Cisco 200-105 Dumps Questions 2021

NEW QUESTION 1
The command frame-relay map ip 10.121.16.8 102 broadcast was entered on the router. Which of the following statements is true concerning this command?

• A. This command should be executed from the global configuration mode.
• B. The IP address 10.121.16.8 is the local router port used to forward data.
• C. 102 is the remote DLCI that will receive the information.
• D. This command is required for all Frame Relay configurations.
• E. The broadcast option allows packets, such as RIP updates, to be forwarded across the PVC.

Answer: E

Explanation: The command frame-relay map ip 10.121.16.8 102 broadcast means to map the remote IP 10.121.16.8 to the local DLCI 102. When the “broadcast” keyword is included, it turns Frame Relay network as a broadcast network, which can forward broadcasts.

NEW QUESTION 2
Refer to the exhibit.

What three actions will the switch take when a frame with an unknown source MAC address arrives at the interface? (Select three.)

• A. Send an SNMP trap.
• B. Send a syslog message.
• C. Increment the Security Violation counter.
• D. Forward the traffic.
• E. Write the MAC address to the startup-config.
• F. Shut down the port.

Answer: ABC

Explanation: Switchport Security Concepts and Configuration http://www.ciscopress.com/articles/article.asp?p=1722561
Switchport Security Violations
The second piece of switchport port-security that must be understood is a security violation including what it is what causes it and what the different violation modes that exist. A switchport violation occurs in one of two situations:
When the maximum number of secure MAC addresses has been reached (by default, the maximum number of secure MAC addresses per switchport is limited to 1)
An address learned or configured on one secure interface is seen on another secure interface in the same VLAN
The action that the device takes when one of these violations occurs can be configured: Protect—This mode permits traffic from known MAC addresses to continue to be forwarded while dropping traffic from unknown MAC addresses when over the allowed MAC address limit. When configured with this mode, no notification action is taken when traffic is
dropped.
Restrict—This mode permits traffic from known MAC addresses to continue to be forwarded while dropping traffic from unknown MAC addresses when over the allowed MAC address limit. When configured with this mode, a syslog message is logged, a Simple Network Management Protocol (SNMP) trap is sent, and a violation counter is incremented when traffic is dropped.
Shutdown—This mode is the default violation mode; when in this mode, the switch will automatically force the switchport into an error disabled (err-disable) state when a violation occurs. While in this state, the switchport forwards no traffic. The switchport can be brought out of this error disabled state by issuing the errdisable recovery cause CLI command or by disabling and re-enabling the switchport.
Shutdown VLAN—This mode mimics the behavior of the shutdown mode but limits the error disabled state the specific violating VLAN.

NEW QUESTION 3
Which protocol supports sharing the VLAN configuration between two or more switches?

• A. multicast
• B. STP
• C. VTP
• D. split-horizon

Answer: C

Explanation: “VTP allows a network manager to configure a switch so that it will propagate VLAN configurations to other switches in the network”
VTP minimizes misconfigurations and configuration inconsistencies that can cause problems, such as duplicate VLAN names or incorrect VLAN-type specifications. VTP helps you simplify management of the VLAN database across multiple switches.
VTP is a Cisco-proprietary protocol and is available on most of the Cisco switches.

NEW QUESTION 4
The output of the show frame-relay pvc command shows "PVC STATUS = INACTIVE". What does this mean?

• A. The PVC is configured correctly and is operating normally, but no data packets have been detected for more than five minutes.
• B. The PVC is configured correctly, is operating normally, and is no longer actively seeking the address of the remote router.
• C. The PVC is configured correctly, is operating normally, and is waiting for interesting traffic to trigger a call to the remote router.
• D. The PVC is configured correctly on the local switch, but there is a problem on the remote end of the PVC.
• E. The PVC is not configured on the local switch.

Answer: D

Explanation: The PVC STATUS displays the status of the PVC. The DCE device creates and sends the report to the DTE devices. There are 4 statuses:
ACTIVE: the PVC is operational and can transmit dataINACTIVE: the connection from the local router to the switch is working, but the connection to the remote router is not availableDELETED: the PVC is not present and no LMI information is being received from the Frame Relay switch STATIC: the Local Management Interface (LMI) mechanism on the interface is disabled (by using the “no keepalive” command). This status is rarely seen.

NEW QUESTION 5
What about HSRP IP Address is true?

• A. If its part of the LAN
• B. Part of all other networks
• C. Local to the interface
• D. Appears in the routing table
• E. Acts as default route for that interface

Answer: E

NEW QUESTION 6
Which type does a port become when it receives the best BPDU on a bridge?

• A. the backup port
• B. the root port
• C. the designated port
• D. the alternate port

Answer: D

NEW QUESTION 7
Which encapsulation type is a Frame Relay encapsulation type that is supported by Cisco routers?

• A. IETF
• B. ANSI Annex D
• C. Q9333-A Annex A
• D. HDLC

Answer: A

Explanation: Cisco supports two Frame Relay encapsulation types: the Cisco encapsulation and the
IETF Frame Relay encapsulation, which is in conformance with RFC 1490 and RFC 2427. The former is often used to connect two Cisco routers while the latter is used to connect a Cisco router to a non-Cisco router. You can test with your Cisco router when typing the command Router(config-if)#encapsulation frame-relay ? on a WAN link.
Note: Three LMI options are supported by Cisco routers are ansi, Cisco, and Q933a. They represent the ANSI Annex D, Cisco, and ITU Q933-A (Annex A) LMI types, respectively. HDLC is a WAN protocol same as Frame-Relay and PPP so it is not a Frame Relay encapsulation type.

NEW QUESTION 8
Which three responses does TACAS+ give while querying. (Choose three)

• A. error
• B. accept
• C. continue
• D. persist
• E. fault

Answer: ABC

NEW QUESTION 9
Refer to the exhibit.

Which of these correctly describes the results of port security violation of an unknown packet?

• A. port enabled; unknown packets dropped; no SNMP or syslog messages
• B. port enabled; unknown packets dropped; SNMP or syslog messages
• C. port disabled; no SNMP or syslog messages
• D. port disabled; SNMP or syslog messages

Answer: D

Explanation: Configuring Port Security http://packetlife.net/blog/2010/may/3/port-security/
We can view the default port security configuration with show port-security:

http://www.ciscopress.com/articles/article.asp?p=1722561
Switchport Security Violations
The second piece of switchport port-security that must be understood is a security violation including what it is what causes it and what the different violation modes that exist. A switchport violation occurs in one of two situations:
When the maximum number of secure MAC addresses has been reached (by default, the maximum number of secure MAC addresses per switchport is limited to 1)
An address learned or configured on one secure interface is seen on another secure interface in the same VLAN
The action that the device takes when one of these violations occurs can be configured: Protect—This mode permits traffic from known MAC addresses to continue to be forwarded while dropping traffic from unknown MAC addresses when over the allowed MAC address
limit. When configured with this mode, no notification action is taken when traffic is dropped.
Restrict—This mode permits traffic from known MAC addresses to continue to be forwarded while dropping traffic from unknown MAC addresses when over the allowed MAC address limit. When configured with this mode, a syslog message is logged, a Simple Network Management Protocol (SNMP) trap is sent, and a violation counter is incremented when traffic is dropped.
Shutdown—This mode is the default violation mode; when in this mode, the switch will automatically force the switchport into an error disabled (err-disable) state when a violation occurs. While in this state, the switchport forwards no traffic. The switchport can be brought out of this error disabled state by issuing the errdisable recovery cause CLI command or by disabling and re-enabling the switchport.
Shutdown VLAN—This mode mimics the behavior of the shutdown mode but limits the error disabled state the specific violating VLAN.

NEW QUESTION 10
Which feature does PPP use to encapsulate multiple protocols?

• A. NCP
• B. LCP
• C. IPCP
• D. IPXP

Answer: A

Explanation: PPP permits multiple network layer protocols to operate on the same communication link. For every network layer protocol used, a separate Network Control Protocol (NCP) is provided in order to encapsulate and negotiate options for the multiple network layer protocols. It negotiates network-layer information, e.g. network address or compression options, after the connection has been established

NEW QUESTION 11
Which two statements about the spanning-tree bridge ID are true? (Choose two)

• A. It is composed of a 4-bit bridge priority and a 12-bit system ID extension.
• B. The bridge ID is transmitted in the IP header to elect the root bridge.
• C. The system ID extension is a value between 1 and 4095.
• D. It is composed of an 8-bit bridge priority and a 16-bit system ID extension.
• E. The bridge priority must be incremented in blocks of 4096.

Answer: AE

NEW QUESTION 12
What are three reasons that an organization with multiple branch offices and roaming users might implement a Cisco VPN solution instead of point-to-point WAN links? (Choose three.)

• A. reduced cost
• B. better throughput
• C. broadband incompatibility
• D. increased security
• E. scalability
• F. reduced latency

Answer: ADE

Explanation: Cisco VPN solutions provide exceptional security through encryption and
authentication technologies that protect data in transit from unauthorized access and attacks. A Cisco VPN helps you:
Use highly secure communications, with access rights tailored to individual users
Quickly add new sites or users, without significantly expanding your existing infrastructure Improve productivity by extending corporate networks, applications, and collaboration tools Reduce communications costs while increasing flexibility

NEW QUESTION 13
Refer to the exhibit.

What address is a feasible successor?

• A. 172.16.4.0
• B. 10.1.4.4
• C. 10.1.2.2
• D. 172.16.3.0

Answer: C

Explanation: The feasible condition states:
“To qualify as a feasible successor, a router must have an AD less than the FD of the current successor route”.
In this case, we see 10.1.2.2 shows an AD less than the current successor of 10.1.4.4

NEW QUESTION 14
Which statement about QoS default behavior is true?

• A. Ports are untrusted by default.
• B. VoIP traffic is passed without being tagged.
• C. Video traffic is passed with a well-known DSCP value of 46.
• D. Packets are classified internally with an environment.
• E. Packets that arrive with a tag are untagged at the edge of an administrative domain.

Answer: E

Explanation: Frames received from users in the administratively-defined VLANs are classified or tagged for transmission to other devices. Based on rules that you define, a unique identifier (the tag) is inserted in each frame header before it is forwarded. The tag is examined and understood by each device before any broadcasts or transmissions to other switches, routers, or end stations. When the frame reaches the last switch or router, the tag is removed before the frame is sent to the target end station. VLANs that are assigned on trunk or access ports without identification or a tag are called native or untagged frames. For IEEE 802.1Q frames with tag information, the priority value from the header frame is used. For native frames, the default priority of the input port is used.
Each port on the switch has a single receive queue buffer (the ingress port) for incoming traffic. When an untagged frame arrives, it is assigned the value of the port as its port default priority. You assign this value by using the CLI or CMS. A tagged frame continues to use its assigned CoS value when it passes through the ingress port.

NEW QUESTION 15
Which command is used to enable CHAP authentication, with PAP as the fallback method, on a serial interface?

• A. Router(config-if)# ppp authentication chap fallback ppp
• B. Router(config-if)# ppp authentication chap pap
• C. Router(config-if)# authentication ppp chap fallback ppp
• D. Router(config-if)# authentication ppp chap pap

Answer: B

Explanation: The command “ppp authentication chap pap” command indicates the CHAP authentication is used first. If it fails or is rejected by other side then uses PAP instead. If you want to use PAP first (then CHAP) you can use the “ppp authentication pap chap” command Reference: http://www.cisco.com/en/US/docs/ios/12_2/security/configuration/guide/scfathen.html

NEW QUESTION 16
Which protocol specified by RFC 2281 provides network redundancy for IP networks, ensuring that user traffic
immediately and transparently recovers from first-hop failures in network edge devices or access circuits?

• A. ICMP
• B. IRDP
• C. HSRP
• D. STP

Answer: C

NEW QUESTION 17
Refer to the exhibit.

Which two statements are true about interVLAN routing in the topology that is shown in the exhibit? (Choose two.)

• A. Host E and host F use the same IP gateway address.
• B. Router1 and Switch2 should be connected via a crossover cable.
• C. Router1 will not play a role in communications between host A and host D.
• D. The FastEthernet 0/0 interface on Router1 must be configured with subinterfaces.
• E. Router1 needs more LAN interfaces to accommodate the VLANs that are shown in the exhibit.
• F. The FastEthernet 0/0 interface on Router1 and the FastEthernet 0/1 interface on Switch2 trunk ports must be configured using the same encapsulation type.

Answer: DF

Explanation: http://www.cisco.com/en/US/tech/tk389/tk815/technologies_configuration_example09186a 00800949fd.shtml

NEW QUESTION 18
What is a difference between TACACS+ and RADIUS in AAA?

• A. Only TACACS+ allows for separate authentication.
• B. Only RADIUS encrypts the entire access-request packet.
• C. Only RADIUS uses TCP.
• D. Only TACACS+ couples authentication and authorization.

Answer: A

Explanation: Authentication and Authorization
RADIUS combines authentication and authorization. The access-accept packets sent by
the RADIUS server to the client contain authorization information. This makes it difficult to decouple authentication and authorization.
TACACS+ uses the AAA architecture, which separates AAA. This allows separate authentication solutions that can still use TACACS+ for authorization and accounting. For example, with TACACS+, it is possible to use Kerberos authentication and TACACS+ authorization and accounting. After a NAS authenticates on a Kerberos server, it requests authorization information from a TACACS+ server without having to re-authenticate. The NAS informs the TACACS+ server that it has successfully authenticated on a Kerberos server, and the server then provides authorization information.
During a session, if additional authorization checking is needed, the access server checks with a TACACS+ server to determine if the user is granted permission to use a particular command. This provides greater control over the commands that can be executed on the access server while decoupling from the authentication mechanism.

NEW QUESTION 19
Which interface counter can you use to diagnose a duplex mismatch problem?

• A. runts
• B. CRC errors
• C. no carrier
• D. late collisions
• E. deferred
• F. giants

Answer: B

NEW QUESTION 20







Why has the Branch3 router lost connectivity with R1?
Use only show commands to troubleshoot because usage of the debug command is restricted on the Branch3 and R1 routers.

• A. A PPP chap hostname mismatch is noticed between Branch3 and R1.
• B. A PPP chap password mismatch is noticed between Branch3 and R1.
• C. PPP encapsulation is not configured on Branch3.
• D. The PPP chap hostname and PPP chap password commands are missing on the Branch3 router.

Answer: A