[PART 9] CCNA 200-125 Dumps Questions and Answers Latest (VCE + PDF)

561. Which statement about routing protocols is true?

  • A. Link-state routing protocols choose a path by the number of hops to the destination.
  • B. OSPF is a link-state routing protocol.*
  • C. Distance-vector routing protocols use the Shortest Path First algorithm.
  • D. IS-IS is a distance-vector routing protocol.

562. Which dynamic routing protocol uses only the hop count to determine the best path to a destination?

  • A. IGRP
  • B. RIP*
  • C. EIGRP
  • D. OSPF

563. In which situation would the use of a static route be appropriate?

  • A. To configure a route to the first Layer 3 device on the network segment.
  • B. To configure a route from an ISP router into a corporate network.
  • C. To configure a route when the administrative distance of the current routing protocol is too low.
  • D. To reach a network is more than 15 hops away.
  • E. To provide access to the Internet for enterprise hosts*

564. What are two drawbacks of implementing a link-state routing protocol? (Choose two)

  • A. the sequencing and acknowledgment of link-state packets
  • B. the high volume of link-state advertisements in a converged network
  • C. the requirement for a hierarchical IP addressing scheme for optimal functionality*
  • D. the high demand on router resources to run the link-state routing algorithm*
  • E. the large size of the topology table listing all advertised routes in the converged network

565. Refer to the exhibit. Router edge-1 is unable to establish OSPF neighbor adjacency with router ISP-1. Which two configuration changes can you make on edge-1 to allow the two routers to establish adjacency? (Choose two)

  • A. Set the subnet mask on edge-1 to 255 255.255.252.
  • B. Reduce the MTU on edge-1 to 1514.
  • C. Set the OSPF cost on edge-1 to 1522.
  • D. Reduce the MTU on edge-1 to 1500.*
  • E. Configure the ip ospf mtu-ignore command on the edge-1 Gi0/0 interface.*
Show (Hide) Explanation/Reference
In order to become OSPF neighbor following values must be match on both routers:

+ Area ID
+ Authentication
+ Hello and Dead Intervals
+ Stub Flag
MTU Size

Therefore we need to adjust the MTU size on one of the router so that they are the same. Or we can tell OSPF to ignore the MTU size check with the command “ip ospf mtu-ignore”.

566. Which EIGRP for IPv6 command can you enter to view the link-local addresses of the neighbors of a device?

  • A. show ipv6 eigrp 20 interfaces
  • B. show ipv6 route eigrp
  • C. show ipv6 eigrp neighbors*
  • D. show ip eigrp traffic
Show (Hide) Explanation/Reference
The “show ipv6 eigrp neighbors” command displays the neighbors discovered by the EIGRPv6. Notice that the neighbors are displayed by their link-local addresses.

567. Which routing protocols are compatible with stubs? (Choose two)

  • A. OSPF*
  • B. EIGRP*
  • C. EGP
  • D. BGP
  • E. IS-IS
  • F. RIP

568. Which feature or utility enables a switch or router to monitor network performance and availability using a responder?

  • A. NetFlow
  • B. ping
  • C. traceroute
  • D. IP SLA*

569. Which command can you enter to display the hits counter for NAT traffic?

  • A. show ip nat statistics*
  • B. debug ip nat
  • C. show ip debug nat
  • D. clear ip nat statistics
Show (Hide) Explanation/Reference
An example of the output of the “show ip nat statistics” is shown below. As we can see, the “Hits” counter is displayed.

570. Which NAT function can map multiple inside addresses to a single outside address?

  • A. PAT*
  • B. SFTP
  • C. RARP
  • D. ARP
  • E. TFTP
Show (Hide) Explanation/Reference
By adding the keyword “overload” at the end of a NAT statement, NAT becomes PAT (Port Address Translation). This is also a kind of dynamic NAT that maps multiple private IP addresses to a single public IP address (many-to-one) by using different ports.

571. Under which circumstance should a network administrator implement one-way NAT?

  • A. when the network must route UDP traffic
  • B. when traffic that originates outside the network must be routed to internal hosts *
  • C. when traffic that originates inside the network must be routed to internal hosts
  • D. when the network has few public IP addresses and many private IP addresses require outside access

572. Which three options are the HSRP states for a router? (Choose three)

  • A. initialize
  • B. learn*
  • C. secondary
  • D. listen*
  • E. speak*
  • F. primary
Show (Hide) Explanation/Reference
HSRP consists of 6 states:

State Description
Initial This is the beginning state. It indicates HSRP is not running. It happens when the configuration changes or the interface is first turned on
Learn The router has not determined the virtual IP address and has not yet seen an authenticated hello message from the active router. In this state, the router still waits to hear from the active router.
Listen The router knows both IP and MAC address of the virtual router but it is not the active or standby router. For example, if there are 3 routers in HSRP group, the router which is not in active or standby state will remain in listen state.
Speak The router sends periodic HSRP hellos and participates in the election of the active or standby router.
Standby In this state, the router monitors hellos from the active router and it will take the active state when the current active router fails (no packets heard from active router)
Active The router forwards packets that are sent to the HSRP group. The router also sends periodic hello messages

Please notice that not all routers in a HSRP group go through all states above. In a HSRP group, only one router reaches active state and one router reaches standby state. Other routers will stop at listen state.

573. Which two statements about the “tunnel mode ipv6ip” command are true? (Choose two)

  • A. It enables the transmission of IPv6 packets within the configured tunnel.*
  • B. It specifies IPv4 as the encapsulation protocol.*
  • C. It specifies IPv6 as the encapsulation protocol.
  • D. It specifies IPv6 as the transport protocol.
  • E. It specifies that the tunnel is a Teredo tunnel.
Show (Hide) Explanation/Reference
The “tunnel mode ipv6ip” command specifies IPv6 as the passenger protocol and IPv4 as both the encapsulation and transport protocol for the manual IPv6 tunnel. Notice that the tunnel source and destination are configured with IPv4 addressing and the tunnel interface is configured with IPv6.

An example of configuring using this command is shown below:

R1(config)#int tunnel 1
R1(config-if)#ipv6 address 1cde:7ea:348:1::3/127
R1(config-if)#tunnel source
R1(config-if)#tunnel destination
R1(config-if)#tunnel mode ipv6ip

574. In which three ways is an IPv6 header simpler than an IPv4 header? (Choose three)

  • A. Unlike IPv4 headers, IPv6 headers have a fixed length.*
  • B. IPv6 uses an extension header instead of the IPv4 Fragmentation field.*
  • C. IPv6 headers eliminate the IPv4 Checksum field.*
  • D. IPv6 headers use the Fragment Offset field in place of the IPv4 Fragmentation field.
  • E. IPv6 headers use a smaller Option field size than IPv4 headers.
  • F. IPv6 headers use a 4-bit TTL field, and IPv4 headers use an 8-bit TTL field.
Show (Hide) Explanation/Reference
The IPv4 and IPv6 headers are shown below for your comparison:

IPv6 Header fields

IPv6 eliminates the Header Checksum field, which handles error checking in IPv4. IPv6 depends on reliable transmission in the data link protocols and on error checking in upper-layer protocols instead -> Answer C is correct.

While IPv4 header’s total length comprises a minimum of 20 octets (8 bits per octet), IPv6 header has only 8 fields with a fixed length of 40 octets -> Answer A is correct.

IPv4 header does not have a fixed length because of the Options fields. This field is used to convey additional information on the packet or on the way it should be processed. Routers, unless instructed otherwise, must process the Options in the IPv4 header. The processing of most header options pushes the packet into the slow path leading to a forwarding performance hit.

IPv4 Options perform a very important role in the IP protocol operation therefore the capability had to be preserved in IPv6. However, the impact of IPv4 Options on performance was taken into consideration in the development of IPv6. The functionality of Options is removed from the main header and implemented through a set of additional headers called extension headers. The “Next Header” field in IPv6 can be used to point to the extension headers.

Reference: http://www.cisco.com/en/US/technologies/tk648/tk872/technologies_white_paper0900aecd8054d37d.html

575. You enter the “show ipv6 route” command on an OSPF device and the device displays a route. Which conclusion can you draw about the environment?

  • A. OSPF is distributing IPv6 routes to BGP.
  • B. The router is designated as an ABR.
  • C. The router is designated as totally stubby.
  • D. OSPFv3 is in use.*
Show (Hide) Explanation/Reference
The “show ipv6 route” displays the current contents of the IPv6 routing table. This device is running OSPF so we can deduce it is running OSPFv3 (OSPF for IPv6). An example of the “show ip v6 route” is shown below:

576. What is one requirement for interfaces to run IPv6?

  • A. An IPv6 address must be configured on the interface.*
  • B. An IPv4 address must be configured.
  • C. Stateless autoconfiguration must be enabled after enabling IPv6 on the interface.
  • D. IPv6 must be enabled with the ipv6 enable command in global configuration mode.
Show (Hide) Explanation/Reference
To run IPv6 on an interface we have to configure an IPv6 on that interface somehow -> A is correct.

IPv6 must be enabled first but with the “ipv6 unicast-routing”, not “ipv6 enable” command -> D is not correct.

577. What is the correct command for floating static ipv6 route?

  • A. ipv6 route 2001:DB8::/32 serial 2/0 201*
  • B. ipv6 route 2001:DB8::/32 serial 2/0 1
  • C. ?
  • D. ?
Show (Hide) Explanation/Reference
Floating static routes are static routes that have an administrative distance greater than the administrative distance (AD) of another static route or dynamic routes. By default a static route has an AD of 1 then floating static route must have the AD greater than 1 -> Answer A is correct as it has the AD of 201.

578. Which command sets and automatically encrypts the privileged enable mode password?

  • A. enable password cisco
  • B. secret enable cisco
  • C. password enable cisco
  • D. enable secret cisco*

579. The enable secret command is used to secure access to which CLI mode?

  • A. user EXEC mode
  • B. global configuration mode
  • C. privileged EXEC mode *
  • D. auxiliary setup mode

580. Refer to the exhibit. What is the result of setting the no login command?

Router#config t
Router(config)#line vty 0 4 
Router(config-line)#password c1sc0
Router(config-line)#no login
  • A. Telnet access is denied.
  • B. Telnet access requires a new password at the first login.
  • C. Telnet access requires a new password.
  • D. no password is required for telnet access.*
Show (Hide) Explanation/Reference
This configuration will let someone telnet to that router without the password (so the line “password c1sco” is not necessary).

581. Which protocol authenticates connected devices before allowing them to access the LAN?

  • A. 802.1d
  • B. 802.11
  • C. 802.1w
  • D. 802.1x*
Show (Hide) Explanation/Reference
802.1x is an IEEE Standard for port-based Network Access Control (PNAC). It is part of the IEEE 802.1 group of networking protocols. It provides an authentication mechanism to devices wishing to attach to a LAN.

582. What is the best way to verify that a host has a path to other hosts in different networks?

  • A. Ping the loopback address.
  • B. Ping the default gateway.
  • C. Ping the local interface address.
  • D. Ping the remote network.*

583. While you were troubleshooting a connection issue, a ping from one VLAN to another VLAN on the same switch failed. Which command verifies that IP routing is enabled on interfaces and the local VLANs are up?

  • A. show ip interface brief*
  • B. show ip nat statistics
  • C. show ip statistics
  • D. show ip route
Show (Hide) Explanation/Reference
The “show ip nat statistics” only gives us information about NAT translation. We cannot know if IP routing is enabled or the VLANs are up not not.

The “show ip statistics” command does not exist.

In the Troubleshoot part of “How to configure InterVLAN Routing on Layer 3 switches” (http://www.cisco.com/c/en/us/support/docs/lan-switching/inter-vlan-routing/41860-howto-L3-intervlanrouting.html) Cisco recommends to use the “show ip interface brief” command as follows:
Also verify the interface VLAN status by issuing the show ip interface brief command.

+ If the interface status is administratively down, enter the no shutdown command in the VLAN interface configuration mode.

+ If the interface status is down/down, verify the VTP configuration and that the VLANs have been added to the VLAN database. Check to see if a port is assigned to the VLAN and whether it is in the Spanning Tree forwarding state.

Initiate a ping from an end device in one VLAN to the interface VLAN on another VLAN in order to verify that the switch routes between VLANs. In this example, ping from VLAN 2 ( to Interface VLAN 3 ( or Interface VLAN 10 ( If the ping fails, verify that IP routing is enabled and that the VLAN interfaces status is up with the show ip interface brief command.

Also in the above link Cisco only mentions about the “show ip route” in the “Verify” part, not “Troubleshooting” part so “show ip interface brief” is a better answer.

584. Which version of SNMP first allowed user-based access?

  • A. SNMPv3 with RBAC
  • B. SNMPv3*
  • C. SNMPv1
  • D. SNMPv2
Show (Hide) Explanation/Reference
The user-based access control implemented by SNMPv3 is based on contexts and user names, rather than on IP addresses and community strings. It is a partial implementation of the view-based access control model (VACM).

585. What is the first step you perform to configure an SNMPv3 user?

  • A. Configure server traps.
  • B. Configure the server group.*
  • C. Configure the server host.
  • D. Configure the remote engine ID.
Show (Hide) Explanation/Reference
The first step we need to do when configuring an SNMPv3 user is to configure the server group to enable authentication for members of a specified named access list via the “snmp-server group” command. For example:

Router(config)# snmp-server group MyGroup v3 auth access snmp_ac

In this example, the SNMP server group MyGroup is configured to enable user authentication for members of the named access list snmp_acl.

Reference: http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/snmp/configuration/xe-3se/3850/snmp-xe-3se-3850-book/nm-snmp-snmpv3.html

586. Which command can you enter to configure the switch as an authoritative NTP server with a site id: 13999902?

  • A. Switch(config)#ntp master 3 *
  • B. Switch(config)#ntp peer
  • C. Switch(config)#ntp server
  • D. Switch(config)#ntp source
Show (Hide) Explanation/Reference
An Authoritative NTP Server can distribute time even when it is not synchronized to an existing time server. To configure a Cisco device as an Authoritative NTP Server, use the ntp master [stratum] command.

587. What are three broadband wireless technologies? (Choose three)

  • A. WiMax*
  • B. satellite Internet*
  • C. municipal Wi-Fi*
  • D. site-to-site VPN
  • E. DSLAM
  • F. CMTS
Show (Hide) Explanation/Reference
WiMAX is short for Worldwide Interoperability for Microwave Access. WiMAX is a family of wireless communication standards based on the IEEE 802.16 set of standards.

Satellite Internet provides Internet access via satellite. It is a form of wireless broadband technology. But it is usually slower than DSL and cable modem.

Municipal wireless network is a city-wide wireless network. This is usually done by providing municipal broadband via Wi-Fi to large parts or all of a municipal area by deploying a wireless mesh network. The typical deployment design uses hundreds of wireless access points deployed outdoors, often on poles.

DSLAM (Digital Subscriber Line Access Multiplexer) is a network device, usually at a telephone company central office, that receives signals from multiple customer Digital Subscriber Line (DSL) connections and puts the signals on a high-speed backbone line using multiplexing techniques. It is a cable technology, not a wireless technology.

Cable Modem Termination Systems (CMTS) is a piece of equipment, typically located in a cable company’s headend or hubsite, which is used to provide high speed data services, such as cable Internet or Voice over Internet Protocol, to cable subscribers. It is a cable technology, not a wireless technology.

588. What are three characteristics of satellite Internet connections? (Choose three)

  • A. Their upload speed is about 10 percent of their download speed.*
  • B. They are frequently used by rural users without access to other high-speed connections.*
  • C. They are usually at least 10 times faster than analog modem connections.*
  • D. They are usually faster than cable and DSL connections.
  • E. They require a WiMax tower within 30 miles of the user location.
  • F. They use radio waves to communicate with cellular phone towers.
Show (Hide) Explanation/Reference
Many rural areas do not have cable Internet access and their only choice to connect to the Internet is via satellite. Satellite internet leverages the hundreds of satellites in orbit around the Earth to send and receive data over the Internet. Of course the speed of this type of connection is much slower than DSL and cable connections. But with new technologies, satellite connections may achieve data speed up to 50 Mbps -> B is correct, D is not correct.

In general, the speeds of popular types of Internet connections are like this: DSL/cable > satellite Internet > dial-up (analog modem).

Satellite Internet uses satellite for Internet connection -> E is not correct

Satellites use radio waves to communicate with the customer’s gateway, also known as a ground station (like a customer’s satellite dish), but not with cellular phone towers -> F is not correct.

For your information, satellite Internet uses high frequency signals, which range from 18.3 gigahertz to 31 gigahertz (Ka band).

Answer A C are two options left and they are acceptable answers. Although in practical they may vary a lot.

589. Which command can you enter to verify echo request and echo reply?

  • A. ping*
  • B. traceroute
  • C. tracert
  • D. telnet
Show (Hide) Explanation/Reference
The ping command first sends an echo request packet to an address, then waits for an echo reply. The ping is successful only if:
+ The echo request gets to the destination, and
+ The destination is able to get an echo reply back to the source within a predetermined time called a timeout. The default value of this timeout is two seconds on Cisco routers.

Reference: http://www.cisco.com/c/en/us/support/docs/ios-nx-os-software/ios-software-releases-121-mainline/12778-ping-traceroute.html

590. What utility is used for shadowed rules?

  • A. Create an action plan
  • B. Implement an action plan*
  • C. Gather facts
  • D. ?
Show (Hide) Explanation/Reference
We are not sure about this question. But below is information about the shadowed rule for your reference.

Shadowed Rule: These are rules that will never be executed because of improper access-list order. A shadowed rule occurs when a general rule precedes a specific one. For example, if the first rule that says “allow all outbound web traffic” and then a second rule (lie under the first rule) says “deny all outbound traffic to Google” the second rule will never be executed.

The following is a simple example of shadowed rules:

access-list acl permit ip any
access-list acl permit ip any

-> The second rule never matches.

591. What feature you should use to analyse and monitor your traffic for troubleshooting?

  • A. RSPAN
  • B. SPAN
  • C. Netflow*
  • D. SNMP

592. Which command can you use to test whether a switch supports secure connections and strong authentication?

  • Router#ssh –v 1 –l admin
  • Switch>ssh –v 1 –l admin
  • Switch#ssh –l admin
  • Router>ssh –v 2 –l admin10.1.1.1*

593. Which functionality does split horizon provide?

  • It prevents switching loops in distance-vector protocols.
  • It prevents switching loops in link-state protocols.
  • It prevents routing loops in distance-vector protocols.*
  • It prevents routing loops in link-state protocols.

594. How many host addresses are available on the network subnet 255.255.255 240?

  • 6
  • 8
  • 14*
  • 16

595. Which VTP mode prevents you from making changes to VLANs?

  • server
  • off
  • client*
  • transparent

596. Which three statements about DTP are true? (Choose three.)

  • It is a proprietary protocol.*
  • It is a universal protocol.
  • It is a Layer 2-based protocol.*
  • It is enabled by default.*
  • It is disabled by default.
  • It is a Layer 3-based protocol.

597. Refer to the exhibit. You have determined that computer A cannot ping computer B. Which reason for the problem is most likely true?

  • The computer B default gateway address is incorrect.
  • The computer B subnet mask is incorrect.
  • The computer A subnet mask is incorrect.
  • The computer A default gateway address is incorrect.*

598. Refer to the exhibit. What is the metric for the route from R1 to

  • 2
  • 90
  • 110
  • 52778*

599. Which command can you enter to troubleshoot the failure of address assignments?

  • show ip dhcp database
  • show ip dhcp pool*
  • clear ip dhcp server statistics
  • show ip dhcp import

600. Which two EtherChannel PAgP modes can you configure? (Choose two.)

  • on
  • desirable*
  • passive
  • auto*
  • active

601. Which six-byte field in a basic Ethernet frame must be an individual address?

  • SOF
  • FCS
  • DA
  • SA*

602. Which command can you enter to re-enable Cisco Discovery Protocol on a local router after it has been disabled?

  • Router(config-if)#cdp run
  • Router(config-if)#cdp enable
  • Router(config)#cdp run*
  • Router(config)#cdp enable

Related Articles

Leave a Reply