200-301 CCNA Cisco Certified Network Associate Exam Questions & Answers PDF

Vendor: Cisco Exam Code: 200-301 Exam Name: CCNA - Cisco Certified Network Associate Version: 23.031 Important Notice Product Our Product Manager keeps an eye for Exam updates by Vendors. Free update is available within One year after your purchase. You can login member center and download the latest product anytime. (Product downloaded from member center is always the latest.) PS: Ensure you can pass the exam, please check the latest product in 2-3 days before the exam again. Feedback We devote to promote the product quality and the grade of service to ensure customers interest. If you have any questions about our product, please provide Exam Number, Version, Page Number, Question Number, and your Login Account to us, please contact us at [email protected] and our technical experts will provide support in 24 hours. Copyright The product of each order has its own encryption code, so you should use it independently. If anyone who share the file we will disable the free update and account access. Any unauthorized changes will be inflicted legal punishment. We will reserve the right of final explanation for this statement. Order ID: **************** PayPal Name: **************** PayPal ID: **************** QUESTION 1 Which statement correctly compares traditional networks and controller-based networks? A. Only traditional networks offer a centralized control plane B. Only traditional networks natively support centralized management C. Traditional and controller-based networks abstract policies from device configurations D. Only controller-based networks decouple the control plane and the data plane Answer: D Explanation: Most traditional devices use a distributed architecture, in which each control plane is resided in a networking device. Therefore they need to communicate with each other via messages to work correctly. In contrast to distributed architecture, centralized (or controller-based) architectures centralizes the control of networking devices into one device, called SDN controller -> Answer D is correct. QUESTION 2 How does HSRP provide first hop redundancy? A. It load-balances traffic by assigning the same metric value to more than one route to the same destination in the IP routing table. B. It load-balances Layer 2 traffic along the path by flooding traffic out all interfaces configured with the same VLAN. C. It forwards multiple packets to the same destination over different routed links in the data path D. It uses a shared virtual MAC and a virtual IP address to a group of routers that serve as the default gateway for hosts on a LAN Answer: D Explanation: This virtual IP address is in the same subnet as the interface IP address, but it is a different IP address. The router then automatically creates the virtual MAC address. All the cooperating HSRP routers know these virtual addresses, but only the HSRP active router uses these addresses at any one point in time. The virtual router is responsible for host communications such as an ARP request for the host’s default gateway. Technically, this is served by the active router since it is hosting the virtual router. However, it is the virtual router’s IP address and MAC address that are used for outgoing packets. QUESTION 3 Which two actions influence the EIGRP route selection process? (Choose two) A. The router calculates the reported distance by multiplying the delay on the exiting Interface by 256. B. The router calculates the best backup path to the destination route and assigns it as the feasible successor. C. The router calculates the feasible distance of all paths to the destination route D. The advertised distance is calculated by a downstream neighbor to inform the local router of the bandwidth on the link E. The router must use the advertised distance as the metric for any given route Answer: BC Explanation: Get Latest & Actual 200-301 Exam's Question and Answers from Passleader. 2 http://www.passleader.com The reported distance (or advertised distance) is the cost from the neighbor to the destination. It is calculated from the router advertising the route to the network. For example in the topology below, suppose router A & B are exchanging their routing tables for the first time. Router B says "Hey, the best metric (cost) from me to IOWA is 50 and the metric from you to IOWA is 90" and advertises it to router A. Router A considers the first metric (50) as the Advertised distance. The second metric (90), which is from NEVADA to IOWA (through IDAHO), is called the Feasible distance. The reported distance is calculated in the same way of calculating the metric. By default (K1 = 1, K2 = 0, K3 = 1, K4 = 0, K5 = 0), the metric is calculated as follows: -> Answer A is not correct. Feasible successor is the backup route. To be a feasible successor, the route must have an Advertised distance (AD) less than the Feasible distance (FD) of the current successor route -> Answer B is correct. Feasible distance (FD): The sum of the AD plus the cost between the local router and the next- hop router. The router must calculate the FD of all paths to choose the best path to put into the routing table. Note: Although the new CCNA exam does not have EIGRP topic but you should learn the basic knowledge of this routing protocol. QUESTION 4 Which two capabilities of Cisco DNA Center make it more extensible as compared to traditional campus device management? (Choose two.) A. adapters that support all families of Cisco IOS software B. SDKs that support interaction with third-party network equipment C. customized versions for small, medium, and large enterprises D. REST APIs that allow for external applications to interact natively with Cisco DNA Center E. modular design that is upgradable as needed Answer: BD Explanation: Cisco DNA Center offers 360-degree extensibility through four distinct types of platform capabilities: Get Latest & Actual 200-301 Exam's Question and Answers from Passleader. 3 http://www.passleader.com + Intent-based APIs leverage the controller and enable business and IT applications to deliver intent to the network and to reap network analytics and insights for IT and business innovation. + Process adapters, built on integration APIs, allow integration with other IT and network systems to streamline IT operations and processes. + Domain adapters, built on integration APIs, allow integration with other infrastructure domains such as data center, WAN, and security to deliver a consistent intent-based infrastructure across the entire IT environment. + SDKs allow management to be extended to third-party vendor's network devices to offer support for diverse environments. Reference: https://www.cisco.com/c/en/us/products/collateral/cloud-systems-management/dna- center/nb- 06-dna-cent-platf-aag-cte-en.html QUESTION 5 Refer to the exhibit. What does router R1 use as its OSPF router-ID? A. 10.10.1.10 B. 10.10.10.20 C. 172.16.15.10 D. 192.168.0.1 Answer: C Explanation: OSPF uses the following criteria to select the router ID: 1. Manual configuration of the router ID (via the "router-id x.x.x.x" command under OSPF router configuration mode). 2. Highest IP address on a loopback interface. 3. Highest IP address on a non-loopback and active (no shutdown) interface. QUESTION 6 Which 802.11 frame type is association response? A. management B. protected frame C. control D. action Answer: A Explanation: There are three main types of 802.11 frames: the Data Frame, the Management Frame and the Control Frame. Association Response belongs to Management Frame. Association response is sent in response to an association request. QUESTION 7 Get Latest & Actual 200-301 Exam's Question and Answers from Passleader. 4 http://www.passleader.com Which API is used in controller-based architectures to interact with edge devices? A. overlay B. northbound C. underlay D. southbound Answer: D Explanation: overlay: the virtual network underlay: the physical network nothbound: interacts with the server QUESTION 8 Which statement identifies the functionality of virtual machines? A. Virtualized servers run most efficiently when they are physically connected to a switch that is separate from the hypervisor B. The hypervisor can virtualize physical components including CPU, memory, and storage C. Each hypervisor can support a single virtual machine and a single software switch D. The hypervisor communicates on Layer 3 without the need for additional resources Answer: B QUESTION 9 Which type of address is the public IP address of a NAT device? A. outside global B. outside local C. inside global D. inside local E. outside public F. inside public Answer: C Explanation: NAT use four types of addresses: * Inside local address - The IP address assigned to a host on the inside network. The address is usually not an IP address assigned by the Internet Network Information Center (InterNIC) or service provider. This address is likely to be an RFC 1918 private address. * Inside global address - A legitimate IP address assigned by the InterNIC or service provider that represents one or more inside local IP addresses to the outside world. * Outside local address - The IP address of an outside host as it is known to the hosts on the inside network. * Outside global address - The IP address assigned to a host on the outside network. The owner of the host assigns this address. QUESTION 10 Which option about JSON is true? Get Latest & Actual 200-301 Exam's Question and Answers from Passleader. 5 http://www.passleader.com A. uses predefined tags or angle brackets () to delimit markup text B. used to describe structured data that includes arrays C. used for storing information D. similar to HTML, it is more verbose than XML Answer: B Explanation: JSON data is written as name/value pairs. A name/value pair consists of a field name (in double quotes), followed by a colon, followed by a value: "name":"Mark" JSON can use arrays. Array values must be of type string, number, object, array, boolean or null.. For example: { "name":"John", "age":30, "cars":[ "Ford", "BMW", "Fiat" ] } QUESTION 11 Which attribute does a router use to select the best path when two or more different routes to the same destination exist from two different routing protocols? A. dual algorithm B. metric C. administrative distance D. hop count Answer: C Explanation: Administrative distance is the feature used by routers to select the best path when there are two or more different routes to the same destination from different routing protocols. Administrative distance defines the reliability of a routing protocol. QUESTION 12 Which two values or settings must be entered when configuring a new WLAN in the Cisco Wireless LAN Controller GUI? (Choose two) A. management interface settings B. QoS settings C. Ip address of one or more access points D. SSID E. Profile name Answer: DE QUESTION 13 What are two benefits of network automation? (Choose two) A. reduced operational costs Get Latest & Actual 200-301 Exam's Question and Answers from Passleader. 6 http://www.passleader.com B. reduced hardware footprint C. faster changes with more reliable results D. fewer network failures E. increased network security Answer: AC QUESTION 14 Which command prevents passwords from being stored in the configuration as plaintext on a router or switch? A. enable secret B. service password-encryption C. username Cisco password encrypt D. enable password Answer: B Explanation: enable password - Sets the enable password, and stores that password in plaintext in the config. enable secret - Sets the enable password, and stores that password as an md5 hash in the config. service password-encryption - For any passwords in the config that are stored in plaintext, this command changes them to be stored as hashed values instead. QUESTION 15 Drag and Drop Question Drag drop the descriptions from the left on to the correct configuration-management technologies on the right. Get Latest & Actual 200-301 Exam's Question and Answers from Passleader. 7 http://www.passleader.com Answer: Get Latest & Actual 200-301 Exam's Question and Answers from Passleader. 8 http://www.passleader.com Explanation: The focus of Ansible is to be streamlined and fast, and to require no node agent installation. Thus, Ansible performs all functions over SSH. Ansible is built on Python, in contrast to the Ruby foundation of Puppet and Chef. TCP port 10002 is the command port. It may be configured in the Chef Push Jobs configuration file. This port allows Chef Push Jobs clients to communicate with the Chef Push Jobs server. Puppet is an open-source configuration management solution, which is built with Ruby and offers custom Domain Specific Language (DSL) and Embedded Ruby (ERB) templates to create custom Puppet language files, offering a declarative-paradigm programming approach. A Puppet piece of code is called a manifest, and is a file with.pp extension. QUESTION 16 Drag and Drop Question Drag and drop the descriptions of file-transfer protocols from the left onto the correct protocols on the right. Answer: Get Latest & Actual 200-301 Exam's Question and Answers from Passleader. 9 http://www.passleader.com QUESTION 17 Drag and Drop Question Drag and drop the WLAN components from the left onto the correct descriptions on the right. Answer: Explanation: The service port can be used management purposes, primarily for out-of-band management. However, AP management traffic is not possible across the service port. In most cases, the service port is used as a "last resort" means of accessing the controller GUI for management purposes. For example, in the case where the system distribution ports on the controller are down or their communication to the wired network is otherwise degraded. A dynamic interface with the Dynamic AP Management option enabled is used as the tunnel source for packets from the controller to the access point and as the destination for CAPWAP packets from the access point to the controller. The virtual interface is used to support mobility management, Dynamic Host Configuration Protocol (DHCP) relay, and embedded Layer 3 security such as guest web authentication. It also maintains the DNS gateway host name used by Layer 3 security and mobility managers to verify the source of certificates when Layer 3 web authorization is enabled. Reference: https://www.cisco.com/c/en/us/td/docs/wireless/controller/8-5/config- guide/b_cg85/ports_and_interfaces.html QUESTION 18 Drag and Drop Question Drag and drop the threat-mitigation techniques from the left onto the types of threat or attack they Get Latest & Actual 200-301 Exam's Question and Answers from Passleader. 10 http://www.passleader.com mitigate on the right. Answer: Explanation: Double-Tagging attack: In this attack, the attacking computer generates frames with two 802.1Q tags. The first tag matches the native VLAN of the trunk port (VLAN 10 in this case), and the second matches the VLAN of a host it wants to attack (VLAN 20). When the packet from the attacker reaches Switch A, Switch A only sees the first VLAN 10 and it matches with its native VLAN 10 so this VLAN tag is removed. Switch A forwards the frame out all links with the same native VLAN 10. Switch B receives the frame with an tag of VLAN 20 so it removes this tag and forwards out to the Victim computer. Note: This attack only works if the trunk (between two switches) has the same native VLAN as the attacker. To mitigate this type of attack, you can use VLAN access control lists (VACLs, which applies to all traffic within a VLAN. We can use VACL to drop attacker traffic to specific victims/servers) or implement Private VLANs. ARP attack (like ARP poisoning/spoofing) is a type of attack in which a malicious actor sends falsified ARP messages over a local area network as ARP allows a gratuitous reply from a host even if an ARP request was not received. This results in the linking of an attacker's MAC address with the IP address of a legitimate computer or server on the network. This is an attack based on ARP which is at Layer 2. Dynamic ARP inspection (DAI) is a security feature that validates ARP Get Latest & Actual 200-301 Exam's Question and Answers from Passleader. 11 http://www.passleader.com packets in a network which can be used to mitigate this type of attack. QUESTION 19 Drag and Drop Question Drag and drop the functions from the left onto the correct network components on the right. Answer: QUESTION 20 Drag and Drop Question Drag and drop the AAA functions from the left onto the correct AAA services on the right. Get Latest & Actual 200-301 Exam's Question and Answers from Passleader. 12 http://www.passleader.com Answer: QUESTION 21 Drag and Drop Question Drag and drop the IPv4 network subnets from the left onto the correct usable host ranges on the right Get Latest & Actual 200-301 Exam's Question and Answers from Passleader. 13 http://www.passleader.com Answer: Explanation: This subnet question requires us to grasp how to subnet very well. To quickly find out the subnet range, we have to find out the increment and the network address of each subnet. Let's take an example with the subnet 172.28.228.144/18: From the /18 (= 1100 0000 in the 3rd octet), we find out the increment is 64. Therefore the network address of this subnet must be the greatest multiple of the increment but not greater than the value in the 3rd octet (228). We can find out the 3rd octet of the network address is 192 (because 192 = 64 * 3 and 192 < 228) -> The network address is 172.28.192.0. So the first usable host should be 172.28.192.1 and it matches with the 5th answer on the right. In this case we don't need to calculate the broadcast address because we found the correct answer. Let's take another example with subnet 172.28.228.144/23 -> The increment is 2 (as /23 = 1111 1110 in 3rd octet) -> The 3rd octet of the network address is 228 (because 228 is the multiply of 2 and equal to the 3rd octet) -> The network address is 172.28.228.0 -> The first usable host is 172.28.228.1. It is not necessary but if we want to find out the broadcast address of this subnet, Get Latest & Actual 200-301 Exam's Question and Answers from Passleader. 14 http://www.passleader.com we can find out the next network address, which is 172.28.(228 + the increment number).0 or 172.28.230.0 then reduce 1 bit -> 172.28.229.255 is the broadcast address of our subnet. Therefore the last usable host is 172.28.229.254. QUESTION 22 Drag and Drop Question Drag and drop the Cisco Wireless LAN Controller security settings from the left onto the correct security mechanism categories on the right. Answer: Explanation: Layer 2 Security Mechanism includes WPA+WPA2, 802.1X, Static WEP, CKIP while Layer 3 Security Mechanisms (for WLAN) includes IPSec, VPN Pass-Through, Web Passthrough... Reference: https://www.cisco.com/c/en/us/support/docs/wireless/4400-series-wireless-lan- controllers/106082-wlc-compatibility-matrix.html QUESTION 23 What is a benefit of using a Cisco Wireless LAN Controller? A. Central AP management requires more complex configurations B. Unique SSIDs cannot use the same authentication method C. It supports autonomous and lightweight APs D. It eliminates the need to configure each access point individually Answer: D Explanation: Get Latest & Actual 200-301 Exam's Question and Answers from Passleader. 15 http://www.passleader.com A wireless LAN (or WLAN) controller is used in combination with the Lightweight Access Point Protocol (LWAPP) to "manage light-weight access points in large quantities" by the network administrator or network operations center. QUESTION 24 Which network allows devices to communicate without the need to access the Internet? A. 1729.0.0/16 B. 172.28.0.0/16 C. 192.0.0.0/8 D. 209.165.201.0/24 Answer: B Explanation: This question asks about the private ranges of IPv4 addresses. The private ranges of each class of IPv4 are listed below: Class A private IP address ranges from 10.0.0.0 to 10.255.255.255 Class B private IP address ranges from 172.16.0.0 to 172.31.255.255 Class C private IP address ranges from 192.168.0.0 to 192.168.255.255 Only the network 172.28.0.0/16 belongs to the private IP address (of class B). QUESTION 25 Which result occurs when PortFast is enabled on an interface that is connected to another switch? A. Spanning tree may fail to detect a switching loop in the network that causes broadcast storms B. VTP is allowed to propagate VLAN configuration information from switch to switch automatically. C. Root port choice and spanning tree recalculation are accelerated when a switch link goes down D. After spanning tree converges PortFast shuts down any port that receives BPDUs. Answer: A Explanation: Enabling the PortFast feature causes a switch or a trunk port to enter the STP forwarding-state immediately or upon a linkup event, thus bypassing the listening and learning states. Note: To enable portfast on a trunk port you need the trunk keyword "spanning-tree portfast trunk" QUESTION 26 When configuring a WLAN with WPA2 PSK in the Cisco Wireless LAN Controller GUI, which two formats are available to select? (Choose two) A. ASCII B. base64 C. binary D. decimal E. hexadecimal Answer: AE Explanation: When configuring a WLAN with WPA2 Preshared Key (PSK), we can choose the encryption key format as either ASCII or HEX. Reference: https://www.cisco.com/c/en/us/td/docs/wireless/controller/9800/config- Get Latest & Actual 200-301 Exam's Question and Answers from Passleader. 16 http://www.passleader.com guide/b_wl_16_10_cg/ multi-preshared-key.pdf QUESTION 27 Two switches are connected and using Cisco Dynamic Trunking Protocol SW1 is set to Dynamic Desirable What is the result of this configuration? A. The link is in a downstate. B. The link is in an error disables state C. The link is becomes an access port. D. The link becomes a trunkport. Answer: D Explanation: Dynamic Auto - Makes the Ethernet port willing to convert the link to a trunk link. The port becomes a trunk port if the neighboring port is set to trunk or dynamic desirable mode. This is the default mode for some switchports. Dynamic Desirable - Makes the port actively attempt to convert the link to a trunk link. The port becomes a trunk port if the neighboring Ethernet port is set to trunk, dynamic desirable or dynamic auto mode. QUESTION 28 When configuring IPv6 on an interface, which two IPv6 multicast groups are joined?(Choose two) A. 2000::/3 B. 2002::5 C. FC00::/7 D. FF02::1 E. FF02::2 Answer: DE Explanation: When an interface is configured with IPv6 address, it automatically joins the all nodes (FF02::1) and solicited-node (FF02::1:FFxx:xxxx) multicast groups. The all-node group is used to communicate with all interfaces on the local link, and the solicited-nodes multicast group is required for link-layer address resolution. Routers also join a third multicast group, the all-routers group (FF02::2). QUESTION 29 Which MAC address is recognized as a VRRP virtual address? A. 0000.5E00.010a B. 0005.3711.0975 C. 0000.0C07.AC99 D. 0007.C070/AB01 Answer: A Explanation: With VRRP, the virtual router's MAC address is 0000.5E00.01xx , in which xx is the VRRP group. QUESTION 30 Get Latest & Actual 200-301 Exam's Question and Answers from Passleader. 17 http://www.passleader.com in Which way does a spine and-leaf architecture allow for scalability in a network when additional access ports are required? A. A spine switch and a leaf switch can be added with redundant connections between them B. A spine switch can be added with at least 40 GB uplinks C. A leaf switch can be added with a single connection to a core spine switch. D. A leaf switch can be added with connections to every spine switch Answer: D Explanation: Spine-leaf architecture is typically deployed as two layers: spines (such as an aggregation layer), and leaves (such as an access layer). Spine-leaf topologies provide high-bandwidth, low-latency, nonblocking server-to-server connectivity. Leaf (aggregation) switches are what provide devices access to the fabric (the network of spine and leaf switches) and are typically deployed at the top of the rack. Generally, devices connect to the leaf switches. Devices can include servers, Layer 4-7 services (firewalls and load balancers), and WAN or Internet routers. Leaf switches do not connect to other leaf switches. In spine-and-leaf architecture, every leaf should connect to every spine in a full mesh. Spine (aggregation) switches are used to connect to all leaf switches and are typically deployed at the end or middle of the row. Spine switches do not connect to other spine switches. Reference: https://www.cisco.com/c/en/us/products/collateral/switches/nexus-9000-series- switches/guide- c07-733228.html QUESTION 31 Which type of wireless encryption is used for WPA2 in pre-shared key mode? A. TKIP with RC4 B. RC4 C. AES-128 D. AES-256 Answer: D Explanation: We can see in this picture we have to type 64 hexadecimal characters (256 bit) for the WPA2 passphrase so we can deduce the encryption is AES-256, not AES-128. Get Latest & Actual 200-301 Exam's Question and Answers from Passleader. 18 http://www.passleader.com Reference: https://www.cisco.com/c/en/us/support/docs/wireless-mobility/wireless-lan- wlan/67134-wpa2-config.html QUESTION 32 What makes Cisco DNA Center different from traditional network management applications and their management of networks? A. It only supports auto-discovery of network elements in a green field deployment. B. It modular design allows someone to implement different versions to meet the specific needs of an organization C. It abstracts policy from the actual device configuration D. It does not support high availability of management functions when operating in cluster mode Answer: C Explanation: Automation: Using controllers and open APIs, Cisco DNA simplifies network management through abstraction and centralized policy enforcement that allows IT to focus on business intent and consistently apply configurations to improve service and keep operations consistently secure from the core to the edge. https://www.cisco.com/c/en/us/solutions/collateral/enterprise-networks/digital-network- architecture/nb-06-digital-nw-architect-faq-cte-en.html QUESTION 33 Which two actions are performed by the Weighted Random Early Detection mechanism? (Choose two) Get Latest & Actual 200-301 Exam's Question and Answers from Passleader. 19 http://www.passleader.com A. It drops lower-priority packets before it drops higher-priority packets B. It can identify different flows with a high level of granularity C. It guarantees the delivery of high-priority packets D. It can mitigate congestion by preventing the queue from filling up E. It supports protocol discovery Answer: AD Explanation: Weighted Random Early Detection (WRED) is just a congestion avoidance mechanism. WRED drops packets selectively based on IP precedence. Edge routers assign IP precedences to packets as they enter the network. When a packet arrives, the following events occur: 1. The average queue size is calculated. 2. If the average is less than the minimum queue threshold, the arriving packet is queued. 3. If the average is between the minimum queue threshold for that type of traffic and the maximum threshold for the interface, the packet is either dropped or queued, depending on the packet drop probability for that type of traffic. 4. If the average queue size is greater than the maximum threshold, the packet is dropped. WRED reduces the chances of tail drop (when the queue is full, the packet is dropped) by selectively dropping packets when the output interface begins to show signs of congestion (thus it can mitigate congestion by preventing the queue from filling up). By dropping some packets early rather than waiting until the queue is full, WRED avoids dropping large numbers of packets at once and minimizes the chances of global synchronization. Thus, WRED allows the transmission line to be used fully at all times. WRED generally drops packets selectively based on IP precedence. Packets with a higher IP precedence are less likely to be dropped than packets with a lower precedence. Thus, the higher the priority of a packet, the higher the probability that the packet will be delivered (-> answer A is correct). Reference: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/qos_conavd/configuration/15- mt/qos- conavd-15-mt-book/qos-conavd-cfg-wred.html QUESTION 34 A network engineer must back up 20 network router configurations globally within a customer environment. Which protocol allows the engineer to perform this function using the Cisco IOS MIB? A. CDP B. SNMP C. SMTP D. ARP Answer: B Explanation: SNMP is an application-layer protocol that provides a message format for communication between SNMP managers and agents. SNMP provides a standardized framework and a common language used for the monitoring and management of devices in a network. The SNMP framework has three parts: + An SNMP manager + An SNMP agent + A Management Information Base (MIB) The Management Information Base (MIB) is a virtual information storage area for network management information, which consists of collections of managed objects. With SNMP, the network administrator can send commands to multiple routers to do the backup. Get Latest & Actual 200-301 Exam's Question and Answers from Passleader. 20 http://www.passleader.com QUESTION 35 Refer to the exhibit. An engineer is bringing up a new circuit to the MPLS provider on the Gi0/1 interface of Router1. The new circuit uses eBGP and teams the route to VLAN25 from the BGP path. What is the expected behavior for the traffic flow for route 10.10.13.0/25? A. Traffic to 10.10.13.0.25 is load balanced out of multiple interfaces B. Route 10.10.13.0/25 is updated in the routing table as being learned from interface Gi0/1. C. Traffic to 10.10.13.0/25 is a symmetrical D. Route 10.10.13.0/25 learned via the GiO/0 interface remains in the routing table Answer: B Explanation: You need to assume that the routing table listed is before the change. And that the eBGP route will be the installed route after the change due to lower AD. The new eBGP route will be added to the routing table. eBGP has an administrative distance of 20 while OSPF has an administrative distance of 110. The new route will be preferred for sending traffic to 10.10.13.0/25. The existing OSPF route will turn into a floating route and not appear in the routing table. QUESTION 36 Which action is taken by a switch port enabled for PoE power classification override? Get Latest & Actual 200-301 Exam's Question and Answers from Passleader. 21 http://www.passleader.com A. When a powered device begins drawing power from a PoE switch port a syslog message is generated B. As power usage on a PoE switch port is checked data flow to the connected device is temporarily paused C. If a switch determines that a device is using less than the minimum configured power it assumes the device has failed and disconnects D. If a monitored port exceeds the maximum administrative value for power, the port is shutdown and err-disabled Answer: D Explanation: PoE monitoring and policing compares the power consumption on ports with the administrative maximum value (either a configured maximum value or the port's default value). If the power consumption on a monitored port exceeds the administrative maximum value, the following actions occur: - A syslog message is issued. - The monitored port is shut down and error-disabled. - The allocated power is freed. Reference: https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst6500/ios/12- 2SX/configuration/ guide/book/power_over_ethernet.pdf QUESTION 37 Refer to the exhibit. Which type of route does R1 use to reach host 10.10.13.10/32? Get Latest & Actual 200-301 Exam's Question and Answers from Passleader. 22 http://www.passleader.com A. floating static route B. host route C. default route D. network route Answer: D Explanation: From the output, we see R1 will use the entry "O 10.10.13.0/25 [110/4576] via 10.10.10.1,..." to reach host 10.10.13.10. This is a network route. Note: "B* 0.0.0.0/0..." is a default route. QUESTION 38 Which mode must be used to configure EtherChannel between two switches without using a negotiation protocol? A. on B. auto C. active D. desirable Answer: A Explanation: The Static Persistence (or "on" mode) bundles the links unconditionally and no negotiation protocol is used. In this mode, neither PAgP nor LACP packets are sent or received. QUESTION 39 An engineer configured an OSPF neighbor as a designated router. Which state verifies the designated router is in the proper mode? A. Exchange B. 2-way C. Full D. Init Answer: C Explanation: Full is the state for adjacent routers that have fully synchronised databases. QUESTION 40 Which configuration is needed to generate an RSA key for SSH on a router? A. Configure the version of SSH B. Configure VTY access. C. Create a user with a password. D. Assign a DNS domain name Answer: D Explanation: In order to generate an RSA key for SSH, we need to configure the hostname and a DNS domain Get Latest & Actual 200-301 Exam's Question and Answers from Passleader. 23 http://www.passleader.com name on the router (a username and password is also required). Therefore in fact both answer C and answer D are correct. QUESTION 41 An organization has decided to start using cloud-provided services. Which cloud service allows the organization to install its own operating system on a virtual machine? A. platform-as-a-service B. software-as-a-service C. network-as-a-service D. infrastructure-as-a-service Answer: D Explanation: Below are the 3 cloud supporting services cloud providers provide to customer: + SaaS (Software as a Service): SaaS uses the web to deliver applications that are managed by a third- party vendor and whose interface is accessed on the clients' side. Most SaaS applications can be run directly from a web browser without any downloads or installations required, although some require plugins. + PaaS (Platform as a Service): are used for applications, and other development, while providing cloud components to software. What developers gain with PaaS is a framework they can build upon to develop or customize applications. PaaS makes the development, testing, and deployment of applications quick, simple, and cost-effective. With this technology, enterprise operations, or a third-party provider, can manage OSes, virtualization, servers, storage, networking, and the PaaS software itself. Developers, however, manage the applications. + IaaS (Infrastructure as a Service): self-service models for accessing, monitoring, and managing remote datacenter infrastructures, such as compute (virtualized or bare metal), storage, networking, and networking services (e.g. firewalls). Instead of having to purchase hardware outright, users can purchase IaaS based on consumption, similar to electricity or other utility billing. In general, IaaS provides hardware so that an organization can install their own operating system. QUESTION 42 Refer to Exhibit. Which action do the switches take on the trunk link? A. The trunk does not form and the ports go into an err-disabled status. Get Latest & Actual 200-301 Exam's Question and Answers from Passleader. 24 http://www.passleader.com B. The trunk forms but the mismatched native VLANs are merged into a single broadcast domain. C. The trunk does not form, but VLAN 99 and VLAN 999 are allowed to traverse the link. D. The trunk forms but VLAN 99 and VLAN 999 are in a shutdown state. Answer: B Explanation: The trunk still forms with mismatched native VLANs and the traffic can actually flow between mismatched switches. But it is absolutely necessary that the native VLANs on both ends of a trunk link match; otherwise a native VLAN mismatch occurs, causing the two VLANs to effectively merge. For example with the above configuration, SW1 would send untagged frames for VLAN 999. SW2 receives them but would think they are for VLAN 99 so we can say these two VLANs are merged. QUESTION 43 Which design element is a best practice when deploying an 802.11b wireless infrastructure? A. disabling TPC so that access points can negotiate signal levels with their attached wireless devices. B. setting the maximum data rate to 54 Mbps on the Cisco Wireless LAN Controller C. allocating non overlapping channels to access points that are in close physical proximity to one another D. configuring access points to provide clients with a maximum of 5 Mbps Answer: C Explanation: Selecting the proper WiFi channel can significantly improve your WiFi coverage and performance. In the 2.4 GHz band, 1, 6, and 11 are the only non-overlapping channels. Selecting one or more of these channels is an important part of setting up your network correctly. QUESTION 44 Refer to the exhibit. If OSPF is running on this network, how does Router 2 handle traffic from Site B to 10.10.13.128/25 at Site A? Get Latest & Actual 200-301 Exam's Question and Answers from Passleader. 25 http://www.passleader.com A. It sends packets out of interface Fa0/2 only. B. It sends packets out of interface Fa0/1 only. C. It cannot send packets to 10.10.13.128/25 D. It load-balances traffic out of Fa0/1 and Fa0/2 Answer: C Explanation: Router2 does not have an entry for the subnet 10.10.13.128/25. It only has an entry for 10.10.13.0/25, which ranges from 10.10.13.0 to 10.10.13.127. QUESTION 45 A frame that enters a switch fails the Frame Check Sequence. Which two interface counters are incremented? (Choose two) A. runts B. giants C. frame D. CRC E. input errors Answer: DE Explanation: Whenever the physical transmission has problems, the receiving device might receive a frame whose bits have changed values. These frames do not pass the error detection logic as implemented in the FCS field in the Ethernet trailer. The receiving device discards the frame and counts it as some kind of input error. Cisco switches list this error as a CRC error. Cyclic redundancy check (CRC) is a term related to how the FCS math detects an error. The "input errors" includes runts, giants, no buffer, CRC, frame, overrun, and ignored counts. The output below show the interface counters with the "show interface s0/0/0" command: Get Latest & Actual 200-301 Exam's Question and Answers from Passleader. 26 http://www.passleader.com QUESTION 46 Which two conditions must be met before SSH operates normally on a Cisco IOS switch? (Choose two.) A. The switch must be running a k9 (crypto) IOS image B. The Ip domain-name command must be configured on the switch C. IP routing must be enabled on the switch D. A console password must be configured on the switch E. Telnet must be disabled on the switch Answer: AB Explanation: The Cisco IOS image used must be a k9(crypto) image in order to support SSH. Step 2: Configure the DNS domain of the router. ip domain-name rtp.cisco.com QUESTION 47 Refer to the exhibit. If configuring a static default route on the router with the ip route 0.0.0.0 0.0.0.0 10.13.0.1 120 command, how does the router respond? A. It ignores the new static route until the existing OSPF default route is removed B. It immediately replaces the existing OSPF route in the routing table with the newly configured static route C. It starts load-balancing traffic between the two default routes D. It starts sending traffic without a specific matching entry in the routing table to Gigabit EthernetO/1 Get Latest & Actual 200-301 Exam's Question and Answers from Passleader. 27 http://www.passleader.com Answer: A Explanation: Our new static default route has the Administrative Distance (AD) of 120, which is bigger than the AD of OSPF External route (O*E2) so it will not be pushed into the routing table until the current OSPF External route is removed. For your information, if you don't type the AD of 120 (using the command "ip route 0.0.0.0 0.0.0.0 10.13.0.1") then the new static default route would replace the OSPF default route as the default AD of static route is 1. You will see such line in the routing table: S* 0.0.0.0/0 [1/0] via 10.13.0.1 QUESTION 48 Refer to the exhibit. A network engineer must block access for all computers on VLAN 20 to the web server via HTTP. All other computers must be able to access the web server. Which configuration when applied to switch A accomplishes this task? A. B. Get Latest & Actual 200-301 Exam's Question and Answers from Passleader. 28 http://www.passleader.com C. D. Answer: D QUESTION 49 A router running EIGRP has learned the same route from two different paths. Which parameter does the router use to select the best path? A. cost B. administrative distance C. metric D. as-path Answer: C Explanation: If a router learns two different paths for the same network from the same routing protocol, it has to decide which route is better and will be placed in the routing table. Metric is the measure used to decide which route is better (lower number is better). Each routing protocol uses its own metric. For example, RIP uses hop counts as a metric, while OSPF uses cost. https://study-ccna.com/administrative-distance-metric/ QUESTION 50 Refer to the exhibit. An extended ACL has been configured and applied to router R2. The configuration failed to work as intended. Which two changes stop outbound traffic on TCP ports 25 and 80 to 10.0.20.0/26 from the 10.0.10.0/26 subnet while still allowing all other traffic? (Choose two.) Get Latest & Actual 200-301 Exam's Question and Answers from Passleader. 29 http://www.passleader.com A. Add a "permit ip any any" statement to the beginning of ACL 101 for allowed traffic. B. Add a "permit ip any any" statement at the end of ACL 101 for allowed traffic C. The source and destination IPs must be swapped in ACL 101 D. The ACL must be configured the Gi0/2 interface in bound on R1 E. The ACL must be moved to the Gi0/1interface outbound onR2 Answer: BC QUESTION 51 What is the primary different between AAA authentication and authorization? A. Authentication verifies a username and password, and authorization handles the communication between the authentication agent and the user database. B. Authentication identifies a user who is attempting to access a system, and authorization validates the users password C. Authentication identifies and verifies a user who is attempting to access a system, and authorization controls the tasks the user can perform. D. Authentication controls the system processes a user can access and authorization logs the activities the user initiates Get Latest & Actual 200-301 Exam's Question and Answers from Passleader. 30 http://www.passleader.com Answer: C Explanation: AAA stands for Authentication, Authorization and Accounting. + Authentication: Specify who you are (usually via login username & password) + Authorization: Specify what actions you can do, what resource you can access + Accounting: Monitor what you do, how long you do it (can be used for billing and auditing) An example of AAA is shown below: + Authentication: "I am a normal user. My username/password is user_tom/learnforever" + Authorization: "user_tom can access LearnCCNA server via HTTP and FTP" + Accounting: "user_tom accessed LearnCCNA server for 2 hours". This user only uses "show" commands. QUESTION 52 When a floating static route is configured, which action ensures that the backup route is used when the primary route fails? A. The floating static route must have a higher administrative distance than the primary route so it is used as a backup B. The administrative distance must be higher on the primary route so that the backup route becomes secondary. C. The floating static route must have a lower administrative distance than the primary route so it is used as a backup D. The default-information originate command must be configured for the route to be installed into the routing table Answer: A Explanation: By default, IOS considers static routes better than OSPF-learned routes. By default, IOS gives static routes an administrative distance of 1 A floating static route floats or moves into and out of the IP routing table depending on whether the better (lower) administrative distance route learned by the routing protocol happens to exist currently. QUESTION 53 Which two outcomes are predictable behaviors for HSRP? (Choose two) A. The two routers share a virtual IP address that is used as the default gateway for devices on the LAN. B. The two routers negotiate one router as the active router and the other as the standby router C. Each router has a different IP address both routers act as the default gateway on the LAN, and traffic is load balanced between them. D. The two routers synchronize configurations to provide consistent packet forwarding E. The two routed share the same IP address, and default gateway traffic is load-balanced between them Answer: AB QUESTION 54 Refer to the exhibit. Which password must an engineer use to enter the enable mode? Get Latest & Actual 200-301 Exam's Question and Answers from Passleader. 31 http://www.passleader.com A. adminadmin123 B. default C. testing1234 D. cisco123 Answer: C Explanation: If neither the enable password command nor the enable secret command is configured, and if there is a line password configured for the console, the console line password serves as the enable password for all VTY sessions -> The "enable secret" will be used first if available, then "enable password" and line password. Reference: https://www.cisco.com/c/en/us/td/docs/optical/cpt/r9_3/configuration/guide/cpt93_configuration/ cpt93_configuration_chapter_0100 QUESTION 55 How do TCP and UDP differ in the way that they establish a connection between two endpoints? A. TCP uses synchronization packets, and UDP uses acknowledgment packets. B. UDP uses SYN,SYN ACK and FIN bits in the frame header while TCP uses SYN,SYN ACK and ACK bits C. UDP provides reliable message transfer and TCP is a connectionless protocol D. TCP uses the three-way handshake and UDP does not guarantee message delivery Answer: D QUESTION 56 When a site-to-site VPN is used, which protocol is responsible for the transport of user data? A. IKEv2 B. IKEv1 C. IPsec D. MD5 Answer: C Explanation: Get Latest & Actual 200-301 Exam's Question and Answers from Passleader. 32 http://www.passleader.com A site-to-site VPN allows offices in multiple fixed locations to establish secure connections with each other over a public network such as the Internet. A site-to-site VPN means that two sites create a VPN tunnel by encrypting and sending data between two devices. One set of rules for creating a site-to-site VPN is defined by IPsec. QUESTION 57 What is the primary effect of the spanning-tree port fast command? A. it enables BPDU messages B. It minimizes spanning-tree convergence time C. It immediately puts the port into the forwarding state when the switch is reloaded D. It immediately enables the port in the listening state Answer: B Explanation: The purpose of Port Fast is to minimize the time interfaces must wait for spanning-tree to converge, it is effective only when used on interfaces connected to end stations. https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3560/software/release/12- 2_55_se/configuration/guide/3560_scg/swstpopt.html QUESTION 58 How will Link Aggregation be implemented on a Cisco Wireless LAN Controller? A. To pass client traffic two or more ports must be configured. B. The EtherChannel must be configured in "mode active" C. When enabled the WLC bandwidth drops to 500 Mbps D. One functional physical port is needed to pass client traffic Answer: D Explanation: Link aggregation (LAG) is a partial implementation of the 802.3ad port aggregation standard. It bundles all of the controller's distribution system ports into a single 802.3ad port channel. Restriction for Link aggregation: - LAG requires the EtherChannel to be configured for `mode on' on both the controller and the Catalyst switch -> Answer B is not correct. - If the recommended load-balancing method cannot be configured on the Catalyst switch, then configure the LAG connection as a single member link or disable LAG on the controller -> Answer A is not correct while answer D is correct. Reference: https://www.cisco.com/c/en/us/td/docs/wireless/controller/7-5/configuration- guide/b_cg75/ b_cg75_chapter_0100010.html QUESTION 59 Refer to the exhibit. Which route does R1 select for traffic that is destined to 192 168.16.2? Get Latest & Actual 200-301 Exam's Question and Answers from Passleader. 33 http://www.passleader.com A. 192.168.16.0/21 B. 192.168.16.0/24 C. 192.168 26.0/26 D. 192.168.16.0/27 Answer: D Explanation: The destination IP addresses match all four entries in the routing table but the 192.168.16.0/27 has the longest prefix so it will be chosen. This is called the "longest prefix match" rule. QUESTION 60 Which two tasks must be performed to configure NTP to a trusted server in client mode on a single network device? (Choose two) A. Enable NTP authentication. B. Verify the time zone. C. Disable NTP broadcasts D. Specify the IP address of the NTP server E. Set the NTP server private key Answer: AD Explanation: To configure authentication, perform this task in privileged mode: Step 1: Configure an authentication key pair for NTP and specify whether the key will be trusted or untrusted. Step 2: Set the IP address of the NTP server and the public key. Step 3: Enable NTP client mode. Step 4: Enable NTP authentication. Step 5: Verify the NTP configuration. Reference: https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst4000/8- 2glx/configuration/guide/ntp.html QUESTION 61 Refer to the exhibit. Which command provides this output? Get Latest & Actual 200-301 Exam's Question and Answers from Passleader. 34 http://www.passleader.com A. show ip route B. show ip interface C. show interface D. show cdp neighbor Answer: D QUESTION 62 Which set of action satisfy the requirement for multi-factor authentication? A. The user swipes a key fob, then clicks through an email link B. The user enters a user name and password, and then clicks a notification in an authentication app on a mobile device C. The user enters a PIN into an RSA token, and then enters the displayed RSA key on a login screen D. The user enters a user name and password and then re-enters the credentials on a second screen Answer: B Explanation: This is an example of how two-factor authentication (2FA) works: 1. The user logs in to the website or service with their username and password. 2. The password is validated by an authentication server and, if correct, the user becomes eligible for the second factor. 3. The authentication server sends a unique code to the user's second-factor method (such as a smartphone app). 4. The user confirms their identity by providing the additional authentication for their second-factor method. QUESTION 63 Which mode allows access points to be managed by Cisco Wireless LAN Controllers? A. autonomous B. lightweight Get Latest & Actual 200-301 Exam's Question and Answers from Passleader. 35 http://www.passleader.com C. bridge D. mobility express Answer: B Explanation: A Lightweight Access Point (LAP) is an AP that is designed to be connected to a wireless LAN (WLAN) controller (WLC). APs are "lightweight," which means that they cannot act independently of a wireless LAN controller (WLC). The WLC manages the AP configurations and firmware. The APs are "zero touch" deployed, and individual configuration of APs is not necessary. Reference: https://www.cisco.com/c/en/us/support/docs/wireless/aironet-1200-series/70278-lap- faq.html QUESTION 64 Router A learns the same route from two different neighbors, one of the neighbor routers is an OSPF neighbor and the other is an EIGRP neighbor. What is the administrative distance of the route that will be installed in the routing table? A. 20 B. 90 C. 110 D. 115 Answer: B Explanation: The Administrative distance (AD) of EIGRP is 90 while the AD of OSPF is 110 so EIGRP route will be chosen to install into the routing table. QUESTION 65 Refer to the exhibit. What is the effect of this configuration? A. The switch port interface trust state becomes untrusted B. The switch port remains administratively down until the interface is connected to another switch C. Dynamic ARP inspection is disabled because the ARP ACL is missing D. The switch port remains down until it is configured to trust or untrust incoming packets Answer: A Explanation: Dynamic ARP inspection (DAI) is a security feature that validates ARP packets in a network. It intercepts, logs, and discards ARP packets with invalid IP-to-MAC address bindings. This capability protects the network from certain man-in-the-middle attacks. After enabling DAI, all ports become untrusted ports. QUESTION 66 Refer to the exhibit. Which prefix does Router1 use for traffic to Host A? Get Latest & Actual 200-301 Exam's Question and Answers from Passleader. 36 http://www.passleader.com A. 10.10.10.0/28 B. 10.10.13.0/25 C. 10.10.13.144/28 D. 10.10.13.208/29 Answer: D Explanation: Host A address fall within the address range. However, if more than one route to the same subnet exist (router will use the longest stick match, which match more specific route to the subnet). If there are route 10.10.13.192/26 and 10.10.13.208/29, the router will forward the packet to /29 rather than /28. QUESTION 67 What are two characteristics of a controller-based network? (Choose two) A. The administrator can make configuration updates from the CLI B. It uses northbound and southbound APIs to communicate between architectural layers C. It moves the control plane to a central point. D. It decentralizes the control plane, which allows each device to make its own forwarding decisions E. It uses Telnet to report system issues. Get Latest & Actual 200-301 Exam's Question and Answers from Passleader. 37 http://www.passleader.com Answer: BC Explanation: controller-based networking - A style of building computer networks that use a controller that centralizes some features and provides application programming interfaces (APIs) that allow for software interactions between applications and the controller (northbound APIs) and between the controller and the network devices (southbound APIs). centralized control plane - An approach to architecting network protocols and products that places the control plane functions into a centralized function rather than distributing the function across the networking devices. QUESTION 68 Refer to exhibit. Which statement explains the configuration error message that is received? A. It is a broadcast IP address B. The router does not support /28 mask. C. It belongs to a private IP address range. D. IT is a network IP address. Answer: A Explanation: For /28 network, There (2^4)=16 Subnets with each having (2^4-2)=14 host (14 +1 Network ID+ 1Broadcast ID)=16 Subnets are 192.168.16.0 192.168.16.16..... 192.168.16.128 192.168.16.144 (Above this network ID there will be address 192.168.16.143 which is a broadcast ID of Network 192.168.16.128 QUESTION 69 Drag and Drop Question Drag and drop the application protocols from the left onto the transport protocols that is uses on the right. Get Latest & Actual 200-301 Exam's Question and Answers from Passleader. 38 http://www.passleader.com Answer: QUESTION 70 Which command must you enter to guarantee that an HSRP router with higher priority becomes the HSRP primary router after it is reloaded? A. standby 10 preempt B. standby 10 version 1 C. standby 10 priority 150 D. standby 10 version 2 Answer: A Explanation: Get Latest & Actual 200-301 Exam's Question and Answers from Passleader. 39 http://www.passleader.com The "preempt" command enables the HSRP router with the highest priority to immediately become the active router. QUESTION 71 Which command should you enter to verify the priority of a router in an HSRP group? A. show hsrp B. show sessions C. show interfaces D. show standby Answer: D Explanation: The following is sample output from the show standby command: QUESTION 72 Which command should you enter to configure a device as an NTP sever? A. ntp sever B. ntp peer C. ntp authenticate Get Latest & Actual 200-301 Exam's Question and Answers from Passleader. 40 http://www.passleader.com D. ntp master Answer: D Explanation: To configure a Cisco device as an Authoritative NTP Server, use the ntp master [stratum] command. To configure a Cisco device as a NTP client, use the command ntp server. For example: Router(config)#ntp server 192.168.1.1. This command will instruct the router to query 192.168.1.1 for the time. QUESTION 73 Which two pieces of information can you determine from the output of the show ntp status command? (Choose two) A. whether the NTP peer is statically configured B. the IP address of the peer to which the clock is synchronized C. the configured NTP servers D. whether the clock is synchronized E. the NTP version number of the peer Answer: BD Explanation: Below is the output of the "show ntp status" command. From this output we learn that R1 has a stratum of 10 and it is getting clock from 10.1.2.1. QUESTION 74 Which effete does the aaa new-model configuration command have? A. It enables AAA services on the device B. It configures the device to connect to a RADIUS server for AAA C. It associates a RADIUS server to an group. D. It configures a local user on the device. Answer: A QUESTION 75 Refer to the exhibit. Which command would you use to configure a static route on Router1 to network 192.168.202.0/24 with a nondefault administrative distance? Get Latest & Actual 200-301 Exam's Question and Answers from Passleader. 41 http://www.passleader.com A. router1(config)#ip route 192.168.202.0 255.255.255.0 192.168.201.2 1 B. router1(config)#ip route 192.168.202.0 255.255.255.0 192.168.201.2 5 C. router1(config)#ip route 1 192.168.201.1 255.255.255.0 192.168.201.2 D. router1(config)#ip route 5 192.168.202.0 255.255.255.0 192.168.201.2 Answer: B Explanation: The default AD of static route is 1 so we need to configure another number for the static route. QUESTION 76 What is the destination MAC address of a broadcast frame? A. 00:00:0c:07:ac:01 B. ff:ff:ff:ff:ff:ff C. 43:2e:08:00:00:0c D. 00:00:0c:43:2e:08 E. 00:00:0c:ff:ff:ff Answer: B QUESTION 77 Which command is used to enable LLDP globally on a Cisco IOS ISR? A. lldp run B. lldp enable C. lldp transmit D. cdp run E. cdp enable Get Latest & Actual 200-301 Exam's Question and Answers from Passleader. 42 http://www.passleader.com Answer: A Explanation: Link Layer Discovery Protocol (LLDP) is a industry standard protocol that allows devices to advertise, and discover connected devices, and there capabilities (same as CDP of Cisco). To enable it on Cisco devices, we have to use this command under global configuration mode: Sw(config)# lldp run QUESTION 78 Which of the following dynamic routing protocols are Distance Vector routing protocols? A. IS-IS B. EIGRP C. OSPF D. BGP E. RIP Answer: BE Explanation: EIGRP is sometimes referred to as a hybrid routing protocol because it has characteristics of both distance-vector and link-state protocols. For example, EIGRP doesn’t send link-state packets as OSPF does; instead, it sends traditional distance-vector updates containing information about networks plus the cost of reaching them from the perspective of the advertising router. And EIGRP has link-state characteristics as well—it synchronizes routing tables between neighbors at startup and then sends specific updates only when topology changes occur. This makes EIGRP suitable for very large networks. EIGRP has a maximum hop count of 255 (the default is set to 100). QUESTION 79 You have configured a router with an OSPF router ID, but its IP address still reflects the physical interface. Which action can you take to correct the problem in the least disruptive way? A. Reload the OSPF process. B. Specify a loopback address C. Reboot the router. D. Save the router configuration Answer: A Explanation: Once an OSPF Router ID selection is done, it remains there even if you remove it or configure another OSPF Router ID. So the least disruptive way is to correct it using the command “clear ip ospf process”. QUESTION 80 Drag and Drop Question Drag and drop the benefits of a cisco wireless Lan controller from the left onto the correct examples on the right. Get Latest & Actual 200-301 Exam's Question and Answers from Passleader. 43 http://www.passleader.com Answer: QUESTION 81 Which command should you enter to configure an LLDP delay time of 5 seconds? A. lldp timer 5000 B. lldp holdtime 5 C. lldp reinit 5000 D. lldp reinit 5 Answer: D Explanation: + lldp holdtime seconds: Specify the amount of time a receiving device should hold the information from your device before discarding it + lldp reinit delay: Specify the delay time in seconds for LLDP to initialize on an interface + lldp timer rate: Set the sending frequency of LLDP updates in seconds Reference: https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3560/software/release/12-2_55_se/ configuration/guide/3560_scg/swlldp.html QUESTION 82 Which keyword in a NAT configuration enables the use of one outside IP address for multiple inside hosts? A. source B. static C. pool D. overload Answer: D Explanation: By adding the keyword "overload" at the end of a NAT statement, NAT becomes PAT (Port Address Translation). This is also a kind of dynamic NAT that maps multiple private IP addresses to a single public IP address (many-to-one) by using different ports. Static NAT and Dynamic NAT Get Latest & Actual 200-301 Exam's Question and Answers from Passleader. 44 http://www.passleader.com both require a one-to-one mapping from the inside local to the inside global address. By using PAT, you can have thousands of users connect to the Internet using only one real global IP address. PAT is the technology that helps us not run out of public IP address on the Internet. This is the most popular type of NAT. An example of using "overload" keyword is shown below: R1(config)# ip nat inside source list 1 interface ethernet1 overload QUESTION 83 Which unified access point mode continues to serve wireless clients after losing connectivity to the Cisco Wireless LAN Controller? A. sniffer B. mesh C. flex connect D. local Answer: C Explanation: In previous releases, whenever a FlexConnect access point disassociates from a controller, it moves to the standalone mode. The clients that are centrally switched are disassociated. However, the FlexConnect access point continues to serve locally switched clients. When the FlexConnect access point rejoins the controller (or a standby controller), all clients are disconnected and are authenticated again. This functionality has been enhanced and the connection between the clients and the FlexConnect access points are maintained intact and the clients experience seamless connectivity. When both the access point and the controller have the same configuration, the connection between the clients and APs is maintained. Reference: https://www.cisco.com/c/en/us/td/docs/wireless/controller/7-4/configuration/guides/ consolidated/b_cg74_CONSOLIDATED/b_cg74_CONSOLIDATED_chapter_010001101.html QUESTION 84 Which QoS Profile is selected in the GUI when configuring a voice over WLAN deployment? A. Bronze B. Platinum C. Silver D. Gold Answer: B Explanation: Cisco Unified Wireless Network solution WLANs support four levels of QoS: Platinum/Voice, Gold/Video, Silver/Best Effort (default), and Bronze/Background. Reference: https://www.cisco.com/c/en/us/td/docs/wireless/controller/7-4/configuration/guides/ consolidated/b_cg74_CONSOLIDATED/b_cg74_CONSOLIDATED_chapter_01010111.html QUESTION 85 Refer to the exhibit. With which metric was the route to host 172.16.0.202 learned? Get Latest & Actual 200-301 Exam's Question and Answers from Passleader. 45 http://www.passleader.com A. 0 B. 110 C. 38443 D. 3184439 Answer: C Explanation: Both the line "O 172.16.0.128/25" and "S 172.16.0.0/24" cover the host 172.16.0.202 but with the "longest (prefix) match" rule the router will choose the first route. QUESTION 86 When OSPF learns multiple paths to a network, how does it select a route? A. It multiple the active K value by 256 to calculate the route with the lowest metric. B. For each existing interface, it adds the metric from the source router to the destination to calculate the route with the lowest bandwidth. C. It divides a reference bandwidth of 100 Mbps by the actual bandwidth of the existing interface to calculate the router with the lowest cost. D. It count the umber of hops between the source router and the destination to determine the router with the lowest metric Answer: C QUESTION 87 Refer to the Exhibit. After the switch configuration the ping test fails between PC A and PC B Based on the output for switch 1. Which error must be corrected? Get Latest & Actual 200-301 Exam's Question and Answers from Passleader. 46 http://www.passleader.com A. There is a native VLAN mismatch B. Access mode is configured on the switch ports. C. The PCs are m the incorrect VLAN D. All VLANs are not enabled on the trunk Answer: A Explanation: From the output we see the native VLAN of Switch1 on Gi0/1 interface is VLAN 1 while that of Switch2 is VLAN 99 so there would be a native VLAN mismatch. QUESTION 88 Which command enables a router to become a DHCP client? A. ip address dhcp B. ip helper-address C. ip dhcp pool D. ip dhcp client Answer: A Explanation: If we want to get an IP address from the DHCP server on a Cisco device, we can use the command "ip address dhcp". Note: The command "ip helper-address" enables a router to become a DHCP Relay Agent. QUESTION 89 Which two encoding methods are supported by REST APIs? (Choose two) Get Latest & Actual 200-301 Exam's Question and Answers from Passleader. 47 http://www.passleader.com A. YAML B. JSON C. EBCDIC D. SGML E. XML Answer: BE Explanation: The Application Policy Infrastructure Controller (APIC) REST API is a programmatic interface that uses REST architecture. The API accepts and returns HTTP (not enabled by default) or HTTPS messages that contain JavaScript Object Notation (JSON) or Extensible Markup Language (XML) documents. Reference: https://www.cisco.com/c/en/us/td/docs/switches/datacenter/aci/apic/sw/2- x/rest_cfg/2_1_x/ b_Cisco_APIC_REST_API_Configuration_Guide/ b_Cisco_APIC_REST_API_Configuration_Guide_chapter_01.html QUESTION 90 Refer to the exhibit. What is the effect of this configuration? A. All ARP packets are dropped by the switch B. Egress traffic is passed only if the destination is a DHCP server. C. All ingress and egress traffic is dropped because the interface is untrusted D. The switch discard all ingress ARP traffic with invalid MAC-to-IP address bindings. Answer: D Explanation: Dynamic ARP inspection is an ingress security feature; it does not perform any egress checking. QUESTION 91 In a CDP environment, what happens when the CDP interface on an adjacent device is configured without an IP address? A. CDP becomes inoperable on that neighbor B. CDP uses the IP address of another interface for that neighbor C. CDP operates normally,but it cannot provide IP address information for that neighbor D. CDP operates normally,but it cannot provide any information for that neighbor Answer: C Explanation: Although CDP is a Layer 2 protocol but we can check the neighbor IP address with the "show cdp neighbor detail" command. If the neighbor does not has an IP address then CDP still operates without any problem. But the IP address of that neighbor is not provided. Get Latest & Actual 200-301 Exam's Question and Answers from Passleader. 48 http://www.passleader.com QUESTION 92 Refer to the exhibit. When PC 1 sends a packet to PC2,the packet has. Which source and destination IP address when it arrives at interface Gi0/0 on router R2? A. source 192.168.10.10 and destination 10.10.2.2 B. source 192.168.20.10 and destination 192.168.20.1 C. source 192.168.10.10 and destination 192.168.20.10 D. source 10.10.1.1 and destination 10.10.2.2 Answer: C Explanation: The source and destination IP addresses of the packets are unchanged on all the way. Only source and destination MAC addresses are changed. QUESTION 93 Which feature or protocol determines whether the QOS on the network is sufficient to support IP services? A. LLDP B. CDP C. IP SLA D. EEM Answer: C Explanation: IP SLA allows an IT professional to collect information about network performance in real time. Therefore it helps determine whether the QoS on the network is sufficient for IP services or not. Cisco IOS Embedded Event Manager (EEM) is a powerful and flexible subsystem that provides real-time network event detection and onboard automation. It gives you the ability to adapt the behavior of your network devices to align with your business needs. QUESTION 94 An email user has been lured into clicking a link in an email sent by their company's security organization. The webpage that opens reports that it was safe but the link could have contained Get Latest & Actual 200-301 Exam's Question and Answers from Passleader. 49 http://www.passleader.com malicious code. Which type of security program is in place? A. Physical access control B. Social engineering attack C. brute force attack D. user awareness Answer: D Explanation: This is a training program which simulates an attack, not a real attack (as it says "The webpage that opens reports that it was safe") so we believed it should be called a "user awareness" program. Therefore the best answer here should be "user awareness". This is the definition of "User awareness" from CCNA 200- 301 Offical Cert Guide Book: "User awareness: All users should be made aware of the need for data confidentiality to protect corporate information, as well as their own credentials and personal information. They should also be made aware of potential threats, schemes to mislead, and proper procedures to report security incidents. " Note: Physical access control means infrastructure locations, such as network closets and data centers, should remain securely locked. QUESTION 95 What is the default behavior of a Layer 2 switch when a frame with an unknown destination MAC address is received? A. The Layer 2 switch drops the received frame B. The Layer 2 switch floods packets to all ports except the receiving port in the given VLAN. C. The Layer 2 switch sends a copy of a packet to CPU for destination MAC address learning. D. The Layer 2 switch forwards the packet and adds the destination MAC address to its MAC address table Answer: B Explanation: If the destination MAC address is not in the CAM table (unknown destination MAC address), the switch sends the frame out all other ports that are in the same VLAN as the received frame. This is called flooding. It does not flood the frame out the same port on which the frame was received. QUESTION 96 Refer to the exhibit. An engineer configured NAT translations and has verified that the configuration is correct. Which IP address is the source IP after the NAT has taken place? A. 10.4.4.4 B. 10.4.4.5 C. 172.23.103.10 D. 172.23.104.4 Get Latest & Actual 200-301 Exam's Question and Answers from Passleader. 50 http://www.passleader.com Answer: D Explanation: From the output it can be seen that the router is running Dynamic NAT with overloading and after NAT translation the new source address should be the inside global ip address. QUESTION 97 Refer to the exhibit. The New York router is configured with static routes pointing to the Atlanta and Washington sites. Which two tasks must be performed so that the Serial0/0/0 interfaces on the Atlanta and Washington routers can reach one another? (Choose two.) A. Configure the ipv6 route 2012::/126 2023::1 command on the Washington router B. Configure the ipv6 route 2023::/126 2012::1 command on the Atlanta router. C. Configure the Ipv6 route 2012::/126 s0/0/0 command on the Atlanta router D. Configure the ipv6 route 2023::/126 2012::2 command on the Atlanta router E. Configure the ipv6 route 2012::/126 2023::2 command on the Washington router Answer: DE Explanation: The short syntax of static IPv6 route is: ipv6 route {next-hop-IPv6-address | exit-interface} QUESTION 98 A user configured OSPF and advertised the Gigabit Ethernet interface in OSPF By default, which type of OSPF network does this interface belong to? A. point-to-multipoint B. point-to-point C. broadcast D. nonbroadcast Get Latest & Actual 200-301 Exam's Question and Answers from Passleader. 51 http://www.passleader.com Answer: C Explanation: The Broadcast network type is the default for an OSPF enabled ethernet interface (while Point-to- Point is the default OSPF network type for Serial interface with HDLC and PPP encapsulation). Reference: https://www.oreilly.com/library/view/cisco-ios-cookbook/0596527225/ch08s15.html QUESTION 99 An engineer is asked to protect unused ports that are configured in the default VLAN on a switch. Which two steps will fulfill the request? (Choose two) A. Configure the ports in an EtherChannel. B. Administratively shut down the ports C. Configure the port type as access and place in VLAN 99 D. Configure the ports as trunk ports E. Enable the Cisco Discovery Protocol Answer: BC QUESTION 100 Which output displays a JSON data representation? A. B. C. Get Latest & Actual 200-301 Exam's Question and Answers from Passleader. 52 http://www.passleader.com D. Answer: D Explanation: JSON data is written as name/value pairs. A name/value pair consists of a field name (in double quotes), followed by a colon, followed by a value: "name":"Mark" JSON can use arrays. Array values must be of type string, number, object, array, boolean or null. For example: { "name":"John", "age":30, "cars":[ "Ford", "BMW", "Fiat" ] } JSON can have empty object like "taskId":{} QUESTION 101 An engineer must configure a WLAN using the strongest encryption type for WPA2-PSK. Which cipher fulfills the configuration requirement? A. WEP B. RC4 C. AES D. TKIP Answer: C Explanation: Many routers provide WPA2-PSK (TKIP), WPA2-PSK (AES), and WPA2-PSK (TKIP/AES) as options. TKIP is actually an older encryption protocol introduced with WPA to replace the very-insecure WEP encryption at the time. TKIP is actually quite similar to WEP encryption. TKIP is no longer considered secure, and is now deprecated. In other words, you shouldn't be using it. AES is a more secure encryption protocol introduced with WPA2 and it is currently the strongest encryption type for WPA2-PSK/ QUESTION 102 When configuring an EtherChannel bundle, which mode enables LACP only if a LACP device is detected? A. Passive B. Desirable C. On D. Auto Get Latest & Actual 200-301 Exam's Question and Answers from Passleader. 53 http://www.passleader.com E. Active Answer: A Explanation: The LACP is Link Aggregation Control Protocol. LACP is an open protocol, published under the 802.3ad. The modes of LACP are active, passive or on. The side configured as “pasive” will waiting the other side that should an Active for the Etherchannel to be established. PAgP is Port-Aggregation Protocol. It is Cisco proprietary protocol. The mode are On, Desirable or Auto. Desirable – Auto will establish a EtherChannel. An example of how to configure an Etherchannel: SwitchFormula1>enable SwitchFormula1#configure terminal SwitchFormula1(config)# interface range f0/5 -14 SwitchFormula1(config-if-range)# channel-group 13 mode ? active Enable LACP unconditionally auto Enable PAgP only if a PAgP device is detected desirable Enable PAgP unconditionally on Enable Etherchannel only passive Enable LACP only if a LACP device is detected QUESTION 103 Refer to the exhibit. Which VLAN ID is associated with the default VLAN in the given environment? A. VLAN 1 B. VLAN 5 C. VLAN 10 D. VLAN 20 Answer: A Explanation: Cisco switches always have VLAN 1 as the default VLAN, which is needed for many protocol communication between switches like spanning-tree protocol for instance. Get Latest & Actual 200-301 Exam's Question and Answers from Passleader. 54 http://www.passleader.com You can't change or even delete the default VLAN, it is mandatory. The native VLAN is the only VLAN which is not tagged in a trunk, in other words, native VLAN frames are transmitted unchanged. QUESTION 104 Which two VLAN IDs indicate a default VLAN? (Choose two.) A. 0 B. 1 C. 1005 D. 1006 E. 4096 Answer: BC Explanation: VLAN 1 is a system default VLAN, you can use this VLAN but you cannot delete it. By default VLAN 1 is use for every port on the switch. Standard VLAN range from 1002-1005 it's Cisco default for FDDI and Token Ring. You cannot delete VLANs 1002-1005. mostly we don't use VLAN in this range. QUESTION 105 Refer to the exhibit. Which statement about the interface that generated the output is true? A. A syslog message is generated when a violation occurs. B. One secure MAC address is manually configured on the interface. C. One secure MAC address is dynamically learned on the interface. D. Five secure MAC addresses are dynamically learned on the interface. Answer: B Get Latest & Actual 200-301 Exam's Question and Answers from Passleader. 55 http://www.passleader.com QUESTION 106 Which command should you enter to view the error log in an EIGRP for IPv6 environment? A. show ipv6 eigrp neighbors B. show ipv6 eigrp topology C. show ipv6 eigrp traffic D. show ipv6 eigrp events Answer: D Explanation: show ip eigrp events To display the Enhanced Interior Gateway Routing Protocol (EIGRP) event log, use the show ip eigrp events command in user EXEC or privileged EXEC mode. https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_eigrp/command/ire-cr-book/ire- s1.html#wp3095206170 QUESTION 107 If a notice-level messaging is sent to a syslog server, which event has occurred? A. A network device has restarted B. An ARP inspection has failed C. A routing instance has flapped D. A debug operation is running Answer: A Explanation: Router flapping would be level 3 (as it means that interface(s) are going up down multiple times in very short period). QUESTION 108 What are two southbound APIs? (Choose two ) A. OpenFlow B. NETCONF C. Thrift D. CORBA E. DSC Answer: AB Explanation: OpenFlow is a well-known southbound API. OpenFlow defines the way the SDN Controller should interact with the forwarding plane to make adjustments to the network, so it can better adapt to changing business requirements. The Network Configuration Protocol (NetConf) uses Extensible Markup Language (XML) to install, manipulate and delete configuration to network devices. Other southbound APIs are: + onePK: a Cisco proprietary SBI to inspect or modify the network element configuration without hardware upgrades. + OpFlex: an open-standard, distributed control system. It send "summary policy" to network elements. Get Latest & Actual 200-301 Exam's Question and Answers from Passleader. 56 http://www.passleader.com QUESTION 109 Which feature on the Cisco Wireless LAN Controller when enabled restricts management access from specific networks? A. CPU ACL B. TACACS C. Flex ACL D. RADIUS Answer: A Explanation: Whenever you want to control which devices can talk to the main CPU, a CPU ACL is used. Note: CPU ACLs only filter traffic towards the CPU, and not any traffic exiting or generated by the CPU. Reference: https://www.cisco.com/c/en/us/support/docs/wireless/4400-series-wireless-lan- controllers/109669-secure-wlc.html QUESTION 110 Which command automatically generates an IPv6 address from a specified IPv6 prefix and MAC address of an interface? A. ipv6 address dhcp B. ipv6 address 2001:DB8:5:112::/64 eui-64 C. ipv6 address autoconfig D. ipv6 address 2001:DB8:5:112::2/64 link-local Answer: C Explanation: The "ipv6 address autoconfig" command causes the device to perform IPv6 stateless address auto-configuration to discover prefixes on the link and then to add the EUI-64 based addresses to the interface. Addresses are configured depending on the prefixes received in Router Advertisement (RA) messages. The device will listen for RA messages which are transmitted periodically from the router (DHCP Server). This RA message allows a host to create a global IPv6 address from: + Its interface identifier (EUI-64 address) + Link Prefix (obtained via RA) Note: Global address is the combination of Link Prefix and EUI-64 address QUESTION 111 A network administrator enters the following command on a router: logging trap 3. What are three message types that will be sent to the Syslog server? (Choose three.) A. informational B. emergency C. warning D. critical E. debug F. error Get Latest & Actual 200-301 Exam's Question and Answers from Passleader. 57 http://www.passleader.com Answer: BDF QUESTION 112 Refer to the exhibit. Which two statements about the network environment of router R1 must be true? (Choose two.) A. The EIGRP administrative distance was manually changed from 90 to 170. B. There are 20 different network masks within the 10.0.0.0/8 network. C. Ten routes are equally load-balanced between Te0/1/0.100 and Te0/2/0.100 D. The 10.0.0.0/8 network was learned via external EIGRP. E. A static default route to 10.85.33.14 was defined. Answer: BC QUESTION 113 Which two statements about exterior routing protocols are true? (Choose two.) Get Latest & Actual 200-301 Exam's Question and Answers from Passleader. 58 http://www.passleader.com A. They determine the optimal within an autonomous system. B. They determine the optimal path between autonomous systems. C. BGP is the current standard exterior routing protocol. D. Most modern networking supports both EGP and BGP for external routing. E. Most modern network routers support both EGP and EIGRP for external routing. Answer: BC Explanation: Exterior Gateway Protocols (EGP): Used for routing between autonomous systems. It is also referred to as inter-AS routing. Service providers and large companies may interconnect using an EGP. The Border Gateway Protocol (BGP) is the only currently viable EGP and is the official routing protocol used by the Internet. Because BGP is the only EGP available, the term EGP is rarely used; instead, most engineers simply refer to BGP. https://www.ciscopress.com/articles/article.asp?p=2180210&seqNum=7 QUESTION 114 Which two pieces of information about a Cisco device can Cisco Discovery Protocol communicate? (Choose two.) A. the native VLAN B. the trunking protocol C. the VTP domain D. the spanning-tree priority E. the spanning tree protocol Answer: AC Explanation: The information contained in Cisco Discovery Protocol advertisements varies based on the type of device and the installed version of the operating system. Some of the information that Cisco Discovery Protocol can learn includes: Cisco IOS version running on Cisco devices Hardware platform of devices IP addresses of interfaces on devices Locally connected devices advertising Cisco Discovery Protocol Interfaces active on Cisco devices, including encapsulation type Hostname Duplex setting ***VLAN Trunking Protocol (VTP) domain ***Native VLAN https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/cdp/configuration/15-mt/cdp-15-mt-book/nm- cdp-discover.html QUESTION 115 Which two statements about NTP operations are true? (Choose two.) A. NTP uses UDP over IP. B. Cisco routers can act as both NTP authoritative servers and NTP clients. C. Cisco routers can act only as NTP servers. D. Cisco routers can act only as NTP clients. Get Latest & Actual 200-301 Exam's Question and Answers from Passleader. 59 http://www.passleader.com E. NTP uses TCP over IP. Answer: AB QUESTION 116 Which command is used to specify the delay time in seconds for LLDP to initialize on any interface? A. lldp timer B. lldp holdtime C. lldp reinit D. lldp tlv-select Answer: C Explanation: + lldp holdtime seconds: Specify the amount of time a receiving device should hold the information from your device before discarding it + lldp reinit delay: Specify the delay time in seconds for LLDP to initialize on an interface + lldp timer rate: Set the sending frequency of LLDP updates in seconds Reference: https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3560/software/release/12- 2_55_se/ configuration/guide/3560_scg/swlldp.html QUESTION 117 A Cisco IP phone receive untagged data traffic from an attached PC. Which action is taken by the phone? A. It allows the traffic to pass through unchanged B. It drops the traffic C. It tags the traffic with the default VLAN D. It tags the traffic with the native VLAN Answer: A Explanation: Untagged traffic from the device attached to the Cisco IP Phone passes through the phone unchanged, regardless of the trust state of the access port on the phone. Reference: https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst2960/software/release/12- 2_40_se/ configuration/guide/scg/swvoip.pdf QUESTION 118 Refer to the exhibit. Based on the LACP neighbor status, in which mode is the SW1 port channel configured? Get Latest & Actual 200-301 Exam's Question and Answers from Passleader. 60 http://www.passleader.com A. passive B. mode on C. auto D. active Answer: D Explanation: From the neighbor status, we notice the "Flags" are SP. "P" here means the neighbor is in Passive mode. In order to create an Etherchannel interface, the (local) SW1 ports should be in Active mode. Moreover, the "Port State" in the exhibit is "0x3c" (which equals to "00111100 in binary format). Bit 3 is "1" which means the ports are synchronizing -> the ports are working so the local ports should be in Active mode. Reference: https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3650/software/release/3se/consolidat ed_guide/command_reference/b_c QUESTION 119 Refer to the exhibit. The show ip ospf interface command has been executed on R1 How is OSPF configured? Get Latest & Actual 200-301 Exam's Question and Answers from Passleader. 61 http://www.passleader.com A. The interface is not participating in OSPF B. A point-to-point network type is configured C. The default Hello and Dead timers are in use D. There are six OSPF neighbors on this interface Answer: C Explanation: From the output we can see there are Designated Router & Backup Designated Router for this OSPF domain so this is a broadcast network (point-to-point and point-to-multipoint networks do not elect DR & BDR) -> Answer B is not correct. By default, the timers on a broadcast network (Ethernet, point-to-point and point-to-multipoint) are 10 seconds hello and 40 seconds dead (therefore answer C is correct). The timers on a non- broadcast network are 30 seconds hello 120 seconds dead. From the line "Neighbor Count is 3", we learn there are four OSPF routers in this OSPF domain -> Answer D is not correct. QUESTION 120 R1 has learned route 192.168.12.0/24 via IS-IS, OSPF, RIP and Internal EIGRP Under normal operating conditions, which routing protocol is installed in the routing table? A. IS-IS B. RIP C. Internal EIGRP D. OSPF Answer: C Explanation: With the same route (prefix), the router will choose the routing protocol with lowest Administrative Distance (AD) to install into the routing table. The AD of Internal EIGRP (90) is lowest so it would Get Latest & Actual 200-301 Exam's Question and Answers from Passleader. 62 http://www.passleader.com be chosen. The table below lists the ADs of popular routing protocols. Note: The AD of IS-IS is 115. The "EIGRP" in the table above is "Internal EIGRP". The AD of "External EIGRP" is 170. An EIGRP external route is a route that was redistributed into EIGRP. QUESTION 121 Which IPv6 address block sends packets to a group address rather than a single address? A. 2000::/3 B. FC00::/7 C. FE80::/10 D. FF00::/8 Answer: D Explanation: FF00::/8 is used for IPv6 multicast and this is the IPv6 type of address the question wants to ask. FE80::/10 range is used for link-local addresses. Link-local addresses only used for communications within the local subnetwork (automatic address configuration, neighbor discovery, router discovery, and by many routing protocols). It is only valid on the current subnet. It is usually created dynamically using a link-local prefix of FE80::/10 and a 64-bit interface identifier (based on 48-bit MAC address). QUESTION 122 Which feature or protocol is required for an IP SLA to measure UDP jitter? A. LLDP B. EEM C. CDP D. NTP Answer: D Explanation: Time synchronization, such as that provided by the Network Time Protocol (NTP), is required between the source and the target device to provide accurate one-way delay (latency) measurements. QUESTION 123 Which two pieces of information can you learn by viewing the routing table? (Choose two) Get Latest & Actual 200-301 Exam's Question and Answers from Passleader. 63 http://www.passleader.com A. whether an ACL was applied inbound or outbound to an interface B. the EIGRP or BGP autonomous system C. whether the administrative distance was manually or dynamically configured D. Which neighbor adjacencies are established E. the length of time that a route has been known Answer: CE QUESTION 124 Refer to the exhibit. Which two events occur on the interface,if packets from an unknown Source address arrive after the interface learns the maximum number of secure MAC address? (Choose two) A. The security violation counter dose not increment B. The port LED turns off C. The interface is error-disabled D. A syslog message is generated E. The interface drops traffic from unknown MAC address Answer: AE Explanation: protect - Drops packets with unknown source addresses until you remove a sufficient number of secure MAC addresses to drop below the maximum value. restrict- Drops packets with unknown source addresses until you remove a sufficient number of secure MAC addresses to drop below the maximum value and causes the SecurityViolation counter to increment. shutdown - Puts the interface into the error-disabled state immediately and sends an SNMP trap notification. QUESTION 125 Refer to the exhibit. Which feature is enabled by this configuration? Get Latest & Actual 200-301 Exam's Question and Answers from Passleader. 64 http://www.passleader.com A. static NAT translation B. a DHCP pool C. a dynamic NAT address pool D. PAT Answer: C QUESTION 126 For what two purposes does the Ethernet protocol use physical addresses? A. to uniquely identify devices at Layer 2 B. to allow communication with devices on a different network C. to differentiate a Layer 2 frame from a Layer 3 packet D. to establish a priority system to determine which device gets to transmit first E. to allow communication between different devices on the same network F. to allow detection of a remote device when its physical address is unknown Answer: AE QUESTION 127 Refer to Exhibit. An engineer is configuring the NEW York router to reach the Lo1 interface of the Atlanta router using interface Se0/0/0 as the primary path. Which two commands must be configured on the New York router so that it can reach the Lo1 interface of the Atlanta router via Washington when the link between New York and Atlanta goes down? (Choose two) A. ipv6 router 2000::1/128 2012::1 B. ipv6 router 2000::1/128 2012::1 5 Get Latest & Actual 200-301 Exam's Question and Answers from Passleader. 65 http://www.passleader.com C. ipv6 router 2000::1/128 2012::2 D. ipv6 router 2000::1/1282023::2 5 E. ipv6 router 2000::1/1282023::3 5 Answer: AE Explanation: Floating static routes are static routes that have an administrative distance greater than the administrative distance (AD) of another static route or dynamic routes. By default a static route has an AD of 1 then floating static route must have the AD greater than 1. Floating static route has a manually configured administrative distance greater than that of the primary route and therefore would not be in the routing table until the primary route fails. QUESTION 128 Refer to Exhibit. How does SW2 interact with other switches in this VTP domain? A. It processes VTP updates from any VTP clients on the network on its access ports. B. It receives updates from all VTP servers and forwards all locally configured VLANs out all trunk ports C. It forwards only the VTP advertisements that it receives on its trunk ports. D. It transmits and processes VTP updates from any VTP Clients on the network on its trunk ports Answer: C Explanation: The VTP mode of SW2 is transparent so it only forwards the VTP updates it receives to its trunk links without processing them. QUESTION 129 Drag and Drop Question Drag and drop the networking parameters from the left on to the correct values on the right. Get Latest & Actual 200-301 Exam's Question and Answers from Passleader. 66 http://www.passleader.com Answer: Explanation: SSH uses TCP port 22 while SNMP uses UDP port 161 and 162. QUESTION 130 Drag and Drop Question A network engineer is configuring an OSPFv2 neighbor adjacency. Drag and drop the parameters from the left onto their required categories on the right. No all parameters are used. Get Latest & Actual 200-301 Exam's Question and Answers from Passleader. 67 http://www.passleader.com Answer: QUESTION 131 Drag and Drop Question Refer to the exhibit. Drag and drop the networking parameters from the left on to the correct values on the right. Get Latest & Actual 200-301 Exam's Question and Answers from Passleader. 68 http://www.passleader.com Answer: Explanation: The "ip route" and "ip addr show eth1" are Linux commands. + "ip route": display the routing table + "ip addr show eth1": get depth information (only on eth1 interface) about your network interfaces like IP Address, MAC Address information QUESTION 132 Which NAT term is defined as a group of addresses available for NAT use? A. NAT pool B. dynamic NAT C. static NAT D. one-way NAT Get Latest & Actual 200-301 Exam's Question and Answers from Passleader. 69 http://www.passleader.com Answer: A QUESTION 133 After you deploy a new WLAN controller on your network, which two additional tasks should you consider? (Choose two) A. deploy load balancers B. configure additional vlans C. configure multiple VRRP groups D. deploy POE switches E. configure additional security policies Answer: AE Explanation: In order of importance security policies and load balancing should be at the top of the list. POE would likely be third in line mainly because this would be a budgeted consideration and not necessarily an immediate post-deployment task requirement. QUESTION 134 Which component of an Ethernet frame is used to notify a host that traffic is coming? A. start of frame delimiter B. Type field C. preamble D. Data field Answer: C Explanation: Preamble is a 7 Byte field in the Ethernet frame which helps to receiver to know that it is an actual data ( Ethernet Frame) and not some random noise in the transmission medium. It acts like a doorbell telling about the incoming data. QUESTION 135 Refer to the exhibit. How will switch SW2 handle traffic from VLAN 10 on SW1? Get Latest & Actual 200-301 Exam's Question and Answers from Passleader. 70 http://www.passleader.com A. It sends the traffic to VLAN 10. B. It sends the traffic to VLAN 100. C. It drops the traffic. D. It sends the traffic to VLAN 1. Answer: B Explanation: Since SW-1 is configured native VLAN is VLAN10, so traffic coming out of VLAN-10 is untagged, & goes directly to SW-2 Native VLAN: VLAN100, due to VLAN mismatch. QUESTION 136 You are configuring your edge routers interface with a public IP address for Internet connectivity. The router needs to obtain the IP address from the service provider dynamically. Which command is needed on interface FastEthernet 0/0 to accomplish this? A. ip default-gateway B. ip route C. ip default-network D. ip address dhcp E. ip address dynamic Answer: D QUESTION 137 What are two reasons that cause late collisions to increment on an Ethernet interface? (Choose two) A. when the sending device waits 15 seconds before sending the frame again B. when the cable length limits are exceeded C. when one side of the connection is configured for half-duplex D. when Carner Sense Multiple Access/Collision Detection is used Get Latest & Actual 200-301 Exam's Question and Answers from Passleader. 71 http://www.passleader.com E. when a collision occurs after the 32nd byte of a frame has been transmitted Answer: BC Explanation: A late collision is defined as any collision that occurs after the first 512 bits (or 64th byte) of the frame have been transmitted. The usual possible causes are full-duplex/half-duplex mismatch, exceeded Ethernet cable length limits, or defective hardware such as incorrect cabling, non- compliant number of hubs in the network, or a bad NIC. Late collisions should never occur in a properly designed Ethernet network. They usually occur when Ethernet cables are too long or when there are too many repeaters in the network. Reference: https://www.cisco.com/en/US/docs/internetworking/troubleshooting/guide/tr1904.html QUESTION 138 Which IPv6 address type provides communication between subn

200-301 CCNA Cisco Certified Network Associate Exam Questions & Answers PDF

Document Details

Tags

Related

Summary

Full Transcript

Upgrade to continue