Latest Cisco 200-301 Dumps PDF Questions Answers 2025

Cisco Certified Network Associate Questions and Answers

Question 1

Connectivity between three routers has been established, and IP services must be configured jn the order presented to complete the implementation Tasks assigned include configuration of NAT, NTP, DHCP, and SSH services.

1. All traffic sent from R3 to the R1 Loopback address must be configured for NAT on R2. All source addresses must be translated from R3 to the IP address of Ethernet0/0 on R2, while using only a standard access list named NAT To verify, a ping must be successful to the R1 Loopback address sourced from R3. Do not use NVI NAT configuration.

2. Configure R1 as an NTP server and R2 as a client, not as a peer, using the IP address of the R1 Ethernet0/2 interface. Set the clock on the NTP server for midnight on January 1, 2019.

3. Configure R1 as a DHCP server for the network 10.1.3.0/24 in a pool named TEST. Using a single command, exclude addresses 1-10 from the range. Interface Ethernet0/2 on R3 must be issued the IP address of 10.1.3.11 via DHCP.

4. Configure SSH connectivity from R1 to R3, while excluding access via other remote connection protocols. Access for user root and password Cisco must be set on router R3 using RSA and 1024 bits. Verify connectivity using an SSH session from router R1 using a destination address of 10.1.3.11. Do NOT modify console access or line numbers to accomplish this task.

Options:

Buy Now

Question 2

All physical cabling between the two switches is installed. Configure the network connectivity between the switches using the designated VLANs and interfaces.

1. Configure VLAN 100 named Compute and VLAN 200 named Telephony where required for each task.

2. Configure Ethernet0/1 on SW2 to use the existing VLAN named Available.

3. Configure the connection between the switches using access ports.

4. Configure Ethernet0/1 on SW1 using data and voice VLANs.

5. Configure Ethemet0/1 on SW2 so that the Cisco proprietary neighbor discovery protocol is turned off for the designated interface only.

Options:

Question 3

All physical cabling is in place. A company plans to deploy 32 new sites.

The sites will utilize both IPv4 and IPv6 networks.

1 . Subnet 172.25.0.0/16 to meet the subnet requirements and maximize

the number of hosts

Using the second subnet

• Assign the first usable IP address to e0/0 on Sw1O1

• Assign the last usable IP address to e0/0 on Sw102

2. Subnet to meet the subnet requirements and maximize

the number of hosts

c Using the second subnet

• Assign an IPv6 GUA using a unique 64-Bit interface identifier

on e0/0 on Sw101

• Assign an IPv6 GUA using a unique 64-Bit interface identifier

on eO/O on swi02

Guidelines

This is a lab item in which tasks will be performed on virtual devices.

• Refer to the Tasks tab to view the tasks for this lab item.

• Refer to the Topology tab to access the device console(s) and perform the tasks.

• Console access is available for all required devices by clicking the device icon or using

the tab(s) above the console window.

• All necessary preconfigurations have been applied.

• Do not change the enable password or hostname for any device.

• Save your configurations to NVRAM before moving to the next item.

• Click Next at the bottom of the screen to submit this lab and move to the next question.

• When Next is clicked, the lab closes and cannot be reopened.

Options:

Answer:

See the Explanation for the solution.

Explanation:

To subnet 172.25.0.0/16 to meet the subnet requirements and maximize the number of hosts, you need to determine how many bits you need to borrow from the host portion of the address to create enough subnets for 32 sites. Since 32 is 2^5, you need to borrow 5 bits, which means your new subnet mask will be /21 or 255.255.248.0. To find the second subnet, you need to add the value of the fifth bit (32) to the third octet of the network address (0), which gives you 172.25.32.0/21 as the second subnet. The first usable IP address in this subnet is 172.25.32.1, and the last usable IP address is 172.25.39.254.

To assign the first usable IP address to e0/0 on Sw101, you need to enter the following commands on the device console:

Sw101#configure terminal Sw101(config)#interface e0/0 Sw101(config-if)#ip address 172.25.32.1 255.255.248.0 Sw101(config-if)#no shutdown Sw101(config-if)#end

To assign the last usable IP address to e0/0 on Sw102, you need to enter the following commands on the device console:

Sw102#configure terminal Sw102(config)#interface e0/0 Sw102(config-if)#ip address 172.25.39.254 255.255.248.0 Sw102(config-if)#no shutdown Sw102(config-if)#end

To subnet an IPv6 GUA to meet the subnet requirements and maximize the number of hosts, you need to determine how many bits you need to borrow from the interface identifier portion of the address to create enough subnets for 32 sites. Since 32 is 2^5, you need to borrow 5 bits, which means your new prefix length will be /69 or ffff:ffff:ffff:fff8::/69 (assuming that your IPv6 GUA has a /64 prefix by default). To find the second subnet, you need to add the value of the fifth bit (32) to the fourth hextet of the network address (0000), which gives you xxxx:xxxx:xxxx:0020::/69 as the second subnet (where xxxx:xxxx:xxxx is your IPv6 GUA prefix). The first and last IPv6 addresses in this subnet are xxxx:xxxx:xxxx:0020::1 and xxxx:xxxx:xxxx:0027:ffff:ffff:ffff:fffe respectively.

To assign an IPv6 GUA using a unique 64-bit interface identifier on e0/0 on Sw101, you need to enter the following commands on the device console (assuming that your IPv6 GUA prefix is 2001:db8::/64):

Sw101#configure terminal Sw101(config)#interface e0/0 Sw101(config-if)#ipv6 address 2001:db8::20::1/69 Sw101(config-if)#no shutdown Sw101(config-if)#end

To assign an IPv6 GUA using a unique 64-bit interface identifier on e0/0 on Sw102, you need to enter the following commands on the device console (assuming that your IPv6 GUA prefix is 2001:db8::/64):

Sw102#configure terminal Sw102(config)#interface e0/0 Sw102(config-if)#ipv6 address 2001:db8::27::fffe/69 Sw102(config-if)#no shutdown Sw102(config-if)#end

Question 4

Physical connectivity is implemented between the two Layer 2 switches,

and the network connectivity between them must be configured.

I . Configure an LACP EtherChanneI and number it as 44; configure it

between switches SWI and SW2 using interfaces EthernetO/O and

Ethernet0/1 on both sides. The LACP mode must match on both ends.

2. Configure the EtherChanneI as a trunk link.

3. Configure the trunk link with 802. Iq tags.

4. Configure VLAN 'MONITORING' as the untagged VLAN of the

EtherChannel.

==================

Guidelines

This is a lab item in which tasks will be performed on virtual devices.

• Refer to the Tasks tab to view the tasks for this lab item.

• Refer to the Topology tab to access the device console(s) and perform the tasks.

• Console access is available for all required devices by clicking the device icon or using

the tab(s) above the console window.

• All necessary preconfigurations have been applied.

• Do not change the enable password or hostname for any device.

• Save your configurations to NVRAM before moving to the next item.

• Click Next at the bottom of the screen to submit this lab and move to the next question.

• When Next is clicked, the lab closes and cannot be reopened.

Options:

Answer:

Solution is given below explanation.

Explanation:

To configure an LACP EtherChannel and number it as 44, configure it between switches SW1 and SW2 using interfaces Ethernet0/0 and Ethernet0/1 on both sides, configure the EtherChannel as a trunk link, configure the trunk link with 802.1q tags, and configure VLAN ‘MONITORING’ as the untagged VLAN of the EtherChannel, you need to follow these steps:

On both SW1 and SW2, enter the global configuration mode by using the configure terminal command.

On both SW1 and SW2, select the two interfaces that will form the EtherChannel by using the interface range ethernet 0/0 - 1 command. This will enter the interface range configuration mode.

On both SW1 and SW2, set the protocol to LACP by using the channel-protocol lacp command.

On both SW1 and SW2, assign the interfaces to an EtherChannel group number 44 by using the channel-group 44 mode active command. This will create a logical interface named Port-channel44 and set the LACP mode to active on both ends. The LACP mode must match on both ends for the EtherChannel to form.

On both SW1 and SW2, exit the interface range configuration mode by using the exit command.

On both SW1 and SW2, enter the Port-channel interface configuration mode by using the interface port-channel 44 command.

On both SW1 and SW2, configure the Port-channel interface as a trunk link by using the switchport mode trunk command.

On both SW1 and SW2, configure the Port-channel interface to use 802.1q tags for VLAN identification by using the switchport trunk encapsulation dot1q command.

On both SW1 and SW2, configure VLAN ‘MONITORING’ as the untagged VLAN of the Port-channel interface by using the switchport trunk native vlan MONITORING command.

On both SW1 and SW2, exit the Port-channel interface configuration mode by using the exit command.

On both SW1 and SW2, save the configuration to NVRAM by using the copy running-config startup-config command.

Question 5

All physical cabling is in place. Router R4 and PCI are fully configured and

inaccessible. R4's WAN interfaces use .4 in the last octet for each subnet.

Configurations should ensure that connectivity is established end-to-end.

1 . Configure static routing to ensure RI prefers the path through R2 to

reach only PCI on R4's LAN

2. Configure static routing that ensures traffic sourced from RI will take

an alternate path through R3 to PCI in the event of an outage along

the primary path

3. Configure default routes on RI and R3 to the Internet using the least number of hops

Guidelines

This is a lab item in which tasks will be performed on virtual devices.

• Refer to the Tasks tab to view the tasks for this lab item.

• Refer to the Topology tab to access the device console(s) and perform the tasks.

• Console access is available for all required devices by clicking the device icon or using

the tab(s) above the console window.

• All necessary preconfigurations have been applied.

• Do not change the enable password or hostname for any device.

• Save your configurations to NVRAM before moving to the next item.

• Click Next at the bottom of the screen to submit this lab and move to the next question.

• When Next is clicked, the lab closes and cannot be reopened.

Options:

Answer:

See the solution below in Explanation.

Explanation:

To configure static routing on R1 to ensure that it prefers the path through R2 to reach only PC1 on R4’s LAN, you need to create a static route for the host 10.0.0.100/8 with a next-hop address of 20.0.0.2, which is the IP address of R2’s interface connected to R1. You also need to assign a lower administrative distance (AD) to this route than the default AD of 1 for static routes, so that it has a higher preference over other possible routes. For example, you can use an AD of 10 for this route. To create this static route, you need to enter the following commands on R1’s console:

R1#configure terminal R1(config)#ip route 10.0.0.100 255.0.0.0 20.0.0.2 10 R1(config)#end

To configure static routing on R1 that ensures that traffic sourced from R1 will take an alternate path through R3 to PC1 in the event of an outage along the primary path, you need to create another static route for the host 10.0.0.100/8 with a next-hop address of 40.0.0.2, which is the IP address of R3’s interface connected to R1. You also need to assign a higher AD to this route than the AD of the primary route, so that it has a lower preference and acts as a backup route. For example, you can use an AD of 20 for this route. This type of static route is also known as a floating static route. To create this static route, you need to enter the following commands on R1’s console:

R1#configure terminal R1(config)#ip route 10.0.0.100 255.0.0.0 40.0.0.2 20 R1(config)#end

To configure default routes on R1 and R3 to the Internet using the least number of hops, you need to create a static route for the network 0.0.0.0/0 with a next-hop address of the ISP’s interface connected to each router respectively. A default route is a special type of static route that matches any destination address and is used when no other specific route is available. The ISP’s interface connected to R1 has an IP address of 10.0.0.4, and the ISP’s interface connected to R3 has an IP address of 50.0.0.4. To create these default routes, you need to enter the following commands on each router’s console:

On R1: R1#configure terminal R1(config)#ip route 0.0.0.0 0.0.0.0 10.0.0.4 R1(config)#end

On R3: R3#configure terminal R3(config)#ip route 0.0.0.0 0.0.0.0 50.0.0.4 R3(config)#end

Question 6

IP connectivity and OSPF are preconfigured on all devices where necessary. Do not make any changes to the IP addressing or OSPF. The company policy uses connected interfaces and next hops when configuring static routes except for load balancing or redundancy without floating static. Connectivity must be established between subnet 172.20.20.128/25 on the Internet and the LAN at 192.168.0.0/24 connected to SW1:

1. Configure reachability to the switch SW1 LAN subnet in router R2.

2. Configure default reachability to the Internet subnet in router R1.

3. Configure a single static route in router R2 to reach to the Internet subnet considering both redundant links between routers R1 and R2. A default route is NOT allowed in router R2.

4. Configure a static route in router R1 toward the switch SW1 LAN subnet where the primary link must be through Ethernet0/1. and the backup link must be through Ethernet0/2 using a floating route. Use the minimal administrative distance value when required.

Options:

Question 7

IP connectivity between the three routers is configured. OSPF adjacencies must be established.

1. Configure R1 and R2 Router IDs using the interface IP addresses from the link that is shared between them.

2. Configure the R2 links with a max value facing R1 and R3. R2 must become the DR. R1 and R3 links facing R2 must remain with the default OSPF configuration for DR election. Verify the configuration after clearing the OSPF process.

3. Using a host wildcard mask, configure all three routers to advertise their respective Loopback1 networks.

4. Configure the link between R1 and R3 to disable their ability to add other OSPF routers.

Options:

Question 8

Configure IPv4 and IPv6 connectivity between two routers. For IPv4, use a /28 network from the 192.168.1.0/24 private range. For IPv6, use the first /64 subnet from the 2001:0db8:aaaa::/48 subnet.

1. Using Ethernet0/1 on routers R1 and R2, configure the next usable/28 from the 192.168.1.0/24 range. The network 192.168.1.0/28 is unavailable.

2. For the IPv4 /28 subnet, router R1 must be configured with the first usable host address.

3. For the IPv4 /28 subnet, router R2 must be configured with the last usable host address.

4. For the IPv6 /64 subnet, configure the routers with the IP addressing provided from the topology.

5. A ping must work between the routers on the IPv4 and IPv6 address ranges.

Options:

Question 9

Physical connectivity is implemented between the two Layer 2 switches, and the network connectivity between them must be configured

1. Configure an LACP EtherChannel and number it as 1; configure it between switches SW1 and SVV2 using interfaces Ethernet0/0 and Ethernet0/1 on both sides. The LACP mode must match on both ends

2 Configure the EtherChannel as a trunk link.

3. Configure the trunk link with 802.1 q tags.

4. Configure the native VLAN of the EtherChannel as VLAN 15.

Options:

Question 10

Connectivity between four routers has been established. IP connectivity must be configured in the order presented to complete the implementation. No dynamic routing protocols are included.

1. Configure static routing using host routes to establish connectivity from router R3 to the router R1 Loopback address using the source IP of 209.165.200.230.

2. Configure an IPv4 default route on router R2 destined for router R4.

3. Configure an IPv6 default router on router R2 destined for router R4.

Options:

Question 11

Three switches must be configured for Layer 2 connectivity. The company requires only the designated VLANs to be configured on their respective switches and permitted accross any links between switches for security purposes. Do not modify or delete VTP configurations.

The network needs two user-defined VLANs configured:

VLAN 110: MARKETING

VLAN 210: FINANCE

1. Configure the VLANs on the designated switches and assign them as access ports to the interfaces connected to the PCs.

2. Configure the e0/2 interfaces on Sw1 and Sw2 as 802.1q trunks with only the required VLANs permitted.

3. Configure the e0/3 interfaces on Sw2 and Sw3 as 802.1q trunks with only the required VLANs permitted.

Options:

Question 12

What describes the operation of virtual machines?

Options:

Virtual machines are responsible for managing and allocating host hardware resources

In a virtual machine environment, physical servers must run one operating system at a time.

Virtual machines are the physical hardware that support a virtual environment.

Virtual machines are operating system instances that are decoupled from server hardware

Question 13

Which QoS Profile is selected in the GUI when configuring a voice over WLAN deployment?

Options:

Bronze

Platinum

Silver

Gold

Question 14

What is the difference in data transmission delivery and reliability between TCP and UDP?

Options:

TCP transmits data at a higher rate and ensures packet delivery. UDP retransmits lost data to ensure applications receive the data on the remote end.

UDP sets up a connection between both devices before transmitting data. TCP uses the three-way handshake to transmit data with a reliable connection.

UDP is used for multicast and broadcast communication. TCP is used for unicast communication and transmits data at a higher rate with error checking.

TCP requires the connection to be established before transmitting data. UDP transmits data at a higher rate without ensuring packet delivery.

Question 15

Refer to the exhibit.

What two conclusions should be made about this configuration? (Choose two )

Options:

The designated port is FastEthernet 2/1

This is a root bridge

The spanning-tree mode is Rapid PVST+

The spanning-tree mode is PVST+

The root port is FastEthernet 2/1

Question 16

Drag and drop the attack-mitigation techniques from the left onto the Types of attack that they mitigate on the right.

Options:

Question 17

Which two actions are performed by the Weighted Random Early Detection mechanism? (Choose two)

Options:

It drops lower-priority packets before it drops higher-priority packets

It can identify different flows with a high level of granularity

It guarantees the delivery of high-priority packets

It can mitigate congestion by preventing the queue from filling up

it supports protocol discovery

Question 18

Which attribute does a router use to select the best path when two or more different routes to the same destination exist from two different routing protocols.

Options:

dual algorithm

metric

administrative distance

hop count

Question 19

What event has occurred if a router sends a notice level message to a syslog server?

Options:

A TCP connection has been torn down

An ICMP connection has been built

An interface line has changed status

A certificate has expired.

Question 20

Drag and drop the SNMP components from the left onto the descriptions on the right.

Options:

Question 21

How is the native VLAN secured in a network?

Options:

separate from other VLANs within the administrative domain

give it a value in the private VLAN range

assign it as VLAN 1

configure it as a different VLAN ID on each end of the link

Question 22

What is the difference regarding reliability and communication type between TCP and UDP?

Options:

TCP is reliable and is a connection-oriented protocol UDP is not reliable and is a connectionless protocol

TCP is not reliable and is a connection-oriented protocol; UDP is reliable and is a connectionless protocol

TCP is not reliable and is a connectionless protocol; UDP is reliable and is a connection-oriented protocol

TCP is reliable and is a connectionless protocol; UDP is not reliable and is a connection-oriented protocol

Question 23

Which command is used to specify the delay time in seconds for LLDP to initialize on any interface?

Options:

lldp timer

lldp holdtimt

lldp reinit

lldp tlv-select

Question 24

What are two functions of a server on a network? (Choose two)

Options:

achieves redundancy by exclusively using virtual server clustering

runs applications that send and retrieve data for workstations that make requests

handles requests from multiple workstations at the same time

runs the same operating system in order to communicate with other servers

housed solely in a data center that is dedicated to a single client

Question 25

When configuring IPv6 on an interface, which two IPv6 multicast groups are joined? (Choose two)

Options:

2000::/3

2002::5

FC00::/7

FF02::1

FF02::2

Question 26

What are two roles of the Dynamic Host Configuration Protocol (DHCP)? (Choose two)

Options:

The DHCP server offers the ability to exclude specific IP addresses from a pool of IP addresses

The DHCP client can request up to four DNS server addresses

The DHCP server assigns IP addresses without requiring the client to renew them

The DHCP server leases client IP addresses dynamically.

The DHCP client maintains a pool of IP addresses it can assign.

Question 27

How are the switches in a spine-and-leaf topology interconnected?

Options:

Each leaf switch is connected to one of the spine switches.

Each leaf switch is connected to two spine switches, making a loop.

Each leaf switch is connected to each spine switch.

Each leaf switch is connected to a central leaf switch, then uplinked to a core spine switch.

Question 28

Which configuration ensures that the switch is always the root for VLAN 750?

Options:

Switch(config)#spanning-tree vlan 750 priority 38003685

Switch(config)#spanning-tree vlan 750 root primary

Switch(config)#spanning-tree vlan 750 priority 614440

Switch(config)#spanning-tree vlan 750 priority 0

Question 29

Refer to the exhibit.

A router reserved these five routes from different routing information sources.

Which two routes does the router install in its routing table? (Choose two)

Options:

RIP route 10.0.0.0/30

iBGP route 10.0.0.0/30

OSPF route 10.0.0.0/30

EIGRP route 10.0.0.1/32

OSPF route 10.0.0.0/16

Question 30

Refer to the exhibit.

Router R4 is dynamically learning the path to the server. If R4 is connected to R1 via OSPF Area 20, to R2 v2ia R2 BGP, and to R3 via EIGRP 777, which path is installed in the routing table of R4?

Options:

the path through R1, because the OSPF administrative distance is 110

the path through R2. because the IBGP administrative distance is 200

the path through R2 because the EBGP administrative distance is 20

the path through R3. because the EIGRP administrative distance is lower than OSPF and BGP

Question 31

How are VLAN hopping attacks mitigated?

Options:

enable dynamic ARP inspection

manually implement trunk ports and disable DTP

activate all ports and place in the default VLAN

configure extended VLANs

Question 32

Refer to the exhibit.

An administrator must turn off the Cisco Discovery Protocol on the port configured with address last usable address in the 10.0.0.0/30 subnet. Which command set meets the requirement?

Options:

interface gi0/1

no cdp enable

interface gi0/1

clear cdp table

interface gi0/0

no cdp advertise-v2

interface gi0/0

no cdp run

Question 33

Which global command encrypt all passwords in the running configuration?

Options:

password-encrypt

enable password-encryption

enable secret

service password-encryption

Question 34

Which switch technology establishes a network connection immediately when it is plugged in?

Options:

PortFast

BPDU guard

UplinkFast

BackboneFast

Question 35

Refer to the exhibit.

A network engineer must configured communication between PC A and the File Server. To prevent interruption for any other communications, which command must be configured?

Options:

Switch trunk allowed vlan 12

Switchport trunk allowed vlan none

Switchport trunk allowed vlan add 13

Switchport trunk allowed vlan remove 10-11

Question 36

Which mode allows access points to be managed by Cisco Wireless LAN Controllers?

Options:

autonomous

lightweight

bridge

mobility express

Question 37

Refer to the exhibit.

A network administrator must permit SSH access to remotely manage routers in a network. The operations team resides on the 10.20.1.0/25 network. Which command will accomplish this task?

Options:

access-list 2699 permit udp 10.20.1.0 0.0.0.255

no access-list 2699 deny tcp any 10.20.1.0 0.0.0.127 eq 22

access-list 2699 permit tcp any 10.20.1.0 0.0.0.255 eq 22

no access-list 2699 deny ip any 10.20.1.0 0.0.0.255

Question 38

What is a benefit of VRRP?

Options:

It provides traffic load balancing to destinations that are more than two hops from the source.

It provides the default gateway redundancy on a LAN using two or more routers.

It allows neighbors to share routing table information between each other.

It prevents loops in a Layer 2 LAN by forwarding all traffic to a root bridge, which then makes the final forwarding decision.

Question 39

Which HTTP status code is returned after a successful REST API request?

Options:

200

301

404

500

Question 40

which purpose does a northbound API serve in a controller-based networking architecture?

Options:

communicates between the controller and the physical network hardware

reports device errors to a controller

generates statistics for network hardware and traffic

facilitates communication between the controller and the applications

Question 41

An engineer must configure a/30 subnet between two routers. Which usable IP address and subnet mask combination meets this criteria?

Options:

Option A

Option B

Option C

Option D

Question 42

What are two benefits of controller-based networking compared to traditional networking?

Options:

controller-based increases network bandwidth usage, while traditional lightens the load on the network.

controller-based inflates software costs, while traditional decreases individual licensing costs

Controller-based reduces network configuration complexity, while traditional increases the potential for errors

Controller-based provides centralization of key IT functions. While traditional requires distributes management function

controller-based allows for fewer network failure, while traditional increases failure rates.

Question 43

What is a function of a remote access VPN?

Options:

used cryptographic tunneling to protect the privacy of data for multiple users simultaneously

used exclusively when a user is connected to a company's internal network

establishes a secure tunnel between two branch sites

allows the users to access company internal network resources through a secure tunnel

Question 44

An engineer is configuring an encrypted password for the enable command on a router where the local user database has already been configured Drag and drop the configuration commands from the left into the correct sequence on the right Not all commands are used

Options:

Question 45

Which CRUD operation modifies an existing table or view?

Options:

read

create

replace

update

Question 46

An engineer is asked to protect unused ports that are configured in the default VLAN on a switch.

Which two steps will fulfill the request? (Choose two)

Options:

Configure the ports in an EtherChannel.

Administratively shut down the ports

Configure the port type as access and place in VLAN 99

Configure the ports as trunk ports

Enable the Cisco Discovery Protocol

Question 47

Drag and drop the characteristics of network architectures from the left onto the type of architecture on the right.

Options:

Question 48

Drag drop the descriptions from the left onto the correct configuration-management technologies on the right.

Options:

Question 49

Which two WAN architecture options help a business improve scalability and reliability for the network? (Choose two.)

Options:

asynchronous routing

single-homed branches

dual-homed branches

static routing

dynamic routing

Question 50

What is the function of a hub-and-spoke WAN topology?

Options:

allows access restrictions to be implemented between subscriber sites.

provides direct connections between subscribers

supports Layer 2 VPNs

supports application optimization

Question 51

Refer to the Exhibit.

After the switch configuration the ping test fails between PC A and PC B Based on the output for switch 1. which error must be corrected?

Options:

There is a native VLAN mismatch

Access mode is configured on the switch ports.

The PCs are m the incorrect VLAN

All VLANs are not enabled on the trunk

Question 52

What are two characteristics of the distribution layer in a three-tier network architecture? (Choose two.)

Options:

serves as the network aggregation point

provides a boundary between Layer 2 and Layer 3 communications

designed to meet continuous, redundant uptime requirements

is the backbone for the network topology

physical connection point for a LAN printer

Question 53

Refer to the exhibit.

What is the result if Gig1/11 receives an STP BPDU?

Options:

The port transitions to STP blocking

The port transitions to the root port

The port immediately transitions to STP forwarding.

The port goes into error-disable state

Question 54

Which output displays a JSON data representation?

Options:

Option A

Option B

Option C

Option D

Question 55

What is a similarity between OM3 and OM4 fiber optic cable?

Options:

Both have a 50 micron core diameter

Both have a 9 micron core diameter

Both have a 62.5 micron core diameter

Both have a 100 micron core diameter

Question 56

What is the primary effect of the spanning-tree portfast command?

Options:

it enables BPDU messages

It minimizes spanning-tree convergence time

It immediately puts the port into the forwarding state when the switch is reloaded

It immediately enables the port in the listening state

Question 57

Refer to the exhibit.

The network administrator wants VLAN 67 traffic to be untagged between Switch 1 and Switch 2 while all other VLANs are to remain tagged.

Which command accomplishes this task?

Options:

switchport access vlan 67

switchport trunk allowed vlan 67

switchport private-vlan association host 67

switchport trunk native vlan 67

Question 58

What is the role of a firewall in an enterprise network?

Options:

Forwards packets based on stateless packet inspection

Processes unauthorized packets and allows passage to less secure segments of the network

determines which packets are allowed to cross from unsecured to secured networks

explicitly denies all packets from entering an administrative domain

Question 59

What criteria is used first during me root port selection process?

Options:

local port ID

lowest path cost to the root bridge

lowest neighbor's bridge ID

lowest neighbor's port ID

Question 60

Refer to the exhibit.

The default-information originate command is configured under the R1 OSPF configuration After testing workstations on VLAN 20 at Site B cannot reach a DNS server on the Internet Which action corrects the configuration issue?

Options:

Add the default-information originate command onR2

Configure the ip route 0.0.0.0 0.0.0.0 10.10.10.18 command on R1

Configure the ip route 0.0.0.0 0.0.0.0 10.10.10.2 command on R2

Add the always keyword to the default-information originate command on R1

Question 61

A corporate office uses four floors in a building

• Floor 1 has 24 users

• Floor 2 has 29 users

• Floor 3 has 28 users

•Floor 4 has 22 users

Which subnet summarizes and gives the most efficient distribution of IP addresses for the router configuration?

Options:

192.168.0.0/26 as summary and 192.168.0.0/29 for each floor

192.168.0.0.24 as summary and 192.168.0.0/28 for each floor

192.168.0.0/23 as summary and 192.168.0.0/25 for each floor

l92.168.0.0/25 as summary and 192.168.0.0/27 for each floor

Question 62

Refer to the exhibit.

An administrator must configure interfaces Gi1/1 and Gi1/3 on switch SW11 PC-1 and PC-2 must be placed in the Data VLAN and Phone-1 must be placed in the Voice VLAN Which configuration meets these requirements?

Options:

Option A

Option B

Option C

Option D

Question 63

What is a characteristic of private IPv4 addressing?

Options:

traverse the Internet when an outbound ACL is applied

issued by IANA in conjunction with an autonomous system number

composed of up to 65.536 available addresses

used without tracking or registration

Question 64

An engineer configured an OSPF neighbor as a designated router. Which state verifies the designated router is in the proper mode?

Options:

Exchange

2-way

Full

Init

Question 65

What prevents a workstation from receiving a DHCP address?

Options:

DTP

STP

VTP

802.10

Question 66

When deploying syslog, which severity level logs informational message?

Options:

Question 67

Which two values or settings must be entered when configuring a new WLAN in the Cisco Wireless LAN Controller GUI? (Choose two)

Options:

management interface settings

QoS settings

Ip address of one or more access points

SSID

Profile name

Question 68

Refer to the exhibit.

What action establishes the OSPF neighbor relationship without forming an adjacency?

Options:

modify hello interval

modify process ID

modify priority

modify network type

Question 69

What are two benefits of using the PortFast feature? (Choose two )

Options:

Enabled interfaces are automatically placed in listening state

Enabled interfaces come up and move to the forwarding state immediately

Enabled interfaces never generate topology change notifications.

Enabled interfaces that move to the learning state generate switch topology change notifications

Enabled interfaces wait 50 seconds before they move to the forwarding state

Question 70

Refer to the exhibit.

Which action is expected from SW1 when the untagged frame is received on the GigabitEthernet0/1 interface?

Options:

The frame is processed in VLAN 5.

The frame is processed in VLAN 11

The frame is processed in VLAN 1

The frame is dropped

Question 71

Which technology must be implemented to configure network device monitoring with the highest security?

Options:

IP SLA

syslog

NetFlow

SNMPv3

Question 72

What are two differences between optical-fiber cabling and copper cabling? (Choose two)

Options:

Light is transmitted through the core of the fiber

A BNC connector is used for fiber connections

The glass core component is encased in a cladding

Fiber connects to physical interfaces using Rj-45 connections

The data can pass through the cladding

Question 73

Which unified access point mode continues to serve wireless clients after losing connectivity to the Cisco Wireless LAN Controller?

Options:

sniffer

mesh

flexconnect

local

Question 74

Drag and drop the AAA terms from the left onto the description on the right.

Options:

Question 75

Refer to the exhibit.

How does router R1 handle traffic to 192.168.10.16?

Options:

It selects the IS-IS route because it has the shortest prefix inclusive of the destination address.

It selects the EIGRP route because it has the lowest administrative distance.

It selects the OSPF route because it has the lowest cost.

It selects the RIP route because it has the longest prefix inclusive of the destination address.

Question 76

Which two QoS tools provides congestion management? ( Choose two )

Options:

CAR

CBWFQ

PBR

FRTS

Question 77

Using direct sequence spread spectrum, which three 2.4-GHz channels are used to limit collisions?

Options:

1,6,11

1,5,10

1,2,3

5,6,7

Question 78

R1 has learned route 10.10.10.0/24 via numerous routing protocols. Which route is installed?

Options:

route with the lowest cost

route with the next hop that has the highest IP

route with the shortest prefix length

route with the lowest administrative distance

Question 79

Which statement correctly compares traditional networks and controller-based networks?

Options:

Only traditional networks offer a centralized control plane

Only traditional networks natively support centralized management

Traditional and controller-based networks abstract policies from device configurations

Only controller-based networks decouple the control plane and the data plane

Question 80

Which port type supports the spanning-tree portfast command without additional configuration?

Options:

access ports

Layer 3 main Interfaces

Layer 3 suninterfaces

trunk ports

Question 81

Which type of IPv6 address is publicly routable in the same way as IPv4 public address?

Options:

global unicast

link-local

unique local

multicast

Question 82

Which two primary drivers support the need for network automation? (Choose two.)

Options:

Eliminating training needs

Increasing reliance on self-diagnostic and self-healing

Policy-derived provisioning of resources

Providing a ship entry point for resource provisioning

Reducing hardware footprint

Question 83

Refer to the exhibit.

Based on the LACP neighbor status, in which mode is the SW1 port channel configured?

Options:

passive

mode on

auto

active

Question 84

The service password-encryption command is entered on a router. What is the effect of this configuration?

Options:

restricts unauthorized users from viewing clear-text passwords in the running configuration

encrypts the password exchange when a VPN tunnel is established

prevents network administrators from configuring clear-text passwords

protects the VLAN database from unauthorized PC connections on the switch

Question 85

What are two characteristics of a public cloud Implementation? (Choose two.)

Options:

It is owned and maintained by one party, but it is shared among multiple organizations.

It enables an organization to fully customize how It deploys network resources.

It provides services that are accessed over the Internet.

It Is a data center on the public Internet that maintains cloud services for only one company.

It supports network resources from a centralized third-party provider and privately-owned virtual resources

Question 86

Where does a switch maintain DHCP snooping information?

Options:

in the MAC address table

in the CAM table

in the binding database

in the frame forwarding database

Question 87

Refer to Exhibit.

Which action do the switches take on the trunk link?

Options:

The trunk does not form and the ports go into an err-disabled status.

The trunk forms but the mismatched native VLANs are merged into a single broadcast domain.

The trunk does not form, but VLAN 99 and VLAN 999 are allowed to traverse the link.

The trunk forms but VLAN 99 and VLAN 999 are in a shutdown state.

Question 88

What is the primary different between AAA authentication and authorization?

Options:

Authentication verifies a username and password, and authorization handles the communication between the authentication agent and the user database.

Authentication identifies a user who is attempting to access a system, and authorization validates the users password

Authentication identifies and verifies a user who is attempting to access a system, and authorization controls the tasks the user can perform.

Authentication controls the system processes a user can access and authorization logs the activities the user initiates

Question 89

Refer to the exhibit.

What does router R1 use as its OSPF router-ID?

Options:

10.10.1.10

10.10.10.20

172.16.15.10

192.168.0.1

Question 90

Where is the interface between the control plane and data plane within the software-defined architecture?

Options:

control layer and the infrastructure layer

application layer and the infrastructure layer

application layer and the management layer

control layer and the application layer

Question 91

An engineer must configure traffic for a VLAN that is untagged by the switch as it crosses a trunk link. Which command should be used?

Options:

switchport trunk allowed vlan 10

switchport trunk native vlan 10

switchport mode trunk

switchport trunk encapsulation dot1q

Question 92

A network engineer must create a diagram of a multivendor network. Which command must be configured on the Cisco devices so that the topology of the network can be mapped?

Options:

Device(Config)#lldp run

Device(Config)#cdp run

Device(Config-if)#cdp enable

Device(Config)#flow-sampler-map topology

Question 93

Which type of API allows SDN controllers to dynamically make changes to the network?

Options:

northbound API

REST API

SOAP API

southbound API

Question 94

What are two descriptions of three-tier network topologies? (Choose two)

Options:

The core and distribution layers perform the same functions

The access layer manages routing between devices in different domains

The network core is designed to maintain continuous connectivity when devices fail.

The core layer maintains wired connections for each host

The distribution layer runs Layer 2 and Layer 3 technologies

Question 95

Which type of traffic is sent with pure iPsec?

Options:

broadcast packets from a switch that is attempting to locate a MAC address at one of several remote sites

multicast traffic from a server at one site to hosts at another location

spanning-tree updates between switches that are at two different sites

unicast messages from a host at a remote site to a server at headquarters

Question 96

Refer to the exhibit.

An engineer must configure GigabitEthernet1/1 to accommodate voice and data traffic Which configuration accomplishes this task?

Options:

Option A

Option B

Option C

Option D

Question 97

Which design element is a best practice when deploying an 802.11b wireless infrastructure?

Options:

disabling TPC so that access points can negotiate signal levels with their attached wireless devices.

setting the maximum data rate to 54 Mbps on the Cisco Wireless LAN Controller

allocating nonoverlapping channels to access points that are in close physical proximity to one another

configuring access points to provide clients with a maximum of 5 Mbps

Question 98

Refer to the exhibit.

Which command configures a floating static route to provide a backup to the primary link?

Options:

ip route 0.0.0.0 0.0.0.0 209.165.202.131

ip route 209.165.201.0 255.255.255.224 209.165.202.130

ip route 0.0.0.0 0.0.0.0 209.165.200.224

ip route 209.165.200.224 255.255.255.224 209.165.202.129 254

Question 99

Drag the descriptions of IP protocol transmissions from the left onto the IP traffic types on the right.

Options:

Question 100

Refer to the exhibit.

A network administrator has been tasked with securing VTY access to a router. Which access-list entry accomplishes this task?

Options:

access-list 101 permit tcp 10.1.10 0.0.0.255 172.16.10 0.0.0.255 eq ssh

access-list 101 permit tcp 10.11.0 0.0.0.255 172.16.10 0.0.0.255 eq scp

access-list 101 permit tcp 10.11.0 0.0.0.255 172.16.10 0.0.0.255 eq telnet

access-list 101 permit tcp 10.1.10 0.0.0.255 172.16.10 0.0.0.255 eq https

Question 101

What is the primary function of a Layer 3 device?

Options:

to analyze traffic and drop unauthorized traffic from the Internet

to transmit wireless traffic between hosts

to pass traffic between different networks

forward traffic within the same broadcast domain

Question 102

Where does wireless authentication happen?

Options:

SSID

radio

band

Layer 2

Question 103

Drag and drop the descriptions from the left onto the configuration-management technologies on the right.

Options:

Question 104

Which two tasks must be performed to configure NTP to a trusted server in client mode on a single network device? (Choose two)

Options:

Enable NTP authentication.

Verify the time zone.

Disable NTP broadcasts

Specify the IP address of the NTP server

Set the NTP server private key

Question 105

Which two actions influence the EIGRP route selection process? (Choose two)

Options:

The router calculates the reported distance by multiplying the delay on the exiting Interface by 256.

The router calculates the best backup path to the destination route and assigns it as the feasible successor.

The router calculates the feasible distance of all paths to the destination route

The advertised distance is calculated by a downstream neighbor to inform the local router of the bandwidth on the link

The router must use the advertised distance as the metric for any given route

Question 106

An implementer is preparing hardware for virtualization to create virtual machines on a host. What is needed to provide communication between hardware and virtual machines?

Options:

hypervisor

router

straight cable

switch

Question 107

Refer to the exhibit.

An administrator configures four switches for local authentication using passwords that are stored in a cryptographic hash. The four switches must also support SSH access for administrators to manage the network infrastructure. Which switch is configured correctly to meet these requirements?

Options:

SW1

SW2

SW3

SW4

Question 108

Which goal is achieved by the implementation of private IPv4 addressing on a network?

Options:

provides an added level of protection against Internet exposure

provides a reduction in size of the forwarding table on network routers

allows communication across the Internet to other private networks

allows servers and workstations to communicate across public network boundaries

Question 109

An engineer requires a scratch interface to actively attempt to establish a trunk link with a neighbor switch. What command must be configured?

Options:

switchport mode trunk

switchport mode dynamic desirable

switchport mode dynamic auto

switchport nonegotiate

Question 110

A device detects two stations transmitting frames at the same time. This condition occurs after the first 64 bytes of the frame is received interface counter increments?

Options:

collision

CRC

runt

late collision

Question 111

When a client and server are not on the same physical network, which device is used to forward requests and replies between client and server for DHCP?

Options:

DHCP relay agent

DHCP server

DHCPDISCOVER

DHCPOFFER

Question 112

What is the function of a server?

Options:

It transmits packets between hosts in the same broadcast domain.

It provides shared applications to end users.

It routes traffic between Layer 3 devices.

It Creates security zones between trusted and untrusted networks

Question 113

When the active router in an HSRP group fails, what router assumes the role and forwards packets?

Options:

backup

standby

listening

forwarding

Question 114

What is the expected outcome when an EUI-64 address is generated?

Options:

The seventh bit of the original MAC address of the interface is inverted

The interface ID is configured as a random 64-bit value

The characters FE80 are inserted at the beginning of the MAC address of the interface

The MAC address of the interface is used as the interface ID without modification

Question 115

Which plane is centralized by an SDN controller?

Options:

management-plane

control-plane

data-plane

services-plane

Question 116

What is the effect when loopback interfaces and the configured router ID are absent during the OSPF Process configuration?

Options:

No router ID is set, and the OSPF protocol does not run.

The highest up/up physical interface IP address is selected as the router ID.

The lowest IP address is incremented by 1 and selected as the router ID.

The router ID 0.0.0.0 is selected and placed in the OSPF process.

Question 117

Drag and drop the lightweight access point operation modes from the left onto the descriptions on the right

Options:

Question 118

Which set of action satisfy the requirement for multifactor authentication?

Options:

The user swipes a key fob, then clicks through an email link

The user enters a user name and password, and then clicks a notification in an authentication app on a mobile device

The user enters a PIN into an RSA token, and then enters the displayed RSA key on a login screen

The user enters a user name and password and then re-enters the credentials on a second screen

Question 119

Which properly is shared by 10GBase-SR and 10GBase-LR interfaces?

Options:

Both require fiber cable media for transmission.

Both require UTP cable media for transmission.

Both use the single-mode fiber type.

Both use the multimode fiber type.

Question 120

Which type of address is shared by routers in a HSRP implementation and used by hosts on the subnet as their default gateway address?

Options:

multicast address

loopback IP address

virtual IP address

broadcast address

Question 121

What is the functionality of the Cisco DNA Center?

Options:

data center network pokey con

console server that permits secure access to all network devices

IP address cool distribution scheduler

software-defined controller for automaton of devices and services

Question 122

Refer to the exhibit.

All routers in the network are configured correctly, and the expected routes are being exchanged among the routeis. Which set or routes are learned from neighbors and Installed on router 2?

Options:

Option A

Option B

Option C

Option D

Question 123

Refer to the exhibit.

A network administrator must permit traffic from the 10.10.0.0/24 subnet to the WAN on interlace Seria10. What is the effect of the configuration as the administrator applies the command?

Options:

The permit command fails and returns an error code.

The router accepts all incoming traffic to Seria10 with the last octet of the source IP set to 0.

The sourced traffic from IP range 10.0.0.0 -10.0.0.255 is allowed on Seria10.

The router fails to apply the access list to the interface.

Question 124

Refer to the exhibit.

How many JSON objects are represented?

Options:

Question 125

Which signal frequency appears 60 times per minute?

Options:

1 Hz signal

1 GHz signal

60 Hz signal

60 GHz signal

Question 126

What happens when a switch receives a frame with a destination MAC address that recently aged out?

Options:

The switch references the MAC address aging table for historical addresses on the port that received the frame.

The switch floods the frame to all ports in all VLANs except the port that received the frame

The switch drops the frame and learns the destination MAC address again from the port that received the frame

The switch floods the frame to all ports in the VLAN except the port that received the frame.

Question 127

Which QoS queuing method discards or marks packets that exceed the desired bit rate of traffic flow?

Options:

shaping

policing

CBWFQ

LLQ

Question 128

Drag and drop the configuration management terms from the left onto the descriptions on the right. Not all terms are used.

Options:

Question 129

In a cloud-computing environment what is rapid elasticity?

Options:

control and monitoring of resource consumption by the tenant

automatic adjustment of capacity based on need

pooling resources in a multitenant model based on need

self-service of computing resources by the tenant

Question 130

Refer to the exhibit.

Which types of JSON data is shown

Options:

Object

Sequence

String

boolean

Question 131

Refer to the exhibit.

Host A switch interface is configured in VLAN 2. Host D sends a unicast packet destined for the IP address of host A.

What does the switch do when it receives the frame from host D?

Options:

It creates a broadcast storm.

It drops the frame from the MAC table of the switch.

It shuts down the source port and places It In err-disable mode.

It floods the frame out of every port except the source port.

Question 132

What is a specification for SSIDS?

Options:

They are a Cisco proprietary security feature.

They must include one number and one letter.

They define the VLAN on a switch.

They are case sensitive.

Question 133

Refer to the exhibit.

A network engineer must configure R1 so that it sends all packets destined to the 10.0.0.0/24 network to R3, and all packets destined to PCI to R2. Which configuration must the engineer implement?

Options:

Option A

Option B

Option C

Option D

Question 134

Drag and drop the steps in a standard DNS lookup operation from the left into the order on the right.

Options:

Question 135

Which command configures the Cisco WLC to prevent a serial session with the WLC CLI from being automatical togged out?

Options:

config sessions maxsessions 0

config sessions timeout 0

config serial timeout 0

config serial timeout 9600

Question 136

Refer to the exhibit An IPv6 address must be obtained automatically on the LAN interface on R1 Which command must be implemented to accomplish the task?

Options:

Ipv6 address 2001:dbB:d8d2:1008:4343:61:0010::/64

Ipv6 address autoconfig

Ipv6 address fe80::/10

Ipv6 address dhcp

Question 137

Drag and drop the statements about AAA services firm the left onto the corresponding AAA services on the right Not all options are used.

Options:

Question 138

Refer to the exhibit.

Which command must be enable a floating default route on router A?

Options:

ip route 0.0.0.0 0.0.0.0 192.168.1.2

ip default-gateway 192.168.2.1

ip route 0.0.0.0 0.0.0.0 192.168.1.2 10

ip route 0.0.0.0 0.0.0.0 192.168.2.1 10

Question 139

Drag and drop the statements about networking from the left onto the corresponding networking types on the right. Not all statements are used.

Options:

Question 140

Which interface or port on the WLC is the default for in-band device administration and communications between the controller and access points?

Options:

virtual interface

management interface

console port

service port

Question 141

Which type of encryption does WPA1 use for data protection?

Options:

AES

TKIP

PEAP

EAP

Question 142

How does encryption project the wireless network?

Options:

via integrity checks to identify wireless forgery attacks in the frame

via specific ciphers to detect and prevent zero-day network attacks

via an algorithm to change wireless data so that only the access point and client understand it

via a policy to prevent unauthorized users from communicating on the wireless network

Question 143

Which two HTTP methods are suitable for actions performed by REST-based APIs? (Choose two.)

Options:

REMOVE

REDIRECT

OPOST

GET

UPOP

Question 144

Which WLC interface provides out-of-band management in the Cisco Unified Wireless Network Architecture?

Options:

service port

virtual

AP-Manager

dynamic

Question 145

Refer to Itie exhibit

A network engineer started to configure port security on a new switch. These requirements must be met:

* MAC addresses must be learned dynamically

* Log messages must be generated without disabling the interface when unwanted traffic is seen

Which two commands must be configured to complete this task"? (Choose two)

Options:

SW(ccnfig-if)=switchport port-security mac-address sticky

SW(confKj-if)=switchport port-security violation restrict

SW(config.if)sswitchport port-security mac-address 0010.7B84.45E6

SW(config-if)aswitchport port-security maximum 2

SW(ccnfig-if)=switchport port-security violation shutdown

Question 146

What is a function of an endpoint?

Options:

It is used directly by an individual user to access network services

It passes unicast communication between hosts in a network

It transmits broadcast traffic between devices in the same VLAN

It provides security between trusted and untrusted sections of the network.

Question 147

Refer to the exhibit. An engineer must translate the PC1 IP address to 10.199.77.100 and permit PC1 to ping the loopback 0 on router R2. What command set must be used?

Options:

Option A

Option B

Option C

Option D

Question 148

Refer to the exhibit.

Which two values does router R1 use to determine the best path to reach destinations in network 1,0.0.0/8? (Choose two.)

Options:

longest prefix match

highest administrative distance

highest metric

lowest metric

lowest cost to reach the next hop

Question 149

Refer to the exhibit.

When router R1 receives a packet with destination IP address 10.56.0 62. through which interface does it route the packet?

Options:

Null0

VIan58

Vlan60

VIan59

Question 150

How does authentication differ from authorization?

Options:

Authentication verifies the identity of a person accessing a network, and authorization determines what resource a user can access.

Authentication is used to record what resource a user accesses, and authorization is used to determine what resources a user can access

Authentication is used to determine what resources a user is allowed to access, and authorization is used to track what equipment is allowed access to the network

Authentication is used to verify a person's identity, and authorization is used to create syslog messages for logins.

Question 151

What is a zero-day exploit?

Options:

It is when a new network vulnerability is discovered before a fix is available

It is when the perpetrator inserts itself in a conversation between two parties and captures or alters data.

It is when the network is saturated with malicious traffic that overloads resources and bandwidth

It is when an attacker inserts malicious code into a SOL server.

Question 152

Drag and drop the AAA features from the left onto the corresponding AAA security services on the right. Not all options are used.

Options:

Question 153

What are two reasons to implement DHCP in a network? (Choose two.)

Options:

reduce administration time in managing IP address ranges for clients

control the length of time an IP address is used by a network device

manually control and configure IP addresses on network devices

dynamic control over the best path to reach an IP address

access a website by name instead of by IP address

Question 154

What are two reasons lo configure PortFast on a switch port attached to an end host? (Choose two.)

Options:

to enable the number of MAC addresses learned on the port to l

to protect the operation of the port from topology change processes

to enable the pod to enter the forwarding state immediately when the host boots up

to prevent the port from participating in Spanning Tree Protocol operations

to block another switch or host from communicating through the port

Question 155

To improve corporate security, an organization is planning to implement badge authentication to limit access to the data center. Which element of a security program is being deployed?

Options:

user training

user awareness

vulnerability verification

physical access control

Question 156

What is the collapsed layer in collapsed core architectures?

Options:

core and WAN

access and WAN

distribution and access

core and distribution

Question 157

Drag and drop each characteristic of device-management technologies from the left onto the deployment type on the right.

Options:

Question 158

Refer to the exhibit.

What must be configured to enable 802.11w on the WLAN?

Options:

Set PMF to Required.

Enable MAC Filtering.

Enable WPA Policy.

Set Fast Transition to Enabled

Question 159

Which two IPv6 addresses are used to provide connectivity between two routers on a shared link? (Choose two)

Options:

::ffif 1014 1011/96

2001 7011046:1111:1/64

;jff06bb43cd4dd111bbff02 4545234d

2002 5121204b 1111:1/64

FF02::0WlFF00:0l)00/104

Question 160

What does a switch search for in the CAM table when forwarding a frame?

Options:

source MAC address and aging time

destination MAC address and flush time

source MAC address and source port

destination MAC address and destination port

Question 161

When a WPA2-PSK WLAN is configured in the Wireless LAN Controller, what is the minimum number of characters that is required in ASCII format?

Options:

Question 162

Which two HTTP methods are suitable for actions performed by REST-based APIs? (Choose two.)

Options:

REMOVE

REDIRECT

OPOST

GET

UPOP

Question 163

Which two transport layer protocols carry syslog messages? (Choose two.)

Options:

TCP

RTP

UDP

ARP

Question 164

Refer to the exhibit.

A network engineer must configure the link with these requirements:

• Consume as few IP addresses as possible.

• Leave at least two additional useable IP addresses for future growth.

Which set of configurations must be applied?

Options:

Option A

Option B

Option C

Option D

Question 165

Refer to the exhibit.

What is the subnet mask for route 172.16.4.0?

Options:

255.255.248.0

255.255.254.0

255.255.255.192

255.255.240.0

Question 166

Refer to the exhibit.

Wireless LAN access must be set up to force all clients from the NA WLAN to authenticate against the local database. The WLAN is configured for local EAP authentication. The time that users access the network must not be limited. Which action completes this configuration?

Options:

Uncheck the Guest User check box

Check the Guest User Role check box

Set the Lifetime (seconds) value to 0

Clear the Lifetime (seconds) value

Question 167

What is the purpose of the Cisco DNA Center controller?

Options:

to secure physical access to a data center

to scan a network and generate a Layer 2 network diagram

to securely manage and deploy network devices

to provide Layer 3 services to autonomous access points

Question 168

What differentiates device management enabled by Cisco DNA Center from traditional campus device management?

Options:

per-device

centralized

device-by-device hands-on

CLI-oriented device

Question 169

Options:

Question 170

A DHCP pool has been created with the name NOCC. The pool is using 192.168.20.0/24 and must use the next to last usable IP address as the default gateway for the DHCP clients. What is the next step in the process?

Options:

default-router192.168.20.253

network 192.168.20.254 255.255.255.0 secondary

ip default-gateway 0.0.0.0 0.0.0.0 192.168.20.253

next-server 192.168.20.254

Question 171

Which Windows command is used instead of the route print command to display the contents of the IP routing table?

Options:

netstat-n

ipconfig

ifconfig

netstat-r

Question 172

Which IPsec encryption mode is appropriate when the destination of a packet differs from the security termination point?

Options:

tunnel

transport

aggressive

main

Question 173

When an access point is seeking to join wireless LAN controller, which message is sent to the AP- Manager interface?

Options:

Discovery response

DHCP request

DHCP discover

Discovery request

Question 174

Which remote access protocol provides unsecured remote CLI access?

Options:

console

Telnet

Bash

SSH

Question 175

How do TCP and UDP fit into a query-response model?

Options:

TCP establishes a connection prior to sending data, and UDP sends immediately.

TCP uses error detection for packets, and UDP uses error recovery.

TCP avoids using sequencing, and UDP avoids using acknowledgments.

TCP encourages out-of-order packet delivery, and UDP prevents re-ordering.

Question 176

Drag and drop the functions of AAA supporting protocols from the left onto the protocols on the right.

Options:

Question 177

Refer to the exhibit.

Rapid PVST+ mode is on the same VLAN on each switch. Which switch becomes the root bridge and why?

Options:

SW2, because its MAC address is the highest

SW3, because its priority is the highest

SW4, because its priority is highest and its MAC address is lower

SW1, because its priority is the lowest and its MAC address is higher

Question 178

Refer to the exhibit.

The DHCP server and clients are connected to the same switch. What is the next step to complete the DHCP configuration to allow clients on VLAN 1 to receive addresses from the DHCP server?

Options:

Configure the ip dhcp snooping trust command on the interlace that is connected to the DHCP client.

Configure the ip dhcp relay information option command on the interface that is connected to the DHCP client.

Configure the ip dhcp snooping trust command on the interface that is connected to the DHCP server.

Configure the Ip dhcp relay information option command on the interface that is connected to the DHCP server.

Question 179

Which two components comprise part of a PKI? (Choose two.)

Options:

preshared key that authenticates connections

RSA token

CA that grants certificates

clear-text password that authenticates connections

one or more CRLs

Question 180

What causes a port to be placed in the err-disabled state?

Options:

nothing plugged into the port

link flapping

shutdown command issued on the port

latency

Question 181

Refer to the exhibit.

The router has been configured with a supernet to accommodate the requirement for 380 users on a subnet The requirement already considers 30% future growth. Which configuration verifies the IP subnet on router R4?

Options:

Option A

Option B

Option C

Option D

Question 182

Refer to the exhibit.

Packets received by the router from BGP enter via a serial interface at 209 165 201 1 Each route is present within the routing table Which interface is used to forward traffic with a destination IP of 10.1.1.19?

Options:

F0/4

F0/0

F0/1

F0/3

Question 183

Refer to the exhibit.

Routers R1 and R3 have the default configuration The router R2 priority is set to 99 Which commands on R3 configure it as the DR in the 10.0 4.0/24 network?

Options:

R3(config)#interface Gig0/1 R3(config-if)#ip ospf priority 100

R3(config)#interface Gig0/0 R3(config-if)#ip ospf priority 100

R3(config)#interface Gig0/0 R3(config-if)i=ip ospf priority 1

R3(config)#interface Gig0/1 R3(config-if)#ip ospf priority 0

Question 184

Refer to the exhibit.

Which configuration enables DHCP addressing for hosts connected to interface FastEthernetO/1 on router R4?

Options:

interface FastEthernet0/0

ip helper-address 10.0.1.1

access-list 100 permit udp host 10.0.1.1 eq bootps host 10.148.2.1

interface FastEthernot0/1

ip helper-address 10.0.1.1

access-list 100 permit tcp host 10.0.1.1 eq 67 host 10.148.2.1

interface FastEthernetO/0

ip helper-address 10.0.1.1

access-list 100 permit host 10.0.1.1 host 10.148.2.1 eq bootps

interface FastEthernet0/1

ip helper-address 10.0.1.1

access-list 100 permit udp host 10.0.1.1 eq bootps host 10.148.2.1

Question 185

Which two network actions occur within the data plane? (Choose two.)

Options:

Add or remove an 802.1Q trunking header.

Make a configuration change from an incoming NETCONF RPC.

Run routing protocols.

Match the destination MAC address to the MAC address table.

Reply to an incoming ICMP echo request.

Question 186

Refer to the exhibit.

Web traffic is coming in from the WAN interface. Which route takes precedence when the router is processing traffic destined for the LAN network at 10 0.10.0/24?

Options:

via next-hop 10.0.1.5

via next-hop 10 0 1.4

via next-hop 10.0 1.50

via next-hop 10.0 1 100

Question 187

Refer to the exhibit.

Which plan must be Implemented to ensure optimal QoS marking practices on this network?

Options:

As traffic traverses MLS1 remark the traffic, but trust all markings at the access layer.

Trust the IP phone markings on SW1 and mark traffic entering SW2 at SW2.

Remark traffic as it traverses R1 and trust all markings at the access layer.

As traffic enters from the access layer on SW1 and SW2. trust all traffic markings.

Question 188

Refer to the exhibit.

Which two commands must be added to update the configuration of router R1 so that it accepts only encrypted connections? (Choose two )

Options:

username CNAC secret R!41!4319115@

ip ssh version 2

line vty 0 4

crypto key generate rsa 1024

transport input ssh

Question 189

Refer to the exhibit.

Switch A is newly configured. All VLANs are present in the VLAN database. The IP phone and PC A on Gi0/1 must be configured for the appropriate VLANs to establish connectivity between the PCs. Which command set fulfills the requirement?

Options:

Option A

Option B

Option C

Option D

Question 190

What are two benefits of FHRPs? (Choose two.)

Options:

They enable automatic failover of the default gateway.

They allow multiple devices to serve as a single virtual gateway for clients in the network.

They are able to bundle multiple ports to increase bandwidth.

They prevent loops in the Layer 2 network.

They allow encrypted traffic.

Question 191

What is the purpose of the ip address dhcp command?

Options:

to configure an Interface as a DHCP server

to configure an interface as a DHCP helper

to configure an interface as a DHCP relay

to configure an interface as a DHCP client

Question 192

Refer to the exhibit.

Which two commands must be configured on router R1 to enable the router to accept secure remote-access connections? (Choose two)

Options:

transport input telnet

crypto key generate rsa

ip ssh pubkey-chain

username cisco password 0 Cisco

Question 193

Refer to the exhibit.

Which configuration allows routers R14 and R86 to form an OSPFv2 adjacency while acting as a central point for exchanging OSPF information between routers?

Options:

Option A

Option B

Option C

Option D

Question 194

Refer to the exhibit.

Site A was recently connected to site B over a new single-mode fiber path. Users at site A report Intermittent connectivity Issues with applications hosted at site B. What is the reason for the problem?

Options:

Heavy usage is causing high latency.

An incorrect type of transceiver has been inserted into a device on the link.

physical network errors are being transmitted between the two sites.

The wrong cable type was used to make the connection.

Question 195

Refer to the exhibit.

Which switch becomes the root of a spanning tree for VLAN 20 if all li links are of equal speed?

Options:

SW1

SW2

SW3

SW4

Question 196

What is a requirement when configuring or removing LAG on a WLC?

Options:

The Incoming and outgoing ports for traffic flow must be specified If LAG Is enabled.

The controller must be rebooted after enabling or reconfiguring LAG.

The management interface must be reassigned if LAG disabled.

Multiple untagged interfaces on the same port must be supported.

Question 197

Which action implements physical access control as part of the security program of an organization?

Options:

configuring a password for the console port

backing up syslogs at a remote location

configuring enable passwords on network devices

setting up IP cameras to monitor key infrastructure

Question 198

A Cisco engineer is configuring a factory-default router with these three passwords:

• The user EXEC password for console access is p4ssw0rd1

• The user EXEC password for Telnet access is s3cr3t2

• The password for privileged EXEC mode is pnv4t3p4ss Which command sequence must the engineer configured

Options:

Option A

Option B

Option C

Option D

Question 199

Refer to the exhibit.

R1 learns all routes via OSPF Which command configures a backup static route on R1 to reach the 192 168.20.0/24 network via R3?

Options:

R1(config)#ip route 192.168.20.0 255.255.0.0 192.168.30.2

R1(config)#ip route 192.168.20.0 255.255.255.0 192.168.30.2 90

R1(config)#ip route 192.168.20.0 255.255.255.0 192.168.30.2 111

R1(config)#ip route 192.168.20.0 255.255.255.0 192.168.30.2

Question 200

Refer to the exhibit.

An engineer built a new L2 LACP EtherChannel between SW1 and SW2 and executed these show commands to verify the work. Which additional task allows the two switches to establish an LACP port channel?

Options:

Change the channel-group mode on SW2 to auto

Change the channel-group mode on SW1 to desirable.

Configure the interface port-channel 1 command on both switches.

Change the channel-group mode on SW1 to active or passive.

Question 201

Refer to the exhibit.

Which next-hop IP address does Routed use for packets destined to host 10 10.13.158?

Options:

10.10.10.5

10.10.11.2

10.10.12.2

10.10.10.9

Question 202

What provides centralized control of authentication and roaming In an enterprise network?

Options:

a lightweight access point

a firewall

a wireless LAN controller

a LAN switch

Question 203

Refer to the exhibit.

All VLANs are present in the VLAN database. Which command sequence must be applied to complete the configuration?

Options:

Interface FastEthernet0/1 switchport trunk native vlan 10 switchport trunk allowed vlan 10,15

Interface FastEthernet0/1 switchport mode trunk switchport trunk allowed vlan 10,15

interface FastEthernet0/1 switchport mode access switchport voice vlan 10

Interface FastEthernet0/1 switchport trunk allowed vlan add 10 vlan 10 private-vlan isolated

Question 204

A network engineer must configure two new subnets using the address block 10 70 128 0/19 to meet these requirements:

• The first subnet must support 24 hosts

• The second subnet must support 472 hosts

• Both subnets must use the longest subnet mask possible from the address block

Which two configurations must be used to configure the new subnets and meet a requirement to use the first available address in each subnet for the router interfaces? (Choose two )

Options:

interface vlan 1234

ip address 10.70.159.1 255.255.254.0

interface vlan 1148

ip address 10.70.148.1 255.255.254.0

interface vlan 4722

ip address 10.70.133.17 255.255.255.192

interface vlan 3002

ip address 10.70.147.17 255.255.255.224

interface vlan 155

ip address 10.70.155.65 255.255.255.224

Question 205

What is a function of a Next-Generation IPS?

Options:

makes forwarding decisions based on learned MAC addresses

serves as a controller within a controller-based network

integrates with a RADIUS server to enforce Layer 2 device authentication rules

correlates user activity with network events

Question 206

Which protocol is used for secure remote CLI access?

Options:

HTTPS

HTTP

Telnet

SSH

Question 207

What is a function of Opportunistic Wireless Encryption in an environment?

Options:

offer compression

increase security by using a WEP connection

provide authentication

protect traffic on open networks

Question 208

Which QoS per-hop behavior changes the value of the ToS field in the IPv4 packet header?

Options:

shaping

classification

policing

marking

Question 209

Refer to the exhibit.

Which command configures OSPF on the point-to-point link between routers R1 and R2?

Options:

router-id 10.0.0.15

neighbor 10.1.2.0 cost 180

ipospf priority 100

network 10.0.0.0 0.0.0.255 area 0

Question 210

Refer to the exhibit.

Which route must be configured on R1 so that OSPF routing is used when OSPF is up. but the server is still reachable when OSPF goes down?

Options:

ip route 10.1.1.10 255.255.255.255 172.16.2.2 100

ip route 10.1.1.0 255.255.255.0 gi0/1 125

ip route 10.1.1.0 255.255.255.0 172.16.2.2 100

ip route 10.1.1.10 255.255.255.255 gi0/0 125

Question 211

Refer to the exhibit.

Packets received by the router from BGP enter via a serial interface at 209.165.201.10. Each route is present within the routing table. Which interface is used to forward traffic with a destination IP of 10.10.10.24?

Options:

F0/10

F0/11

F0/12

F0/13

Question 212

Which type of network attack overwhelms the target server by sending multiple packets to a port until the half-open TCP resources of the target are exhausted?

Options:

SYIM flood

reflection

teardrop

amplification

Question 213

Refer to the exhibit.

Users on existing VLAN 100 can reach sites on the Internet. Which action must the administrator take to establish connectivity to the Internet for users in VLAN 200?

Options:

Define a NAT pool on the router.

Configure static NAT translations for VLAN 200.

Configure the ip nat outside command on another interface for VLAN 200.

Update the NAT INSIDF RANGFS ACL

Question 214

Refer to the exhibit.

An engineer is updating the R1 configuration to connect a new server to the management network. The PCs on the management network must be blocked from pinging the default gateway of the new server. Which command must be configured on R1 to complete the task?

Options:

R1(config)#lp route 172.16.2.2 255.255.255.248 gi0/1

R1(config)#jp route 172.16.2.2 255.255.255.255 gi0/0

R1(config>#ip route 172.16.2.0 255.255.255.0 192.168.1.15

R1(conflg)#ip route 172.16.2.0 255.255.255.0 192.168.1.5

Question 215

Refer to the exhibit.

Which minimum configuration items are needed to enable Secure Shell version 2 access to R15?

Options:

Option A

Option B

Option C

Option D

Question 216

Which PoE mode enables powered-device detection and guarantees power when the device is detected?

Options:

dynamic

static

active

auto

Question 217

Refer to the exhibit.

Router R1 resides in OSPF Area 0. After updating the R1 configuration to influence the paths that it will use to direct traffic, an engineer verified that each of the four Gigabit interfaces has the same route to 10.10.0.0/16. Which interface will R1 choose to send traffic to reach the route?

Options:

GigabitEthernet0/0

GigabltEthornet0/1

GigabitEthernet0/2

GigabitEthernet0/3

Question 218

Refer to the exhibit.

A static route must be configured on R14 to forward traffic for the 172 21 34 0/25 network that resides on R86 Which command must be used to fulfill the request?

Options:

ip route 172.21.34.0 255.255.255.192 10.73.65.65

ip route 172.21.34.0 255.255.255.0 10.73.65.65

ip route 172.21.34.0 255.255.128.0 10.73.65.64

ip route 172.21.34.0 255.255.255.128 10.73.65.66

Question 219

Which interface mode must be configured to connect the lightweight APs in a centralized architecture?

Options:

WLAN dynamic

management

trunk

access

Question 220

Refer to the exhibit.

Which network prefix was learned via EIGRP?

Options:

172.16.0.0/16

192.168.2.0/24

207.165.200.0/24

192.168.1.0/24

Question 221

Refer to the exhibit.

What is a reason for poor performance on the network interface?

Options:

The interface is receiving excessive broadcast traffic.

The cable connection between the two devices is faulty.

The interface is operating at a different speed than the connected device.

The bandwidth setting of the interface is misconfigured

Question 222

Refer to the exhibit.

An engineer is configuring a new router on the network and applied this configuration. Which additional configuration allows the PC to obtain its IP address from a DHCP server?

Options:

Configure the ip dhcp relay information command under interface Gi0/1.

Configure the ip dhcp smart-relay command globally on the router

Configure the ip helper-address 172.16.2.2 command under interface Gi0/0

Configure the ip address dhcp command under interface Gi0/0

Question 223

A network engineer must implement an IPv6 configuration on the vlan 2000 interface to create a routable locally-unique unicast address that is blocked from being advertised to the internet. Which configuration must the engineer apply?

Options:

interface vlan 2000

ipv6 address ffc0:0000:aaaa::1234:2343/64

interface vlan 2000

Ipv6 address fc00:0000:aaaa:a15d:1234:2343:8aca/64

interface vlan 2000

ipv6 address fe80;0000:aaaa::1234:2343/64

interface vlan 2000

ipv6 address fd00::1234:2343/64

Question 224

What is one reason to implement LAG on a Cisco WLC?

Options:

to increase security and encrypt management frames

to provide link redundancy and load balancing

to allow for stateful and link-state failover

to enable connected switch ports to failover and use different VLANs

Question 225

Drag and drop the threat-mitigation techniques from the left onto the types of threat or attack they mitigate on the right.

Options:

Question 226

R1 as an NTP server must have:

• NTP authentication enabled

• NTP packets sourced from Interface loopback 0

• NTP stratum 2

• NTP packets only permitted to client IP 209.165 200 225

How should R1 be configured?

Options:

Option A

Option B

Option C

Option D

Question 227

Refer to the exhibit.

An engineer assumes a configuration task from a peer Router A must establish an OSPF neighbor relationship with neighbor 172 1 1 1 The output displays the status of the adjacency after 2 hours. What is the next step in the configuration process for the routers to establish an adjacency?

Options:

Configure router A to use the same MTU size as router B.

Set the router B OSPF ID to a nonhost address.

Configure a point-to-point link between router A and router B.

Set the router B OSPF ID to the same value as its IP address

Question 228

Which protocol uses the SSL?

Options:

HTTP

SSH

HTTPS

Telnet

Question 229

Refer to the exhibit.

The link between PC1 and the switch is up. but it is performing poorly. Which interface condition is causing the performance problem?

Options:

There is a duplex mismatch on the interface

There is an issue with the fiber on the switch interface.

There is a speed mismatch on the interface.

There is an interface type mismatch

Question 230

Drag and drop the characteristics of networking from the left onto the networking types on the right.

Options:

Question 231

Refer to the exhibit.

An engineer is configuring the HO router. Which IPv6 address configuration must be applied to the router fa0'1 interface for the router to assign a unique 64-brt IPv6 address to Itself?

Options:

ipv6 address 2001:DB8:0:1:C601:42FF:FE0F:7/64

ipv6 address 2001:DB8:0:1:C601:42FE:800F:7/64

ipv6 address 2001 :DB8:0:1:FFFF:C601:420F:7/64

iov6 address 2001 :DB8:0:1:FE80:C601:420F:7/64

Question 232

Which characteristic differentiates the concept of authentication from authorization and accounting?

Options:

user-activity logging

service limitations

consumption-based billing

identity verification

Question 233

What is the function of the controller in a software-defined network?

Options:

multicast replication at the hardware level

fragmenting and reassembling packets

making routing decisions

forwarding packets

Question 234

A network administrator is setting up a new IPv6 network using the 64-bit address 2001 0EB8 00C1 2200:0001 0000 0000 0331/64 To simplify the configuration the administrator has decided to compress the address Which IP address must the administrator configure?

Options:

ipv6 address 21:EB8:C1:2200:1::331/64

ipv6 address 2001:EB8:C1:22:1::331/64

ipv6 address 2001 :EB8:C 1:2200.1 ::331-64

ipv6 address 2001:EB8:C1:2200:1:0000:331/64

Question 235

Which Layer 2 switch function encapsulates packets for different VLANs so that the packets traverse the same port and maintain traffic separation between the VLANs?

Options:

VLAN numbering

VLAN DSCP

VLAN tagging

VLAN marking

Question 236

Which value is the unique identifier that an access point uses to establish and maintain wireless connectivity to wireless network devices?

Options:

VLANID

SSID

RFID

WLANID

Exam Detail

Vendor: Cisco

Certification: CCNA

Exam Code: 200-301

Exam Name: Cisco Certified Network Associate

Last Update: Mar 10, 2025

200-301 Question Answers

Pre-Summer Special - Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: top65certs

Free and Premium Cisco 200-301 Dumps Questions Answers

Cisco Certified Network Associate Questions and Answers

Options:

Answer:

Explanation:

Options:

Answer:

Explanation:

Options:

Answer:

Explanation:

Options:

Answer:

Explanation:

Options:

Answer:

Explanation:

Options:

Answer:

Explanation:

Options:

Answer:

Explanation:

Options:

Answer:

Explanation:

Options:

Answer:

Explanation:

Options:

Answer:

Explanation:

Options:

Answer:

Explanation:

Options:

Answer:

Options:

Answer:

Explanation:

Options:

Answer:

Options:

Answer:

Explanation:

Options:

Answer:

Options:

Answer:

Explanation:

Options:

Answer:

Explanation:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Explanation:

Options:

Answer:

Options:

Answer:

Explanation:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Explanation:

Options:

Answer:

Options: