This page was exported from Exam PDF Free Instant Download From Lead2pass [ http://www.testbraindumps.net ] Export date:Tue Nov 19 7:16:03 2019 / +0000 GMT ___________________________________________________ Title: [2017 New] 2017 New 200-125 Exam PDF Ensure 200-125 Certification Exam Pass 100% (251-275) --------------------------------------------------- 2017 June Cisco Official New Released 200-125 Dumps in Lead2pass.com! 100% Free Download! 100% Pass Guaranteed! 200-125 dumps free share: Lead2pass presents the highest quality of 200-125 exam dump which helps candidates to pass the 200-125 exams in the first attempt. Following questions and answers are all new published by Cisco Official Exam Center: http://www.lead2pass.com/200-125.html QUESTION 251Drag and Drop Question Answer: QUESTION 252Lab Simulation Question - ACL-1A network associate is adding security to the configuration of the Corp1 router. The user on host C should be able to use a web browser to access financial information from the Finance Web Server. No other hosts from the LAN nor the Core should be able to use a web browser to access this server. Since there are multiple resources for the corporation at this location including other resources on the Finance Web Server, all other traffic should be allowed.The task is to create and apply an access-list with no more than three statements that will allow ONLY host C web access to the Finance Web Server. No other hosts will have web access to the Finance Web Server. All other traffic is permitted.Access to the router CLI can be gained by clicking on the appropriate host. All passwords have been temporarily set to "cisco".The Core connection uses an IP address of 198.18.196.65The computers in the Hosts LAN have been assigned addresses of 192.168.33.1 - 192.168.33.254Host A 192.168.33.1Host B 192.168.33.2Host C 192.168.33.3Host D 192.168.33.4The servers in the Server LAN have been assigned addresses of 172.22.242.17 - 172.22.242.30 The Finance Web Server is assigned an IP address of 172.22.242.23. Answer:Corp1>enablePassword: cisco We should create an access-list and apply it to the interface which is connected to the Servers LAN interface, because it can filter out traffic from both Sw-Hosts and Core networks. The Server LAN network has been assigned addresses of 172.22.242.17 – 172.22.242.30 so we can guess the interface connected to them has an IP address of 172.22.242.30 (.30 is the number shown in the figure). Use the “show ip interface brief” command to check which interface has the IP address of 172.22.242.30. Corp1#show ip interface briefInterface        IP-Address      OK? Method Status ProtocolFastEthernet0/0  192.168.33.254  YES manual up     upFastEthernet0/1  172.22.242.30   YES manual up     upSerial0/0        198.18.196.65   YES manual up     up We learn that interface FastEthernet0/1 is the interface connected to Server LAN network. It is the interface we will apply our access-list (for outbound direction).Corp1#configure terminal Our access-list needs to allow host C – 192.168.33.3 to the Finance Web Server 172.22.242.23 via web (port 80)Corp1(config)#access-list 100 permit tcp host 192.168.33.3 host 172.22.242.23 eq 80 Deny other hosts access to the Finance Web Server via webCorp1(config)#access-list 100 deny tcp any host 172.22.242.23 eq 80 All other traffic is permittedCorp1(config)#access-list 100 permit ip any anyApply this access-list to Fa0/1 interface (outbound direction) Corp1(config)#interface fa0/1Corp1(config-if)#ip access-group 100 out Notice: We have to apply the access-list to Fa0/1 interface (not Fa0/0 interface) so that the access-list can filter traffic coming from both the LAN and the Core networks. If we apply access list to the inbound interface we can only filter traffic from the LAN network.In the real exam, just click on host C and open its web browser. In the address box type http://172.22.242.23 to check if you are allowed to access Finance Web Server or not. If your configuration is correct then you can access it.Click on other hosts (A, B and D) and check to make sure you can't access Finance Web Server from these hosts.Finally, save the configuration Corp1(config-if)#endCorp1#copy running-config startup-config This configuration only prevents hosts from accessing Finance Web Server via web but if this server supports other traffic – like FTP, SMTP… then other hosts can access it, too.Notice: In the real exam, you might be asked to allow other host (A, B or D) to access the Finance Web Server so please read the requirement carefully. Modification #1A network associate is adding security to the configuration of the Corp router. The user on host B should be able to access the Finance Web Server. Host B should be denied to access other server on S1-SRVS network. Since there are multiple resources for the corporation at this location including other resources on the Finance Web Server, all other traffic should be allowed.The task is to create and apply a numbered access-list with no more than three statements that will allow ONLY host B access to the Finance Web Server. Deny host B from accessing the other servers. All other traffic is permitted. access-list 100 permit ip host 192.168.33.2 host 172.22.242.23access-list 100 deny ip host 192.168.33.2 172.22.242.16 0.0.0.15access-list 100 permit ip any any Modification #2A network associate is adding security to the configuration of the Corp1 router. The user on host C should be able to access the Finance Web Server. No other hosts from the LAN nor the Core should be able access this server. All other traffic should be allowed.The task is to create and apply a numbered access-list with no more than three statements that will allow ONLY host C access the Finance Web Server. No other hosts will have access to the Finance Web Server. All other traffic is permitted. access-list 100 permit ip host 192.168.33.3 host 172.22.242.23access-list 100 deny ip any host 172.22.242.23access-list 100 permit ip any any Modification #3A network associate is adding security to the configuration of the Corp1 router. The user on host C should be able to use a web browser to access financial information from the Finance Web Server. Other access from host C to Finance Web Server should be denied. No other hosts from the LAN nor the Core should be able to access the Finance Web Server. All other traffic should be allowed.The task is to create and apply a numbered access-list with no more than three statements that will allow ONLY host C web access to the Finance Web Server. Also host C should be denied to access any other services of Finance Web Server. No other hosts will access to the Finance Web Server. All other traffic is permitted.access-list 100 permit tcp host 192.168.33.3 host 172.22.242.23 eq 80access-list 100 deny ip any host 172.22.242.23access-list 100 permit ip any any Modification #4A network associate is adding security to the configuration of the Corp1 router. The user on host D should be able to use a web browser to access financial information from the Finance Web Server. Other access from host C to Finance Web Server should be denied. No other hosts from the LAN nor the Core should be able to access the Finance Web Server. All hosts from the LAN nor the Core should able to access public web server. The task is to create and apply a numbered access-list with no more than three statements that will allow ONLY host D should be able to use a web browser(HTTP)to access the Finance Web Server. Other types of access from host D to the Finance Web Server should be blocked. All access from hosts in the Core or local LAN to the Finance Web Server should be blocked. All hosts in the Core and local LAN should be able to access the Public Web Server. access-list 100 permit tcp host 192.168.33.3 host 172.22.242.23 eq 80access-list 100 deny ip any host 172.22.242.23access-list 100 permit ip any any QUESTION 253Drag and Drop Question Answer: QUESTION 254Drag and Drop Question Answer: QUESTION 255Drag and Drop Question Answer: QUESTION 256Hotspot Question Which will fix the issue and allow ONLY ping to work while keeping telnet disabled? A.    Correctly assign an IP address to interface fa0/1.B.    Change the ip access-group command on fa0/0 from "in* to "our.C.    Remove access-group 106 in from interface fa0/0 and add access-group 115 in.D.    Remove access-group 102 out from interface s0/0/0 and add access-group 114 inE.    Remove access-group 106 in from interface fa0/0 and add access-group 104 in. Answer: EExplanation:Let's have a look at the access list 104: The question does not ask about ftp traffic so we don't care about the two first lines. The 3rd line denies all telnet traffic and the 4th line allows icmp traffic to be sent (ping). Remember that the access list 104 is applied on the inbound direction so the 5th line "access-list 104 deny icmp any any echo-reply" will not affect our icmp traffic because the "echo-reply" message will be sent over the outbound direction. QUESTION 257Hotspot Question What would be the effect of issuing the command ip access-group 114 in to the fa0/0 interface? A.    Attempts to telnet to the router would fail.B.    It would allow all traffic from the 10.4.4.0 network.C.    IP traffic would be passed through the interface but TCP and UDP traffic would not.D.    Routing protocol updates for the 10.4.4.0 network would not be accepted from the fa0/0 interface. Answer: BExplanation:From the output of access-list 114: access-list 114 permit ip 10.4.4.0 0.0.0.255 any we can easily understand that this access list allows all traffic (ip) from 10.4.4.0/24 network QUESTION 258Hotspot Question What would be the effect of Issuing the command ip access-group 115 in on the s0/0/1 interface? A.    No host could connect to RouterC through s0/0/1.B.    Telnet and ping would work but routing updates would fail.C.    FTP, FTP-DATA, echo, and www would work but telnet would fail.D.    Only traffic from the 10.4.4.0 network would pass through the interface. Answer: AExplanation:First let's see what was configured on interface S0/0/1: QUESTION 259Refer to the exhibit. Based on the information given, which switch will be elected root bridge and why? A.    Switch A, because it has the lowest MAC addressB.    Switch A, because it is the most centrally located switchC.    Switch B, because it has the highest MAC addressD.    Switch C, because it is the most centrally located switchE.    Switch C, because it has the lowest priorityF.    Switch D, because it has the highest priority Answer: E QUESTION 260Lab Simulation Question - EIGRP Answer:First we should check the configuration of the ENG Router.Click the console PC “F” and enter the following commands. ENG> enablePassword: ciscoENG# show running-configBuilding configuration...Current configuration : 770 bytes!version 12.2no service timestamps log datetime msecno service timestamps debug datetime msecno service password-encryption!hostname ENG!enable secret 5 $1$mERr$hx5rVt7rPNoS4wqbXKX7m0!interface FastEthernet0/0ip address 192.168.77.34 255.255.255.252duplex autospeed auto!interface FastEthernet0/1ip address 192.168.60.65 255.255.255.240duplex autospeed auto!interface FastEthernet1/0ip address 192.168.60.81 255.255.255.240duplex autospeed auto!router eigrp 22network 192.168.77.0network 192.168.60.0no auto-summary!ip classless!line con 0line vty 0 4login!endENG#From the output above, we know that this router was wrongly configured with an autonomous number (AS) of 22. When the AS numbers among routers are mismatched, no adjacency is formed.(You should check the AS numbers on other routers for sure)To solve this problem, we simply re-configure router ENG router with the following commands: ENG# conf tENG(config)# no router eigrp 22ENG(config)# router eigrp 12ENG(config-router)# network 192.168.60.0ENG(config-router)# network 192.168.77.0ENG(config-router)# no auto-summaryENG(config-router)# endENG# copy running-config startup-config Second we should check the configuration of the MGT Router.Click the console PC “G” and enter the following commands. MGT> enablePassword: ciscoMGT# show running-configBuilding configuration...Current configuration : 1029 bytes!version 12.2no service timestamps log datetime msecno service timestamps debug datetime msecno service password-encryption!hostname MGT!enable secret 5 $1$mERr$hx5rVt7rPNoS4wqbXKX7m0!interface FastEthernet0/0ip address 192.168.77.33 255.255.255.252duplex autospeed auto!interface Serial0/0ip address 192.168.36.13 255.255.255.252clock rate 64000!interface Serial0/1ip address 192.168.60.25 255.255.255.252clock rate 64000!interface Serial1/0ip address 198.0.18.6 255.255.255.252!interface Serial1/1no ip addressshutdown!interface Serial1/2no ip addressshutdown!interface Serial1/3no ip addressshutdown!router eigrp 12network 192.168.36.0network 192.168.60.0network 192.168.85.0network 198.0.18.0no auto-summary!ip classlessip route 0.0.0.0 0.0.0.0 198.0.18.5!line con 0line vty 0 4login!endMGT# Notice that it is missing a definition to the network ENG. Therefore we have to add it so that it can recognize ENG router MGT# conf tMGT(config)# router eigrp 12MGT(config-router)# network 192.168.77.0MGT(config-router)# endMGT# copy running-config startup-config Now the whole network will work well. You should check again with ping command from router ENG to other routers! In Short: ENG RouterENG>enablePassword: cisco ENG# conf tENG(config)# no router eigrp 22ENG(config)# router eigrp 12ENG(config-router)# network 192.168.60.0ENG(config-router)# network 192.168.77.0ENG(config-router)# no auto-summaryENG(config-router)# endENG# copy running-config startup-config MGT RouterMGT>enablePassword: cisco MGT# conf tMGT(config)# router eigrp 12MGT(config-router)# network 192.168.77.0MGT(config-router)# endMGT# copy running-config startup-config Some Modification in QuestionAfter adding ENG router, no routing updates are being exchanged between MGT and the new location. All other inter connectivity for the existing locations of the company are working properly. But Internet connection for existing location including Remote1 and Remote2 networks are not working.Faults Identified:1. Incorrect Autonomous System Number configured in ENG router.2. MGT router does not advertise route to the new router ENG.3. Internet Connection is not working all stations.We need to correct the above two configuration mistakes to have full connectivity Steps:1. ENG Router: Change the Autonomous System Number of ENG2. Perimiter Router: Add the network address of interface of Permiter that link between MGT and ENG.3. Perimiter Router: Add default route and default-network. Check the IP Address of S1/0 interface of MGT Router using show running-config command. (The interfaced used to connect to the ISP)!interface Serial1/0ip address 198.0.18.6 255.255.255.252! For Internet sharing we have create a default route, and add default-network configuration. The IP address is 198.0.18.6/30. Then the next hop IP will be 198.0.18.5. ENG RouterENG>enablePassword: cisco ENG# conf tENG(config)# no router eigrp 22ENG(config)# router eigrp 12ENG(config-router)# network 192.168.60.0ENG(config-router)# network 192.168.77.0ENG(config-router)# no auto-summaryENG(config-router)# endENG# copy running-config startup-config MGT RouterMGT>enablePassword: cisco MGT# conf tMGT(config)# router eigrp 12MGT(config-router)# network 192.168.77.0MGT(config-router)# exit MGT(config)# ip route 0.0.0.0 0.0.0.0 198.0.18.5MGT(config)# ip default-network 198.0.18.0MGT(config)# exitMGT# copy running-config startup-config Important:If you refer the topology and IP chart, the MGT router uses Fa0/0 to connect ENG router, S0/0 used to connect Remote1, and S0/1 used to connect Remote2. Refer to the command show running-config, the command #PASSIVE-INTERFACE <Interface Name> will deny EIGRP updates to specified interface. In that case we need to use #no passive-interface <Interface Name> to allow the routing updates to be passed to that interface. For example when used the #show run command and we see the output like below.!router eigrp 22network 192.168.77.0network 192.168.60.0passive-interface FastEthernet 0/0passive-interface Serial 1/0no auto-summary! Then the command would be MGT(config)#router eigrp 12MGT(config-router)#no passive-interface Fa0/0MGT(config-router)#end Also MGT router connect to the ISP router using Serial 1/0. If you seen passive-interface s1/0, then do not remove it using #no passive-interface s1/0 command. QUESTION 261Lab Simulation Question - CLICentral Florida Widgets recently installed a new router in their office. Complete the network installation by performing the initial router configurations and configuring R1PV2 routing using the router command line interface (CLI) on the RC.Configure the router per the following requirements: - Name of the router is R2- Enable.secret password is cisco- The password to access user EXEC mode using the console is cisco2- The password to allow telnet access to the router is cisco3 IPV4 addresses mast be configured as follows: - Ethernet network 209.165.201.0/27 - router has fourth assignable host address in subnet- Serial network is 192.0.2.176/28 - router has last assignable host address in the subnet.- Interfaces should be enabled.- Router protocol is RIPV2 Attention:In practical examinations, please note the following, the actual information will prevail. 1. Name or the router is xxx2. EnablE. secret password is xxx3. Password In access user EXEC mode using the console is xxx4. The password to allow telnet access to the router is xxx5. IP information Answer:Step 1:Click on the console host, you will get a pop-up screen CLI of Router. Router> Configure the new router as per the requirements provided in Lab questionRequirement 1:Name of the router is R2 Step 2:To change the hostname of the router to R2 follow the below steps: Router>Router>enableRouter#configure terminalRouter(config)#hostname R2R2(config)# Requirement 2:Enable-secret password is cisco1 Step 3:To set the enable secret password to cisco1 use the following command R2(config)#enable secret cisco1 Requirement 3:The password to access user EXEC mode using the console is cisco2 Step 4:We need to configure the line console 0 with the password cisco2Also remember to type login command after setting up the password on line con 0 which allows router to accept logins via console. R2(config)#line con 0R2(config-line)#password cisco2R2(config-line)#loginR2(config-line)#exitR2(config)# Requirement 4:The password to allow telnet access to the router is cisco3 Step 5:To allow telnet access we need to configure the vty lines 0 4 with the password cisco3Also remember to type login command after setting up the password on line vty 0 4 which allows router to accept logins via telnet. R2(config)#line vty 0 4R2(config-line)#password cisco3R2(config-line)#loginR2(config-line)#exitR2(config)# Requirement 5:(5.1) Ethernet network 209.165.201.0 /27 - Router has the fourth assignable host address in subnet.(5.2) Serial Network is 192.0.2.176 /28 - Router has the last assignable host address in subnet. Step 6:Ethernet network 209.165.201.0 /27 - Router has the fourth assignable host address in subnet.Ethernet Interface on router R2 is Fast Ethernet 0/0 as per the exhibitFirst we need to identify the subnet maskNetwork: 209.165.201.0 /27Subnet mask: /27: 27 bits = 8 + 8 + 8 + 3=8(bits).8(bits).8(bits) .11100000 (3bits)=255.255.255.11100000=11100000 = 128+64+32+0+0+0+0+0= 224Subnet mask: 255.255.255.224Different subnet networks and there valid first and last assignable host address range for above subnet mask areSubnet Networks :::::: Valid Host address range :::::: Broadcast address209.165.201.0 :::::: 209.165.201.1 - 209.165.201.30 ::::: 209.165.201.31209.165.201.32 :::::: 209.165.201.33 - 209.165.201.62 ::::: 209.165.201.63209.165.201.64 :::::: 209.165.201.65 - 209.165.201.94 :::::: 209.165.201.95209.165.201.96 :::::: 209.165.201.97 - 209.165.201.126 :::::: 209.165.201.127209.165.201.128 :::::: 209.165.201.129 - 209.165.201.158 :::::: 209.165.201.159209.165.201.160 :::::: 209.165.201.161 - 209.165.201.190 :::::: 209.165.201.191209.165.201.192 :::::: 209.165.201.193 - 209.165.201.222 :::::: 209.165.201.223209.165.201.224 :::::: 209.165.201.225 - 209.165.201.254 :::::: 209.165.201.255Use above table information for network 209.165.201.0 /27 to identifyFirst assignable host address: 209.165.201.1Last assignable host address: 209.165.201.30Fourth assignable host address: 209.165.201.4This IP address (209.165.201.4) which we need to configure on Fast Ethernet 0/0 of the router using the subnet mask 255.255.255.224 R2(config)#interface fa 0/0R2(config-if)#ip address 209.165.201.4 255.255.255.224 Requirement 6:To enable interfacesUse no shutdown command to enable interfaces R2(config-if)#no shutdownR2(config-if)#exit Step 7:Serial Network is 192.0.2.176 /28 - Router has the last assignable host address in subnet.Serial Interface on R2 is Serial 0/0/0 as per the exhibitFirst we need to identify the subnet maskNetwork: 192.0.2.176 /28Subnet mask: /28: 28bits = 8bits+8bits+8bits+4bits=8(bits).8(bits).8(bits) .11110000 (4bits)=255.255.255.11100000=11100000 = 128+64+32+16+0+0+0+0= 240Subnet mask: 255.255.255.240Different subnet networks and there valid first and last assignable host address range for above subnet mask areSubnet  Networks ::::: Valid Host address ::::::::::: Broadcast address192.0.2.0 :::::: 192.0.2.1 - 192.0.2.14 ::::::: 192.0.2.15192.0.2.16 ::::::: 192.0.2.17 - 192.0.2.30 ::::::: 192.0.2.31192.0.2.32 :::::::: 192.0.2.33 - 192.0.2.46 :::::: 192.0.2.47192.0.2.48 :::::: 192.0.2.49 - 192.0.2.62 ::::::: 192.0.2.64192.0.2.64 ::::::: 192.0.2.65 - 192.0.2.78 ::::::: 192.0.2.79192.0.2.80 :::::::: 192.0.2.81 - 192.0.2.94 :::::: 192.0.2.95192.0.2.96 :::::: 192.0.2.97 - 192.0.2.110 ::::::: 192.0.2.111192.0.2.112 ::::::: 192.0.2.113 - 192.0.2.126 ::::::: 192.0.2.127192.0.2.128 :::::::: 192.0.2.129 - 192.0.2.142 :::::: 192.0.2.143192.0.2.144 :::::: 192.0.2.145 - 192.0.2.158 ::::::: 192.0.2.159192.0.2.160 ::::::: 192.0.2.161 - 192.0.2.174 ::::::: 192.0.2.175192.0.2.176 :::::::: 192.0.2.177 - 192.0.2.190 :::::: 192.0.2.191and so on ….Use above table information for network 192.0.2.176 /28 to identifyFirst assignable host address: 192.0.2.177Last assignable host address: 192.0.2.190We need to configure Last assignable host address (192.0.2.190) on serial 0/0/0 using the subnet mask 255.255.255.240 R2(config)#interface serial 0/0/0R2(config-if)#ip address 192.0.2.190 255.255.255.240 Requirement 6:To enable interfacesUse no shutdown command to enable interfaces R2(config-if)#no shutdownR2(config-if)#exit Requirement 7:Router protocol is RIPv2 Step 8:Need to enable RIPv2 on router and advertise its directly connected networks R2(config)#router rip To enable RIP v2 routing protocol on router use the command version 2 R2(config-router)#version 2 Optional: no auto-summary (Since LAB networks do not have discontinuous networks)RIP v2 is classless, and advertises routes including subnet masks, but it summarizes routes by default.So the first things we need to do when configuring RIP v2 is turn off auto-summarization with the router command no auto-summary if you must perform routing between disconnected subnets. R2 (config-router) # no auto-summary Advertise the serial 0/0/0 and fast Ethernet 0/0 networks into RIP v2 using network command R2(config-router)#network 192.0.2.176R2(config-router)#network 209.165.201.0R2(config-router)#end Step 9:Important please do not forget to save your running-config to startup-config R2# copy running-config startup-config QUESTION 262Lab Simulation Question - ACL-4 Answer: Corp1>enableCorp1#configure terminalCorp1(config)#access-list 100 permit tcp host 192.168.33.3 host 172.22.242.23 eq 80Corp1(config)#access-list 100 deny tcp any host 172.22.242.23 eq 80Corp1(config)#access-list 100 permit ip any anyCorp1(config)#interface fa 0/1 sh ip int briefCorp1(config-if)#ip access-group 100 outCorp1(config-if)#endCorp1#copy running-config startup-config Explanation: Select the console on Corp1 routerConfiguring ACL Corp1>enableCorp1#configure terminal Comment: To permit only Host C (192.168.33.3){source addr} to access finance server address (172.22.242.23) {destination addr} on port number 80 (web) Corp1(config)#access-list 100 permit tcp host 192.168.33.3 host 172.22.242.23 eq 80Comment: To deny any source to access finance server address (172.22.242.23) {destination addr} on port number 80 (web) Corp1(config)#access-list 100 deny tcp any host 172.22.242.23 eq 80 Comment: To permit ip protocol from any source to access any destination because of the implicit deny any any statement at the end of ACL. Corp1(config)#access-list 100 permit ip any any Applying the ACL on the InterfaceComment: Check show ip interface brief command to identify the interface type and number by checking the IP address configured. Corp1(config)#interface fa 0/1 If the ip address configured already is incorrect as well as the subnet mask. this should be corrected in order ACL to work type this commands at interface mode :no ip address 192.x.x.x 255.x.x.x (removes incorrect configured ipaddress and subnet mask) Configure Correct IP Address and subnet mask:ip address 172.22.242.30 255.255.255.240 ( range of address specified going to server is given as 172.22.242.17 - 172.22.242.30 )Comment: Place the ACL to check for packets going outside the interface towards the finance web server. Corp1(config-if)#ip access-group 100 outCorp1(config-if)#end Important: To save your running config to startup before exit. Corp1#copy running-config startup-config Verifying the Configuration:Step1: show ip interface brief command identifies the interface on which to apply access list. Step2: Click on each host A,B,C & D . Host opens a web browser page , Select address box of the web browser and type the ip address of finance web server(172.22.242.23) to test whether it permits /deny access to the finance web Server .Step 3: Only Host C (192.168.33.3) has access to the server . If the other host can also access then maybe something went wrong in your configuration . check whether you configured correctly and in order.Step 4: If only Host C (192.168.33.3) can access the Finance Web Server you can click on NEXT button to successfully submit the ACL SIM. QUESTION 263Lab Simulation Question - ACL-2 Answer: Corp1#conf tCorp1(config)# access-list 128 permit tcp host 192.168.240.1 host 172.22.141.26 eq www Corp1(config)# access-list 128 deny tcp any host 172.22.141.26 eq wwwCorp1(config)# access-list 128 permit ip any anyCorp1(config)#int fa0/1Corp1(config-if)#ip access-group 128 outCorp1(config-if)#endCorp1#copy run startup-config QUESTION 264Lab Simulation Question - ACL-3 Answer: Corp1>enableCorp1#configure terminalCorp1(config)#access-list 100 permit tcp host 192.168.33.3 host 172.22.242.23 eq 80Corp1(config)#access-list 100 deny tcp 192.168.33.0 0.0.0.255 host 172.22.242.23 eq 80Corp1(config)#access-list 100 permit ip any anyCorp1(config)#interface fa 0/1 sh ip int briefCorp1(config-if)#ip access-group 100 outCorp1(config-if)#endCorp1#copy running-config startup-config Explanation: Select the console on Corp1 routerConfiguring ACL Corp1 >enableCorp1#configure terminal comment: To permit only Host C (192.168. 33. 3){source addr} to access finance server address (172.22. 242. 23){destination addr} on port number 80 (web) Corp1(config)#access-list 100 permit tcp host 192.168.33.3 host 172.22.242.23 eq 80 Comment: To deny any source to access finance server address (172. 22. 242. 23) {destination addr} on port number 80 (web) Corp1(config)#access-list 100 deny tcp any host 172.22.242.23 eq 80 Comment: To permit ip protocol from any source to access any destination because of the implicit deny any any statement at the end of ACL. Corp1(config)#access-list 100 permit ip any any Applying the ACL on the Interfacecomment: Check show ip interface brief command to identify the interface type and number by checking the IP address configured. Corp1(config)#interface fa 0/1 If the ip address configured already is incorrect as well as the subnet mask, this should be corrected in order ACL to work type this commands at interface mode :no ip address 192. x. x. x 255. x. x. x (removes incorrect configured ip address and subnet mask) Configure Correct IP Address and subnet mask:ip address 172. 22. 242. 30 255. 255. 255. 240 (range of address specified going to server is given as 172. 22. 242. 17-172. 22. 242. 30 )Comment: Place the ACL to check for packets going outside the interface towards the finance web server. Corp1(config-if)#ip access-group 100 outCorp1(config-if)#end Important: To save your running config to startup before exit. Corp1#copy running-config startup- config Verifying the Configuration: Step1: show ip interface brief command identifies the interface on which to apply access list. Step2: Click on each host A,B,C & D. Host opens a web browser page, Select address box of the web browser and type the ip address of finance web server(172. 22. 242. 23) to test whether it permits /deny access to the finance web Server.Step 3: Only Host C (192.168. 33. 3) has access to the server. If the other host can also access then maybe something went wrong in your configuration check whether you configured correctly and in order.Step 4: If only Host C (192.168. 33. 3) can access the Finance Web Server you can click on NEXT button to successfully submit the ACL SIM. QUESTION 265Lab Simulation Question - NAT-1 A network associate is configuring a router for the weaver company to provide internet access. The ISP has provided the company six public IP addresses of 198.18.184.105 198.18.184.110. The company has 14 hosts that need to access the internet simultaneously. The hosts in the company LAN have been assigned private space addresses in the range of 192.168.100.17 ?192.168.100.30. Answer:The company has 14 hosts that need to access the internet simultaneously but we just have 6 public IP addresses from 198.18.184.105 to 198.18.184.110/29.Therefore we have to use NAT overload (or PAT)Double click on the Weaver router to open it Router>enableRouter#configure terminal First you should change the router's name to Weaver Router(config)#hostname Weaver Create a NAT pool of global addresses to be allocated with their netmask.Weaver(config)#ip nat pool mypool 198.18.184.105 198.18.184.110 netmask 255.255.255.248 Create a standard access control list that permits the addresses that are to be translated Weaver(config)#access-list 1 permit 192.168.100.16 0.0.0.15 Establish dynamic source translation, specifying the access list that was defined in the prior step Weaver(config)#ip nat inside source list 1 pool mypool overload This command translates all source addresses that pass access list 1, which means a source address from 192.168.100.17 to 192.168.100.30, into an address from the pool named mypool (the pool contains addresses from 198.18.184.105 to 198.18.184.110)Overload keyword allows to map multiple IP addresses to a single registered IP address (many-to-one) by using different portsThe question said that appropriate interfaces have been configured for NAT inside and NAT outside statements.This is how to configure the NAT inside and NAT outside, just for your understanding: Weaver(config)#interface fa0/0Weaver(config-if)#ip nat insideWeaver(config-if)#exitWeaver(config)#interface s0/0Weaver(config-if)#ip nat outsideWeaver(config-if)#end Finally, we should save all your work with the following command: Weaver#copy running-config startup-config Check your configuration by going to "Host for testing" and type:C :>ping 192.0.2.114 The ping should work well and you will be replied from 192.0.2.114 QUESTION 266Lab Simulation Question - NAT-2A network associate is configuring a router for the Weaver company to provide internet access. The ISP has provided the company six public IP addresses of 198.18.184.105 - 198.18.184.110. The company has 14 hosts that need to access the internet simultaneously. The hosts in the company LAN have been assigned private space addresses in the range of 192.168.100.17 – 192.168.100.30. The following have already been configured on the router: The basic router configurationThe appropriate interfaces have been configured for NAT inside and NAT outsideThe appropriate static routes have also been configured (since the company will be a stub network, no routing protocol will be required.)All passwords have been temporarily set to “cisco” The task is to complete the NAT configuration using all IP addresses assigned by the ISP to provide internet access for the hosts in the weaver LAN. Functionality can be tested by clicking on the host provided for testing. Configuration information: Router name    -    WeaverInside global addresses    -    198.18.184.105 – 198.18.184.110 /29Inside local addresses    -    192.168.100.17 – 192.168.100.30 /28Number of inside hosts    -    14 Answer: Step 1: Router Name Router>enableRouter#configure terminalRouter(config)#hostname WeaverWeaver(config)# Step 2: NAT Configuration Weaver(config)#access-list 10 permit 192.168.100.16 0.0.0.15Weaver(config)#ip nat pool  mynatpool 198.18.184.105 198.18.184.110 netmask 255.255.255.248Weaver(config)#ip nat inside source list 10 pool mynatpool overloadWeaver(config)#end Step 3: Save Configuration Weaver#copy run start Verification: We can verify the answer by pinging the ISP IP Address (192.0.2.114) from Host for testing. Click “Host for testing” In command prompt, type “ping 192.0.2.114”. If ping succeeded then the NAT is working properly. Screen Shots: QUESTION 267In a switched environment, what does the IEEE 802.1Q standard describe? A.    the operation of VTPB.    a method of VLAN trunkingC.    an approach to wireless LAN communicationD.    the process for root bridge selectionE.    VLAN pruning Answer: BExplanation:A broadcast domain must sometimes exist on more than one switch in the network. To accomplish this, one switch must send frames to another switch and indicate which VLAN a particular frame belongs to. On Cisco switches, a trunk link is created to accomplish this VLAN identification. ISL and IEEE 802.1Q are different methods of putting a VLAN identifier in a Layer 2 frame. The IEEE 802.1Q protocol interconnects VLANs between multiple switches, routers, and servers. With 802.1Q, a network administrator can define a VLAN topology to span multiple physical devices.Cisco switches support IEEE 802.1Q for FastEthernet and Gigabit Ethernet interfaces. An 802.1Q trunk link provides VLAN identification by adding a 4-byte tag to an Ethernet Frame as it leaves a trunk port. QUESTION 268What are three benefits of GLBP? (Choose three.) A.    GLBP supports up to eight virtual forwarders per GLBP group.B.    GLBP supports clear text and MD5 password authentication between GLBP group members.C.    GLBP is an open source standardized protocol that can be used with multiple vendors.D.    GLBP supports up to 1024 virtual routers.E.    GLBP can load share traffic across a maximum of four routers.F.    GLBP elects two AVGs and two standby AVGs for redundancy. Answer: BDE QUESTION 269Which three statements about HSRP operation are true? (Choose three.) A.    The virtual IP address and virtual MA+K44C address are active on the HSRP Master router.B.    The HSRP default timers are a 3 second hello interval and a 10 second dead interval.C.    HSRP supports only clear-text authentication.D.    The HSRP virtual IP address must be on a different subnet than the routers' interfaces on the same LAN.E.    The HSRP virtual IP address must be the same as one of the router's interface addresses on the LAN.F.    HSRP supports up to 255 groups per interface, enabling an administrative form of load balancing. Answer: ABFExplanation:The virtual MAC address of HSRP version 1 is 0000.0C07.ACxx, where xx is the HSRP group number in hexadecimal based on the respective interface. For example, HSRP group 10 uses the HSRP virtual MAC address of 0000.0C07.AC0A. HSRP version 2 uses a virtual MAC address of 0000.0C9F.FXXX (XXX: HSRP group in hexadecimal) QUESTION 270Which three statements about Syslog utilization are true? (Choose three.) A.    Utilizing Syslog improves network performance.B.    The Syslog server automatically notifies the network administrator of network problems.C.    A Syslog server provides the storage space necessary to store log files without using router disk space.D.    There are more Syslog messages available within Cisco IOS than there are comparable SNMP trap messages.E.    Enabling Syslog on a router automatically enables NTP for accurate time stamping.F.    A Syslog server helps in aggregation of logs and alerts. Answer: CDF QUESTION 271A network administrator enters the following command on a router: logging trap 3. What are three message types that will be sent to the Syslog server? (Choose three.) A.    informationalB.    emergencyC.    warningD.    criticalE.    debugF.    error Answer: BDF QUESTION 272What is the default Syslog facility level? A.    local4B.    local5C.    local6D.    local7 Answer: D QUESTION 273What command instructs the device to timestamp Syslog debug messages in milliseconds? A.    service timestamps log datetime localtimeB.    service timestamps debug datetime msecC.    service timestamps debug datetime localtimeD.    service timestamps log datetime msec Answer: BExplanation:The "service timestamps debug" command configures the system to apply a time stamp to debugging messages. The time-stamp format for datetime is MMM DD HH:MM:SS, where MMM is the month, DD is the date, HH is the hour (in 24-hour notation), MM is the minute, and SS is the second. With the additional keyword msec, the system includes milliseconds in the time stamp, in the format HH:DD:MM:SS.mmm, where .mmm is milliseconds QUESTION 274Refer to the exhibit. What is the cause of the Syslog output messages? A.    The EIGRP neighbor on Fa0/1 went down due to a failed link.B.    The EIGRP neighbor connected to Fa0/1 is participating in a different EIGRP process, causing the adjacencyto go down.C.    A shut command was executed on interface Fa0/1, causing the EIGRP adjacency to go down.D.    Interface Fa0/1 has become error disabled, causing the EIGRP adjacency to go down. Answer: C QUESTION 275What are three components that comprise the SNMP framework? (Choose three.) A.    MIBB.    agentC.    setD.    AESE.    supervisorF.    manager Answer: ABF Lead2pass is now offering Lead2pass 200-125 PDF dumps with 100% passing guarantee. Use Lead2pass 200-125 PDF and pass your exam easily. Download Cisco 200-125 exam dumps and prepare for exam. 200-125 new questions on Google Drive: https://drive.google.com/open?id=0B3Syig5i8gpDUG9MR3ZFUDNqeDQ 2017 Cisco 200-125 exam dumps (All 765 Q&As) from Lead2pass: http://www.lead2pass.com/200-125.html [100% Exam Pass Guaranteed] --------------------------------------------------- Images: --------------------------------------------------- --------------------------------------------------- Post date: 2017-06-27 06:16:56 Post date GMT: 2017-06-27 06:16:56 Post modified date: 2017-06-27 06:16:56 Post modified date GMT: 2017-06-27 06:16:56 ____________________________________________________________________________________________ Export of Post and Page as text file has been powered by [ Universal Post Manager ] plugin from www.gconverters.com