Press "Enter" to skip to content

Nov 2018 updated: ccna 200 125 book

Act now and download your Cisco 200 125 cisco test today! Do not waste time for the worthless Cisco ccna 200 125 tutorials. Download Leading Cisco CCNA Cisco Certified Network Associate CCNA (v3.0) exam with real questions and answers and begin to learn Cisco ccna 200 125 book with a classic professional.


Pass on Your First TRY 100% Money Back Guarantee Realistic Practice Exam Questions

Free Instant Download NEW 200-125 Exam Dumps (PDF & VCE):
Available on:

P.S. Best Quality 200-125 questions are available on Google Drive, GET MORE:

New Cisco 200-125 Exam Dumps Collection (Question 3 – Question 12)

Q1. Refer to the exhibit.

A junior network administrator was given the task of configuring port security on SwitchA to allow only PC_A to access the switched network through port fa0/1. If any other device is

detected, the port is to drop frames from this device. The administrator configured the interface and tested it with successful pings from PC_A to RouterA, and then observes the output from these two show commands.

Which two of these changes are necessary for SwitchA to meet the requirements? (Choose two.)

A. Port security needs to be globally enabled.

B. Port security needs to be enabled on the interface.

C. Port security needs to be configured to shut down the interface in the event of a violation.

D. Port security needs to be configured to allow only one learned MAC address.

E. Port security interface counters need to be cleared before using the show command.

F. The port security configuration needs to be saved to NVRAM before it can become active.

Answer: B,D


From the output we can see that port security is disabled so this needs to be enabled. Also, the maximum number of devices is set to 2 so this needs to be just one if we want the single host to have access and nothing else.

Q2. Refer to the exhibit.

All devices attached to the network are shown. Which number of collision domains are present in this network?

A. 9

B. 3

C. 6

D. 2

E. 15

Answer: E

Q3. Refer to the exhibit.

Which address range efficiently summarizes the routing table of the addresses for router Main?





Answer: B


The network is the best option as it includes all networks from u2013 and does it more efficiently than the /16 and /18 subnets. The /21 subnet will not include all the other subnets in this one single summarized address.

Q4. What are the three things that the Netflow uses to consider the traffic to be in a same flow? (Choose three)

A. IP address

B. Interface name

C. Port numbers

D. L3 protocol type

E. MAC address

Answer: A,C,D


What is an IP Flow?

Each packet that is forwarded within a router or switch is examined for a set of IP packet attributes. These attributes are the IP packet identity or fingerprint of the packet and determine if the packet is unique or similar to other packets.

Traditionally, an IP Flow is based on a set of 5 and up to 7 IP packet attributes. IP Packet attributes used by NetFlow:

+ IP source address

+ IP destination address

+ Source port

+ Destination port

+ Layer 3 protocol type

+ Class of Service

+ Router or switch interface

Q5. Which three are characteristics of an IPv6 anycast address? (Choose three.)

A. one-to-many communication model

B. one-to-nearest communication model

C. any-to-many communication model

D. a unique IPv6 address for each device in the group

E. the same address for multiple devices in the group

F. delivery of packets to the group interface that is closest to the sending device

Answer: B,E,F


A new address type made specifically for IPv6 is called the Anycast Address. These IPv6 addresses are global addresses, these addresses can be assigned to more than one interface unlike an IPv6 unicast address. Anycast is designed to send a packet to the nearest interface that is a part of that anycast group.

The sender creates a packet and forwards the packet to the anycast address as the destination address which goes to the nearest router. The nearest router or interface is found by using the metric of a routing protocol currently running on the network. However in a LAN setting the nearest interface is found depending on the order the neighbors were learned. The anycast packet in a LAN setting forwards the packet to the neighbor it learned about first.

Q6. A network administrator needs to configure port security on a switch. Which two statements are true? (Choose two.)

A. The network administrator can apply port security to dynamic access ports.

B. The network administrator can apply port security to EtherChannels.

C. When dynamic MAC address learning is enabled on an interface, the switch can learn new addresses, up to the maximum defined.

D. The sticky learning feature allows the addition of dynamically learned addresses to the running configuration.

E. The network administrator can configure static secure or sticky secure MAC addresses in the voice VLAN.

Answer: C,D


Follow these guidelines when configuring port security:

+ Port security can only be configured on static access ports, trunk ports, or 802.1Q tunnel ports.

+ A secure port cannot be a dynamic access port.

+ A secure port cannot be a destination port for Switched Port Analyzer (SPAN).

+ A secure port cannot belong to a Fast EtherChannel or Gigabit EtherChannel port group.

+ You cannot configure static secure or sticky secure MAC addresses on a voice VLAN.

+ When you enable port security on an interface that is also configured with a voice VLAN, you must set the maximum allowed secure addresses on the port to at least two.

+ If any type of port security is enabled on the access VLAN, dynamic port security is automatically enabled on the voice VLAN.

+ When a voice VLAN is configured on a secure port that is also configured as a sticky secure port, all addresses seen on the voice VLAN are learned as dynamic secure addresses, and all addresses seen on the access VLAN (to which the port belongs) are learned as sticky secure addresses.

+ The switch does not support port security aging of sticky secure MAC addresses.

+ The protect and restrict options cannot be simultaneously enabled on an interface.



Topic 11, Infrastructure Management


Refer to the topology. Your company has connected the routers R1, R2, and R3 with serial

links. R2 and R3 are connected to the switches SW1 and SW2, respectively. SW1 and SW2 are also connected to the routers R4 and R5.

The EIGRP routing protocol is configured.

You are required to troubleshoot and resolve the EIGRP issues between the various routers.

Use the appropriate show commands to troubleshoot the issues.

Study the following output taken on R1: R1# Ping source Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to, timeout is 2 seconds: Packet sent with a source address of


Success rate is 0 percent (0/5) Why are the pings failing?

A. The network statement is missing on R5.

B. The loopback interface is shut down on R5.

C. The network statement is missing on R1.

D. The IP address that is configured on the Lo1 interface on R5 is incorrect.

Q7. When a DHCP server is configured, which two IP addresses should never be assignable to hosts? (Choose two.)

A. network or subnetwork IP address

B. broadcast address on the network

C. IP address leased to the LAN

D. IP address used by the interfaces

E. manually assigned address to the clients

F. designated IP address to the DHCP server

Answer: A,B


Network or subnetwork IP address (for example or and broadcast address (for example should never be assignable to hosts. When try to assign these addresses to hosts, you will receive an error message saying that they canu2019t be assignable.

Q8. Which set of commands is recommended to prevent the use of a hub in the access layer?

A. switch(config-if)#switchport mode trunk switch(config-if)#switchport port-security maximum 1

B. switch(config-if)#switchport mode trunk

switch(config-if)#switchport port-security mac-address 1

C. switch(config-if)#switchport mode access switch(config-if)#switchport port-security maximum 1

D. switch(config-if)#switchport mode access switch(config-if)#switchport port-security mac-address 1

Answer: C


This question is to examine the layer 2 security configuration.

In order to satisfy the requirements of this question, you should perform the following

configurations in the interface mode:

First, configure the interface mode as the access mode

Second, enable the port security and set the maximum number of connections to 1.

Q9. What is known as "one-to-nearest" addressing in IPv6?

A. global unicast

B. anycast

C. multicast

D. unspecified address

Answer: B


IPv6 Anycast addresses are used for one-to-nearest communication, meaning an Anycast address is used by a device to send data to one specific recipient (interface) that is the closest out of a group of recipients (interfaces).

Q10. An administrator is trying to ping and telnet from SwitchC to RouterC with the results shown below.

Click the console connected to RouterC and issue the appropriate commands to answer the questions.

Which will fix the issue and allow ONLY ping to work while keeping telnet disabled?

A. Correctly assign an IP address to interface fa0/1.

B. Change the ip access-group command on fa0/0 from u201cinu201d to u201coutu201d.

C. Removeaccess-group 106 infrom interface fa0/0 and addaccess-group 115 in.

D. Removeaccess-group 102 outfrom interface s0/0/0 and addaccess-group 114 in

E. Removeaccess-group 106 infrom interface fa0/0 and addaccess-group 104 in.

Answer: E


Letu2019s have a look at the access list 104:

The question does not ask about ftp traffic so we donu2019t care about the two first lines. The 3rd line denies all telnet traffic and the 4th line allows icmp traffic to be sent (ping). Remember that the access list 104 is applied on the inbound direction so the 5th line u201caccess-list 104 deny icmp any any echo-replyu201d will not affect our icmp traffic because the u201cecho-replyu201d message will be sent over the outbound direction.

Recommend!! Get the Best Quality 200-125 dumps in VCE and PDF From 2passeasy, Welcome to download: (New 889 Q&As Version)