Pass the Cisco CCNA 200-301 Questions and answers with ValidTests

Exam 200-301 Premium Access

View all detail and faqs for the 200-301 exam

Go to Exam

Viewing page 2 out of 8 pages

Viewing questions 51-100 out of questions

Questions # 51:

Refer to the exhibit.

Question # 51

An engineer booted a new switch and applied this configuration via the console port. Which additional configuration must be applied to allow administrators to authenticate directly to enable privilege mode via Telnet using a local username and password?

Question # 51

Options:

Option A

Option B

Option C

Option D

Expert Solution

Questions # 52:

Which technology must be implemented to configure network device monitoring with the highest security?

Options:

IP SLA

syslog

NetFlow

SNMPv3

Expert Solution

Questions # 53:

R1 has learned route 10.10.10.0/24 via numerous routing protocols. Which route is installed?

Options:

route with the lowest cost

route with the next hop that has the highest IP

route with the shortest prefix length

route with the lowest administrative distance

Expert Solution

Questions # 54:

Refer to the exhibit.

Question # 54

How does router R1 handle traffic to 192.168.10.16?

Options:

It selects the IS-IS route because it has the shortest prefix inclusive of the destination address.

It selects the EIGRP route because it has the lowest administrative distance.

It selects the OSPF route because it has the lowest cost.

It selects the RIP route because it has the longest prefix inclusive of the destination address.

Expert Solution

Questions # 55:

Which two must be met before SSH can operate normally on a Cisco IOS switch? (Choose two)

Options:

The switch must be running a k9 (crypto) IOS image

The Ip domain-name command must be configured on the switch

IP routing must be enabled on the switch

A console password must be configured on the switch

Telnet must be disabled on the switch

Expert Solution

Questions # 56:

Drag and drop the AAA lerms from the left onto the descriptions on the right.

Question # 56

Options:

Expert Solution

Questions # 57:

Refer to the exhibit.

Question # 57

Which change to the configuration on Switch?

allows the two switches to establish an GtherChannel?

Options:

Change the protocol to EtherChannel mode on.

Change the LACP mode to active

Change the LACP mode to desirable

Change the protocol to PAqP and use auto mode

Expert Solution

Questions # 58:

Which protocol does an access point use to draw power from a connected switch?

Options:

Internet Group Management Protocol

Adaptive Wireless Path Protocol

Cisco Discovery Protocol

Neighbor Discovery Protocol

Expert Solution

Questions # 59:

Refer to the exhibit.

Question # 59

Users on existing VLAN 100 can reach sites on the Internet. Which action must the administrator take to establish connectivity to the Internet for users in VLAN 200?

Options:

Define a NAT pool on the router.

Configure static NAT translations for VLAN 200.

Configure the ip nat outside command on another interface for VLAN 200.

Update the NAT INSIDF RANGFS ACL

Expert Solution

Questions # 60:

When deploying syslog, which severity level logs informational message?

Options:

Expert Solution

Questions # 61:

A corporate office uses four floors in a building

• Floor 1 has 24 users

• Floor 2 has 29 users

• Floor 3 has 28 users

•Floor 4 has 22 users

Which subnet summarizes and gives the most efficient distribution of IP addresses for the router configuration?

Options:

192.168.0.0/26 as summary and 192.168.0.0/29 for each floor

192.168.0.0.24 as summary and 192.168.0.0/28 for each floor

192.168.0.0/23 as summary and 192.168.0.0/25 for each floor

l92.168.0.0/25 as summary and 192.168.0.0/27 for each floor

Expert Solution

Questions # 62:

Which configuration management mechanism uses TCP port 22 by default when communicating with managed nodes?

Options:

Ansible

Python

Puppet

Chef

Expert Solution

Questions # 63:

What are two descriptions of three-tier network topologies? (Choose two)

Options:

The core and distribution layers perform the same functions

The access layer manages routing between devices in different domains

The network core is designed to maintain continuous connectivity when devices fail.

The core layer maintains wired connections for each host

The distribution layer runs Layer 2 and Layer 3 technologies

Expert Solution

Questions # 64:

Refer to the exhibit.

Question # 64

Which prefix does Router 1 use for traffic to Host A?

Options:

10.10.10.0/28

10.10.13.0/25

10.10.13.144/28

10.10.13.208/29

Expert Solution

Questions # 65:

Refer to the exhibit.

Question # 65

Which two values does router R1 use to identify valid routes for the R3 loopback address 1.1.1.3/32? (Choose two.)

Options:

lowest cost to teach the next hop

highest metric

highest administrative distance

lowest metric

lowest administrative distance

Expert Solution

Questions # 66:

Which two outcomes are predictable behaviors for HSRP? (Choose two)

Options:

The two routers share a virtual IP address that is used as the default gateway for devices on the LAN.

The two routers negotiate one router as the active router and the other as the standby router

Each router has a different IP address both routers act as the default gateway on the LAN, and traffic is load balanced between them.

D The two routers synchronize configurations to provide consistent packet forwarding

The two routed share the same IP address, and default gateway traffic is load-balanced between them

Expert Solution

Questions # 67:

R1 has learned route 192.168.12.0/24 via IS-IS. OSPF, RIP. and Internal EIGRP Under normal operating conditions, which routing protocol is installed in the routing table?

Options:

IS-IS

RIP

Internal EIGRP

OSPF

Expert Solution

Questions # 68:

What does an SDN controller use as a communication protocol to relay forwarding changes to a southbound API?

Options:

OpenFlow

Java

REST

XML

Expert Solution

Questions # 69:

Which protocol prompts the Wireless LAN Controller to generate its own local web administration SSL certificate for GUI access?

Options:

HTTPS

RADIUS

TACACS+

HTTP

Expert Solution

Questions # 70:

Which resource is able to be shared among virtual machines deployed on the same physical server?

Options:

disk

applications

VM configuration file

operating system

Expert Solution

Questions # 71:

Which mode allows access points to be managed by Cisco Wireless LAN Controllers?

Options:

autonomous

lightweight

bridge

mobility express

Expert Solution

Questions # 72:

Refer to exhibit.

Question # 72

Which statement explains the configuration error message that is received?

Options:

It is a broadcast IP address

The router does not support /28 mask.

It belongs to a private IP address range.

IT is a network IP address.

Expert Solution

Questions # 73:

Which WLC management connection type is vulnerable to man-in-the-middIe attacks?

Options:

Telnet

console

HTTPS

SSH

Expert Solution

Questions # 74:

Refer to the exhibit. The user has connectivity to devices on network 192.168.3 0/24 but cannot reach users on the network 10.10.1.0724.

What is the first step to verify connectivity?

Question # 74

Options:

Is the internet reachable?

Is the default gateway reachable?

Is the DNS server reachable?

Expert Solution

Questions # 75:

Drag and drop the common functions from the left onto the cofresponding network topology architecture layer on the right. Not all common functions are used.

Question # 75

Options:

Expert Solution

Questions # 76:

Question # 76

Refer to the exhibit. This ACL is configured to allow client access only to HTTP, HTTPS, and DNS services via UDP. The new administrator wants to add TCP access to the DNS service. Which configuration updates the ACL efficiently?

Options:

ip access-list extended Services

35 permit tcp 10.0.0.0 0.255.255.255 host 198.51.100.11 eq domain

no ip access-list extended Services

ip access-list extended Services

30 permit tcp 10.0.0.0 0.255.255.255 host 198.51.100.11 eq domain

ip access-list extended Services

permit tcp 10.0.0.0 0.255.255.255 host 198.51.100.11 eq domain

no ip access-list extended Services

ip access-list extended Services

permit udp 10.0.0.0 0.255.255.255 any eq 53

permit tcp 10.0.0.0 0.255.255.255 host 198.51.100.11 eq domain

deny ip any any log

Expert Solution

Questions # 77:

Why is UDP more suitable than TCP tor applications that require low latency, such as VoIP?

Options:

UDP reliably guarantees delivery of all packets and TCP drops packets under heavy load.

TCP sends an acknowledgment for every packet that is received and UDP operates without acknowledgments.

UDP uses sequencing data for packets to arrive in order, and TCP offers the capability to receive packets in random order.

TCP uses congestion control for efficient packet delivery and UDP uses flow control mechanisms for the delivery of packets.

Expert Solution

Questions # 78:

Refer to the exhibit.

Question # 78

A packet is being sent across router R1 to host 172.16.0.14. What is the destination route for the packet?

Options:

209.165.200.254 via Serial0/0/1

209.165.200.254 via Serial0/0/0

209.165.200.246 via Serial0/1/0

209.165.200.250 via Serial0/0/0

Expert Solution

Questions # 79:

A network engineer is configuring a new router at a branch office. The router is connected to an upstream WAN network that allows the branch to communicate with the head office. The central time server with IP address 172.24.54.8 is located behind a firewall at the head office. Which command must the engineer configure so that the software clock of the new router synchronizes with the time server?

Options:

ntp master 172.24.54.8

ntp client 172.24.54.8

ntp peer 172.24.54.8

ntp server 172.24.54.8

Expert Solution

Questions # 80:

Which advantage does machine learning offer for network security?

Options:

It improves real-time threat detection.

It manages firewall rule sets.

It enforces password complexity requirements.

It controls VPN access permissions.

Expert Solution

Questions # 81:

Question # 81

Three switches must be configured for Layer 2 connectivity. The company requires only the designated VLANs to be configured on their respective switches and permitted accross any links between switches for security purposes. Do not modify or delete VTP configurations.

The network needs two user-defined VLANs configured:

VLAN 110: MARKETING

VLAN 210: FINANCE

1. Configure the VLANs on the designated switches and assign them as access ports to the interfaces connected to the PCs.

2. Configure the e0/2 interfaces on Sw1 and Sw2 as 802.1q trunks with only the required VLANs permitted.

3. Configure the e0/3 interfaces on Sw2 and Sw3 as 802.1q trunks with only the required VLANs permitted.

Question # 81

Options:

Expert Solution

Questions # 82:

Question # 82

IP connectivity between the three routers is configured. OSPF adjacencies must be established.

1. Configure R1 and R2 Router IDs using the interface IP addresses from the link that is shared between them.

2. Configure the R2 links with a max value facing R1 and R3. R2 must become the DR. R1 and R3 links facing R2 must remain with the default OSPF configuration for DR election. Verify the configuration after clearing the OSPF process.

3. Using a host wildcard mask, configure all three routers to advertise their respective Loopback1 networks.

4. Configure the link between R1 and R3 to disable their ability to add other OSPF routers.

Options:

Expert Solution

Questions # 83:

How does machine learning improve the detection of unauthorized network access?

Options:

It monitors for outdated software.

It dictates security policy updates.

It identifies patterns indicating intrusions.

It assigns security clearance levels.

Expert Solution

Questions # 84:

What is the difference between controller-based networks and traditional networks as they relate to control-plane and/or data-plane functions?

Options:

Controller-based networks centralize all important data-plane functions, and traditional networks distribute data-plane functions.

Controller-based networks centralize all important control-plane functions, and traditional networks distribute control-plane functions.

Traditional networks centralize all important control-plane functions, and controller-based networks distribute control-plane functions.

Traditional networks centralize all important data-plane functions, and controller-based networks distribute data-plane functions.

Expert Solution

Questions # 85:

Question # 85

IP connectivity and OSPF are preconfigured on all devices where necessary. Do not make any changes to the IP addressing or OSPF. The company policy uses connected interfaces and next hops when configuring static routes except for load balancing or redundancy without floating static. Connectivity must be established between subnet 172.20.20.128/25 on the Internet and the LAN at 192.168.0.0/24 connected to SW1:

1. Configure reachability to the switch SW1 LAN subnet in router R2.

2. Configure default reachability to the Internet subnet in router R1.

3. Configure a single static route in router R2 to reach to the Internet subnet considering both redundant links between routers R1 and R2. A default route is NOT allowed in router R2.

4. Configure a static route in router R1 toward the switch SW1 LAN subnet where the primary link must be through Ethernet0/1. and the backup link must be through Ethernet0/2 using a floating route. Use the minimal administrative distance value when required.

Options:

Expert Solution

Questions # 86:

An organization secures its network with multi-factor authentication using an authenticator app on employee smartphone. How is the application secured in the case of a user’s smartphone being lost or stolen?

Options:

The application requires an administrator password to reactivate after a configured Interval.

The application requires the user to enter a PIN before it provides the second factor.

The application challenges a user by requiring an administrator password to reactivate when the smartphone is rebooted.

The application verifies that the user is in a specific location before it provides the second factor.

Expert Solution

Questions # 87:

Physical connectivity is implemented between the two Layer 2 switches,

and the network connectivity between them must be configured.

I . Configure an LACP EtherChanneI and number it as 44; configure it

between switches SWI and SW2 using interfaces EthernetO/O and

Ethernet0/1 on both sides. The LACP mode must match on both ends.

2. Configure the EtherChanneI as a trunk link.

3. Configure the trunk link with 802. Iq tags.

4. Configure VLAN 'MONITORING' as the untagged VLAN of the

EtherChannel.

==================

Guidelines

This is a lab item in which tasks will be performed on virtual devices.

• Refer to the Tasks tab to view the tasks for this lab item.

• Refer to the Topology tab to access the device console(s) and perform the tasks.

• Console access is available for all required devices by clicking the device icon or using

the tab(s) above the console window.

• All necessary preconfigurations have been applied.

• Do not change the enable password or hostname for any device.

• Save your configurations to NVRAM before moving to the next item.

• Click Next at the bottom of the screen to submit this lab and move to the next question.

• When Next is clicked, the lab closes and cannot be reopened.

Question # 87

Options:

Expert Solution

Answer

Answer:

Solution is given below explanation.

Explanation

To configure an LACP EtherChannel and number it as 44, configure it between switches SW1 and SW2 using interfaces Ethernet0/0 and Ethernet0/1 on both sides, configure the EtherChannel as a trunk link, configure the trunk link with 802.1q tags, and configure VLAN ‘MONITORING’ as the untagged VLAN of the EtherChannel, you need to follow these steps:

On both SW1 and SW2, enter the global configuration mode by using the configure terminal command.

On both SW1 and SW2, select the two interfaces that will form the EtherChannel by using the interface range ethernet 0/0 - 1 command. This will enter the interface range configuration mode.

On both SW1 and SW2, set the protocol to LACP by using the channel-protocol lacp command.

On both SW1 and SW2, assign the interfaces to an EtherChannel group number 44 by using the channel-group 44 mode active command. This will create a logical interface named Port-channel44 and set the LACP mode to active on both ends. The LACP mode must match on both ends for the EtherChannel to form.

On both SW1 and SW2, exit the interface range configuration mode by using the exit command.

On both SW1 and SW2, enter the Port-channel interface configuration mode by using the interface port-channel 44 command.

On both SW1 and SW2, configure the Port-channel interface as a trunk link by using the switchport mode trunk command.

On both SW1 and SW2, configure the Port-channel interface to use 802.1q tags for VLAN identification by using the switchport trunk encapsulation dot1q command.

On both SW1 and SW2, configure VLAN ‘MONITORING’ as the untagged VLAN of the Port-channel interface by using the switchport trunk native vlan MONITORING command.

On both SW1 and SW2, exit the Port-channel interface configuration mode by using the exit command.

On both SW1 and SW2, save the configuration to NVRAM by using the copy running-config startup-config command.

Questions # 88:

Drag and drop the TCP and UDP characteristics from the left onto the supporting protocols on the right. Not all options are used.

Question # 88

Options:

Expert Solution

Questions # 89:

Which alternative to password authentication Is Implemented to allow enterprise devices to log in to the corporate network?

Options:

magic links

one-time passwords

digital certificates

90-day renewal policies

Expert Solution

Questions # 90:

All physical cabling is in place. A company plans to deploy 32 new sites.

The sites will utilize both IPv4 and IPv6 networks.

1 . Subnet 172.25.0.0/16 to meet the subnet requirements and maximize

the number of hosts

Using the second subnet

• Assign the first usable IP address to e0/0 on Sw1O1

• Assign the last usable IP address to e0/0 on Sw102

2. Subnet to meet the subnet requirements and maximize

the number of hosts

c Using the second subnet

• Assign an IPv6 GUA using a unique 64-Bit interface identifier

on e0/0 on Sw101

• Assign an IPv6 GUA using a unique 64-Bit interface identifier

on eO/O on swi02

Guidelines

This is a lab item in which tasks will be performed on virtual devices.

• Refer to the Tasks tab to view the tasks for this lab item.

• Refer to the Topology tab to access the device console(s) and perform the tasks.

• Console access is available for all required devices by clicking the device icon or using

the tab(s) above the console window.

• All necessary preconfigurations have been applied.

• Do not change the enable password or hostname for any device.

• Save your configurations to NVRAM before moving to the next item.

• Click Next at the bottom of the screen to submit this lab and move to the next question.

• When Next is clicked, the lab closes and cannot be reopened.

Question # 90

Options:

Expert Solution

Answer

Answer:

See the Explanation for the solution.

Explanation

To subnet 172.25.0.0/16 to meet the subnet requirements and maximize the number of hosts, you need to determine how many bits you need to borrow from the host portion of the address to create enough subnets for 32 sites. Since 32 is 2^5, you need to borrow 5 bits, which means your new subnet mask will be /21 or 255.255.248.0. To find the second subnet, you need to add the value of the fifth bit (32) to the third octet of the network address (0), which gives you 172.25.32.0/21 as the second subnet. The first usable IP address in this subnet is 172.25.32.1, and the last usable IP address is 172.25.39.254.

To assign the first usable IP address to e0/0 on Sw101, you need to enter the following commands on the device console:

Sw101#configure terminal Sw101(config)#interface e0/0 Sw101(config-if)#ip address 172.25.32.1 255.255.248.0 Sw101(config-if)#no shutdown Sw101(config-if)#end

To assign the last usable IP address to e0/0 on Sw102, you need to enter the following commands on the device console:

Sw102#configure terminal Sw102(config)#interface e0/0 Sw102(config-if)#ip address 172.25.39.254 255.255.248.0 Sw102(config-if)#no shutdown Sw102(config-if)#end

To subnet an IPv6 GUA to meet the subnet requirements and maximize the number of hosts, you need to determine how many bits you need to borrow from the interface identifier portion of the address to create enough subnets for 32 sites. Since 32 is 2^5, you need to borrow 5 bits, which means your new prefix length will be /69 or ffff:ffff:ffff:fff8::/69 (assuming that your IPv6 GUA has a /64 prefix by default). To find the second subnet, you need to add the value of the fifth bit (32) to the fourth hextet of the network address (0000), which gives you xxxx:xxxx:xxxx:0020::/69 as the second subnet (where xxxx:xxxx:xxxx is your IPv6 GUA prefix). The first and last IPv6 addresses in this subnet are xxxx:xxxx:xxxx:0020::1 and xxxx:xxxx:xxxx:0027:ffff:ffff:ffff:fffe respectively.

To assign an IPv6 GUA using a unique 64-bit interface identifier on e0/0 on Sw101, you need to enter the following commands on the device console (assuming that your IPv6 GUA prefix is 2001:db8::/64):

Sw101#configure terminal Sw101(config)#interface e0/0 Sw101(config-if)#ipv6 address 2001:db8::20::1/69 Sw101(config-if)#no shutdown Sw101(config-if)#end

To assign an IPv6 GUA using a unique 64-bit interface identifier on e0/0 on Sw102, you need to enter the following commands on the device console (assuming that your IPv6 GUA prefix is 2001:db8::/64):

Sw102#configure terminal Sw102(config)#interface e0/0 Sw102(config-if)#ipv6 address 2001:db8::27::fffe/69 Sw102(config-if)#no shutdown Sw102(config-if)#end

Questions # 91:

Question # 91

Refer to the exhibit. A packet sourced from 10.10.10.32 is destined for the Internet. What is the administrative distance for the destination route?

Options:

Expert Solution

Questions # 92:

What does the term "spirt MAC” refer to in a wireless architecture?

Options:

divides data link layer functions between the AP and WLC

combines the management and control functions from the data-forwarding functions

uses different MAC addresses for 2.4 GHz and 5 GHz bands on the same AP

leverages two APs to handle control and data traffic

Expert Solution

Questions # 93:

Which two statements distinguish authentication from accounting? (Choose two.)

Options:

Only authentication records the duration of a user's connection.

Only authentication supports user-activity audits.

Only authentication provides supporting information for billing users.

Only authentication challenges users for their credentials and returns a response.

Only authentication validates "who you are."

Expert Solution

Questions # 94:

Where does wireless authentication happen?

Options:

SSID

radio

band

Layer 2

Expert Solution

Questions # 95:

Question # 95

Refer to the exhibit. How will the device handle a packet destined to IP address 100.100.100.100?

Options:

If will choose the route with the longest match.

O 100.100.100.100'32 (110/21) via 192.168.1.1. 00:05:57. EmernetO/1.

It will always prefer the static route over dynamic routes and choose the route

S 100.100.0.0/16(1/0] via 192.168.4.1.

It will choose the route with the highest metric.

D 100.100.100.0/24 (90/435200) via 192.168.2.1. 00:00:13. EthernetO/2.

It will choose the route with the lowest metric,

R 100.0.0.0/8 [120/2] via 192.168.3.1. 00:00:13. EthernetO/3.

Expert Solution

Questions # 96:

Question # 96

Refer to the exhibit. An engineer is using the Cisco WLC GUI to configure a WLAN for WPA2 encryption with AES and preshared key Cisc0123456. After the engineer selects the WPA + WPA2 option from the Layer 2 Security drop-down list, which two tasks must they perform to complete the process? (Choose two.)

Options:

Select the WPA2 Policy, AES, and TKIP check boxes.

Select ASCII from the PSK Format drop-down list, enter the key, and leave the Auth Key Mgmt setting blank.

Select PSK from the Auth Key Mgmt drop-down list, set the PSK Format to ASCII, and enter the key.

Select the WPA2 Policy and AES check boxes.

Expert Solution

Questions # 97:

Refer to Itie exhibit

Question # 97

A network engineer started to configure port security on a new switch. These requirements must be met:

* MAC addresses must be learned dynamically

* Log messages must be generated without disabling the interface when unwanted traffic is seen

Which two commands must be configured to complete this task"? (Choose two)

Options:

SW(ccnfig-if)=switchport port-security mac-address sticky

SW(confKj-if)=switchport port-security violation restrict

SW(config.if)sswitchport port-security mac-address 0010.7B84.45E6

SW(config-if)aswitchport port-security maximum 2

SW(ccnfig-if)=switchport port-security violation shutdown

Expert Solution

Questions # 98:

A HCP pool has been created with the name CONTROL. The pool uses the next to last usable IP address as the default gateway for the DHCP clients. The server is located at 172.16 32.15. What is the step in the process for clients on the 192.168.52.0/24 subnet to reach the DHCP server?

Options:

ip forward-protocol udp 137

ip default-network 192.168.52.253

ip helper-address 172.16.32.15

ip default-gateway 192.168.52.253

Expert Solution

Questions # 99:

Which plane is centralized in software-defined networking?

Options:

application

services

control

data

Expert Solution

Questions # 100:

Question # 100

Refer to the exhibit. An engineer just installed network 10.120.10.0/24. Which configuration must be applied to the R14 router to add the new network to its OSPF routing table?

Options:

router ospf 100

network 10.120.10.0 255.255.255.0 area 0

router ospf 120

network 10.120.10.0 255.255.255.0 area 0

ip route 10.120.10.0 255.255.255.0 fa0/1

router ospf 100 area 0

network 10.120.10.0 0.0.0.255

Expert Solution

Viewing page 2 out of 8 pages

Viewing questions 51-100 out of questions

Summer Certification Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: validbest

Pass the Cisco CCNA 200-301 Questions and answers with ValidTests

Exam 200-301 Premium Access

Options:

Options:

Options:

Options:

Options:

Options:

Options:

Options:

Options:

Options:

Options:

Options:

Options:

Options:

Options:

Options:

Options:

Options:

Options:

Options:

Options:

Options:

Options:

Options:

Options:

Options:

Options:

Options:

Options:

Options:

Options:

Options:

Options:

Options:

Options:

Options:

Options:

Options:

Options:

Options:

Options:

Options:

Options:

Options:

Options:

Options:

Options:

Options:

Options:

Options: