[Free] 2019(Nov) EnsurePass Cisco 200-125 Dumps with VCE and PDF 271-280

Get Full Version of the Exam

Question No.271

Refer to exhibit. A network administrator cannot establish a Telnet session with the indicated router. What is the cause of this failure?


  1. A Level 5 password is not set.

  2. An ACL is blocking Telnet access.

  3. The vty password is missing.

  4. The console password is missing.

Correct Answer: C


The login keyword has been set, but not password. This will result in the quot;password required, but none setquot; message to users trying to telnet to this router.

Question No.272

Refer to the exhibit. Statements A, B, C, and D of ACL 10 have been entered in the shown order and applied to interface E0 inbound, to prevent all hosts (except those whose addresses are the first and last IP of subnet from accessing the network. But as is, the ACL does not restrict anyone from the network. How can the ACL statements be re-arranged so that the system works as intended?


  1. ACDB

  2. BADC

  3. DBAC

  4. CDBA

Correct Answer: D


Routers go line by line through an access list until a match is found and then will not look any further, even if a more specific of better match is found later on in the access list. So, it it best to begin with the most specific entries first, in this cast the two hosts in line C and D. Then, include the subnet (B) and then finally the rest of the traffic (A).

Question No.273

Refer to the exhibit. The following commands are executed on interface fa0/1 of 2950Switch. 2950Switch(config-if)# switchport port-security

2950Switch(config-if)# switchport port-security mac-address sticky 2950Switch(config-if)# switchport port-security maximum 1

The Ethernet frame that is shown arrives on interface fa0/1. What two functions will occur when this frame is received by 2950Switch? (Choose two.)


  1. The MAC address table will now have an additional entry of fa0/1 FFFF.FFFF.FFFF.

  2. Only host A will be allowed to transmit frames on fa0/1.

  3. This frame will be discarded when it is received by 2950Switch.

  4. All frames arriving on 2950Switch with a destination of 0000.00aa.aaaa will be forwarded out fa0/1.

  5. Hosts B and C may forward frames out fa0/1 but frames arriving from other switches will not be forwarded out fa0/1.

  6. Only frames from source 0000.00bb.bbbb, the first learned MAC address of 2950Switch, will be forwarded out fa0/1.

Correct Answer: BD


The configuration shown here is an example of port security, specifically port security using sticky addresses. You can use port security with dynamically learned and static MAC addresses to restrict a port#39;s ingress traffic by limiting the MAC addresses that are allowed to send traffic into the port. When you assign secure MAC addresses to a secure port, the port does not forward ingress traffic that has source addresses outside the group of defined addresses. If you limit the number of secure MAC addresses to one and assign a single secure MAC address, the device attached to that port has the full bandwidth of the port.

Port security with sticky MAC addresses provides many of the same benefits as port security with static MAC addresses, but sticky MAC addresses can be learned dynamically. Port security with sticky MAC addresses retains dynamically learned MAC addresses during a link-down condition.

Question No.274

Which set of commands is recommended to prevent the use of a hub in the access layer?

  1. switch(config-if)#switchport mode trunk switch(config-if)#switchport port-security maximum 1

  2. switch(config-if)#switchport mode trunk

    switch(config-if)#switchport port-security mac-address 1

  3. switch(config-if)#switchport mode access switch(config-if)#switchport port-security maximum 1

  4. switch(config-if)#switchport mode access

switch(config-if)#switchport port-security mac-address 1

Correct Answer: C


This question is to examine the layer 2 security configuration.

In order to satisfy the requirements of this question, you should perform the following configurations in the interface mode:

First, configure the interface mode as the access mode.

Second, enable the port security and set the maximum number of connections to 1.

Question No.275

What can be done to secure the virtual terminal interfaces on a router? (Choose two.)

  1. Administratively shut down the interface.

  2. Physically secure the interface.

  3. Create an access list and apply it to the virtual terminal interfaces with the access-group command.

  4. Configure a virtual terminal password and login process.

  5. Enter an access list and apply it to the virtual terminal interfaces using the access-class command.

Correct Answer: DE


It is a waste to administratively shut down the interface. Moreover, someone can still access the virtual terminal interfaces via other interfaces -gt;

We cannot physically secure a virtual interface because it is quot;virtualquot; -gt;.

To apply an access list to a virtual terminal interface we must use the quot;access-classquot; command. The quot;access-groupquot; command is only used to apply an access list to a physical interface -gt; C is not correct.

The most simple way to secure the virtual terminal interface is to configure a username amp; password to prevent unauthorized login.

Question No.276

Which two commands correctly verify whether port security has been configured on port FastEthernet 0/12 on a switch? (Choose two.)

  1. SW1#show port-secure interface FastEthernet 0/12

  2. SW1#show switchport port-secure interface FastEthernet 0/12

  3. SW1#show running-config

  4. SW1#show port-security interface FastEthernet 0/12

  5. SW1#show switchport port-security interface FastEthernet 0/12

Correct Answer: CD


We can verify whether port security has been configured by using the quot;show running- configquot; or quot;show port-security interfacequot; for more detail. An example of the output of quot;show port-security interfacequot; command is shown below:


Question No.277

What are the benefits of using Netflow? (Choose three.)

  1. Network, Application amp; User Monitoring

  2. Network Planning

  3. Security Analysis

  4. Accounting/Billing

Correct Answer: ACD


NetFlow traditionally enables several key customer applications including:


Network Monitoring – NetFlow data enables extensive near real time network monitoring capabilities. Flow-based analysis techniques may be utilized to visualize traffic patterns associated with individual routers and switches as well as on a network-wide basis (providing aggregate traffic or application based views) to provide proactive problem detection, efficient troubleshooting, and rapid problem resolution.


Application Monitoring and Profiling – NetFlow data enables network managers to gain a detailed, time-based, view of application usage over the network. This information is used to plan, understand new services, and allocate network and application resources (e.g. Web server sizing and VoIP deployment) to responsively meet customer demands.


User Monitoring and Profiling – NetFlow data enables network engineers to gain detailed understanding of customer/user utilization of network and application resources. This information may then be utilized to efficiently plan and allocate access, backbone and application resources as well as to detect and resolve potential security and policy violations.


Network Planning – NetFlow can be used to capture data over a long period of time producing the opportunity to track and anticipate network growth and plan upgrades to increase the number of routing devices, ports, or higher- bandwidth interfaces. NetFlow services data optimizes network planning including peering, backbone upgrade planning, and routing policy planning. NetFlow helps to minimize the total cost of network operations while maximizing network performance, capacity, and reliability. NetFlow detects unwanted WAN traffic, validates bandwidth and Quality of Service (QOS) and allows the analysis of new network applications. NetFlow will give you valuable information to reduce the cost of operating your network.


Security Analysis – NetFlow identifies and classifies DDOS attacks, viruses and worms in real- time. Changes in network behavior indicate anomalies that are clearly demonstrated in NetFlow data. The data is also a valuable forensic tool to understand and replay the history of security incidents.


Accounting/Billing – NetFlow data provides fine-grained metering (e.g. flow data includes details such as IP addresses, packet and byte counts, timestamps, type-of-service andapplication ports, etc.) for highly flexible and detailed resource utilization accounting. Service providers may utilize the information for billing based on time-of-day, bandwidth usage, application usage, quality of service, etc. Enterprise customers may utilize the information for departmental charge-back or cost allocation for resource utilization.

Question No.278

Refer to the exhibit. A problem with network connectivity has been observed. It is suspected that the cable connected to switch port Fa0/9 on Switch1 is disconnected. What would be an effect of this cable being disconnected?


  1. Host B would not be able to access the server in VLAN9 until the cable is reconnected.

  2. Communication between VLAN3 and the other VLANs would be disabled.

  3. The transfer of files from Host B to the server in VLAN9 would be significantly slower.

  4. For less than a minute, Host B would not be able to access the server in VLAN9. Then normal network function would resume.

Correct Answer: D


Spanning-Tree Protocol (STP) is a Layer 2 protocol that utilizes a special-purpose algorithm to discover physical loops in a network and effect a logical loop-free topology. STP creates a loop- free tree structure consisting of leaves and branches that span the entire Layer 2 network. The actual mechanics of how bridges communicate and how the STP algorithm works will be discussed at length in the following topics. Note that the terms bridge and switch are used interchangeably when discussing STP. In addition, unless otherwise indicated, connections between switches are assumed to be trunks.

Question No.279

What command visualizes the general NetFlow data on the command line?

  1. show ip flow export

  2. show ip flow top-talkers

  3. show ip cache flow

  4. show mls sampling

  5. show mls netflow ip

Correct Answer: C


The following is an example of how to visualize the NetFlow data using the CLI. There are three methods to visualize the data depending on the version of Cisco IOS Software. The traditional show command for NetFlow is quot;show ip cache flowquot; also available are two forms of top talker commands. One of the top talkers commands uses a static configuration to view top talkers in the network and another command called dynamic top talkers allows real-time sorting and aggregation of NetFlow data. Also shown is a show MLS command to view the hardware cache on the Cisco Catalyst 6500 Series Switch. The following is the original NetFlow show command used for many years in Cisco IOS Software. Information provided includes packet size distribution; basic statistics about number of flows and export timer setting, a view of the protocol distribution statistics and the NetFlow cache.

The quot;show ip cache flowquot; command displays a summary of the NetFlow accounting statistics.


Reference: http://www.cisco.com/c/en/us/products/collateral/ios-nx-os-software/ios- netflow/prod_white_paper0900aecd80406232.html

Question No.280

Refer to the exhibit. An administrator pings the default gateway at and sees the output as shown. At which OSI layer is the problem?


  1. data link layer

  2. application layer

  3. access layer

  4. session layer

  5. network layer

Correct Answer: E


The command ping uses ICMP protocol, which is a network layer protocol used to propagate control message between host and router. The command ping is often used to verify the network connectivity, so it works at the network layer.

Get Full Version of the Exam
200-125 Dumps
200-125 VCE and PDF

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.