Act now and download your Cisco ccna 200 125 test today! Do not waste time for the worthless Cisco ccna 200 125 ebook tutorials. Download Replace Cisco CCNA Cisco Certified Network Associate CCNA (v3.0) exam with real questions and answers and begin to learn Cisco ccna 200 125 ebook with a classic professional.


2026 New 200-125 Exam Dumps with PDF and VCE Free: https://www.2passeasy.com/dumps/200-125/

Q1. CORRECT TEXT - (Topic 7)

A network associate is adding security to the configuration of the Corp1 router. The user on host C should be able to use a web browser to access financial information from the Finance Web Server. No other hosts from the LAN nor the Core should be able to use a web browser to access this server. Since there are multiple resources for the corporation at this location including other resources on the Finance Web Server, all other traffic should be allowed.

The task is to create and apply an access-list with no more than three statements that will allow ONLY host C web access to the Finance Web Server. No other hosts will have web access to the Finance Web Server. All other traffic is permitted.

Access to the router CLI can be gained by clicking on the appropriate host.

All passwords have been temporarily set to "cisco".

The Core connection uses an IP address of 198.18.247.65

The computers in the Hosts LAN have been assigned addresses of 192.168.240.1 - 192.168.240.254

✑ host A 192.168.240.1

✑ host B 192.168.240.2

✑ host C 192.168.240.3

Answer:  

Corp1#conf t

Corp1(config)# access-list 128 permit tcp host 192.168.240.1 host 172.22.141.26 eq www Corp1(config)# access-list 128 deny tcp any host 172.22.141.26 eq www

Corp1(config)# access-list 128 permit ip any any Corp1(config)#int fa0/1

Corp1(config-if)#ip access-group 128 out Corp1(config-if)#end

Corp1#copy run startup-config

Q2.  - (Topic 5)

Which two benefits are provided by using a hierarchical addressing network addressing scheme? (Choose two.)

A. reduces routing table entries

B. auto-negotiation of media rates

C. efficient utilization of MAC addresses

D. dedicated communications between devices

E. ease of management and troubleshooting

Answer: A,E

Explanation:

Here are some of the benefits of hierarchical addressing:

✑ Reduced number of routing table entries — whether it is with your Internet routers or your internal routers, you should try to keep your routing tables as small as possible by using route summarization. Route summarization is a way of having a single IP address represent a collection of IP addresses; this is most easily accomplished when you employ a hierarchical addressing plan. By summarizing routes, you can keep your routing table entries (on the routers that receive the summarized routes) manageable, which offers the following benefits:

✑ Efficient allocation of addresses—Hierarchical addressing lets you take advantage of all possible addresses because you group them contiguously.

Reference: http://www.ciscopress.com/articles/article.asp?p=174107

Q3.  - (Topic 6)

Refer to the exhibit.

An attempt to deny web access to a subnet blocks all traffic from the subnet. Which interface command immediately removes the effect of ACL 102?

A. no ip access-class 102 in

B. no ip access-class 102 out

C. no ip access-group 102 in

D. no ip access-group 102 out

E. no ip access-list 102 in

Answer: D

Explanation:

The “ip access-group” is used to apply and ACL to an interface. From the output shown, we know that the ACL is applied to outbound traffic, so “no ip access-group 102 out” will

remove the effect of this ACL.

Q4.  - (Topic 8)

How does a router handle an incoming packet whose destination network is missing from the routing table?

A. it discards the packet.

B. it broadcasts the packet to each network on the router.

C. it routes the packet to the default route.

D. it broadcasts the packet to each interface on the router.

Answer: A

Q5.  - (Topic 5)

On which options are standard access lists based?

A. destination address and wildcard mask

B. destination address and subnet mask

C. source address and subnet mask

D. source address and wildcard mask

Answer: D

Explanation:

Standard ACL’s only examine the source IP address/mask to determine if a match is made. Extended ACL’s examine the source and destination address, as well as port information.

Q6.  - (Topic 8)

Which IPV6 function serves the same purpose as ARP entry verification on an IPv4 network?

A. interface ip address verification.

B. MAC address table verification

C. neighbor discovery verification

D. routing table entry verification

Answer: C

Q7.  - (Topic 8)

How does NAT overloading provide one-to-many address transalation?

A. it uses a pool of addresses.

B. it converts IPv4 addresses to unused IPv6 addresses.

C. it assigns a unique TCP/UDP port to each session.

D. it uses virtual MAC address and virtual IP addresses.

Answer: C

Q8.  - (Topic 6)

Refer to the exhibit.

The following commands are executed on interface fa0/1 of 2950Switch. 2950Switch(config-if)# switchport port-security

2950Switch(config-if)# switchport port-security mac-address sticky 2950Switch(config-if)# switchport port-security maximum 1

The Ethernet frame that is shown arrives on interface fa0/1. What two functions will occur when this frame is received by 2950Switch? (Choose two.)

A. The MAC address table will now have an additional entry of fa0/1 FFFF.FFFF.FFFF.

B. Only host A will be allowed to transmit frames on fa0/1.

C. This frame will be discarded when it is received by 2950Switch.

D. All frames arriving on 2950Switch with a destination of 0000.00aa.aaaa will be forwarded out fa0/1.

E. Hosts B and C may forward frames out fa0/1 but frames arriving from other switches will not be forwarded out fa0/1.

F. Only frames from source 0000.00bb.bbbb, the first learned MAC address of 2950Switch, will be forwarded out fa0/1.

Answer: B,D

Explanation:

The configuration shown here is an example of port security, specifically port security using sticky addresses. You can use port security with dynamically learned and static MAC addresses to restrict a port's ingress traffic by limiting the MAC addresses that are allowed to send traffic into the port. When you assign secure MAC addresses to a secure port, the port does not forward ingress traffic that has source addresses outside the group of defined addresses. If you limit the number of secure MAC addresses to one and assign a single secure MAC address, the device attached to that port has the full bandwidth of the port.

Port security with sticky MAC addresses provides many of the same benefits as port security with static MAC addresses, but sticky MAC addresses can be learned dynamically. Port security with sticky MAC addresses retains dynamically learned MAC addresses during a link-down condition.

Q9.  - (Topic 6)

A network administrator needs to configure port security on a switch. Which two statements are true? (Choose two.)

A. The network administrator can apply port security to dynamic access ports.

B. The network administrator can apply port security to EtherChannels.

C. When dynamic MAC address learning is enabled on an interface, the switch can learn new addresses, up to the maximum defined.

D. The sticky learning feature allows the addition of dynamically learned addresses to the running configuration.

E. The network administrator can configure static secure or sticky secure MAC addresses in the voice VLAN.

Answer: C,D

Explanation:

Follow these guidelines when configuring port security:

+ Port security can only be configured on static access ports, trunk ports, or 802.1Q tunnel ports.

+ A secure port cannot be a dynamic access port.

+ A secure port cannot be a destination port for Switched Port Analyzer (SPAN).

+ A secure port cannot belong to a Fast EtherChannel or Gigabit EtherChannel port group.

+ You cannot configure static secure or sticky secure MAC addresses on a voice VLAN.

+ When you enable port security on an interface that is also configured with a voice VLAN, you must set the maximum allowed secure addresses on the port to at least two.

+ If any type of port security is enabled on the access VLAN, dynamic port security is automatically enabled on the voice VLAN.

+ When a voice VLAN is configured on a secure port that is also configured as a sticky secure port, all addresses seen on the voice VLAN are learned as dynamic secure addresses, and all addresses seen on the access VLAN (to which the port belongs) are learned as sticky secure addresses.

+ The switch does not support port security aging of sticky secure MAC addresses.

+ The protect and restrict options cannot be simultaneously enabled on an interface.

(Reference: http://www.cisco.com/en/US/docs/switches/lan/catalyst3550/software/release/12.1_19_ea1

/configuration/guide/swtrafc.html)

Q10.  - (Topic 3)

What is a global command?

A. a command that is set once and affects the entire router

B. a command that is implemented in all foreign and domestic IOS versions

C. a command that is universal in application and supports all protocols

D. a command that is available in every release of IOS, regardless of the version or deployment status

E. a command that can be entered in any configuration mode

Answer: A

Explanation:

When you enter global configuration mode and enter a command, it is applied to the running configuration file that is currently running in ram. The configuration of a global command affects the entire router. An example of a global command is one used for the hostname of the router.