CCNA Cisco Certified Network Associate CCNA (v3.05)”, also known as the 200-125 exam, is a Cisco Certification.
With the complete collection of questions and answers, CCNA Learner has assembled to take you through 1348 Q&As to your
200-124 Exam preparation. In the 200-125 exam resources, you will cover every field and category in Cisco CCNA helping to ready you for your successful Cisco Certification.

Explanation:
DLCI-Data Link Connection Identifier Bits: The DLCI serves to identify the virtual connection so that the receiving end knows which information connection a frame belongs to. Note that this DLCI has only local significance. Frame Relay is strictly a Layer 2 protocol suite.
QUESTION 226
What is the result of issuing the frame-relay map ip 192.168.1.2 202 broadcast command?

A. defines the destination IP address that is used in all broadcast packets on DCLI 202
B. defines the source IP address that is used in all broadcast packets on DCLI 202
C. defines the DLCI on which packets from the 192.168.1.2 IP address are received
D. defines the DLCI that is used for all packets that are sent to the 192.168.1.2 IP address
Answer: D

Explanation:
This command identifies the DLCI that should be used for all packets destined to the 192.168.1.2 address. In this case, DLCI 202 should be used.
QUESTION 227
Which PPP subprotocol negotiates authentication options?

A. NCP
B. ISDN
C. SLIP
D. LCP
E. DLCI
Answer: D

Explanation:
The PPP Link Control Protocol (LCP) is documented in RFC 1661. LPC negotiates link and PPP parameters to dynamically configure the data link layer of a PPP connection. Common LCP options include the PPP MRU, the authentication protocol, compression of PPP header fields, callback, and multilink options.
QUESTION 228
What are two characteristics of Frame Relay point-to-point subinterfaces? (Choose two.)

A. They create split-horizon issues.
B. They require a unique subnet within a routing domain.
C. They emulate leased lines. D. They are ideal for full-mesh topologies.
E. They require the use of NBMA options when using OSPF.
Answer: BC

Explanation:
Subinterfaces are used for point to point frame relay connections, emulating virtual point to point leased lines. Each subinterface requires a unique IP address/subnet. Remember, you can not assign multiple interfaces in a router that belong to the same IP subnet.
QUESTION 229
What command is used to verify the DLCI destination address in a Frame Relay static configuration?

A. show frame-relay pvc
B. show frame-relay lmi
C. show frame-relay map
D. show frame relay end-to-end
Answer: C

Explanation:
Sample “show frame-relay map” output:
R1#sh frame mapSerial0/0 (up): ip 10.4.4.1 dlci 401(0x191,0x6410), dynamic,broadcast,, status defined, activeSerial0/0 (up): ip 10.4.4.3 dlci 403(0x193,0x6430), dynamic,broadcast,, status defined, activeSerial0/0 (up): ip 10.4.4.4 dlci 401(0x191,0x6410), static,CISCO, status defined, active
QUESTION 230
What is the purpose of Inverse ARP?

A. to map a known IP address to a MAC address
B. to map a known DLCI to a MAC address
C. to map a known MAC address to an IP address
D. to map a known DLCI to an IP address
E. to map a known IP address to a SPID
F. to map a known SPID to a MAC address
Answer: D

Explanation:
Dynamic address mapping relies on the Frame Relay Inverse Address Resolution Protocol (Inverse ARP), defined by RFC 1293, to resolve a next hop network protocol (IP) address to a local DLCI value. The Frame Relay router sends out Inverse ARP requests on its Frame Relay PVC to discover the protocol address of the remote device connected to the Frame Relay network. The responses to the Inverse ARP requests are used to populate an address-to-DLCI mapping table on the Frame Relay router or access server. The router builds and maintains this address-to- DLCI mapping table, which contains all resolved Inverse ARP requests, including both dynamic and static mapping entries.
QUESTION 231
Two routers named Atlanta and Brevard are connected via their serial interfaces as illustrated, but they are unable to communicate. The Atlanta router is known to have the correct configuration.
Given the partial configurations, identify the fault on the Brevard router that is causing the lack of connectivity.

A. incompatible IP address
B. insufficient bandwidth
C. incorrect subnet mask
D. incompatible encapsulation
E. link reliability too low
F. IPCP closed
Answer: D

Explanation:
The correct explanation should be that the Atlanta router is usng HDLC while the Brevard is using PPP. These need to match on both ends.
QUESTION 232
Refer to the exhibit. The company uses EIGRP as the routing protocol. What path will packets take from a host on the 192.168.10.192/26 network to a host on the LAN attached to router R1?

A. The path of the packets will be R3 to R2 to R1.
B. The path of the packets will be R3 to R1 to R2.
C. The path of the packets will be both R3 to R2 to R1 AND R3 to R1.
D. The path of the packets will be R3 to R1.
Answer: D

Explanation:
Host on the LAN attached to router R1 belongs to 192.168.10.64/26 subnet. From the output of the routing table of R3 we learn this network can be reach via 192.168.10.9, which is an IP address in 192.168.10.8/30 network (the network between R1 & R3) -> packets destined for 192.168.10.64 will be routed from R3 -> R1 -> LAN on R1.
QUESTION 233
How does using the service password-encryption command on a router provide additional security?

A. by encrypting all passwords passing through the router
B. by encrypting passwords in the plain text configuration file
C. by requiring entry of encrypted passwords for access to the device
D. by configuring an MD5 encrypted key to be used by routing protocols to validate routing exchanges E. by automatically suggesting encrypted passwords for use in configuring the router
Answer: B

Explanation:
By using this command, all the (current and future) passwords are encrypted. This command is primarily useful for keeping unauthorized individuals from viewing your password in your configuration file
QUESTION 234
Refer to the exhibit. Switch port FastEthernet 0/24 on ALSwitch1 will be used to create an IEEE 802.1Q-compliant trunk to another switch. Based on the output shown, what is the reason the trunk does not form, even though the proper cabling has been attached?

A. VLANs have not been created yet.
B. An IP address must be configured for the port.
C. The port is currently configured for access mode.
D. The correct encapsulation type has not been configured.
E. The no shutdown command has not been entered for the port.
Answer: C

Explanation:
With point to point PVC, each connection needs to be in a separate subnet. The R2-R1 connection (DLCI 16 to 99) would have each router within the same subnet. Similarly, the R3-R1 connection would also be in the same subnet, but it must be in a different one than the R2-R1 connection.
QUESTION 235
Refer to the exhibit. A new subnet with 60 hosts has been added to the network. Which subnet address should this network use to provide enough usable addresses while wasting the fewest addresses?

A. 192.168.1.56/26
B. 192.168.1.56/27
C. 192.168.1.64/26
D. 192.168.1.64/27
Answer: C

Explanation:
Only a /30 is needed for the point to point link and sine the use of the ip subnet-zero was used, 172.16.3.0/30 is valid. Also, a /25 is required for 120 hosts and again 172.16.3.128/25 is the best, valid option.
QUESTION 236
A router has learned three possible routes that could be used to reach a destination network. One route is from EIGRP and has a composite metric of 20514560. Another route is from OSPF with a metric of 782. The last is from RIPv2 and has a metric of 4. Which route or routes will the router install in the routing table?

A. the OSPF route
B. the EIGRP route
C. the RIPv2 route
D. all three routes
E. the OSPF and RIPv2 routes
Answer: B

Explanation:
When one route is advertised by more than one routing protocol, the router will choose to use the routing protocol which has lowest Administrative Distance. The Administrative Distances of popular routing protocols are listed below:
QUESTION 237
A network administrator needs to allow only one Telnet connection to a router. For anyone viewing the configuration and issuing the show run command, the password for Telnet access should be encrypted. Which set of commands will accomplish this task?

A. service password-encryption access-list 1 permit 192.168.1.0 0.0.0.255 line vty 0 4 login password cisco access-class 1
B. enable password secret line vty 0 login password cisco
C. service password-encryption line vty 1 login password cisco
D. service password-encryption line vty 0 4 login password cisco
Answer: C

Explanation:
This static route will allow for communication to the Manchester workstations and it is better to use this more specific route than a default route as traffic destined to the Internet will then not go out the London Internet connection.
QUESTION 238
Refer to the exhibit. The network administrator requires easy configuration options and minimal routing protocol traffic. What two options provide adequate routing table information for traffic that passes between the two routers and satisfy the requests of the network administrator? (Choose two.)

A. a dynamic routing protocol on InternetRouter to advertise all routes to CentralRouter.
B. a dynamic routing protocol on InternetRouter to advertise summarized routes to CentralRouter.
C. a static route on InternetRouter to direct traffic that is destined for 172.16.0.0/16 to CentralRouter.
D. a dynamic routing protocol on CentralRouter to advertise all routes to InternetRouter.
E. a dynamic routing protocol on CentralRouter to advertise summarized routes to InternetRouter.
F. a static, default route on CentralRouter that directs traffic to InternetRouter.
Answer: CF

Explanation:
The use of static routes will provide the necessary information for connectivity while producing no routing traffic overhead.
QUESTION 239
What is the effect of using the service password-encryption command?

A. Only the enable password will be encrypted.
B. Only the enable secret password will be encrypted.
C. Only passwords configured after the command has been entered will be encrypted.
D. It will encrypt the secret password and remove the enable secret password from the configuration.
E. It will encrypt all current and future passwords.
Answer: E

Explanation:
Enable vty, console, AUX passwords are configured on the Cisco device. Use the show run command to show most passwords in clear text. If the service password-encryption is used, all the passwords are encrypted. As a result, the security of device access is improved.
QUESTION 240
Refer to the exhibit. What is the effect of the configuration that is shown?

A. It configures SSH globally for all logins.
B. It tells the router or switch to try to establish an SSh connection first and if that fails to use Telnet.
C. It configures the virtual terminal lines with the password 030752180500.
D. It configures a Cisco network device to use the SSH protocol on incoming communications via the virtual terminal ports.
E. It allows seven failed login attempts before the VTY lines are temporarily shutdown.
Answer: D

Explanation:
Secure Shell (SSH) is a protocol which provides a secure remote access connection to network devices. Communication between the client and server is encrypted in both SSH version 1 and SSH version 2. If you want to prevent non-SSH connections, add the “transport input ssh” command under the lines to limit the router to SSH connections only. Straight (non-SSH) Telnets are refused.
www.cisco.com/warp/public/707/ssh.shtml
QUESTION 241
Refer to the exhibit. What is the reason that the interface status is “administratively down, line protocol down”?

A. There is no encapsulation type configured.
B. There is a mismatch in encapsulation types.
C. The interface is not receiving any keepalives.
D. The interface has been configured with the shutdown command.
E. The interface needs to be configured as a DTE device.
F. The wrong type of cable is connected to the interface.
Answer: D

Explanation:
Interface can be enabled or disabled with shutdown/no shutdown command. If you interface is down, it will display administratively down status. You can bring up an interface having administratively down interface using no shutdown command.
QUESTION 242
Refer to the exhibit. A junior network administrator was given the task of configuring port security on SwitchA to allow only PC_A to access the switched network through port fa0/1. If any other device is detected, the port is to drop frames from this device. The administrator configured the interface and tested it with successful pings from PC_A to RouterA, and then observes the output from these two show commands. Which two of these changes are necessary for SwitchA to meet the requirements? (Choose two.)

A. Port security needs to be globally enabled.
B. Port security needs to be enabled on the interface.
C. Port security needs to be configured to shut down the interface in the event of a violation.
D. Port security needs to be configured to allow only one learned MAC address. E. Port security interface counters need to be cleared before using the show command. F. The port security configuration needs to be saved to NVRAM before it can become active.
Answer: BD

Explanation:
From the output we can see that port security is disabled so this needs to be enabled. Also, the maximum number of devices is set to 2 so this needs to be just one if we want the single host to have access and nothing else.
QUESTION 243
Refer to the exhibit. When running OSPF, what would cause router A not to form an adjacency with router B?

A. The loopback addresses are on different subnets.
B. The values of the dead timers on the routers are different.
C. Route summarization is enabled on both routers.
D. The process identifier on router A is different than the process identifier on router B.
Answer: B

Explanation:
To form an adjacency (become neighbor), router A & B must have the same Hello interval, Dead interval and AREA number.s
QUESTION 244
Which two of these statements are true of IPv6 address representation? (Choose two.)

A. There are four types of IPv6 addresses: unicast, multicast, anycast, and broadcast.
B. A single interface may be assigned multiple IPv6 addresses of any type.
C. Every IPv6 interface contains at least one loopback address.
D. The first 64 bits represent the dynamically created interface ID.
E. Leading zeros in an IPv6 16 bit hexadecimal field are mandatory.
Answer: BC

Explanation:
Leading zeros in IPv6 are optional do that 05C7 equals 5C7 and 0000 equals 0 -> D is not correct.
QUESTION 245
Which set of commands is recommended to prevent the use of a hub in the access layer?

A. switch(config-if)#switchport mode trunk switch(config-if)#switchport port-security maximum 1
B. switch(config-if)#switchport mode trunk switch(config-if)#switchport port-security mac-address 1
C. switch(config-if)#switchport mode access switch(config-if)#switchport port-security maximum 1
D. switch(config-if)#switchport mode access switch(config-if)#switchport port-security mac-address 1
Answer: C

Explanation:
This question is to examine the layer 2 security configuration. In order to satisfy the requirements of this question, you should perform the following configurations in the interface mode:
First, configure the interface mode as the access mode Second, enable the port security and set
the maximum number of connections to 1.
QUESTION 246
What is known as “one-to-nearest” addressing in IPv6?

A. global unicast
B. anycast
C. multicast
D. unspecified address
Answer: B

Explanation:
IPv6 Anycast addresses are used for one-to-nearest communication, meaning an Anycast address is used by a device to send data to one specific recipient (interface) that is the closest out of a group of recipients (interfaces).
QUESTION 247
What is the first 24 bits in a MAC address called?

A. NIC
B. BIA
C. OUI
D. VAI
Answer: C

Explanation:
An Organizationally Unique Identifier (OUI) is a 24-bit number that uniquely identifies a vendor, manufacturer, or other organization globally or worldwide. They are used as the first 24 nits of the MAC address to uniquely identify a particular piece of equipment.
QUESTION 248
Refer to the exhibit. Which subnet mask will place all hosts on Network B in the same subnet with the least amount of wasted addresses?

A. 255.255.255.0
B. 255.255.254.0
C. 255.255.252.0
D. 255.255.248.0
Answer: B

Explanation:
310 hosts < 512 = 29 -> We need a subnet mask of 9 bits 0 -> 1111 1111.1111 1111.1111 1110.0000 0000 -> 255.255.254.0
QUESTION 249
Refer to the exhibit. What is the most appropriate summarization for these routes?

A. 10.0.0.0 /21
B. 10.0.0.0 /22
C. 10.0.0.0 /23
D. 10.0.0.0 /24
Answer: B

Explanation:
The 10.0.0.0/22 subnet mask will include the 10.0.0.0, 10.0.1.0, 10.0.2.0, and 10.0.3.0 networks, and only those four networks.
QUESTION 250
What is the difference between a CSU/DSU and a modem?

A. A CSU/DSU converts analog signals from a router to a leased line; a modem converts analog signals from a router to a leased line.
B. A CSU/DSU converts analog signals from a router to a phone line; a modem converts digital signals from a router to a leased line.
C. A CSU/DSU converts digital signals from a router to a phone line; a modem converts analog signals from a router to a phone line.
D. A CSU/DSU converts digital signals from a router to a leased line; a modem converts digital signals from a router to a phone line.
Answer: D

Explanation:
CSU/DSU is used to convert digital signals from a router to a network circuit such as a T1, while a modem is used to convert digital signals over a regular POTS line.
QUESTION 251
Which two are features of IPv6? (Choose two.)

A. anycast
B. broadcast
C. multicast
D. podcast
E. allcast
Answer: AC

Explanation:
IPv6 addresses are classified by the primary addressing and routing methodologies common in networkinG. unicast addressing, anycast addressing, and multicast addressing.
QUESTION 252
Which two are advantages of static routing when compared to dynamic routing? (Choose two.)

A. Configuration complexity decreases as network size increases.
B. Security increases because only the network administrator may change the routing table.
C. Route summarization is computed automatically by the router.
D. Routing tables adapt automatically to topology changes.
E. An efficient algorithm is used to build routing tables, using automatic updates.
F. Routing updates are automatically sent to neighbors.
G. Routing traffic load is reduced when used in stub network links.
Answer: BG

Explanation:
Since static routing is a manual process, it can be argued that it is more secure (and more prone to human errors) since the network administrator will need to make changes to the routing table directly. Also, in stub networks where there is only a single uplink connection, the load is reduced as stub routers just need a single static default route, instead of many routes that all have the same next hop IP address.
QUESTION 253
A network administrator needs to configure port security on a switch. Which two statements are true? (Choose two.)

A. The network administrator can apply port security to dynamic access ports.
B. The network administrator can apply port security to EtherChannels.
C. When dynamic MAC address learning is enabled on an interface, the switch can learn new addresses, up to the maximum defined.
D. The sticky learning feature allows the addition of dynamically learned addresses to the running configuration.
E. The network administrator can configure static secure or sticky secure MAC addresses in the voice VLAN.
Answer: CD

Explanation:
An important feature of IPv6 is that it allows plug and play option to the network devices by allowing them to configure themselves independently. It is possible to plug a node into an IPv6 network without requiring any human intervention. This feature was critical to allow network connectivity to an increasing number of mobile devices. This is accomplished by autoconfiguration.
IPv6 does not implement traditional IP broadcast, i.e. the transmission of a packet to all hosts on the attached link using a special broadcast address, and therefore does not define broadcast addresses. In IPv6, the same result can be achieved by sending a packet to the link-local all nodes multicast group at address ff02::1, which is analogous to IPv4 multicast to address 224.0.0.1.
QUESTION 254
Which command enables IPv6 forwarding on a Cisco router?

A. ipv6 local
B. ipv6 host
C. ipv6 unicast-routing
D. ipv6 neighbor
Answer: C

Explanation:
to enable IPv6 routing on the Cisco router use the following command:
ipv6 unicast-routing
If this command is not recognized, your version of IOS does not support IPv6.
QUESTION 255
Which command encrypts all plaintext passwords?

A. Router# service password-encryption
B. Router(config)# password-encryption
C. Router(config)# service password-encryption
D. Router# password-encryption
Answer: C

Explanation:
The “service password-encryption” command allows you to encrypt all passwords on your router so they can not be easily guessed from your running-config. This command uses a very weak
encryption because the router has to be very quickly decode the passwords for its operation.
It is meant to prevent someone from looking over your shoulder and seeing the password, that is all. This is configured in global configuration mode.
QUESTION 256
You have been asked to come up with a subnet mask that will allow all three web servers to be on the same network while providing the maximum number of subnets. Which network address and subnet mask meet this requirement?

A. 192.168.252.0 255.255.255.252
B. 192.168.252.8 255.255.255.248
C. 192.168.252.8 255.255.255.252
D. 192.168.252.16 255.255.255.240
E. 192.168.252.16 255.255.255.252
Answer: B

Explanation:
A subnet mask of 255.255.255.248 will allow for up to 6 hosts to reside in this network. A subnet mask of 255.255.255.252 will allow for only 2 usable IP addresses, since we can not use the network or broadcast address.
QUESTION 257
Given an IP address 172.16.28.252 with a subnet mask of 255.255.240.0, what is the correct network address?

A. 172.16.16.0
B. 172.16.0.0
C. 172.16.24.0
D. 172.16.28.0
Answer: A

Explanation:
For this example, the network range is 172.16.16.1 – 172.16.31.254, the network address is 172.16.16.0 and the broadcast IP address is 172.16.31.255.
QUESTION 258
Which IPv6 address is the equivalent of the IPv4 interface loopback address 127.0.0.1?

A. ::1
B. ::
C. 2000::/3
D. 0::/10
Answer: A

Explanation:
In IPv6 the loopback address is written as,
This is a 128bit number, with the first 127 bits being ‘0’ and the 128th bit being ‘1’. It’s just a single address, so could also be written as ::1/128.
QUESTION 259
You are working in a data center environment and are assigned the address range 10.188.31.0/23. You are asked to develop an IP addressing plan to allow the maximum number of subnets with as many as 30 hosts each. Which IP address range meets these requirements?

A. 10.188.31.0/26
B. 10.188.31.0/25
C. 10.188.31.0/28
D. 10.188.31.0/27
E. 10.188.31.0/29
Answer: D

Explanation:
Each subnet has 30 hosts < 32 = 25 so we need a subnet mask which has at least 5 bit 0s -> /27.
Also the question requires the maximum number of subnets (which minimum the number of hosts- per-subnet) so /27 is the best choice -> .
QUESTION 260
Which parameter or parameters are used to calculate OSPF cost in Cisco routers?

A. Bandwidth
B. Bandwidth and Delay
C. Bandwidth, Delay, and MTU
D. Bandwidth, MTU, Reliability, Delay, and Load
Answer: A

Explanation:
The well-known formula to calculate OSPF cost is Cost = 108 / Bandwidth
QUESTION 261
Why do large OSPF networks use a hierarchical design? (Choose three.)

A. to decrease latency by increasing bandwidth
B. to reduce routing overhead
C. to speed up convergence
D. to confine network instability to single areas of the network
E. to reduce the complexity of router configuration
F. to lower costs by replacing routers with distribution layer switches
Answer: BCD

For More Q & A | Share your ❤️ Buy me a ☕ Pls check out the sponsored

By Admin