2017 Cisco Official New Released 200-125 ♥♥
100% Free Download! 100% Pass Guaranteed!

Q81.  - (Topic 4)

What are three reasons that an organization with multiple branch offices and roaming users might implement a Cisco VPN solution instead of point-to-point WAN links? (Choose three.)

A. reduced cost

B. better throughput

C. broadband incompatibility

D. increased security

E. scalability

F. reduced latency

Answer: A,D,E


IPsec offer a number of advantages over point to point WAN links, particularly when multiple locations are involved. These include reduced cost, increased security since all traffic is encrypted, and increased scalability as s single WAN link can be used to connect to all locations in a VPN, where as a point to point link would need to be provisioned to each location.

Q82.  - (Topic 7)

Refer to the exhibit.

HostA cannot ping HostB. Assuming routing is properly configured, what is the cause of this problem?

A. HostA is not on the same subnet as its default gateway.

B. The address of SwitchA is a subnet address.

C. The Fa0/0 interface on RouterA is on a subnet that can't be used.

D. The serial interfaces of the routers are not on the same subnet.

E. The Fa0/0 interface on RouterB is using a broadcast address.

Answer: D


Now let’s find out the range of the networks on serial link: For the network

Increment: 32

Network address:

Broadcast address: For the network Increment: 32

Network address:

Broadcast address:

-> These two IP addresses don’t belong to the same network and they can’t see each other.

Q83.  - (Topic 8)

Refer to the exhibit.

What is the result of setting the no login command?

A. Telnet access is denied.

B. Telnet access requires a new password at the first login.

C. Telnet access requires a new password.

D. no password is required for telnet access.

Answer: D

Q84. CORRECT TEXT - (Topic 4)

A corporation wants to add security to its network. The requirements are:

✑ Host B should be able to use a web browser (HTTP) to access the Finance Web Server.

✑ Other types of access from host B to the Finance Web Server should be blocked.

✑ All access from hosts in the Core or local LAN to the Finance Web Server should be blocked.

✑ All hosts in the Core and on local LAN should be able to access the Public Web Server.

You have been tasked to create and apply a numbered access list to a single outbound interface. This access list can contain no more than three statements that meet these requirements.

Access to the router CLI can be gained by clicking on the appropriate host.

✑ All passwords have been temporarily set to “cisco”.

✑ The Core connection uses an IP address of

✑ The computers in the Hosts LAN have been assigned addresses of


✑ host A

✑ host B

✑ host C

✑ host D

✑ The Finance Web Server has been assigned an address of

✑ The Public Web Server in the Server LAN has been assigned an address of


Please check the below explanation for all details.


We should create an access-list and apply it to the interface that is connected to the Server LAN because it can filter out traffic from both S2 and Core networks. To see which interface this is, use the “show ip interface brief” command:

Macintosh HD:Users:danielkeller:Desktop:Screen Shot 2015-11-17 at 3.24.34 PM.png From this, we know that the servers are located on the fa0/1 interface, so we will place our numbered access list here in the outbound direction.

Corp1#configure terminal

Our access-list needs to allow host B – 192.168125.2 to the Finance Web Server via HTTP (port 80), so our first line is this:

Corp1(config)#access-list 100 permit tcp host host eq 80

Then, our next two instructions are these:

✑ Other types of access from host B to the Finance Web Server should be blocked.

✑ All access from hosts in the Core or local LAN to the Finance Web Server should be blocked.

This can be accomplished with one command (which we need to do as our ACL needs to be no more than 3 lines long), blocking all other access to the finance web server: Corp1(config)#access-list 100 deny ip any host

Our last instruction is to allow all hosts in the Core and on the local LAN access to the Public Web Server (

Corp1(config)#access-list 100 permit ip host any Finally, apply this access-list to Fa0/1 interface (outbound direction) Corp1(config)#interface fa0/1

Corp1(config-if)#ip access-group 100 out

Notice: We have to apply the access-list to Fa0/1 interface (not Fa0/0 interface) so that the access-list can filter traffic coming from both the LAN and the Core networks.

To verify, just click on host B to open its web browser. In the address box type to check if you are allowed to access Finance Web Server or not. If

your configuration is correct then you can access it.

Click on other hosts (A, C and D) and check to make sure you can’t access Finance Web Server from these hosts. Then, repeat to make sure they can reach the public server at Finally, save the configuration


Corp1#copy running-config startup-config

Q85.  - (Topic 7)

What are the three things that the Netflow uses to consider the traffic to be in a same flow? (Choose three)

A. IP address

B. Interface name

C. Port numbers

D. L3 protocol type

E. MAC address

Answer: A,C,D


What is an IP Flow?

Each packet that is forwarded within a router or switch is examined for a set of IP packet attributes. These attributes are the IP packet identity or fingerprint of the packet and determine if the packet is unique or similar to other packets.

Traditionally, an IP Flow is based on a set of 5 and up to 7 IP packet attributes. IP Packet attributes used by NetFlow:

+ IP source address

+ IP destination address

+ Source port

+ Destination port

+ Layer 3 protocol type

+ Class of Service

+ Router or switch interface

Q86.  - (Topic 5)

Which three statements about HSRP operation are true? (Choose three.)

A. The virtual IP address and virtual MA+K44C address are active on the HSRP Master router.

B. The HSRP default timers are a 3 second hello interval and a 10 second dead interval.

C. HSRP supports only clear-text authentication.

D. The HSRP virtual IP address must be on a different subnet than the routers' interfaces on the same LAN.

E. The HSRP virtual IP address must be the same as one of the router's interface addresses on the LAN.

F. HSRP supports up to 255 groups per interface, enabling an administrative form of load balancing.

Answer: A,B,F


The virtual MAC address of HSRP version 1 is 0000.0C07.ACxx, where xx is the HSRP group number in hexadecimal based on the respective interface. For example, HSRP group 10 uses the HSRP virtual MAC address of 0000.0C07.AC0A. HSRP version 2 uses a virtual MAC address of 0000.0C9F.FXXX (XXX: HSRP group in hexadecimal).

Q87.  - (Topic 5)

Which command enables IPv6 forwarding on a Cisco router?

A. ipv6 local

B. ipv6 host

C. ipv6 unicast-routing

D. ipv6 neighbor

Answer: C


To enable IPv6 routing on the Cisco router use the following command: ipv6 unicast-routing

If this command is not recognized, your version of IOS does not support IPv6.

Q88.  - (Topic 5)

Which two benefits are provided by using a hierarchical addressing network addressing scheme? (Choose two.)

A. reduces routing table entries

B. auto-negotiation of media rates

C. efficient utilization of MAC addresses

D. dedicated communications between devices

E. ease of management and troubleshooting

Answer: A,E


Here are some of the benefits of hierarchical addressing:

✑ Reduced number of routing table entries — whether it is with your Internet routers or your internal routers, you should try to keep your routing tables as small as possible by using route summarization. Route summarization is a way of having a single IP address represent a collection of IP addresses; this is most easily accomplished when you employ a hierarchical addressing plan. By summarizing routes, you can keep your routing table entries (on the routers that receive the summarized routes) manageable, which offers the following benefits:

✑ Efficient allocation of addresses—Hierarchical addressing lets you take advantage of all possible addresses because you group them contiguously.

Reference: http://www.ciscopress.com/articles/article.asp?p=174107

Q89.  - (Topic 8)

Which configuration can you apply to enable encapsulation on a subinterface?

A. interface FastEthernet 0/0 encapsulation dot1Q 30

ip address

B. interface FastEthernet 0/0.30

ip address

C. interface FastEthernet 0/0.30 description subinterface vlan 30

D. interface FastEthernet 0/0.30 encapsulation dot1Q 30

ip address

Answer: D

Q90.  - (Topic 8)

In which three ways is an IPv6 header simpler than an IPv4 header? (Choose three.)

A. Unlike IPv4 headers, IPv6 headers have a fixed length.

B. IPv6 uses an extension header instead of the IPv4 Fragmentation field.

C. IPv6 headers eliminate the IPv4 Checksum field.

D. IPv6 headers use the Fragment Offset field in place of the IPv4 Fragmentation field.

E. IPv6 headers use a smaller Option field size than IPv4 headers.

F. IPv6 headers use a 4-bit TTL field, and IPv4 headers use an 8-bit TTL field.

Answer: A,B,C