[Free] 2019(Nov) EnsurePass Cisco 200-125 Dumps with VCE and PDF 261-270

Get Full Version of the Exam

Question No.261

Refer to the exhibit. An attempt to deny web access to a subnet blocks all traffic from the subnet. Which interface command immediately removes the effect of ACL 102?


  1. no ip access-class 102 in

  2. no ip access-class 102 out

  3. no ip access-group 102 in

  4. no ip access-group 102 out

  5. no ip access-list 102 in

Correct Answer: D


The quot;ip access-groupquot; is used to apply and ACL to an interface. From the output shown, we know that the ACL is applied to outbound traffic, so quot;no ip access-group 102 outquot; will remove the effect of this ACL.

Question No.262

A network administrator needs to configure port security on a switch. Which two statements are true? (Choose two.)

  1. The network administrator can apply port security to dynamic access ports.

  2. The network administrator can apply port security to EtherChannels.

  3. When dynamic MAC address learning is enabled on an interface, the switch can learn new addresses, up to the maximum defined.

  4. The sticky learning feature allows the addition of dynamically learned addresses to the running configuration.

  5. The network administrator can configure static secure or sticky secure MAC addresses in the voice VLAN.

Correct Answer: CD


Follow these guidelines when configuring port security:



Port security can only be configured on static access ports, trunk ports, or 802.1Q tunnel ports. A secure port cannot be a dynamic access port.


A secure port cannot be a destination port for Switched Port Analyzer (SPAN).



A secure port cannot belong to a Fast EtherChannel or Gigabit EtherChannel port group. You cannot configure static secure or sticky secure MAC addresses on a voice VLAN.


When you enable port security on an interface that is also configured with a voice VLAN, you must set the maximum allowed secure addresses on the port to at least two.


If any type of port security is enabled on the access VLAN, dynamic port security is automatically enabled on the voice VLAN.


When a voice VLAN is configured on a secure port that is also configured as a sticky secure port, all addresses seen on the voice VLAN are learned as dynamic secure addresses, and all addresses seen on the access VLAN (to which the port belongs) are learned as sticky secure addresses.



The switch does not support port security aging of sticky secure MAC addresses. The protect and restrict options cannot be simultaneously enabled on an interface.

Reference: http://www.cisco.com/en/US/docs/switches/lan/catalyst3550/software/release/12.1_19_ea1/config uration/guide/swtrafc.html

Question No.263

How does using the service password-encryption command on a router provide additional security?

  1. by encrypting all passwords passing through the router

  2. by encrypting passwords in the plain text configuration file

  3. by requiring entry of encrypted passwords for access to the device

  4. by configuring an MD5 encrypted key to be used by routing protocols to validate routing


  5. by automatically suggesting encrypted passwords for use in configuring the router

Correct Answer: B


By using this command, all the (current and future) passwords are encrypted. This command is primarily useful for keeping unauthorized individuals from viewing your password in your configuration file.

Question No.264

Which Cisco Catalyst feature automatically disables the port in an operational PortFast upon receipt of a BPDU?

  1. BackboneFast

  2. UplinkFast

  3. Root Guard

  4. BPDU Guard

  5. BPDU Filter

Correct Answer: D


We only enable PortFast feature on access ports (ports connected to end stations). But if someone does not know he can accidentally plug that port to another switch and a loop may occur when BPDUs are being transmitted and received on these ports. With BPDU Guard, when a PortFast receives a BPDU, it will be shut down to prevent a loop.

Question No.265

Which statement about access lists that are applied to an interface is true?

  1. You can place as many access lists as you want on any interface.

  2. You can apply only one access list on any interface.

  3. You can configure one access list, per direction, per Layer 3 protocol.

  4. You can apply multiple access lists with the same protocol or in different directions.

Correct Answer: C


We can have only 1 access list per protocol, per direction and per interface. It means:


We cannot have 2 inbound access lists on an interface


We can have 1 inbound and 1 outbound access list on an interface

Question No.266

When you are troubleshooting an ACL issue on a router, which command would you use to verify which interfaces are affected by the ACL?

  1. show ip access-lists

  2. show access-lists

  3. show interface

  4. show ip interface

  5. list ip interface

Correct Answer: D


Incorrect answer:

show ip access-lists does not show interfaces affected by an ACL.

Question No.267

Refer to the exhibit. A junior network administrator was given the task of configuring port security on SwitchA to allow only PC_A to access the switched network through port fa0/1. If any other device is detected, the port is to drop frames from this device. The administrator configured the interface and tested it with successful pings from PC_A to RouterA, and then observes the output from these two show commands. Which two of these changes are necessary for SwitchA to meet the requirements? (Choose two.)


  1. Port security needs to be globally enabled.

  2. Port security needs to be enabled on the interface.

  3. Port security needs to be configured to shut down the interface in the event of a violation.

  4. Port security needs to be configured to allow only one learned MAC address.

  5. Port security interface counters need to be cleared before using the show command.

  6. The port security configuration needs to be saved to NVRAM before it can become active.

Correct Answer: BD


From the output we can see that port security is disabled so this needs to be enabled. Also, the maximum number of devices is set to 2 so this needs to be just one if we want the single host to have access and nothing else.

Question No.268



Correct Answer:


Question No.269

Which item represents the standard IP ACL?

A. access-list 110 permit ip any any

B. access-list 50 deny

  1. access list 101 deny tcp any host

  2. access-list 2500 deny tcp any host eq 22

Correct Answer: B


The standard access lists are ranged from 1 to 99 and from 1300 to 1999 so only access list 50 is a standard access list.

Question No.270

What will be the result if the following configuration commands are implemented on a Cisco switch?

Switch(config-if)# switchport port-security

Switch(config-if)# switchport port-security mac-address sticky

  1. A dynamically learned MAC address is saved in the startup-configuration file.

  2. A dynamically learned MAC address is saved in the running-configuration file.

  3. A dynamically learned MAC address is saved in the VLAN database.

  4. Statically configured MAC addresses are saved in the startup-configuration file if frames from that address are received.

  5. Statically configured MAC addresses are saved in the running-configuration file if frames from that address are received.

Correct Answer: B


In the interface configuration mode, the command switchport port-security mac-address sticky enables sticky learning. When entering this command, the interface converts all the dynamic secure MAC addresses to sticky secure MAC addresses.

Get Full Version of the Exam
200-125 Dumps
200-125 VCE and PDF

You must be logged in to post a comment.

Proudly powered by WordPress   Premium Style Theme by www.gopiplus.com