aiotestking uk

200-125 Exam Questions - Online Test


200-125 Premium VCE File

Learn More 100% Pass Guarantee - Dumps Verified - Instant Download
150 Lectures, 20 Hours

Q1. CORRECT TEXT - (Topic 8)

Which protocol authenticates connected devices before allowing them to access the LAN?

A. 802.1d

B. 802.11

C. 802.1w

D. 802.1x

Answer: D

Explanation:

802.1X authentication involves three parties: a supplicant, an authenticator, and an authentication server. The supplicant is a client device (such as a laptop) that wishes to attach to the LAN/WLAN. The term 'supplicant' is also used interchangeably to refer to the software running on the client that provides credentials to the authenticator. The

authenticator is a network device, such as an Ethernet switch or wireless access point; and the authentication server is typically a host running software supporting the RADIUS and EAP protocols.

The authenticator acts like a security guard to a protected network. The supplicant (i.e., client device) is not allowed access through the authenticator to the protected side of the network until the supplicant’s identity has been validated and authorized. An analogy to this is providing a valid visa at the airport's arrival immigration before being allowed to enter the country. With 802.1X port-based authentication, the supplicant provides credentials, such as user name/password or digital certificate, to the authenticator, and the authenticator forwards the credentials to the authentication server for verification. If the authentication server determines the credentials are valid, the supplicant (client device) is allowed to access resources located on the protected side of the network.

Q2.  - (Topic 5)

Which statement describes the process of dynamically assigning IP addresses by the DHCP server?

A. Addresses are allocated after a negotiation between the server and the host to determine the length of the agreement.

B. Addresses are permanently assigned so that the hosts uses the same address at all times.

C. Addresses are assigned for a fixed period of time, at the end of the period, a new request for an address must be made.

D. Addresses are leased to hosts, which periodically contact the DHCP server to renew the lease.

Answer: D

Explanation:

The DHCP lifecycle consists of the following:

✑ Allocation: A client begins with no active lease, and hence, no DHCP-assigned address. It acquires a lease through a process of allocation.

✑ Reallocation: If a client already has an address from an existing lease, then when it reboots or starts up after being shut down, it will contact the DHCP server that granted it the lease to confirm the lease and acquire operating parameters. This is sometimes called reallocation; it is similar to the full allocation process but shorter.

✑ Normal Operation: Once a lease is active, the client functions normally, using its assigned IP address and other parameters during the “main part” of the lease. The client is said to be bound to the lease and the address.

✑ Renewal: After a certain portion of the lease time has expired, the client will attempt to contact the server that initially granted the lease, to renew the lease so it can keep using its IP address.

✑ Rebinding. If renewal with the original leasing server fails (because, for example, the server has been taken offline), then the client will try to rebind to any active DHCP server, trying to extend its current lease with any server that will allow it to do so.

✑ Release: The client may decide at any time that it no longer wishes to use the IP address it was assigned, and may terminate the lease, releasing the IP address.

Q3.  - (Topic 7)

What are three reasons to collect Netflow data on a company network? (Choose three.)

A. To identify applications causing congestion.

B. To authorize user network access.

C. To report and alert link up / down instances.

D. To diagnose slow network performance, bandwidth hogs, and bandwidth utilization.

E. To detect suboptimal routing in the network.

F. To confirm the appropriate amount of bandwidth that has been allocated to each Class of Service.

Answer: A,D,F

Explanation:

NetFlow facilitates solutions to many common problems encountered by IT professionals.

+ Analyze new applications and their network impact

Identify new application network loads such as VoIP or remote site additions.

+ Reduction in peak WAN traffic

Use NetFlow statistics to measure WAN traffic improvement from application-policy changes; understand who is utilizing the network and the network top talkers.

+ Troubleshooting and understanding network pain points

Diagnose slow network performance, bandwidth hogs and bandwidth utilization quickly with command line interface or reporting tools. -> D is correct.

+ Detection of unauthorized WAN traffic

Avoid costly upgrades by identifying the applications causing congestion. -> A is correct.

+ Security and anomaly detection

NetFlow can be used for anomaly detection and worm diagnosis along with applications such as Cisco CS-Mars.

+ Validation of QoS parameters

Confirm that appropriate bandwidth has been allocated to each Class of Service (CoS) and that no CoS is over- or under-subscribed.-> F is correct.

Q4.  - (Topic 8)

Which switching method duplicates the first six bytes of a frame before making a switching decision?

A. fragment-free switching

B. store and-forward switching

C. cut through switching

D. ASIC switching

Answer: C

Explanation: Cut and Through method has lowest latency. In this method Switch only read first six bytes from frame after the preamble. These six bytes are the destination address of frame. This is the fastest method of switching. This method also processes invalid frames. Only advantage of this method is speed.

Q5.  - (Topic 5)

Which command can you use to manually assign a static IPv6 address to a router interface?

A. ipv6 autoconfig 2001:db8:2222:7272::72/64

B. ipv6 address 2001:db8:2222:7272::72/64

C. ipv6 address PREFIX_1 ::1/64

D. ipv6 autoconfig

Answer: B

Explanation:

To assign an IPv6 address to an interface, use the “ipv6 address” command and specify the IP address you wish to use.

Q6. CORRECT TEXT - (Topic 4)

A corporation wants to add security to its network. The requirements are:

✑ Host B should be able to use a web browser (HTTP) to access the Finance Web Server.

✑ Other types of access from host B to the Finance Web Server should be blocked.

✑ All access from hosts in the Core or local LAN to the Finance Web Server should be blocked.

✑ All hosts in the Core and on local LAN should be able to access the Public Web Server.

You have been tasked to create and apply a numbered access list to a single outbound interface. This access list can contain no more than three statements that meet these requirements.

Access to the router CLI can be gained by clicking on the appropriate host.

✑ All passwords have been temporarily set to “cisco”.

✑ The Core connection uses an IP address of 198.18.132.65.

✑ The computers in the Hosts LAN have been assigned addresses of 192.168.201.1

– 192.168.201.254.

✑ host A 192.168.201.1

✑ host B 192.168.201.2

✑ host C 192.168.201.3

✑ host D 192.168.201.4

✑ The Finance Web Server has been assigned an address of 172.22.237.17.

✑ The Public Web Server in the Server LAN has been assigned an address of 172.22.237.18.

Answer:  

Please check the below explanation for all details.

Explanation:

We should create an access-list and apply it to the interface that is connected to the Server LAN because it can filter out traffic from both S2 and Core networks. To see which interface this is, use the “show ip interface brief” command:

Macintosh HD:Users:danielkeller:Desktop:Screen Shot 2015-11-17 at 3.24.34 PM.png From this, we know that the servers are located on the fa0/1 interface, so we will place our numbered access list here in the outbound direction.

Corp1#configure terminal

Our access-list needs to allow host B – 192.168125.2 to the Finance Web Server 172.22.109.17 via HTTP (port 80), so our first line is this:

Corp1(config)#access-list 100 permit tcp host 192.168.125.2 host 172.22.109.17 eq 80

Then, our next two instructions are these:

✑ Other types of access from host B to the Finance Web Server should be blocked.

✑ All access from hosts in the Core or local LAN to the Finance Web Server should be blocked.

This can be accomplished with one command (which we need to do as our ACL needs to be no more than 3 lines long), blocking all other access to the finance web server: Corp1(config)#access-list 100 deny ip any host 172.22.109.17

Our last instruction is to allow all hosts in the Core and on the local LAN access to the Public Web Server (172.22.109.18)

Corp1(config)#access-list 100 permit ip host 172.22.109.18 any Finally, apply this access-list to Fa0/1 interface (outbound direction) Corp1(config)#interface fa0/1

Corp1(config-if)#ip access-group 100 out

Notice: We have to apply the access-list to Fa0/1 interface (not Fa0/0 interface) so that the access-list can filter traffic coming from both the LAN and the Core networks.

To verify, just click on host B to open its web browser. In the address box type

http://172.22.109.17 to check if you are allowed to access Finance Web Server or not. If

your configuration is correct then you can access it.

Click on other hosts (A, C and D) and check to make sure you can’t access Finance Web Server from these hosts. Then, repeat to make sure they can reach the public server at 172.22.109.18. Finally, save the configuration

Corp1(config-if)#end

Corp1#copy running-config startup-config

Q7.  - (Topic 7)

Scenario

Refer to the topology. Your company has connected the routers R1, R2, and R3 with serial links. R2 and R3 are connected to the switches SW1 and SW2, respectively. SW1 and SW2 are also connected to the routers R4 and R5.

The EIGRP routing protocol is configured.

You are required to troubleshoot and resolve the EIGRP issues between the various routers.

Use the appropriate show commands to troubleshoot the issues.

Study the following output taken on R1: R1# Ping 10.5.5.55 source 10.1.1.1 Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 10.5.5.55, timeout is 2 seconds:

Packet sent with a source address of 10.1.1.1

…….

Success rate is 0 percent (0/5) Why are the pings failing?

A. The network statement is missing on R5.

B. The loopback interface is shut down on R5.

C. The network statement is missing on R1.

D. The IP address that is configured on the Lo1 interface on R5 is incorrect.

Answer: C

Explanation:

R5 does not have a route to the 10.1.1.1 network, which is the loopback0 IP address of R1. When looking at the EIGRP configuration on R1, we see that the 10.1.1.1 network statement is missing on R1.

Q8.  - (Topic 5)

What are the Popular destinations for syslog messages to be saved? (Choose three)

A. Flash

B. The logging buffer .RAM

C. The console terminal

D. Other terminals

E. Syslog server

Answer: B,C,E

Explanation:

By default, switches send the output from system messages and debug privileged EXEC commands to a logging process. The logging process controls the distribution of logging messages to various destinations, such as the logging buffer (on RAM), terminal lines (console terminal), or a UNIX syslog server, depending on your configuration. The process also sends messages to the console.

Note: Syslog messages can be written to a file in Flash memory although it is not a popular place to use. We can configure this feature with the command logging file flash:filename.