2016 September Cisco Official New Released 200-125 Dumps in Lead2pass.com!
100% Free Download! 100% Pass Guaranteed!
Although the Cisco 200-125 dumps are very popular, Lead2pass offers a wide range of Cisco 200-125 exam dumps and will continue to release new study guide to meet the rapidly increasing demand of the IT industry.
Following questions and answers are all new published by Cisco Official Exam Center: http://www.lead2pass.com/200-125.html
QUESTION 251
Drag and Drop Question
QUESTION 252
Lab Simulation Question – ACL-1
A network associate is adding security to the configuration of the Corp1 router. The user on host C should be able to use a web browser to access financial information from the Finance Web Server. No other hosts from the LAN nor the Core should be able to use a web browser to access this server. Since there are multiple resources for the corporation at this location including other resources on the Finance Web Server, all other traffic should be allowed.
The task is to create and apply an access-list with no more than three statements that will allow ONLY host C web access to the Finance Web Server. No other hosts will have web access to the Finance Web Server. All other traffic is permitted.
Access to the router CLI can be gained by clicking on the appropriate host.
All passwords have been temporarily set to "cisco".
The Core connection uses an IP address of 198.18.196.65
The computers in the Hosts LAN have been assigned addresses of 192.168.33.1 – 192.168.33.254
Host A 192.168.33.1
Host B 192.168.33.2
Host C 192.168.33.3
Host D 192.168.33.4
The servers in the Server LAN have been assigned addresses of 172.22.242.17 – 172.22.242.30 The Finance Web Server is assigned an IP address of 172.22.242.23.
Answer:
Corp1>enable
Password: cisco
We should create an access-list and apply it to the interface which is connected to the Servers LAN interface, because it can filter out traffic from both Sw-Hosts and Core networks. The Server LAN network has been assigned addresses of 172.22.242.17 – 172.22.242.30 so we can guess the interface connected to them has an IP address of 172.22.242.30 (.30 is the number shown in the figure). Use the “show ip interface brief” command to check which interface has the IP address of 172.22.242.30.
Corp1#show ip interface brief
Interface IP-Address OK? Method Status Protocol
FastEthernet0/0 192.168.33.254 YES manual up up
FastEthernet0/1 172.22.242.30 YES manual up up
Serial0/0 198.18.196.65 YES manual up up
We learn that interface FastEthernet0/1 is the interface connected to Server LAN network. It is the interface we will apply our access-list (for outbound direction).
Corp1#configure terminal
Our access-list needs to allow host C – 192.168.33.3 to the Finance Web Server 172.22.242.23 via web (port 80)
Corp1(config)#access-list 100 permit tcp host 192.168.33.3 host 172.22.242.23 eq 80
Deny other hosts access to the Finance Web Server via web
Corp1(config)#access-list 100 deny tcp any host 172.22.242.23 eq 80
All other traffic is permitted
Corp1(config)#access-list 100 permit ip any any
Apply this access-list to Fa0/1 interface (outbound direction)
Corp1(config)#interface fa0/1
Corp1(config-if)#ip access-group 100 out
Notice: We have to apply the access-list to Fa0/1 interface (not Fa0/0 interface) so that the access-list can filter traffic coming from both the LAN and the Core networks. If we apply access list to the inbound interface we can only filter traffic from the LAN network.
In the real exam, just click on host C and open its web browser. In the address box type http://172.22.242.23 to check if you are allowed to access Finance Web Server or not. If your configuration is correct then you can access it.
Click on other hosts (A, B and D) and check to make sure you can’t access Finance Web Server from these hosts.
Finally, save the configuration
Corp1(config-if)#end
Corp1#copy running-config startup-config
This configuration only prevents hosts from accessing Finance Web Server via web but if this server supports other traffic – like FTP, SMTP… then other hosts can access it, too.
Notice: In the real exam, you might be asked to allow other host (A, B or D) to access the Finance Web Server so please read the requirement carefully.
Modification #1
A network associate is adding security to the configuration of the Corp router. The user on host B should be able to access the Finance Web Server. Host B should be denied to access other server on S1-SRVS network. Since there are multiple resources for the corporation at this location including other resources on the Finance Web Server, all other traffic should be allowed.
The task is to create and apply a numbered access-list with no more than three statements that will allow ONLY host B access to the Finance Web Server. Deny host B from accessing the other servers. All other traffic is permitted.
access-list 100 permit ip host 192.168.33.2 host 172.22.242.23
access-list 100 deny ip host 192.168.33.2 172.22.242.16 0.0.0.15
access-list 100 permit ip any any
Modification #2
A network associate is adding security to the configuration of the Corp1 router. The user on host C should be able to access the Finance Web Server. No other hosts from the LAN nor the Core should be able access this server. All other traffic should be allowed.
The task is to create and apply a numbered access-list with no more than three statements that will allow ONLY host C access the Finance Web Server. No other hosts will have access to the Finance Web Server. All other traffic is permitted.
access-list 100 permit ip host 192.168.33.3 host 172.22.242.23
access-list 100 deny ip any host 172.22.242.23
access-list 100 permit ip any any
Modification #3
A network associate is adding security to the configuration of the Corp1 router. The user on host C should be able to use a web browser to access financial information from the Finance Web Server. Other access from host C to Finance Web Server should be denied. No other hosts from the LAN nor the Core should be able to access the Finance Web Server. All other traffic should be allowed.
The task is to create and apply a numbered access-list with no more than three statements that will allow ONLY host C web access to the Finance Web Server. Also host C should be denied to access any other services of Finance Web Server. No other hosts will access to the Finance Web Server. All other traffic is permitted.
access-list 100 permit tcp host 192.168.33.3 host 172.22.242.23 eq 80
access-list 100 deny ip any host 172.22.242.23
access-list 100 permit ip any any
Modification #4
A network associate is adding security to the configuration of the Corp1 router. The user on host D should be able to use a web browser to access financial information from the Finance Web Server. Other access from host C to Finance Web Server should be denied. No other hosts from the LAN nor the Core should be able to access the Finance Web Server. All hosts from the LAN nor the Core should able to access public web server.
The task is to create and apply a numbered access-list with no more than three statements that will allow ONLY host D should be able to use a web browser(HTTP)to access the Finance Web Server. Other types of access from host D to the Finance Web Server should be blocked. All access from hosts in the Core or local LAN to the Finance Web Server should be blocked. All hosts in the Core and local LAN should be able to access the Public Web Server.
access-list 100 permit tcp host 192.168.33.3 host 172.22.242.23 eq 80
access-list 100 deny ip any host 172.22.242.23
access-list 100 permit ip any any
QUESTION 253
Drag and Drop Question
Answer:
QUESTION 254
Drag and Drop Question
Answer:
QUESTION 255
Drag and Drop Question
Answer:
QUESTION 256
Hotspot Question
Which will fix the issue and allow ONLY ping to work while keeping telnet disabled?
A. Correctly assign an IP address to interface fa0/1.
B. Change the ip access-group command on fa0/0 from "in* to "our.
C. Remove access-group 106 in from interface fa0/0 and add access-group 115 in.
D. Remove access-group 102 out from interface s0/0/0 and add access-group 114 in
E. Remove access-group 106 in from interface fa0/0 and add access-group 104 in.
Answer: E
Explanation:
Let’s have a look at the access list 104:
The question does not ask about ftp traffic so we don’t care about the two first lines. The 3rd line denies all telnet traffic and the 4th line allows icmp traffic to be sent (ping). Remember that the access list 104 is applied on the inbound direction so the 5th line "access-list 104 deny icmp any any echo-reply" will not affect our icmp traffic because the "echo-reply" message will be sent over the outbound direction.
QUESTION 257
Hotspot Question
What would be the effect of issuing the command ip access-group 114 in to the fa0/0 interface?
A. Attempts to telnet to the router would fail.
B. It would allow all traffic from the 10.4.4.0 network.
C. IP traffic would be passed through the interface but TCP and UDP traffic would not.
D. Routing protocol updates for the 10.4.4.0 network would not be accepted from the fa0/0 interface.
Answer: B
Explanation:
From the output of access-list 114: access-list 114 permit ip 10.4.4.0 0.0.0.255 any we can easily understand that this access list allows all traffic (ip) from 10.4.4.0/24 network
QUESTION 258
Hotspot Question
What would be the effect of Issuing the command ip access-group 115 in on the s0/0/1 interface?
A. No host could connect to RouterC through s0/0/1.
B. Telnet and ping would work but routing updates would fail.
C. FTP, FTP-DATA, echo, and www would work but telnet would fail.
D. Only traffic from the 10.4.4.0 network would pass through the interface.
Answer: A
Explanation:
First let’s see what was configured on interface S0/0/1:
QUESTION 259
Refer to the exhibit. Based on the information given, which switch will be elected root bridge and why?
A. Switch A, because it has the lowest MAC address
B. Switch A, because it is the most centrally located switch
C. Switch B, because it has the highest MAC address
D. Switch C, because it is the most centrally located switch
E. Switch C, because it has the lowest priority
F. Switch D, because it has the highest priority
Answer: E
QUESTION 260
Lab Simulation Question – EIGRP
Answer:
First we should check the configuration of the ENG Router.
Click the console PC “F” and enter the following commands.
ENG> enable
Password: cisco
ENG# show running-config
Building configuration…
Current configuration : 770 bytes
!
version 12.2
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname ENG
!
enable secret 5 $1$mERr$hx5rVt7rPNoS4wqbXKX7m0
!
interface FastEthernet0/0
ip address 192.168.77.34 255.255.255.252
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 192.168.60.65 255.255.255.240
duplex auto
speed auto
!
interface FastEthernet1/0
ip address 192.168.60.81 255.255.255.240
duplex auto
speed auto
!
router eigrp 22
network 192.168.77.0
network 192.168.60.0
no auto-summary
!
ip classless
!
line con 0
line vty 0 4
login
!
end
ENG#
From the output above, we know that this router was wrongly configured with an autonomous number (AS) of 22. When the AS numbers among routers are mismatched, no adjacency is formed.
(You should check the AS numbers on other routers for sure)
To solve this problem, we simply re-configure router ENG router with the following commands:
ENG# conf t
ENG(config)# no router eigrp 22
ENG(config)# router eigrp 12
ENG(config-router)# network 192.168.60.0
ENG(config-router)# network 192.168.77.0
ENG(config-router)# no auto-summary
ENG(config-router)# end
ENG# copy running-config startup-config
Second we should check the configuration of the MGT Router.
Click the console PC “G” and enter the following commands.
MGT> enable
Password: cisco
MGT# show running-config
Building configuration…
Current configuration : 1029 bytes
!
version 12.2
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname MGT
!
enable secret 5 $1$mERr$hx5rVt7rPNoS4wqbXKX7m0
!
interface FastEthernet0/0
ip address 192.168.77.33 255.255.255.252
duplex auto
speed auto
!
interface Serial0/0
ip address 192.168.36.13 255.255.255.252
clock rate 64000
!
interface Serial0/1
ip address 192.168.60.25 255.255.255.252
clock rate 64000
!
interface Serial1/0
ip address 198.0.18.6 255.255.255.252
!
interface Serial1/1
no ip address
shutdown
!
interface Serial1/2
no ip address
shutdown
!
interface Serial1/3
no ip address
shutdown
!
router eigrp 12
network 192.168.36.0
network 192.168.60.0
network 192.168.85.0
network 198.0.18.0
no auto-summary
!
ip classless
ip route 0.0.0.0 0.0.0.0 198.0.18.5
!
line con 0
line vty 0 4
login
!
end
MGT#
Notice that it is missing a definition to the network ENG. Therefore we have to add it so that it can recognize ENG router
MGT# conf t
MGT(config)# router eigrp 12
MGT(config-router)# network 192.168.77.0
MGT(config-router)# end
MGT# copy running-config startup-config
Now the whole network will work well. You should check again with ping command from router ENG to other routers!
In Short:
ENG Router
ENG>enable
Password: cisco ENG# conf t
ENG(config)# no router eigrp 22
ENG(config)# router eigrp 12
ENG(config-router)# network 192.168.60.0
ENG(config-router)# network 192.168.77.0
ENG(config-router)# no auto-summary
ENG(config-router)# end
ENG# copy running-config startup-config
MGT Router
MGT>enable
Password: cisco MGT# conf t
MGT(config)# router eigrp 12
MGT(config-router)# network 192.168.77.0
MGT(config-router)# end
MGT# copy running-config startup-config
Some Modification in Question
After adding ENG router, no routing updates are being exchanged between MGT and the new location. All other inter connectivity for the existing locations of the company are working properly. But Internet connection for existing location including Remote1 and Remote2 networks are not working.
Faults Identified:
1. Incorrect Autonomous System Number configured in ENG router.
2. MGT router does not advertise route to the new router ENG.
3. Internet Connection is not working all stations.
We need to correct the above two configuration mistakes to have full connectivity
Steps:
1. ENG Router: Change the Autonomous System Number of ENG
2. Perimiter Router: Add the network address of interface of Permiter that link between MGT and ENG.
3. Perimiter Router: Add default route and default-network.
Check the IP Address of S1/0 interface of MGT Router using show running-config command. (The interfaced used to connect to the ISP)
!
interface Serial1/0
ip address 198.0.18.6 255.255.255.252
!
For Internet sharing we have create a default route, and add default-network configuration. The IP address is 198.0.18.6/30. Then the next hop IP will be 198.0.18.5.
ENG Router
ENG>enable
Password: cisco ENG# conf t
ENG(config)# no router eigrp 22
ENG(config)# router eigrp 12
ENG(config-router)# network 192.168.60.0
ENG(config-router)# network 192.168.77.0
ENG(config-router)# no auto-summary
ENG(config-router)# end
ENG# copy running-config startup-config
MGT Router
MGT>enable
Password: cisco MGT# conf t
MGT(config)# router eigrp 12
MGT(config-router)# network 192.168.77.0
MGT(config-router)# exit
MGT(config)# ip route 0.0.0.0 0.0.0.0 198.0.18.5
MGT(config)# ip default-network 198.0.18.0
MGT(config)# exit
MGT# copy running-config startup-config
Important:
If you refer the topology and IP chart, the MGT router uses Fa0/0 to connect ENG router, S0/0 used to connect Remote1, and S0/1 used to connect Remote2.
Refer to the command show running-config, the command #PASSIVE-INTERFACE <Interface Name> will deny EIGRP updates to specified interface. In that case we need to use #no passive-interface <Interface Name> to allow the routing updates to be passed to that interface. For example when used the #show run command and we see the output like below.
!
router eigrp 22
network 192.168.77.0
network 192.168.60.0
passive-interface FastEthernet 0/0
passive-interface Serial 1/0
no auto-summary
!
Then the command would be
MGT(config)#router eigrp 12
MGT(config-router)#no passive-interface Fa0/0
MGT(config-router)#end
Also MGT router connect to the ISP router using Serial 1/0. If you seen passive-interface s1/0, then do not remove it using #no passive-interface s1/0 command.
Lead2pass offers the latest Cisco 200-125 dumps and a good range of Cisco Certification 200-125 answers. Most of our Cisco 200-125 exam dumps are exclusively prepared by the best brains and highly skilled professionals from the IT domain to ensure 100% pass in your Cisco 200-125 Exam.
200-125 new questions on Google Drive: https://drive.google.com/open?id=0B3Syig5i8gpDbnNGVlNHTzJjcWc
2016 Cisco 200-125 exam dumps (All 545 Q&As) from Lead2pass:
http://www.lead2pass.com/200-125.html [100% Exam Pass Guaranteed]