Download CCNA 200-301 PRACTICE EXAM QUESTIONS WITH 100% CORRECT ANSWERS. and more Exams Computer Networks in PDF only on Docsity!
CCNA 200-301 PRACTICE EXAM QUESTIONS WITH
100% CORRECT ANSWERS.
- When configuring a wireless LAN, to which category does a home wireless router belong? A) controller-based AP B) LWAPP-protocol based C) autonomous AP D) CAPWAP-protocol based -- Correct Answer ✔✔ autonomous AP
- Which feature or function does an AP provide in a wireless LAN? A) A wireless client can connect to more than one AP at a time. B) Each AP advertises one or more SSIDs and a user can choose to connect to the closest SSID. C) An AP is easier to configure and to set up than Wi-Fi range extenders. D) A wireless device has to be associated to an AP in order to have access to network resources. -- Correct Answer ✔✔ A wireless device has to be associated to an AP in order to have access to network resources.
- A network engineer is designing a borderless switched network in a hierarchical fashion. Why might the engineer consider using a two-tier layer model? A) The access layer in this model has different functions from the access layer in the three-tier layer model. B) It is recommended in smaller campus locations where there are fewer users accessing the network. C) It consists of a collapsed layer composed of the access and the distribution layer, and a second layer composed of the core layer.
D) The primary function of the collapsed layer is to provide network access to the user. -- Correct Answer ✔✔ It is recommended in smaller campus locations where there are fewer users accessing the network.
- A technician is troubleshooting a network device and suspects there might be a duplex mismatch. What could cause a duplex mismatch? A) data corruption B) interconnection of unlike devices C) interface misconfiguration D) auto-MDIX detection failure -- Correct Answer ✔✔ interface misconfiguration
- A pharmaceutical company wants to contract the services of a cloud provider to store employee data and company-specific applications with strict access security. Which type of cloud would be the most appropriate for this scenario? A) public cloud B) private cloud C) hybrid cloud D) community cloud -- Correct Answer ✔✔ private cloud Explanation: Private clouds - Cloud-based applications and services offered in a private cloud are intended for a specific organization or entity, such as the government. A private cloud can be set up using the organization's private network, though this can be expensive to build and maintain. A private cloud can also be managed by an outside organization with strict access security.
- Which LAN attack involves the sending of a double-tagged 802.1Q frame to the switch? A) VLAN double-tagging attack B) VLAN hopping attack C) DHCP spoofing attack D) DHCP starvation attack -- Correct Answer ✔✔ VLAN double-tagging attack
- A technician must accommodate at least 500 subnets from address 172.16.0.0/16. What is an appropriate subnet mask and corresponding number of available host IP addresses per subnet to meet the requirement? A) 255.255.255.128 and 126 hosts B) 255.255.255.0 and 128 hosts C) 255.255.255.192 and 126 hosts D) 255.255.255.224 and 128 hosts -- Correct Answer ✔✔ 255.255.255. and 126 hosts
- Refer to the exhibit. A PC with the MAC address of 0800.069d.3841 attached to port Fa0/8 is sending data to a device that has the MAC address of 6400.6a5a.6821. What will the switch do first to handle the data transfer? A) The switch will add the address 0800.069d.3841 to the MAC address table. B) The switch will send the frame to ports Fa0/4 and Fa0/6. C) The switch will flood the frame out all ports except port Fa0/8. D) The switch will send the frame to port Fa0/6. E) The switch will add the address 6400.6151.6821 to the MAC address table. -- Correct Answer ✔✔ The switch will add the address 0800.069d.3841 to the MAC address table. Explanation: Every frame that enters a switch is checked for new information to learn. It does this by examining the source MAC address of the frame and port number where the frame entered the switch: If the source MAC address does not exist in the MAC address table, the MAC address and incoming port number are added to the table.
- A network engineer is giving a tour of the company network operations center to a college class. The engineer is trying to describe how a WAN and connectivity to the internet relate to the network infrastructure. Which statement correctly describes network infrastructure and network communication? A) Communication across the internet requires application of recognized technologies and standards. B) LANs are used to connect WANs around the world.
C) A LAN connects small networks to large global networks. D) The internet is a worldwide collection of interconnected networks owned by an organization. -- Correct Answer ✔✔ Communication across the internet requires application of recognized technologies and standards. Explanation: The internet is not owned by any individual or group. Ensuring effective communication across this diverse infrastructure requires the application of consistent and commonly recognized technologies and standards as well as the cooperation of many network administration agencies.
- A network engineer is designing a borderless switched network in a hierarchical fashion. Which guideline might cause the engineer to implement a three-tier layer model? A) Fault isolation is one of the primary purposes of the distribution layer.xx B) Access layer L2 switches connect to distribution layer L3 switches, which implement routing, quality of service, and security. C) The core layer provides differentiated services to various classes of service applications at the edge of the network.xx D) The access layer provides aggregation of Layer 2 broadcast domains. -- Correct Answer ✔✔ The access layer provides aggregation of Layer 2 broadcast domains. Explanation: The access layer represents the network edge, where traffic enters or exits the campus network. Traditionally, the primary function of an access layer switch is to provide network access to the user. Access layer switches connect to distribution layer switches, which implement network foundation technologies such as routing, quality of service, and security.
- Two students are discussing routers and one statement that is said between them is accurate. Which statement is that? A) A directly-connected network is automatically added to the routing table of an adjacency neighbor if both routers are Cisco routers. B) A gateway of last resort is added to the routing table when the router boots up.
Explanation: CMSA/CA does not detect collisions but attempts to avoid them by waiting before transmitting. Each device that transmits includes the time duration that it needs for the transmission. All other wireless devices receive this information and know how long the medium will be unavailable.
- A network administrator is designing an IPv4 addressing scheme and requires these subnets. 1 subnet of 100 hosts 2 subnets of 80 hosts 2 subnets of 30 hosts 4 subnets of 20 hosts Which combination of subnets and masks will provide the best addressing plan for these requirements? A) 9 subnets of 126 hosts with a 255.255.255.128 mask B) 3 subnets of 126 hosts with a 255.255.255.192 mask and 6 subnets of 30 hosts with a 255.255.255.240 mask C) 3 subnets of 126 hosts with a 255.255.255.128 mask and 6 subnets of 30 hosts with a 255.255.255.224 mask D) 1 subnet of 126 hosts with a 255.255.255.192 mask and 2 subnets of 80 hosts with a 255.255.255.224 mask and 6 subnets of 30 hosts with a 255.255.255.240 mask -- Correct Answer ✔✔ 3 subnets of 126 hosts with a 255.255.255.128 mask and 6 subnets of 30 hosts with a 255.255.255. mask
- A group of network technicians is discussing IPv6 multicast processes. What is a feature of one type of IPv6 multicast address that should be discussed? A) A solicited-node multicast address is similar to the all-routers multicast address. B) It can be a source or a destination address. C) It has the prefix fe00::/8. D) The all-nodes multicast group has the same effect as an IPv4 broadcast address. -- Correct Answer ✔✔ A solicited-node multicast address is similar to the all-routers multicast address.
- Which LAN attack allows for identification of connected Cisco devices which are sending unencrypted broadcasts? A) STP attack B) CDP reconnaissance C) ARP attack D) address spoofing attack -- Correct Answer ✔✔ CDP reconnaissance
- What is a characteristic of the REST API? A) evolved into what became SOAP B) most widely used API for web services C) used for exchanging XML structured information over HTTP or SMTP D) considered slow, complex, and rigid -- Correct Answer ✔✔ most widely used API for web services
- A network administrator is using the Cisco DNA Center to monitor network health and to troubleshoot network issues. Which area should the administrator use to perform these tasks? A) ASSURANCE B) PROVISION C) PLATFORM D) POLICY -- Correct Answer ✔✔ ASSURANCE
- Which term describes the process of managing configuration changes of network devices in an orderly fashion? A) version control B) orchestration C) automation D) provisioning -- Correct Answer ✔✔ orchestration
- Which function of the Cisco intent-based networking system (IBNS) enables network operators to express the expected networking behavior that will best support the business intent?
A) login local B) crypto key generate rsa C) transport input ssh D) username admin secret ccna E) ip ssh version 2 -- Correct Answer ✔✔ login local transport input ssh
- When an end device requests services from a DHCPv4 server it receives a host IPv4 address and a subnet mask. Which two other IPv4 addresses are also typically provided to a DCHPv4 client? (Choose two.) A) DNS server address B) local HTTP web server address C) LAN default gateway address D) LAN NTP server address E) automatic private IPv4 address -- Correct Answer ✔✔ DNS server address LAN default gateway address
- A network engineer wants to synchronize the time of a router with an NTP server at the IPv4 address 209.165.200.225. The exit interface of the router is configured with an IPv4 address of 192.168.212.11. Which global configuration command should be used to configure the NTP server as the time source for this router? A) ntp peer 209.165.200. B) ntp server 192.168.212. C) ntp server 209.165.200. D) ntp peer 192.168.212.11 -- Correct Answer ✔✔ ntp server 209.165.200.
- When testing a new web server, a network administrator cannot access the home page when the server name is entered into a web browser on a PC. Pings to both the IPv4 and IPv6 addresses of the server are successful. What could be the problem?
A) DNS is not resolving the server name to an IPv4 or IPv6 address. B) ARP is not discovering the MAC address of the server. C) DHCP has not assigned an IPv4 or IPv6 address to the server. D) An FTP client must be installed on the PC. -- Correct Answer ✔✔ DNS is not resolving the server name to an IPv4 or IPv6 address.
- A network engineer is using SNMP manager software to monitor and manage network performance. In addition to polling network devices at regular time intervals, the engineer is configuring the devices to generate messages that inform the SNMP manager of specified events. What message type is configured on those devices that allows them to send unsolicited messages? A) set request B) get-response C) trap D) get-bulk-request -- Correct Answer ✔✔ trap
- A wireless network engineer is implementing updated wireless equipment within the company. Which statement describes a wireless security protocol? A) WPA secures the data using the Rivest Cipher 4 encryption method with a static key. B) WPA3-Personal uses 802.1X/EAP authentication that requires the use of a 192 - bit cryptographic suite. C) WPA2-Personal is intended for home or small office networks and uses 802.1X/EAP authentication. D) WPA2-Enterprise is intended for enterprise networks and users must authenticate using 802.1X standard. -- Correct Answer ✔✔ WPA2- Enterprise is intended for enterprise networks and users must authenticate using 802.1X standard.
- Refer to the exhibit. Which access list configuration on router R1 will prevent traffic from the 192.168.2.0 LAN from reaching the Restricted LAN while permitting traffic from any other LAN? a. R1(config-std-nacl)# permit any R1(config-std-nacl)# deny 192.168.2.
D) Issue the shutdown command followed by the no shutdown command on the interface. -- Correct Answer ✔✔ Issue the shutdown command followed by the no shutdown command on the interface. Explanation: To re-enable the port, use the shutdown interface configuration mode command (Figure 3). Then, use the no shutdown interface configuration command to make the port operational.
- An IT security specialist enables port security on a switch port of a Cisco switch. What is the default violation mode in use until the switch port is configured to use a different violation mode? A) disabled B) shutdown C) protect D) restrict -- Correct Answer ✔✔ shutdown Explanation: If no violation mode is specified when port security is enabled on a switch port, then the security violation mode defaults to shutdown.
- Refer to the exhibit. Which interface on switch S1 should be configured as a DHCP snooping trusted port to help mitigate DHCP spoofing attacks? A) G0/ B) G0/ C) G0/ D) G0/24 -- Correct Answer ✔✔ G0/ Explanation: When DHCP snooping is configured, the interface that connects to the DHCP server is configured as a trusted port. Trusted ports can source DHCP requests and acknowledgments. All ports not specifically configured as trusted are considered untrusted by the switch and can only source DHCP requests.
- Which statement is an accurate description of a VPN type? A) Site-to-site VPNs are typically created and secured using SSL.
B) In a Clientless VPN the connection is secured using a web browser IPsec connection. C) In a Client-based VPN, users initiate a connection using VPN client software and the VPN gateway does the data encryption. D) In a site-to-site VPN internal hosts have no knowledge that a VPN is being used. -- Correct Answer ✔✔ In a Client-based VPN, users initiate a connection using VPN client software and the VPN gateway does the data encryption.
- A network administrator of a college is configuring WLAN security with WPA Enterprise authentication. Which server is required when deploying this type of authentication? A) AAA B) DHCP C) RADIUS D) SNMP -- Correct Answer ✔✔ RADIUS Explanation: WAP2 Enterprise provides stronger secure user authentication than WPA2 PSK does. Instead of using a pre-shared key for all users to access a WLAN, WPA2 Enterprise requires that users enter their own username and password credentials to be authenticated before they can access the WLAN. The RADIUS server is required for deploying WPA2 Enterprise authentication.
- When configuring a switch for SSH access, what other command that is associated with the login local command is required to be entered on the switch? A) enable secret password B) login block-for seconds attempts number within seconds C) username username secret secret D) password password -- Correct Answer ✔✔ username username secret secret
- What term describes a process where a router simply discards any packet that arrives at the end of a queue that has completely used up its packet-holding resources?
which means that packets with a destination of 172.17.8.20 are forwarded through Serial0/0/0. Because a gateway of last resort exists, no packets will be dropped.
- Consider the following static route configured on a Cisco router: ipv6 route 2001:db8:acad:4::/64 2001:db8:acad:3:: What remote network is specified in this route? A) 2001:db8:acad:4::/ B) 2001:db8:acad:0::/ C) 2001:db8:acad:3::/ D) 2001:db8:acad:2::0/64 -- Correct Answer ✔✔ 2001:db8:acad:4::/
- A network administrator configures a router with the ipv6 route ::/0 Serial2/ command. What is the purpose of this command? A) to add a dynamic route for the destination network ::/0 to the routing table B) to enable a router to forward packets for which there is no route in the routing table C) to forward packets destined for the network ::/0 to the serial 2/0 interface D) to forward all packets to the serial 2/0 interface -- Correct Answer ✔✔ to add a dynamic route for the destination network ::/0 to the routing table
- What is the purpose of a First Hop Redundancy Protocol? A) to provide two or more routers working together, sharing an IP and MAC address of a virtual default gateway B) to provide a physical link to a new default router to replace the unreachable default gateway C) to provide a dynamic method by which devices on a LAN can determine the address of a new default gateway D) to provide a list of IP addresses of devices that can assume the role of the forwarding router -- Correct Answer ✔✔ to provide two or more routers working together, sharing an IP and MAC address of a virtual default gateway
- A network engineer examining the configuration of a Cisco router sees a network entry in a routing table listed with a code O. Which kind of route is this? A) a route used for the default gateway B) a route for a network directly connected to the local router interface C) a route dynamically learned through the OSPF routing protocol D) a static route -- Correct Answer ✔✔ a route dynamically learned through the OSPF routing protocol
- What defines a host route on a Cisco router? A) An IPv4 static host route configuration uses a destination IP address of a specific device and a /32 subnet mask. B) A static IPv6 host route must include the interface type and the interface number of the next hop router. C) A host route is designated with a C in the routing table. D) The link-local address is added automatically to the routing table as an IPv6 host route. -- Correct Answer ✔✔ An IPv4 static host route configuration uses a destination IP address of a specific device and a / subnet mask.
- Refer to the exhibit. Packets destined to which two networks will require the router to perform a recursive lookup? (Choose two.) A) 10.0.0.0/ B) 128.107.0.0/ C) 192.168.2.0/ D) 192.168.1.0/ E) 172.16.40.0/ F) 64.100.0.0/16 -- Correct Answer ✔✔ 10.0.0.0/ 192.168.2.0/
- The routing table of a Cisco router has four static routes for network 10.0.0.0. Which route is the best match for a packet entering the router with a destination of 10.16.0.10?
D) Configure a value using the router-id command. -- Correct Answer ✔✔ Configure a value using the router-id command. Explanation: A Cisco router is assigned a router ID to uniquely identify it. It can be automatically assigned and take the value of the highest configured IP address on any interface, the value of a specifically-configured loopback address, or the value assigned (which is in the exact form of an IP address) using the router-id command. Cisco recommends using the router-id command.
- In FHRP terminology, what represents a set of routers that present the illusion of a single router to hosts? A) standby router B) forwarding router C) default gateway D) virtual router -- Correct Answer ✔✔ virtual router Explanation: In FHRP multiple routers are configured to work together to present to hosts a single gateway router. This single gateway router is a virtual router which has a virtual IP address that is used by hosts as a default gateway.
- A network administrator is configuring the SNMP function on a Cisco 3500 series WLC. The task is to add an SNMP trap server to which this WLC will forward SNMP log messages. Which tab should the administrator use to add the SNMP trap server information? A) COMMANDS B) MONITOR C) MANAGEMENT D) CONTROLLER -- Correct Answer ✔✔ MANAGEMENT
- Match the STP port state with the appropriate description. (Not all options are used.) -- Correct Answer ✔✔ Explanation: The details of each port state: Blocking
The port is an alternate port and does not participate in frame forwarding. The port receives BPDU frames to determine the location and root ID of the root bridge. BPDU frames also determine which port roles each switch port should assume in the final active STP topology. With a Max Age timer of 20 seconds, a switch port that has not received an expected BPDU from a neighbor switch will go into the blocking state. Listening After the blocking state, a port will move to the listening state. The port receives BPDUs to determine the path to the root. The switch port also transmits its own BPDU frames and informs adjacent switches that the switch port is preparing to participate in the active topology. Learning A switch port transitions to the learning state after the listening state. During the learning state, the switch port receives and processes BPDUs and prepares to participate in frame forwarding. It also begins to populate the MAC address table. However, in the learning state, user frames are not forwarded to the destination. Forwarding In the forwarding state, a switch port is considered part of the active topology. The switch port forwards user traffic and sends and receives BPDU frames. Disabled A switch port in the disabled state does not participate in spanning tree and does not forward frames. The disabled state is set when the switch port is administratively disabled.
- Refer to the exhibit. All the displayed switches are Cisco 2960 switches with the same default priority and operating at the same bandwidth. Which three ports will be STP designated ports? (Choose three.) A) fa0/ B) fa0/ C) fa0/ D) fa0/ E) fa0/
