Cisco Certified Network Associate 200-301 Exam

Questions and Answers

Which two outcomes are predictable behaviors for HSRP? (Choose two)

• The two routers share the same interface IP address, and default gateway traffic is load-balanced between them.
• The two routers share a virtual IP address that is used as the default gateway for devices on the LAN. (correct)
• The two routers synchronize configurations to provide consistent packet forwarding.
• Each router has a different IP address, both routers act as the default gateway on the LAN, and traffic is load-balanced between them.
• The two routers negotiate one router as the active router and the other as the standby router. (correct)

How does HSRP provide first hop redundancy?

• It load-balances Layer 2 traffic along the path by flooding traffic out all interfaces configured with the same VLAN.
• It forwards multiple packets to the same destination over different routed links in the data path.
• It uses a shared virtual MAC and a virtual IP address to a group of routers that serve as the default gateway for hosts on a LAN. (correct)
• It load-balances traffic by assigning the same metric value to more than one route to the same destination in the IP routing table.

Which command corrects the configuration issue for workstations on VLAN 20 at Site B to reach a DNS server on the Internet? Add the command: Configure the _ command on R1.

ip route 0.0.0.0 0.0.0.0 10.10.10.18

What OSPF network type is seen on a serial interface running encapsulation PPP by default?

Point-to-point (B)

Match the following OSPF neighbor adjacency parameters:

Init = Verifies the designated router is in the proper mode. 2-way = Exchange = Full =

What is an advantage of Cisco DNA Center versus traditional campus device management?

It supports numerous extensibility options, including cross-domain adapters and third-party SDKs. (B)

What are two fundamentals of virtualization?

It allows logical network devices to move traffic between virtual machines and the rest of the physical network. (A), It allows multiple operating systems and applications to run independently on one physical server. (C)

How does Cisco DNA Center gather data from the network?

Network devices use different services like SNMP, syslog, and streaming telemetry to send data to the controller. (D)

Which type of route does R1 use to reach host 10.10.13.10/32?

Network route (A)

Which prefix does Router1 use for traffic to Host A?

10.10.13.208/29 (A)

A frame that enters a switch fails the Frame Check Sequence. Which two interface counters are incremented? (Choose two)

CRC (A), Input errors (B)

Match the IPv4 network subnets with their correct usable host ranges.

To be filled with IPv4 network subnet = To be filled with corresponding usable host range

How do TCP and UDP differ in the way that they establish a connection between two endpoints?

TCP uses the three-way handshake, and UDP does not guarantee message delivery (C)

Which 802.11 frame type is association response?

Management (A)

In which way does a spine-and-leaf architecture allow for scalability in a network when additional access ports are required?

A leaf switch can be added with connections to every spine switch (A)

Which statement identifies the functionality of virtual machines?

The hypervisor can virtualize physical components including CPU, memory, and storage (D)

Which command automatically generates an IPv6 address from a specified IPv6 prefix and MAC address of an interface?

ipv6 address autoconfig (B)

When configuring IPv6 on an interface, which two IPv6 multicast groups are joined?

FF02::2 (B), FF02::1 (C)

Which type of security program is in place when the webpage reports safety but warns about a potentially malicious link?

User awareness (B)

Which feature on the Cisco Wireless LAN Controller when enabled restricts management access from specific networks?

CPU ACL (C)

Which set of actions satisfy the requirement for multifactor authentication?

The user enters a user name and password, then clicks a notification in an authentication app on a mobile device. (C)

Which configuration is needed to generate an RSA key for SSH on a router?

Assign a DNS domain name. (D)

An extended ACL has been configured and applied to a router but failed to work as intended. Which two changes can stop outbound traffic on TCP ports 25 and 80 to a specific subnet while allowing all other traffic? (Choose two)

Swap the source and destination IPs in the ACL. (A), Add a 'permit ip any any' statement at the end of the ACL for allowed traffic. (C)

An engineer must configure a WLAN using the strongest encryption type for WPA2-PSK. Which cipher fulfills the configuration requirement?

AES (C)

What makes Cisco DNA Center different from traditional network management applications and their management of networks?

It abstracts policy from the actual device configuration. (C)

What are two differences between optical-fiber cabling and copper cabling?

B. The glass core component is encased in a cladding (D), D. Light is transmitted through the core of the fiber (E)

How does CAPWAP communicate between an access point in local mode and a WLC?

The access point has the ability to link to any switch in the network, assuming connectivity to the WLC (B)

Which IPv6 address block forwards packets to a multicast address rather than a unicast address?

FF00::/12 (B)

What is the difference regarding reliability and communication type between TCP and UDP?

TCP is reliable and is a connection-oriented protocol; UDP is not reliable and is a connectionless protocol. (B)

Which type of IPv6 address is publicly routable in the same way as IPv4 public addresses?

global unicast (D)

What is the expected outcome when an EUI-64 address is generated?

The seventh bit of the original MAC address of the interface is inverted (A)

A corporate office uses four floors in a building with differing numbers of users per floor. Which subnet summarizes and gives the most efficient distribution of IP addresses for the router configuration?

192.168.0.0/25 as summary and 192.168.0.0/27 for each floor (D)

An engineer must add a subnet for a new office that will add 20 users to the network. The engineer assigns the IPv4 network 10.10.225.32 with subnet mask ______.

255.255.255.224

What is a characteristic of spine-and-leaf architecture?

Each device is separated by the same number of hops (A)

Which statement about Link Aggregation when implemented on a Cisco Wireless LAN Controller is true?

One functional physical port is needed to pass client traffic (D)

Which two conditions must be met before SSH can operate normally on a Cisco IOS switch?

The ip domain-name command must be configured on the switch (A), The switch must be running a k9 (crypto) IOS image (E)

Which password must an engineer use to enter the enable mode?

testing1234

After the switch configuration shown in the exhibit, the ping test fails between PC A and PC B. Based on the output for switch 1, which error must be corrected?

There is a native VLAN mismatch (B)

Which mode must be used to configure EtherChannel between two switches without using a negotiation protocol?

on (C)

To which device does Router1 send packets that are destined to host 10.10.13.165?

Router3 (A)

R1 has learned route 10.10.10.0/24 via numerous routing protocols. Which route is installed?

Route with the lowest administrative distance (A)

Which two minimum parameters must be configured on an active interface to enable OSPFV2 to operate? (Choose two)

OSPF area (A), OSPF process ID (B)

What commands are needed to add a subinterface to Ethernet0/0 on R1 to allow for VLAN 20, with IP address 10.20.20.1/24?

R1(config)#interface ethernet0/0.20 R1(config)#encapsulation dot1q 20 R1(config)#ip address 10.20.20.1 255.255.255.0

Which two actions are performed by the Weighted Random Early Detection mechanism? (Choose two)

It can mitigate congestion by preventing the queue from filling up (B), It drops lower-priority packets before it drops higher-priority packets (C)

An engineer configured NAT translations and verified that the configuration is correct. Which IP address is the source IP after the NAT has taken place?

172.23.103.10 (B)

If a notice-level message is sent to a syslog server, the event that has occurred is that an ARP inspection has failed.

False (B)

Which command enables a router to become a DHCP client?

ip dhcp client (C)

Two switches are connected and using Cisco Dynamic Trunking Protocol. SW1 is set to Dynamic Auto and SW2 is set to Dynamic Desirable. What is the result of this configuration?

The link becomes a trunk port. (C)

A Cisco IP phone receives untagged data traffic from an attached PC. What action is taken by the phone?

It allows the traffic to pass through unchanged. (B)

Which design element is a best practice when deploying an 802.11b wireless infrastructure?

Allocating non-overlapping channels to access points that are in close physical proximity to one another. (B)

What command accomplishes the task of having VLAN 67 traffic untagged between Switch 1 and Switch 2, while keeping other VLANs tagged?

switchport trunk native vlan 67

Which two command sequences must be configured on a switch to establish a Layer 3 EtherChannel with an open-standard protocol?

interface GigabitEthernet0/0/1, channel-group 10 mode active (B), interface port-channel 10, switchport, switchport mode trunk (D)

Match the following commands used to create port channel 10:

int range g0/0-1, channel-group 10 mode active = A int range g0/0-1, channel-group 10 mode desirable = C int range g0/0-1, channel-group 10 mode passive = C int range g0/0-1, channel-group 10 mode auto = A int range g0/0-1, channel-group 10 mode on = B

An administrator is configuring a voice VLAN. What is the expected outcome when a Cisco phone is connected to a specific port on a switch?

The phone sends and receives data in VLAN 50, but a connected workstation operates on VLAN 1. (A)

When an untagged frame is received on GigabitEthernet0/1 interface of SW1, which VLAN is the frame processed in?

VLAN 5 (C)

Match the following conclusions based on the configuration shown:

The root port is FastEthernet 2/1 = A The designated port is FastEthernet 2/1 = B The spanning-tree mode is PVST+ = E This is a root bridge = A The spanning-tree mode is Rapid PVST+ = E

To map the topology of a multivendor network, which command must be configured on Cisco devices?

Device(config)#lldp run (B)

How do AAA operations differ regarding user identification, user services, and access control?

Authentication identifies users, and accounting tracks user services. (D)

What is the difference between RADIUS and TACACS+?

TACACS+ separates authentication and authorization, and RADIUS merges them. (A)

What is a difference between local AP mode and FlexConnect AP mode?

FlexConnect AP mode bridges the traffic from the AP to the WLC when local switching is configured. (D)

What does router R1 use as its OSPF router-ID?

172.16.15.10 (C)

When OSPF learns multiple paths to a network, how does it select a route?

It divides a reference bandwidth of 100 Mbps by the actual bandwidth of the exiting interface to calculate the route with the lowest cost. (D)

When a floating static route is configured, what action ensures that the backup route is used when the primary route fails?

The floating static route must have a higher administrative distance than the primary route so it is used as a backup. (A)

Based on the 'show ip ospf interface' command output on R1, how is OSPF configured on the interface?

The default Hello and Dead timers are in use. (A)

By default, what kind of OSPF network does an interface belong to when advertised in OSPF?

Broadcast (B)

Which attribute does a router use to select the best path when two or more different routes to the same destination exist from two different routing protocols?

Administrative distance (D)

Router A learns the same route from OSPF and EIGRP neighbors. What is the administrative distance of the route installed in the routing table?

90 (C)

An engineer sets up a new circuit through eBGP on the Gi0/1 interface of Router 1, learning the route to VLAN25. How does traffic flow for route 10.10.13.0/25?

Traffic is sent using the original route learned via Gi0/0 for 10.10.13.0/25. (C)

What influences the EIGRP route selection process?

Choosing the best backup path as a feasible successor to the destination route. (A), Calculating the feasible distance of all paths to the destination route. (C)

In the network setup shown, how does Router2 handle traffic from Site B to 10.10.13.128/25 at Site A if OSPF is running?

It load-balances using Fa0/1 and Fa0/2. (C)

Study Notes

Network Fundamentals

• The CCNA 200-301 exam has a passing score of 800, a time limit of 120 minutes, and is divided into 6 sections: Network Fundamentals, Network Access, IP Connectivity, IP Services, Security Fundamentals, and Automation and Programmability.
• Route types:
  • Network route: used to reach host 10.10.13.10/32
  • Host route: used to reach a specific host
  • Default route: used to reach destinations not in the routing table
• File-transfer protocols:
  • FTP (File Transfer Protocol)
  • SFTP (Secure File Transfer Protocol)
  • TFTP (Trivial File Transfer Protocol)
• Frame Check Sequence (FCS) errors:
  • Increment the input error counter
  • Increment the CRC error counter
• IPv6 address types:
  • Link-local: provides communication between devices on the same link
  • Unique local: provides communication between subnets and cannot be routed on the Internet
  • Global unicast: publicly routable and can be routed on the Internet
  • Multicast: forwards packets to a group of devices
• Switching:
  • Late collisions occur when a collision is detected late in the transmission process
  • Frame flooding: sends frames to all ports in the same VLAN except the originating port
  • Spanning tree: prevents switching loops and broadcast storms
• Wireless networking:
  • Wireless LAN Controller (WLC): provides centralized management and configuration of wireless networks
  • Lightweight AP: uses the WLC to manage and configure wireless networks
  • Autonomous AP: does not use a WLC and is managed and configured locally

Network Access

• Link Aggregation:
  • Requires two or more ports to be configured
  • Provides increased bandwidth and redundancy
  • Can be configured in "mode active"
• SSH (Secure Shell):
  • Requires a k9 (crypto) IOS image
  • Requires the ip domain-name command to be configured
  • Provides secure remote access to network devices
• Spanning tree:
  • PortFast: minimizes spanning tree convergence time
  • BPDU (Bridge Protocol Data Unit) messages: used to detect and prevent switching loops
  • Root port: the port that is closest to the root bridge

IP Connectivity

• IPv4 subnetting:
  • The most efficient subnet is one that minimizes wasted addresses
  • Subnets can be summarized to reduce the number of routes in the routing table
• IPv6 address configuration:
  • EUI-64 (Extended Unique Identifier 64-bit) address: uses the MAC address of the interface
  • SLAAC (Stateless Address Autoconfiguration): allows hosts to configure their own IPv6 addresses

IP Services

• DHCP (Dynamic Host Configuration Protocol):
  • Provides IP addresses and other network settings to hosts
  • Can be used to reserve IP addresses for specific devices

Security Fundamentals

• Network security:
  • Private IP addresses: cannot be routed on the Internet
  • NAT (Network Address Translation): translates private IP addresses to public IP addresses
• Access control:
  • Passwords: can be used to authenticate and authorize access to network devices
  • SSH: provides secure remote access to network devices

Automation and Programmability

• Network automation:
  • Can be used to simplify network configuration and management
  • Can be used to reduce errors and increase efficiency### Network Access
• QoS Profile in a Voice over WLAN deployment: Platinum
• After a switch configuration, a ping test fails between PC A and PC B due to a native VLAN mismatch
• In a WLAN deployment, a Local Mode AP will continue to serve wireless clients even after losing connectivity to the Cisco Wireless LAN Controller
• EtherChannel can be configured between two switches without a negotiation protocol by using the "on" mode

IP Connectivity

• OSPF router-ID is the highest IP address on the router, or the IP address configured using the router-id command
• OSPF selects a route based on the lowest cost, calculated by dividing the reference bandwidth of 100 Mbps by the actual bandwidth of the exiting interface
• A floating static route with a higher administrative distance than the primary route is used as a backup route
• OSPF network types: point-to-point, point-to-multipoint, broadcast, nonbroadcast; default type is broadcast for Gigabit Ethernet interfaces
• Administrative distance is used to select the best path when two or more different routes to the same destination exist from two different routing protocols (e.g. OSPF vs EIGRP)
• EIGRP route selection process: advertised distance, feasible distance, reported distance
• HSRP provides first hop redundancy using a shared virtual MAC and virtual IP address
• OSPFv2 neighbor adjacency parameters: hello interval, dead interval, area ID, authentication, MTU

Routing Protocols

• OSPF: uses cost as the metric, default reference bandwidth is 100 Mbps, default Hello and Dead timers are 10 and 40 seconds, respectively
• EIGRP: uses bandwidth and delay as the metrics, administrative distance is 90
• BGP: uses AS Path as the metric, administrative distance is 20
• OSPFv2: uses IP address, area ID, and authentication for neighbor adjacency

Network Troubleshooting

• To troubleshoot OSPF issues, use the show ip ospf interface command
• To troubleshoot EIGRP issues, use the show ip eigrp neighbors command
• To troubleshoot routing table issues, use the show ip route command### IP Connectivity
• There are two types of communication: point-to-point and point-to-multipoint.
• VRRP virtual address is 0000.5E00.010a.
• To allow communication between Atlanta and Washington routers, ipv6 routes need to be configured on both routers.
• EIGRP router uses the metric parameter to select the best path.
• In OSPF, a designated router is verified by the "Full" state.
• A router selects the best route based on the longest prefix match.
• A static default route can be configured using the command "ip route 0.0.0.0 0.0.0.0 ".
• To forward packets to a specific destination, a static route needs to be configured.
• The administrative distance of a route determines the preference of the route.
• A floating static route can be used for fallback static routing when the dynamic routing protocol fails.
• To enable OSPFV2, an active interface needs to have an OSPF process ID and an OSPF area configured.

IP Services

• NAT translations allow one IP address to be translated to another.
• Syslog is used to send messages about events that occur on a network device.
• NTP client mode is configured using the command "ntp server ".
• SNMP is used for network management and monitoring.
• DHCP client mode is configured using the command "ip address dhcp".
• SNMP agent responds to requests from the NMS (Network Management System).
• DHCP server assigns IP addresses dynamically and offers the ability to exclude specific IP addresses from a pool of IP addresses.
• NTP server mode is configured using the command "ntp master".
• Syslog is used to send notice-level messages to a syslog server.

Security Fundamentals

• DHCP snooping is used to prevent DHCP spoofing attacks.
• Wireless encryption protocols include WPA2 with AES-256 in preshared key mode.
• Site-to-site VPNs use IPsec for the transport of user data.
• Threat-mitigation techniques include access control lists, firewalls, and intrusion prevention systems.
• Password encryption is enabled using the command "service password-encryption".
• AAA (Authentication, Authorization, and Accounting) is used for user authentication and authorization.
• WPA2 PSK can be configured in hexadecimal or ASCII format.
• Unused switch ports should be administratively shut down and placed in an inaccessible VLAN to prevent unauthorized access.

Description

Prepare for the Cisco Certified Network Associate 200-301 exam with 160 questions. Covers network fundamentals, access, IP connectivity, services, security, and automation.