Exam Code: ccna 200 125 book (Practice Exam Latest Test Questions VCE PDF)
Exam Name: CCNA Cisco Certified Network Associate CCNA (v3.0)
Certification Provider: Cisco
Free Today! Guaranteed Training- Pass 200 125 ccna v3 0 Exam.

♥♥ 2021 NEW RECOMMEND ♥♥

Free VCE & PDF File for Cisco 200-125 Real Exam (Full Version!)

★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions

Free Instant Download NEW 200-125 Exam Dumps (PDF & VCE):
Available on: http://www.surepassexam.com/200-125-exam-dumps.html

P.S. Printable 200-125 braindumps are available on Google Drive, GET MORE: https://drive.google.com/open?id=1OzZ4eFC1XI8L79-k0OIZGdrxMXtPVcLb

New Cisco 200-125 Exam Dumps Collection (Question 13 - Question 22)

Q1. Why is the Branch2 network 10.1 0.20.0/24 unable to communicate with the Server farm1 network 10.1 0.10.0/24 over the GRE tunnel?

A. The GRE tunnel destination is not configured on the R2 router.

B. The GRE tunnel destination is not configured on the Branch2 router.

C. The static route points to the tunnel0 interface that is misconfigured on the Branch2 router.

D. The static route points to the tunnel0 interface that is misconfigured on the R2 router.

Answer: C


The Branch2 network is communicating to the Server farm, which is connected to R2, via GRE Tunnel so we should check the GRE tunnel first to see if it is in u201cup/upu201d state with the u201cshow ip interface briefu201d command on the two routers.

On Branch2:

On R2:

We see interfaces Tunnel0 at two ends are u201cup/upu201d which are good so we should check for the routing part on two routers with the u201cshow running-configu201d command and pay attention to the static routing of each router. On Branch2 we see:


The destination IP address for this static route is not correct. It should be (Tunnel0u2021s IP address of R2), not -> Answer C is correct.

Note: You can use the u201cshow ip routeu201d command to check the routing configuration on each router but if the destination is not reachable (for example: we configure u201cip route on Branch2, but if is unknown then Branch2 router will not display this routing entry in its routing table.

Q2. Which option describes a benefit of a point-to-point leased line?

A. full-mesh capability

B. flexibility of design

C. low cost

D. simplicity of configuration

Answer: D

Q3. If the primary root bridge experiences a power loss, which switch takes over?

A. switch 0004.9A1A.C182

B. switch 00E0.F90B.6BE3

C. switch 00E0.F726.3DC6

D. switch 0040.0BC0.90C5

Answer: A

Q4. Which dynamic routing protocol uses only the hop count to determine the best path to a destination?





Answer: C

Q5. Which IEEE standard does PVST+ use to tunnel information?

A. 802.1x

B. 802 1q

C. 802.1w

D. 802.1s

Answer: B

Q6. Which configuration can you apply to enable encapsulation on a subinterface?

A. interface FastEthernet 0/0 encapsulation dot1Q 30

ip address

B. interface FastEthernet 0/0.30

ip address

C. interface FastEthernet 0/0.30 description subinterface vlan 30

D. interface FastEthernet 0/0.30 encapsulation dot1Q 30

ip address

Answer: D

Q7. Which component of the Cisco SDN solution serves as the centralized management system?

A. Cisco OpenDaylight

B. Cisco ACI

C. Cisco APIC

D. Cisco IWAN

Answer: C


Cisco ACI is a comprehensiveSDN architecture. This policy-based automation solution supports a business-relevant application policy language, greater scalability through a distributed enforcement system, and greater network visibility. These benefits are achieved through the integration of physical and virtual environments under one policy model for networks, servers, storage, services, andsecurity.

Q8. CORRECT TEXTA corporation wants to add security to its network. The requirements are:

u2711 Host C should be able to use a web browser (HTTP) to access the Finance Web Server.

u2711 Other types of access from host C to the Finance Web Server should be blocked.

u2711 All access from hosts in the Core or local LAN to the Finance Web Server should be blocked.

u2711 All hosts in the Core and on local LAN should be able to access the Public Web Server.

You have been tasked to create and apply anumbered access listto a single outbound interface. This access list can contain no more thanthreestatements that meet these requirements.

Access to the router CLI can be gained by clicking on the appropriate host.

u2711 All passwords have been temporarily set to u201cciscou201d.

u2711 The Core connection uses an IP address of

u2711 The computers in the Hosts LAN have been assigned addresses of u2013

u2711 host A

u2711 host B

u2711 host C

u2711 host D

u2711 The Finance Web Server has been assigned an address of

u2711 The Public Web Server in the Server LAN has been assigned an address of


Please see below explanation part for details answer steps:


We should create an access-list and apply it to the interface that is connected to the Server LAN because it can filter out traffic from both S2 and Core networks. To see which interface this is, use the u201cshow ip int briefu201d command:

From this, we know that the servers are located on the fa0/1 interface, so we will place our numbered access list here in the outbound direction.

Corp1#configure terminal

Our access-list needs to allow host C u2013 192.168125.3 to the Finance Web Server via HTTP (port 80), so our first line is this:

Corp1(config)#access-list 100 permit tcp host host eq 80

Then, our next two instructions are these:

u2711 Other types of access from host C to the Finance Web Server should be blocked.

u2711 All access from hosts in the Core or local LAN to the Finance Web Server should be blocked.

This can be accomplished with one command (which we need to do as our ACL needs to

be no more than 3 lines long), blocking all other access to the finance web server:

Corp1(config)#access-list 100 deny ip any host

Our last instruction is to allow all hosts in the Core and on the local LAN access to the Public Web Server (

Corp1(config)#access-list 100 permit ip host any Finally, apply this access-list to Fa0/1 interface (outbound direction) Corp1(config)#interface fa0/1

Corp1(config-if)#ip access-group 100 out

Notice: We have to apply the access-list to Fa0/1 interface (not Fa0/0 interface) so that the access-list can filter traffic coming from both the LAN and the Core networks.

To verify, just click on host C to open its web browser. In the address box type to check if you are allowed to access Finance Web Server or not. If your configuration is correct then you can access it.

Click on other hosts (A, B and D) and check to make sure you canu2021t access Finance Web Server from these hosts. Then, repeat to make sure they can reach the public server at Finally, save the configuration


Corp1#copy running-config startup-config

Q9. Which destination IP address can a host use to send one message to multiple devices across different subnets?





Answer: D

Explanation: Multicast is a networking protocol where one host can send a message to a special multicast IP address and one or more network devices can listen for and receive those messages.

Multicast works by taking advantage of the existingIPv4networking infrastructure, and it does so in something of a weird fashion. As you read, keep in mind that things are a little confusing because multicast was "shoe-horned" in to an existing technology.

For the rest of this article, let's use the multicast IP address of We'll not worry about port numbers yet, but make a mental note that they are used in multicast. We'll discuss that later.

Q10. Which statement about QoS default behavior is true?

A. Ports are untrusted by default.

B. VoIP traffic is passed without being tagged.

C. Video traffic is passed with a well-known DSCP value of 46.

D. Packets are classified internally with an environment.

E. Packets that arrive with a tag are untagged at the edge of an administrative domain.

Answer: E

Explanation: Frames received from users in the administratively-defined VLANs are classified or tagged for transmission to other devices. Based on rules that you define, a unique identifier (the tag) is inserted in each frame header before it is forwarded. The tag is examined and understood by each device before any broadcasts or transmissions to other switches, routers, or end stations. When the frame reaches the last switch or router, the tag is removed before the frame is sent to the target end station. VLANs that are assigned on trunk or access ports without identification or a tag are called native or untagged frames. For IEEE 802.1Q frames with tag information, the priority value from the header frame is used. For native frames, the default priority of the input port is used.

Each port on the switch has a single receive queue buffer (the ingress port) for incoming traffic. When an untagged frame arrives, it is assigned the value of the port as its port default priority. You assign this value by using the CLI or CMS. A tagged frame continues to use its assigned CoS value when it passes through the ingress port.

100% Up to the minute Cisco 200-125 Questions & Answers shared by Certleader, Get HERE: https://www.certleader.com/200-125-dumps.html (New 889 Q&As)