101
14. Which statement about ACLs is true?
An ACL have must at least one permit action, else it just blocks all traffic.*
ACLs go bottom-up through the entries looking for a match
An ACL has a an implicit permit at the end of ACL.
ACLs will check the packet against all entries looking for a match.
15. What is the cause of the Syslog output messages?
The EIGRP neighbor on Fa0/1 went down due to a failed link.
The EIGRP neighbor connected to Fa0/1 is participating in a different EIGRP process, causing the adjacency to go down.
A shut command was executed on interface Fa0/1, causing the EIGRP adjacency to go down.*
Interface Fa0/1 has become error disabled, causing the EIGRP adjacency to go down.
16. What are contained in layer 2 ethernet frame? (Choose Three.)
Preamble*
TTL
Type/length*
Frame check sequence*
version
others
17. Describe the best way to troubleshoot and isolate a network problem?
Create an action plan
Implement an action plan
Gather facts*
others
18. Under normal operations, cisco recommends that you configure switch ports on which vlan?
on the default vlan
on the management vlan
on the native vlan
on any vlan except the default vlan*
Note: There is a potential security consideration with dot1q that the implicit tagging of the native VLAN causes. The transmission of frames from one VLAN to another without a router can be possible. Refer to the Intrusion Detection FAQ leavingcisco.com for further details. The workaround is to use a VLAN ID for the native VLAN of the trunk that is not used for end-user access. In order to achieve this, the majority of Cisco customers simply leave VLAN 1 as the native VLAN on a trunk and assign access ports to VLANs other than VLAN 1.
19. In which byte of an IP packet can traffic be marked?
the QoS byte
the CoS byte
the ToS byte*
the DSCP byte
20. Which command can you enter to route all traffic that is destined to 192.168.0.0/20 to a specific interface?
ip route 192.168.0.0 255.255.240.0 gi 0/1*
ip route 192.168.0.0 255.255.255.0 gi 0/1
ip route 0.0.0.0 0.0.0.0 gi 0/1
ip route 0.0.0.0 255.255.255.0 gi 0/1
21. Which two protocol can detect native vlan mismatch errors? (Choose two.)
CDP*
VTP
DTP
STP*
PAGP
Oct 5 23:29:16: %CDP-4-NATIVE_VLAN_MISMATCH: Native VLAN mismatch discovered on GigabitEthernet11/43 (512), with WS-C2950-12 FastEthernet0/6 (1)
D
http://blog.ine.com/2008/07/17/pvst-explained/
Case 1: Change the native VLAN on SW1 connection to R3:
SW1:
interface FastEthernet 1/3
switchport trunk native vlan 2
Rack1SW2#
%SPANTREE-2-RECV_PVID_ERR: Received BPDU with inconsistent peer vlan id 2 on FastEthernet1/3 VLAN1.
%SPANTREE-2-BLOCK_PVID_PEER: Blocking FastEthernet1/3 on VLAN2. Inconsistent peer vlan.PVST+: restarted the forward delay timer for FastEthernet1/3
%SPANTREE-2-BLOCK_PVID_LOCAL: Blocking FastEthernet1/3 on VLAN1. Inconsistent local vlan.PVST+: restarted the forward delay timer for FastEthernet1/3
Note that SW2 detects untagged packet with VLAN ID 2, which does not correspond to the locally configured default native VLAN 1. The corresponding port is put in «inconsistent» state. The reason SW2 detects this condition (and not SW1) is because SW1 sending SSTP BPDUs and SW2 is not (it receives superios BPDUs). As soon as native VLAN is converted back to «1» on SW1, consistency is restored:
22. Which three options are switchport config that can always avoid duplex mismatch error between the switches? (Choose Three.)
set both side on auto-negotation.*
set both sides on half-duplex*
set one side auto and other side half-duplex
set both side of connection to full-duplex*
set one side auto and other side on full-duplex
set one side full-duplex and other side half-duplex
23. What are two benefits of Private IPv4 Addresses? (Choose two.)
they can be implemented without requiring admin to coordinate with IANA*
they are managed by IANA
increase the flexibility of network design
provide network isloation from the internet*
they are routable over internet
24. How many bits represent network id in a IPv6 address?
32
48
64*
128
64 bits for Nwtwork ID and 64 bits for Interface ID
64+64=128
25. An interface which we have to determine from the routing the route learned by which routing protocol?
EIGRP*
OSPF
RIP
BGP
26. Which WAN topology is most appropriate for a centrally located server farm with several satellite branches?
star
hub and spoke*
point-to-point
full mesh
Wide Area Network (WAN) topology, the network communication between two spokes always travels through the hub.
27. Which function allows EIGRP peers to receive notice of implementing topology changes?
successors
advertised changes
goodbye messages*
expiration of the hold timer
28. If you configure syslog messages without specifying the logging trap level, which log messages will the router send?
informational messages only
warning and error conditions only
normal but significant conditions only
error conditions only
all levels except debugging*
29. Which three options are benefits of using TACACS+ on a device? (Choose three)
It ensures that user activity is untraceable.
It provides a secure accounting facility on the device.
device-administration packets are encrypted in their entirely.*
It allows the user to remotely access devices from other vendors.
It allows the users to be authenticated against a remote server.*
It supports access-level authorization for commands.*
30. What layer of the OSI Model is included in TCP/IP Model’s INTERNET layer?
Application
Session
Data Link
Presentation
Network*
31. Which two of these are characteristics of the 802.1Q protocol? (Choose two.)
It is used exclusively for tagging VLAN frames and does not address network reconvergence following switched network topology changes.
It modifies the 802.3 frame header, and thus requires that the FCS be recomputed.*
It is a Layer 2 messaging protocol which maintains VLAN configurations across networks.
It includes an 8-bit field which specifies the priority of a frame.
It is a trunking protocol capable of carrying untagged frames.*
32. Which two features can dynamically assign IPv6 addresses? (Choose two.)
IPv6 stateless autoconfiguration*
DHCP
NHRP
IPv6 stateful autoconfiguration*
ISATAP tunneling
Appendix C. Changes since RFC 2462
Major changes that can affect existing implementations:
o Avoided the wording of “stateful configuration”, which is known to
be quite confusing, and simply used “DHCPv6” wherever appropriate.
In Obsolete RFC 2462:
IPv6 defines both a stateful and stateless address autoconfiguration
mechanism.
…
In the stateful autoconfiguration model, hosts obtain interface
addresses and/or configuration information and parameters from a
server.
33. A security administrator wants to profile endpoints and gain visibility into attempted authentications. Which 802.1x mode allows these actions?
Monitor mode*
High-Security mode
Low-impact mode
Closed mode
34. How to verify strong and secured SSH connection?
ssh -v 1 -l admin 10.1.1.1
ssh -v 2 -l admin 10.1.1.1*
ssh -l admin 10.1.1.1
ssh v 2 admin 10.1.1.1
35. How many usable host are there per subnet if you have the address of 192.168.10.0 with a subnet mask of 255.255.255.240?
4
8
16
14*
36. What interconnection cable can you use when you use a MDI connection?
cut-through
straight-through
crossover*
rollover
37. Which cisco platform can verify ACLs?
Cisco Prime Infrastructure
Cisco Wireless LAN Controller
Cisco APIC-EM*
Cisco IOS-XE
38. In order to comply with new auditing standards, a security administrator must be able to correlate system security alert logs directly with the employee who triggers the alert. Which of the following should the security administrator implement in order to meet this requirement?
Access control lists on file servers
Elimination of shared accounts
Group-based privileges for accounts
Periodic user account access reviews*
39. When you deploy multilink PPP on your network, where must you configure the group IP Address on each device?
In the global config
Under serial interface
Under the routing protocol
Under the multilink interface*
40. If you want multiple hosts on a network, where do you configure the setting?
in the IP protocol*
in the multicast interface
in the serial interface
in the global configuration
41. Which option is the benefit of implementing an intelligent DNS for a cloud computing solution?
It reduces the need for a backup data center.
It can redirect user requests to locations that are using fewer network resources.*
It enables the ISP to maintain DNS records automatically.
It eliminates the need for a GSS.
42. Which statement about the IP SLAs ICMP Echo operation is true?
The frequency of the operation .s specified in milliseconds.
It is used to identify the best source interface from which to send traffic.
It is configured in enable mode.
It is used to determine the frequency of ICMP packets.*
43. Which action can change the order of entries in a named access-list?
removing an entry
opening the access-list in notepad
adding an entry
resequencing*
44. How does a router handle an incoming packet whose destination network is missing from the routing table?
it broadcast the packet to each interface on the router
it discards the packet
it broadcasts the packet to each network on the router
it routes the packet to the default route*
45. Which two components are used to identify a neighbor in a BGP configuration? (Choose two.)
autonomous system number*
version number
router ID
subnet mask
IP address*
46. Which three statements about HSRP operation are true?(Choose three.)
The virtual IP address and virtual MAC address are active on the HSRP Master router.*
The HSRP default timers are a 3 second hello interval and a 10 second dead interval.*
HSRP supports only clear-text authentication
The HSRP virtual IP address must be on a different subnet than the routers’ interfaces on the same LAN.
The HSRP virtual IP address must be the same as one of the router’s interface addresses on the LAN.
HSRP supports up to 255 groups per interface, enabling an administrative form of load balancing.*
“The active router sources hello packets from its configured IP address and the HSRP virtual MAC
address. The standby router sources hellos from its configured IP address and the burned-in MAC address
(BIA).”
http://www.cisco.com/c/en/us/support/docs/ip/hot-standby-router-protocol-hsrp/10583-62.html#topic14
“By default, these timers are set to 3 and 10 seconds, respectively…”
http://www.cisco.com/c/en/us/support/docs/switches/catalyst-6000-series-switches/29545-168.html#q1
Load Sharing with HSRP
http://www.cisco.com/c/en/us/support/docs/ip/hot-standby-router-protocol-hsrp/13781-7.html#conf
“…has a 256 unique HSRP group ID limit.”
“…the allowed group ID range (0-255). … MSFC2A (Supervisor Engine 32) can use any number of group
IDs from that range.
47. Which two options describe benefits of aggregated chassis technology?(Choose 2)
it reduces management overhead.*
switches can be located anywhere regardless of there physical location.
it requires only 1 IP add per VLAN.*
it requires only 3 IP add per VLAN.
it supports HSRP VRRP GLBP.
it support redundant configuration files.
48. How to trouble DNS issue? ( choose two)
Ping a public website IP address.
Ping the DNS Server.*
Determine whether a DHCP address has been assigned.
Determine whether the hardware address is correct.
Determine whether the name servers have been configured.*
Ping the destination by name perform a DNS lookup on the destination
49. Which utility can you use to identify redundant or shadow rules?
The ACL trace tool in Cisco APIC-EM.
The ACL analysis tool in Cisco APIC-EM.*
The Cisco APIC-EM automation scheduler.
The Cisco IWAN application.
50. What does traffic shaping do to reduce congestion in a network?
buffers and queues packets.*
buffers without queuing packets.
queqes without buffering packets.
drops packets.
51. Which 2 statements about extended traceroute command is true?
it can send packets from specified interface or ip add.*
it can use a specified TTL value.*
it can validate the reply data.
it can use a specificed TOS.
it can repeated automatically to a specified interval.
Source address: The interface or IP address of the router to use as a source address for the probes. The router normally picks the IP address of the outbound interface to use.
Minimum Time to Live [1]: The TTL value for the first probes. The default is 1, but it can be set to a higher value to suppress the display of known hops.
Maximum Time to Live [30]: The largest TTL value that can be used. The default is 30. The traceroute command terminates when the destination is reached or when this value is reached.
52. Which command can you enter to determine the addresses that have been assigned on a DHCP Server?
Show ip DHCP database.
Show ip DHCP pool.
Show ip DHCP binding.*
Show ip DHCP server statistic.
DHCPBindings.aspx
“Router#show ip dhcp binding
Bindings from all pools not associated with VRF:
IP address Client-ID/ Lease expiration Type
10.16.173.0 24d9.2141.0ddd Jan 12 2013 03:42 AM Automatic”
53. Which statement about SNMPv2 is true?
Its privacy algorithms use MD5 encryption by default.
it requires passwords to be encrypyed.
Its authetication and privacy algorithms are enable without default values.*
It requires passwords at least eight characters en length.
“Model___Level_________Authentication_____Encryption__What Happens
v2c_____noAuthNoPriv___Community String__No________Uses a community string match for authentication.”
So B & D must be wrong, because there is no “password” in SNMPv2. A is wrong because there is no encryption in SNMPv2.
54. Which symptom most commonly indicates that 2 connecting interface are configured with a duplex mismatch?
an int with up/down state.
an int with down/down state.
late collisions on the interface.*
the spanning tree process shutting down.
55. Which VTP mode can not make a change to vlan?
Server.
Client.*
Transparent.
Off
· VTP clients function the same way as VTP servers, but you cannot create, change, or delete VLANs on a VTP client.
· A VTP client only stores the VLAN information for the entire domain while the switch is on.
· A switch reset deletes the VLAN information.
· You must configure VTP client mode on a switch.
56. Which function does IP SLA ICMP ECHO operation perform to assist with troubleshooting?
one way jitter measurement.
congestion detection.
hop-by-hop response time.
packet-loss detection.*
57. Which mode are in PAgP? (choose two)
Auto.*
Desirable.*
Active.
Passive.
On.
58. In an Ethernet network, under what two scenarios can devices transmit? (Choose two.)
when they receive a special token.
when there is a carrier.
when they detect no other devices are sending.*
when the server grants access.
when the medium is idle.*
59. Which two protocols are used by bridges and/or switches to prevent loops in a layer 2 network? (Choose two.)
802.1d*
VTP
802.1q
SAP
STP*
60. At which layer of the OSI model does PPP perform?
Layer 2*
Layer 3
Layer 4
Layer 5
Layer 1
61. What are three reasons that an organization with multiple branch offices and roaming users might implement a Cisco VPN solution instead of point-to-point WAN links?(Choose three.)
reduced cost.*
better throughput.
broadband incompatibility.
increased security.*
scalability.*
reduced latency.
62. Which IPv6 header field is equivalent to the TTL?
Scan Timer.
TTD.
Flow Label.
Hop Limit.*
Hop Count.
http://ipv6.com/articles/general/IPv6-Header.htm
63. which port security mode can assist with troubleshooting by keeping count of violations?
access.
protect.
restrict.*
shutdown.
64. which 2 optns are requirements for configuring ripv2 for ipv4? (choose 2 )
enabling RIP authentication.
connecting RIP to a WAN Interface.
enabling auto route sumamrization.
allowing unicast updates for RIP.*
enabling RIP on the router.*
“Enabling RIP (Required)
Allowing Unicast Updates for RIP (Required)”
RIP Version 1 and Version 2 have the same basic requirements!
65. which configuration command can u apply to a hsrp router so that its local interface becomes active if all other routers in the group fail?
standby 1 preempt
no additional config is required*
standby 1 priority 250
standby 1 track ethernet
66. Which component of the Cisco SDN solution serves as the centralized management system?
Cisco OpenDaylight
Cisco ACI
Cisco APIC*
Cisco IWAN
Cisco Application Policy Infrastructure Controller (APIC)
Provides single-click access to all Cisco ACI fabric information, enabling network automation, programmability, and centralized management.
http://www.cisco.com/c/en/us/products/cloud-systems-management/application-policy-infrastructure-controller-apic/index.html
The Cisco Application Policy Infrastructure Controller (Cisco APIC) is the unifying point of automation and management for the Application Centric Infrastructure (ACI) fabric. The Cisco APIC provides centralized access to all fabric information, optimizes the application lifecycle for scale and performance, and supports flexible application provisioning across physical and virtual resources.
The Cisco APIC provides centralized access to all fabric information, optimizes the application lifecycle for scale and performance, and supports flexible application provisioning across physical and virtual resources.
Centralized application-level policy engine for physical, virtual, and cloud infrastructures
Designed for automation, programmability, and centralized management, the Cisco APIC itself exposes northbound APIs through XML and JSON. It provides both a command-line interface (CLI) and GUI which utilize the APIs to manage the fabric holistically.
Cisco APIC provides:
A single pane of glass for application-centric network policies
Fabric image management and inventory
Application, tenant, and topology monitoring
Troubleshooting
67. What command can you enter in config mode to create DHCP pool?
ip dhcp pool DHCP_pool*
ip dhcp exclude -add
ip dhcp conflict logging
service dhcp
68. Which utility can you use to determine whether a switch can send echo requests and replies?
ping*
traceroute
ssh
telnet
69. What is the two benefits of DHCP snooping? (Choose two)
static reservation
DHCP reservation
prevent DHCP rouge server*
prevent untrusted host and servers to connect*
70. What are the three major components of cisco network virtualization? (Choose Three)
network access control*
path isolation*
virtual network services*
policy enforcement
