[Free] 2017(July) Ensurepass Testking Cisco 200-125 Latest Dumps 391-400

Ensurepass
2017 July Cisco Official New Released 200-125 Q&As
100% Free Download! 100% Pass Guaranteed!
http://www.ensurepass.com/200-125.html

CCNA Routing and Switching v3.0

QUESTION 391

Scenario

Refer to the topology. Your company has connected the routers R1, R2, and R3 with serial links. R2 and R3 are connected to the switches SW1 and SW2, respectively. SW1 and SW2 are also connected to the routers R4 and R5.

 

The EIGRP routing protocol is configured.

 

You are required to troubleshoot and resolve the EIGRP issues between the various routers.

 

Use the appropriate show commands to troubleshoot the issues.

 

clip_image002

clip_image004

clip_image006

clip_image008

clip_image010

clip_image012

clip_image014

clip_image016

clip_image018

 

The loopback interfaces on R4 with the IP addresses of 10.4.4.4/32, 10.4.4.5/32, and 10.4.4.6/32 are not appearing in the routing table of R5. Why are the interfaces missing?

 

A.

The interfaces are shutdown, so they are not being advertised.

B.

R4 has been incorrectly configured to be in another AS, so it does not peer with R5.

C.

Automatic summarization is enabled, so only the 10.0.0.0 network is displayed.

D.

The loopback addresses haven’t been advertised, and the network command is missing on R4.

 

Correct Answer: B

Explanation:

For an EIGRP neighbor to form, the following must match:

 

clip_image020Neighbors must be in the same subnet

clip_image020[1]K values

clip_image020[2]AS numbers

clip_image020[3]Authentication method and key strings

 

Here, we see that R4 is configured for EIGRP AS 2, when it should be AS 1.

 

clip_image022

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

QUESTION 392

Scenario

Refer to the topology. Your company has connected the routers R1, R2, and R3 with serial links. R2 and R3 are connected to the switches SW1 and SW2, respectively. SW1 and SW2 are also connected to the routers R4 and R5.

 

The EIGRP routing protocol is configured.

 

You are required to troubleshoot and resolve the EIGRP issues between the various routers.

 

Use the appropriate show commands to troubleshoot the issues.

 

clip_image023

clip_image024

clip_image025

clip_image026

clip_image027

clip_image028

clip_image029

clip_image030

clip_image031

 

Study the following output taken on R1:

 

R1# Ping 10.5.5.55 source 10.1.1.1

Type escape sequence to abort.

 

Sending 5, 100-byte ICMP Echos to 10.5.5.55, timeout is 2 seconds:

 

Packet sent with a source address of 10.1.1.1

 

…….

 

Success rate is 0 percent (0/5)

 

Why are the pings failing?

 

A.

The network statement is missing on R5.

B.

The loopback interface is shut down on R5.

C.

The network statement is missing on R1.

D.

The IP address that is configured on the Lo1 interface on R5 is incorrect.

 

Correct Answer: C

Explanation:

R5 does not have a route to the 10.1.1.1 network, which is the loopback0 IP address of R1. When looking at the EIGRP configuration on R1, we see that the 10.1.1.1 network statement is missing on R1.

 

clip_image033

QUESTION 393

Scenario

Refer to the topology. Your company has connected the routers R1, R2, and R3 with serial links. R2 and R3 are connected to the switches SW1 and SW2, respectively. SW1 and SW2 are also connected to the routers R4 and R5.

 

The EIGRP routing protocol is configured.

 

You are required to troubleshoot and resolve the EIGRP issues between the various routers.

 

Use the appropriate show commands to troubleshoot the issues.

 

clip_image034

clip_image035

clip_image036

clip_image037

clip_image038

clip_image028[1]

clip_image039

clip_image040

clip_image031[1]

 

Router R6 does not form an EIGRP neighbor relationship correctly with router R1. What is the cause for this misconfiguration?

 

A.

The K values mismatch.

B.

The AS does not match.

C.

The network command is missing.

D.

The passive interface command is enabled.

 

Correct Answer: C

Explanation:

The link from R1 to R6 is shown below:

 

clip_image041

 

As you can see, they are both using e0/0. The IP addresses are in the 192.168.16.0 network:

 

clip_image043

 

 

But when we look at the EIGRP configuration, the “network 192.168.16.0” command is missing on R6.

 

clip_image045

 

 

 

 

 

 

 

 

 

 

 

 

 

QUESTION 394

Scenario

Refer to the topology. Your company has connected the routers R1, R2, and R3 with serial links. R2 and R3 are connected to the switches SW1 and SW2, respectively. SW1 and SW2 are also connected to the routers R4 and R5.

 

The EIGRP routing protocol is configured.

 

You are required to troubleshoot and resolve the EIGRP issues between the various routers.

 

Use the appropriate show commands to troubleshoot the issues.

 

clip_image046

clip_image047

clip_image048

clip_image049

clip_image050

clip_image051

clip_image052

clip_image053

clip_image054

 

Which path does traffic take from R1 to R5?

 

A.

The traffic goes through R2.

B.

The traffic goes through R3.

C.

The traffic is equally load-balanced over R2 and R3.

D.

The traffic is unequally load-balanced over R2 and R3.

 

Correct Answer: A

Explanation:

Using the “show ip int brief command” on R5 we can see the IP addresses assigned to this router. Then, using the “show ip route” command on R1 we can see that to reach 10.5.5.5 and 10.5.5.55 the preferred path is via Serial 1/3, which we see from the diagram is the link to R2.

 

clip_image056

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

QUESTION 395

A corporation wants to add security to its network. The requirements are:

 

clip_image020[4]Host B should be able to use a web browser (HTTP) to access the Finance Web Server.

clip_image020[5]Other types of access from host B to the Finance Web Server should be blocked.

clip_image020[6]All access from hosts in the Core or local LAN to the Finance Web Server should be blocked.

clip_image020[7]All hosts in the Core and on local LAN should be able to access the Public Web Server.

 

You have been tasked to create and apply a numbered access list to a single outbound interface. This access list can contain no more than three statements that meet these requirements.

 

Access to the router CLI can be gained by clicking on the appropriate host.

 

clip_image020[8]All passwords have been temporarily set to “cisco”.

clip_image020[9]The Core connection uses an IP address of 198.18.132.65.

clip_image020[10]The computers in the Hosts LAN have been assigned addresses of 192.168.201.1 – 192.168.201.254.

clip_image020[11]host A 192.168.201.1

clip_image020[12]host B 192.168.201.2

clip_image020[13]host C 192.168.201.3

clip_image020[14]host D 192.168.201.4

clip_image020[15]The Finance Web Server has been assigned an address of 172.22.237.17.

clip_image020[16]
The Public Web Server in the Server LAN has been assigned an address of 172.22.237.18.

 

clip_image058

clip_image060

clip_image062

clip_image064

clip_image066

clip_image066[1]

clip_image068

clip_image068[1]

 

Correct Answer: Please check the below explanation for all details.

Explanation:

We should create an access-list and apply it to the interface that is connected to the Server LAN because it can filter out traffic from both S2 and Core networks. To see which interface this is, use the “show ip interface brief” command:

 

clip_image070

 

From this, we know that the servers are located on the fa0/1 interface, so we will place our numbered access list here in the outbound direction.

 

Corp1#configure terminal

Our access-list needs to allow host B ?192.168125.2 to the Finance Web Server 172.22.109.17 via HTTP (port 80), so our first line is this:

 

Corp1(config)#access-list 100 permit tcp host 192.168.125.2 host 172.22.109.17 eq 80

 

Then, our next two instructions are these:

 

clip_image020[17]Other types of access from host B to the Finance Web Server should be blocked.

clip_image020[18]All access from hosts in the Core or local LAN to the Finance Web Server should be blocked.

 

This can be accomplished with one command (which we need to do as our ACL needs to be no more than 3 lines long), blocking all other access to the finance web server:

Corp1(config)#access-list 100 deny ip any host 172.22.109.17

 

Our last instruction is to allow all hosts in the Core and on the local LAN access to the Public Web Server (172.22.109.18)

 

Corp1(config)#access-list 100 permit ip host 172.22.109.18 any

Finally, apply this access-list to Fa0/1 interface (outbound direction)

 

Corp1(config)#interface fa0/1

Corp1(config-if)#ip access-group 100 out

Notice: We have to apply the access-list to Fa0/1 interface (not Fa0/0 interface) so that the access-list can filter traffic coming from both the LAN and the Core networks.

To verify, just click on host B to open its web browser. In the address box type http://172.22.109.17 to check if you are allowed to access Finance Web Server or not. If your configuration is correct then you can access it.

 

Click on other hosts (A, C and D) and check to make sure you can’t access Finance Web Server from these hosts. Then, repeat to make sure they can reach the public server at 172.22.109.18. Finally, save the configuration

 

Corp1(config-if)#end

Corp1#copy running-config startup-config

 

 

QUESTION 396

A network associate is adding security to the configuration of the Corp1 router. The user on host C should be able to use a web browser to access financial information from the Finance Web Server. No other hosts from the LAN nor the Core should be able to use a web browser to access this server. Since there are multiple resources for the corporation at this location including other resources on the Finance Web Server, all other traffic should be allowed.

 

The task is to create and apply an access-list with no more than three statements that will allow ONLY host C web access to the Finance Web Server. No other hosts will have web access to the Finance Web Server. All other traffic is permitted.

 

Access to the router CLI can be gained by clicking on the appropriate host.

 

All passwords have been temporarily set to “cisco”.

 

The Core connection uses an IP address of 198.18.196.65.

 

The computers in the Hosts LAN have been assigned addresses of 192.168.33.1 – 192.168.33.254

 

host A 192.168.33.1

host B 192.168.33.2

host C 192.168.33.3

host D 192.168.33.4

 

The servers in the Server LAN have been assigned addresses of 172.22.242.17 – 172.22.242.30.

 

The Finance Web Server is assigned an IP address of 172.22.242.23.

 

clip_image072

 

Correct Answer: Select the console on Corp1 router

Configuring ACL

Corp1>enable

Corp1#configure terminal

Comment: To permit only Host C (192.168.33.3){source addr} to access finance server address (172.22.242.23) {destination addr} on port number 80 (web)

Corp1(config)#access-list 100 permit tcp host 192.168.33.3 host 172.22.242.23 eq 80

Comment: To deny any source to access finance server address (172.22.242.23) {destination addr} on port number 80 (web)

Corp1(config)#access-list 100 deny tcp any host 172.22.242.23 eq 80

Comment: To permit ip protocol from any source to access any destination because of the implicit deny any any statement at the end of ACL.

Corp1(config)#access-list 100 permit ip any any

Applying the ACL on the Interface

Comment: Check show ip interface brief command to identify the interface type and number by checking the IP address configured.

Corp1(config)#interface fa 0/1

If the ip address configured already is incorrect as well as the subnet mask. This should be corrected in order ACL to work type this commands at interface mode:

no ip address 192.x.x.x 255.x.x.x (removes incorrect configured ipaddress and subnet mask)

Configure Correct IP Address and subnet mask:

ip address 172.22.242.30 255.255.255.240 ( range of address specified going to server is given as 172.22.242.17 – 172.22.242.30 )

Comment: Place the ACL to check for packets going outside the interface towards the finance web server.

Corp1(config-if)#ip access-group 100 out

Corp1(config-if)#end

Important: To save your running config to startup before exit.

Corp1#copy running-config startup-config

Verifying the Configuration:

Step1: show ip interface b
rief command identifies the interface on which to apply access list.

Step2: Click on each host A, B, C, & D. Host opens a web browser page, Select address box of the web browser and type the ip address of finance web server (172.22.242.23) to test whether it permits /deny access to the finance web Server.

Step 3: Only Host C (192.168.33.3) has access to the server. If the other host can also access then maybe something went wrong in your configuration. Check whether you configured correctly and in order.

Step 4: If only Host C (192.168.33.3) can access the Finance Web Server you can click on NEXT button to successfully submit the ACL SIM.

 

 

QUESTION 397

The following have already been configured on the router:

 

clip_image020[19]The basic router configuration.

clip_image020[20]The appropriate interfaces have been configured for NAT inside and NAT outside.

clip_image020[21]The appropriate static routes have also been configured (since the company will be a stub network, no routing protocol will be required)

clip_image020[22]All passwords have been temporarily set to “cisco”.

 

The task is to complete the NAT configuration using all IP ad
dresses assigned by the ISP to provide Internet access for the hosts in the Weaver LAN. Functionality can be tested by clicking on the host provided for testing.

 

Configuration information:

 

router name – Weaver

 

inside global addresses – 198.18.184.105 – 198.18.184.110/29

 

inside local addresses – 192.168.100.17 – 192.168.100.30/28

 

number of inside hosts – 14

 

clip_image074

 

A network associate is configuring a router for the weaver company to provide internet access. The ISP has provided the company six public IP addresses of 198.18.184.105 198.18.184.110. The company has 14 hosts that need to access the internet simultaneously. The hosts in the company LAN have been assigned private space addresses in the range of 192.168.100.17 – 192.168.100.30.

 

Correct Answer:

The company has 14 hosts that need to access the internet simultaneously but we just have 6 public IP addresses from 198.18.184.105 to 198.18.184.110/29.

Therefore we have to use NAT overload (or PAT)

Double click on the Weaver router to open it

Router>enable

Router#configure terminal

First you should change the router’s name to Weaver

Router(config)#hostname Weaver

Create a NAT pool of global addresses to be allocated with their netmask.

Weaver(config)#ip nat pool mypool 198.18.184.105 198.18.184.110 netmask 255.255.255.248

Create a standard access control list that permits the addresses that are to be translated.

Weaver(config)#access-list 1 permit 192.168.100.16 0.0.0.15

Establish dynamic source translation, specifying the access list that was defined in the prior step.

Weaver(config)#ip nat inside source list 1 pool mypool overload

This command translates all source addresses that pass access list 1, which means a source address from 192.168.100.17 to 192.168.100.30, into an address from the pool named mypool (the pool contains addresses from 198.18.184.105 to 198.18.184.110).

Overload keyword allows to map multiple IP addresses to a single registered IP address (many-to-one) by using different ports.

The question said that appropriate interfaces have been configured for NAT inside and NAT outside statements.

This is how to configure the NAT inside and NAT outside, just for your understanding:

Weaver(config)#interface fa0/0

Weaver(config-if)#ip nat inside

Weaver(config-if)#exit

Weaver(config)#interface s0/0

Weaver(config-if)#ip nat outside

Weaver(config-if)#end

Finally, we should save all your work with the following command:

Weaver#copy running-config startup-config

Check your configuration by going to “H
ost for testing” and type:

C :\>ping 192.0.2.114

The ping should work well and you will be replied from 192.0.2.114

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

QUESTION 398

CCNA.com has a small network that is using EIGRP as its IGP. All routers should be running an EIGRP AS number of 12. Router MGT is also running static routing to the ISP.

 

CCNA.com has recently added the ENG router. Currently, the ENG router does not have connectivity to the ISP router. All over interconnectivity and Internet access for the existing locations of the company are working properly.

 

The task is to identify the fault(s) and correct the router configuration(s) to provide full connectivity between the routers.

 

Access to the router CLI can be gained by clicking on the appropriate host.

 

All passwords on all routers are cisco.

 

IP addresses are listed in the chart below.

 

MGT

Fa0/0 – 192.168.77.33

S1/0 – 198.0.18.6

S0/0 – 192.168.27.9

S0/1 – 192.168.50.21

 

ENG

Fa0/0 – 192.168.77.34

Fa1/0 – 192.168.12.17

Fa0/1 – 192.168.12.1

 

Parts1

Fa0/0 – 192.168.12.33

Fa0/1 – 192.168.12.49

S0/0 – 192.168.27.10

 

Parts2

Fa0/0 – 192.168.12.65

Fa0/1 – 192.168.12.81

S0/1 – 192.168.50.22

 

clip_image076

 

Correct Answer:

On the MGT Router:

Config t

Router eigrp 12

Network 192.168.77.0

 

 

QUESTION 399

Central Florida Widgets recently installed a new router in their office. Complete the network installation by performing the initial router configurations and configuring R1PV2 routing using the router command line interface (CLI) on the RC.

 

Configure the router per the following requirements:

 

Name of the router is R2

Enable. secret password is cisco

The password to access user EXEC mode using the console is cisco2

The password to allow telnet access to the router is cisco3

IPV4 addresses must be configured as follows:

Ethernet network 209.165.201.0/27 – router has fourth assignable host address in subnet

Serial network is 192.0.2.176/28 – router has last assignable host address in the subnet.

Interfaces should be enabled.

Router protocol is RIPV2

 

Attention:

In practical examinations, please note the following, the actual information will prevail.

 

1. Name or the router is xxx

2. Enable. secret password is xxx

3. Password In access user EXEC mode using the console is xxx

4. The password to allow telnet access to the router is xxx

5. IP information

 

clip_image077

 

Correct Answer:

Rout
er>enable

Router#config terminal

Router(config)#hostname R2

R2(config)#enable secret Cisco 1

R2(config)#line console 0

R2(config-line)#password Cisco 2

R2(config-line)#login

R2(config-line)#exit

R2(config)#line vty 0 4

R2(config-line)#password Cisco 3

R2(config-line)#login

R2(config-line)#exit

R2(config)#interface fa0/0

R2(config-if)#ip address 209.165.201.4 255.255.255.224

R2(config)#interface s0/0/0

R2(config-if)#ip address 192.0.2.190 255.255.255.240

R2(config-if)#no shutdown

R2(config-if)#exit

R2(config)#router rip

R2(config-router)#version 2

R2(config-router)#network 209.165.201.0

R2(config-router)#network 192.0.2.176

R2(config-router)#end

R2#copy run start

 

 

QUESTION 400

A network associate is adding security to the configuration of the Corp1 router. The user on host C should be able to use a web browser to access financial information from the Finance Web Server. No other hosts from the LAN nor the Core should be able to use a web browser to access this server. Since there are multiple resources for the corporation at this location including other resources on the Finance Web Server, all other traffic should be allowed.

 

The task is to create and apply an access-list with no more than three statements that will allow ONLY host C web access to the Finance Web Server. No other hosts will have web access to the Finance Web Server. All other traffic is permitted.

 

clip_image079

 

Access to the router CLI can be gained by clicking on the appropriate host.

 

All passwords have been temporarily set to “cisco”.

 

The Core connection uses an IP address of 198.18.247.65

 

The computers in the Hosts LAN have been assigned addresses of 192.168.240.1 – 192.168.240.254

 

clip_image080host A 192.168.240.1

clip_image080[1]host B 192.168.240.2

clip_image080[2]host C 192.168.240.3

 

Correct Answer:

Corp1#conf t

Corp1(config)# access-list 128 permit tcp host 192.168.240.1 host 172.22.141.26 eq www

Corp1(config)# access-list 128 deny tcp any host 172.22.141.26 eq www

Corp1(config)# access-list 128 permit ip any any

Corp1(config)#int fa0/1

Corp1(config-if)#ip access-group 128 out

Corp1(config-if)#end

Corp1#copy run startup-config

100% Free Download!
—Download Free Demo:200-125 Demo PDF
100% Pass Guaranteed!
Download 2017 Ensurepass 200-125 Full Exam PDF and VCE Q&As:635
—Get 10% off your purchase! Copy it:TJDN-947R-9CCD [2017.07.01-2017.07.31]

Ensurepass ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
PDF + VCE Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

2017 Ensurepass IT Certification PDF and VCE