Latest Cisco 200-301 Dumps PDF Questions Answers 2025

Cisco Certified Network Associate Questions and Answers

Question 1

What is one reason to implement LAG on a Cisco WLC?

Options:

to increase security and encrypt management frames

to provide link redundancy and load balancing

to allow for stateful and link-state failover

to enable connected switch ports to failover and use different VLANs

Buy Now

Question 2

Refer to the exhibit.

The link between PC1 and the switch is up. but it is performing poorly. Which interface condition is causing the performance problem?

Options:

There is a duplex mismatch on the interface

There is an issue with the fiber on the switch interface.

There is a speed mismatch on the interface.

There is an interface type mismatch

Question 3

What is the purpose of the ip address dhcp command?

Options:

to configure an Interface as a DHCP server

to configure an interface as a DHCP helper

to configure an interface as a DHCP relay

to configure an interface as a DHCP client

Question 4

Which two network actions occur within the data plane? (Choose two.)

Options:

Add or remove an 802.1Q trunking header.

Make a configuration change from an incoming NETCONF RPC.

Run routing protocols.

Match the destination MAC address to the MAC address table.

Reply to an incoming ICMP echo request.

Question 5

Refer to the exhibit.

Which network prefix was learned via EIGRP?

Options:

172.16.0.0/16

192.168.2.0/24

207.165.200.0/24

192.168.1.0/24

Question 6

Which protocol uses the SSL?

Options:

HTTP

SSH

HTTPS

Telnet

Question 7

Which two spanning-tree states are bypassed on an interface running PortFast? (Choose two.)

Options:

disabled

listening

forwarding

learning

blocking

Question 8

Refer to the exhibit.

Which next-hop IP address does Routed use for packets destined to host 10 10.13.158?

Options:

10.10.10.5

10.10.11.2

10.10.12.2

10.10.10.9

Question 9

What is an expected outcome when network management automation is deployed?

Options:

A distributed management plane must be used.

Software upgrades are performed from a central controller

Complexity increases when new device configurations are added

Custom applications are needed to configure network devices

Question 10

Drag and drop the Rapid PVST+ forwarding slate actions from the loft to the right. Not all actions are used.

Options:

Question 11

Refer to the exhibit.

An engineer is configuring a new router on the network and applied this configuration. Which additional configuration allows the PC to obtain its IP address from a DHCP server?

Options:

Configure the ip dhcp relay information command under interface Gi0/1.

Configure the ip dhcp smart-relay command globally on the router

Configure the ip helper-address 172.16.2.2 command under interface Gi0/0

Configure the ip address dhcp command under interface Gi0/0

Question 12

Refer to the exhibit.

Which route must be configured on R1 so that OSPF routing is used when OSPF is up. but the server is still reachable when OSPF goes down?

Options:

ip route 10.1.1.10 255.255.255.255 172.16.2.2 100

ip route 10.1.1.0 255.255.255.0 gi0/1 125

ip route 10.1.1.0 255.255.255.0 172.16.2.2 100

ip route 10.1.1.10 255.255.255.255 gi0/0 125

Question 13

Which value is the unique identifier that an access point uses to establish and maintain wireless connectivity to wireless network devices?

Options:

VLANID

SSID

RFID

WLANID

Question 14

Which QoS traffic handling technique retains excess packets in a queue and reschedules these packets for later transmission when the configured maximum bandwidth has been surpassed?

Options:

weighted random early detection

traffic policing

traffic shaping

traffic prioritization

Question 15

What is a function of Opportunistic Wireless Encryption in an environment?

Options:

offer compression

increase security by using a WEP connection

provide authentication

protect traffic on open networks

Question 16

Which PoE mode enables powered-device detection and guarantees power when the device is detected?

Options:

dynamic

static

active

auto

Question 17

Refer to the exhibit.

The DHCP server and clients are connected to the same switch. What is the next step to complete the DHCP configuration to allow clients on VLAN 1 to receive addresses from the DHCP server?

Options:

Configure the ip dhcp snooping trust command on the interlace that is connected to the DHCP client.

Configure the ip dhcp relay information option command on the interface that is connected to the DHCP client.

Configure the ip dhcp snooping trust command on the interface that is connected to the DHCP server.

Configure the Ip dhcp relay information option command on the interface that is connected to the DHCP server.

Question 18

Drag and drop the TCP or UDP details from the left onto their corresponding protocols on the right.

Options:

Question 19

Refer to the exhibit.

A static route must be configured on R14 to forward traffic for the 172 21 34 0/25 network that resides on R86 Which command must be used to fulfill the request?

Options:

ip route 172.21.34.0 255.255.255.192 10.73.65.65

ip route 172.21.34.0 255.255.255.0 10.73.65.65

ip route 172.21.34.0 255.255.128.0 10.73.65.64

ip route 172.21.34.0 255.255.255.128 10.73.65.66

Question 20

Refer to the exhibit.

An IP subnet must be configured on each router that provides enough addresses for the number of assigned hosts and anticipates no more than 10% growth for now hosts. Which configuration script must be used?

Options:

Option A

Option B

Option C

Option D

Question 21

A network engineer must implement an IPv6 configuration on the vlan 2000 interface to create a routable locally-unique unicast address that is blocked from being advertised to the internet. Which configuration must the engineer apply?

Options:

interface vlan 2000

ipv6 address ffc0:0000:aaaa::1234:2343/64

interface vlan 2000

Ipv6 address fc00:0000:aaaa:a15d:1234:2343:8aca/64

interface vlan 2000

ipv6 address fe80;0000:aaaa::1234:2343/64

interface vlan 2000

ipv6 address fd00::1234:2343/64

Question 22

An engineer is tasked to configure a switch with port security to ensure devices that forward unicasts multicasts and broadcasts are unable to flood the port The port must be configured to permit only two random MAC addresses at a time Drag and drop the required configuration commands from the left onto the sequence on the right Not all commands are used.

Options:

Question 23

A network engineer is configuring a switch so that it is remotely reachable via SSH. The engineer has already configured the host name on the router. Which additional command must the engineer configure before entering the command to generate the RSA key?

Options:

password password

crypto key generate rsa modulus 1024

ip domain-name domain

ip ssh authentication-retries 2

Question 24

Refer to the exhibit.

An engineer built a new L2 LACP EtherChannel between SW1 and SW2 and executed these show commands to verify the work. Which additional task allows the two switches to establish an LACP port channel?

Options:

Change the channel-group mode on SW2 to auto

Change the channel-group mode on SW1 to desirable.

Configure the interface port-channel 1 command on both switches.

Change the channel-group mode on SW1 to active or passive.

Question 25

Which protocol is used for secure remote CLI access?

Options:

HTTPS

HTTP

Telnet

SSH

Question 26

Refer to the exhibit.

Which configuration enables DHCP addressing for hosts connected to interface FastEthernetO/1 on router R4?

Options:

interface FastEthernet0/0

ip helper-address 10.0.1.1

access-list 100 permit udp host 10.0.1.1 eq bootps host 10.148.2.1

interface FastEthernot0/1

ip helper-address 10.0.1.1

access-list 100 permit tcp host 10.0.1.1 eq 67 host 10.148.2.1

interface FastEthernetO/0

ip helper-address 10.0.1.1

access-list 100 permit host 10.0.1.1 host 10.148.2.1 eq bootps

interface FastEthernet0/1

ip helper-address 10.0.1.1

access-list 100 permit udp host 10.0.1.1 eq bootps host 10.148.2.1

Question 27

Refer to the exhibit.

The following must be considered:

• SW1 is fully configured for all traffic

• The SW4 and SW9 links to SW1 have been configured

• The SW4 interface Gi0/1 and Gi0/0 on SW9 have been configured

• The remaining switches have had all VLANs adde d to their VLAN database

Which configuration establishes a successful ping from PC2 to PC7 without interruption to traffic flow between other PCs?

Options:

Option A

Option B

Option C

Option D

Question 28

Refer to the exhibit.

Which two commands must be added to update the configuration of router R1 so that it accepts only encrypted connections? (Choose two )

Options:

username CNAC secret R!41!4319115@

ip ssh version 2

line vty 0 4

crypto key generate rsa 1024

transport input ssh

Question 29

An engineer is configuring remote access to a router from IP subnet 10.139.58.0/28. The domain name, crypto keys, and SSH have been configured. Which configuration enables the traffic on the destination router?

Options:

Option A

Option B

Option C

Option D

Question 30

Refer to the exhibit.

Which command must be issued to enable a floating static default route on router A?

Options:

lp route 0.0.0.0 0.0.0.0 192.168.1.2

ip default-gateway 192.168.2.1

ip route 0.0.0.0 0.0.0.0 192.168.2.1 10

ip route 0.0.0.0 0.0.0.0 192.168.1.2 10

Question 31

What is a requirement for nonoverlapping Wi-Fi channels?

Options:

different security settings

discontinuous frequency ranges

different transmission speeds

unique SSIDs

Question 32

What is a function of a Next-Generation IPS?

Options:

makes forwarding decisions based on learned MAC addresses

serves as a controller within a controller-based network

integrates with a RADIUS server to enforce Layer 2 device authentication rules

correlates user activity with network events

Question 33

Which characteristic differentiates the concept of authentication from authorization and accounting?

Options:

user-activity logging

service limitations

consumption-based billing

identity verification

Question 34

Which type of network attack overwhelms the target server by sending multiple packets to a port until the half-open TCP resources of the target are exhausted?

Options:

SYIM flood

reflection

teardrop

amplification

Question 35

Refer to the exhibit.

Router R1 currently is configured to use R3 as the primary route to the Internet, and the route uses the default administrative distance settings. A network engineer must configure R1 so that it uses R2 as a backup, but only if R3 goes down. Which command must the engineer configure on R1 so that it correctly uses R2 as a backup route, without changing the administrative distance configuration on the link to R3?

Options:

ip route 0.0.0.0 0.0.0.0 g0/1 1

ip route 0.0.0.0 0.0.0.0 209.165.201.5 10

ip route 0.0.0.0 0.0.0.0 209.165.200.226 1

ip route 0,0.0.0 0.0.0.0 g0/1 6

Question 36

Which type of IPv6 address is similar to a unicast address but is assigned to multiple devices on the same network at the same time?

Options:

global unicast address

anycast address

multicast address

link-local address

Question 37

Refer to the exhibit.

A company is configuring a failover plan and must implement the default routes in such a way that a floating static route will assume traffic forwarding when the primary link goes down. Which primary route configuration must be used?

Options:

ip route 0.0.0.0 0.0.0.0 192.168.0.2 GigabitEthernetl/0

ip route 0.0.0.0 0.0.0.0 192.168.0.2 tracked

ip route 0.0.0.0 0.0.0.0 192.168.0.2 floating

ip route 0.0.0.0 0.0.0.0 192.168.0.2

Question 38

Refer to the exhibit.

Packets received by the router from BGP enter via a serial interface at 209 165 201 1 Each route is present within the routing table Which interface is used to forward traffic with a destination IP of 10.1.1.19?

Options:

F0/4

F0/0

F0/1

F0/3

Question 39

Which Layer 2 switch function encapsulates packets for different VLANs so that the packets traverse the same port and maintain traffic separation between the VLANs?

Options:

VLAN numbering

VLAN DSCP

VLAN tagging

VLAN marking

Question 40

A network engineer is installing an IPv6-only capable device. The client has requested that the device IP address be reachable only from the internal network. Which type of IPv6 address must the engineer assign?

Options:

unique local address

link-local address

aggregatable global address

IPv4-compatible IPv6 address

Question 41

Refer to the exhibit.

Host A sent a data frame destined for host D

What does the switch do when it receives the frame from host A?

Options:

It drops the frame from the switch CAM table.

It floods the frame out of all ports except port Fa0/1.

It shuts down the port Fa0/1 and places it in err-disable mode.

It experiences a broadcast storm.

Question 42

Refer to the exhibit.

Router R1 resides in OSPF Area 0. After updating the R1 configuration to influence the paths that it will use to direct traffic, an engineer verified that each of the four Gigabit interfaces has the same route to 10.10.0.0/16. Which interface will R1 choose to send traffic to reach the route?

Options:

GigabitEthernet0/0

GigabltEthornet0/1

GigabitEthernet0/2

GigabitEthernet0/3

Question 43

Refer to the exhibit.

How should the configuration be updated to allow PC1 and PC2 access to the Internet?

Options:

Modify the configured number of the second access list.

Add either the ip nat {inside|outside} command under both interfaces.

Remove the overload keyword from the ip nat inside source command.

Change the ip nat inside source command to use interface GigabitEthernet0/0.

Question 44

Refer to the exhibit.

An engineer is asked to insert the new VLAN into the existing trunk without modifying anything previously configured Which command accomplishes this task?

Options:

switchport trunk allowed vlan 100-104

switchport trunk allowed vlan add 104

switchport trunk allowed vlan all

switchport trunk allowed vlan 104

Question 45

Drag and drop the threat-mitigation techniques from the left onto the types of threat or attack they mitigate on the right.

Options:

Question 46

Refer to the exhibit.

Which minimum configuration items are needed to enable Secure Shell version 2 access to R15?

Options:

Option A

Option B

Option C

Option D

Question 47

Drag and drop the characteristics of networking from the left onto the networking types on the right.

Options:

Question 48

Refer to the exhibit.

Site A was recently connected to site B over a new single-mode fiber path. Users at site A report Intermittent connectivity Issues with applications hosted at site B. What is the reason for the problem?

Options:

Heavy usage is causing high latency.

An incorrect type of transceiver has been inserted into a device on the link.

physical network errors are being transmitted between the two sites.

The wrong cable type was used to make the connection.

Question 49

Refer to the exhibit.

Which configuration allows routers R14 and R86 to form an OSPFv2 adjacency while acting as a central point for exchanging OSPF information between routers?

Options:

Option A

Option B

Option C

Option D

Question 50

A network engineer must configure two new subnets using the address block 10 70 128 0/19 to meet these requirements:

• The first subnet must support 24 hosts

• The second subnet must support 472 hosts

• Both subnets must use the longest subnet mask possible from the address block

Which two configurations must be used to configure the new subnets and meet a requirement to use the first available address in each subnet for the router interfaces? (Choose two )

Options:

interface vlan 1234

ip address 10.70.159.1 255.255.254.0

interface vlan 1148

ip address 10.70.148.1 255.255.254.0

interface vlan 4722

ip address 10.70.133.17 255.255.255.192

interface vlan 3002

ip address 10.70.147.17 255.255.255.224

interface vlan 155

ip address 10.70.155.65 255.255.255.224

Question 51

Refer to the exhibit.

Switch A is newly configured. All VLANs are present in the VLAN database. The IP phone and PC A on Gi0/1 must be configured for the appropriate VLANs to establish connectivity between the PCs. Which command set fulfills the requirement?

Options:

Option A

Option B

Option C

Option D

Question 52

What provides centralized control of authentication and roaming In an enterprise network?

Options:

a lightweight access point

a firewall

a wireless LAN controller

a LAN switch

Question 53

What is a function of an endpoint on a network?

Options:

forwards traffic between VLANs on a network

connects server and client devices to a network

allows users to record data and transmit to a tile server

provides wireless services to users in a building

Question 54

Drag and drop the statements about networking from the left onto the corresponding networking types on the right.

Options:

Question 55

A network administrator is setting up a new IPv6 network using the 64-bit address 2001 0EB8 00C1 2200:0001 0000 0000 0331/64 To simplify the configuration the administrator has decided to compress the address Which IP address must the administrator configure?

Options:

ipv6 address 21:EB8:C1:2200:1::331/64

ipv6 address 2001:EB8:C1:22:1::331/64

ipv6 address 2001 :EB8:C 1:2200.1 ::331-64

ipv6 address 2001:EB8:C1:2200:1:0000:331/64

Question 56

Refer to the exhibit.

A network engineer must update the configuration on Switch2 so that it sends LLDP packets every minute and the information sent via LLDP is refreshed every 3 minutes Which configuration must the engineer apply?

Options:

Option A

Option B

Option C

Option D

Question 57

R1 as an NTP server must have:

• NTP authentication enabled

• NTP packets sourced from Interface loopback 0

• NTP stratum 2

• NTP packets only permitted to client IP 209.165 200 225

How should R1 be configured?

Options:

Option A

Option B

Option C

Option D

Question 58

What are two benefits of FHRPs? (Choose two.)

Options:

They enable automatic failover of the default gateway.

They allow multiple devices to serve as a single virtual gateway for clients in the network.

They are able to bundle multiple ports to increase bandwidth.

They prevent loops in the Layer 2 network.

They allow encrypted traffic.

Question 59

Refer to the exhibit.

All VLANs are present in the VLAN database. Which command sequence must be applied to complete the configuration?

Options:

Interface FastEthernet0/1 switchport trunk native vlan 10 switchport trunk allowed vlan 10,15

Interface FastEthernet0/1 switchport mode trunk switchport trunk allowed vlan 10,15

interface FastEthernet0/1 switchport mode access switchport voice vlan 10

Interface FastEthernet0/1 switchport trunk allowed vlan add 10 vlan 10 private-vlan isolated

Question 60

What is a requirement when configuring or removing LAG on a WLC?

Options:

The Incoming and outgoing ports for traffic flow must be specified If LAG Is enabled.

The controller must be rebooted after enabling or reconfiguring LAG.

The management interface must be reassigned if LAG disabled.

Multiple untagged interfaces on the same port must be supported.

Question 61

Refer to the exhibit.

Users on existing VLAN 100 can reach sites on the Internet. Which action must the administrator take to establish connectivity to the Internet for users in VLAN 200?

Options:

Define a NAT pool on the router.

Configure static NAT translations for VLAN 200.

Configure the ip nat outside command on another interface for VLAN 200.

Update the NAT INSIDF RANGFS ACL

Question 62

Refer to the exhibit.

Routers R1 and R3 have the default configuration The router R2 priority is set to 99 Which commands on R3 configure it as the DR in the 10.0 4.0/24 network?

Options:

R3(config)#interface Gig0/1 R3(config-if)#ip ospf priority 100

R3(config)#interface Gig0/0 R3(config-if)#ip ospf priority 100

R3(config)#interface Gig0/0 R3(config-if)i=ip ospf priority 1

R3(config)#interface Gig0/1 R3(config-if)#ip ospf priority 0

Question 63

An engineer must configure R1 for a new user account. The account must meet these requirements:

* It must be configured in the local database.

* The username is engineer.

* It must use the strongest password configurable. Which command must the engineer configure on the router?

Options:

R1 (config)# username engineer2 algorithm-type scrypt secret test2021

R1(config)# username engineer2 secret 5 password S1$b1Ju$kZbBS1Pyh4QzwXyZ

R1(config)# username engineer2 privilege 1 password 7 test2021

R1(config)# username englneer2 secret 4 S1Sb1Ju$kZbBS1Pyh4QzwXyZ

Question 64

Drag and drop the descriptions of AAA services from the left onto the corresponding services on the right.

Options:

Question 65

Which two components comprise part of a PKI? (Choose two.)

Options:

preshared key that authenticates connections

RSA token

CA that grants certificates

clear-text password that authenticates connections

one or more CRLs

Question 66

Drag and drop the facts about wireless architectures from the left onto the types of access point on the right. Not all options are used.

Options:

Question 67

Which interface mode must be configured to connect the lightweight APs in a centralized architecture?

Options:

WLAN dynamic

management

trunk

access

Question 68

Refer to the exhibit.

Which command configures OSPF on the point-to-point link between routers R1 and R2?

Options:

router-id 10.0.0.15

neighbor 10.1.2.0 cost 180

ipospf priority 100

network 10.0.0.0 0.0.0.255 area 0

Question 69

A network engineer must configure the router R1 GigabitEthernet1/1 interface to connect to the router R2 GigabitEthernet1/1 interface. For the configuration to be applied the engineer must compress the address 2001:0db8:0000:0000:0500:000a:400F:583B. Which command must be issued on the interface?

Options:

ipv6 address 2001:0db8::5: a: 4F 583B

ipv6 address 2001:db8::500:a:400F:583B

ipv6 address 2001 db8:0::500:a:4F:583B

ipv6 address 2001::db8:0000::500:a:400F:583B

Question 70

Using direct sequence spread spectrum, which three 2.4-GHz channels are used to limit collisions?

Options:

1,6,11

1,5,10

1,2,3

5,6,7

Question 71

Refer to the exhibit.

Which two prefixes are included in this routing table entry? (Choose two.)

Options:

192.168.1.17

192.168.1.61

192.168.1.64

192.168.1.127

192.168.1.254

Question 72

A router running EIGRP has learned the same route from two different paths. Which parameter does the router use to select the best path?

Options:

cost

adminstrative distance

metric

as-path

Question 73

Which IPv6 address type provides communication between subnets and is unable to route on the Internet?

Options:

global unicast

unique local

link-local

multicast

Question 74

Refer to the exhibit.

An engineer must configure GigabitEthernet1/1 to accommodate voice and data traffic Which configuration accomplishes this task?

Options:

Option A

Option B

Option C

Option D

Question 75

What is the same for both copper and fiber interfaces when using SFP modules?

Options:

They support an inline optical attenuator to enhance signal strength

They provide minimal interruption to services by being hot-swappable

They offer reliable bandwidth up to 100 Mbps in half duplex mode

They accommodate single-mode and multi-mode in a single module

Question 76

Refer to the exhibit.

An engineer is required to verify that the network parameters are valid for the users wireless LAN connectivity on a /24 subnet. Drag and drop the values from the left onto the network parameters on the right. Not all values are used.

Options:

Question 77

What is a difference between RADIUS and TACACS+?

Options:

RADIUS is most appropriate for dial authentication, but TACACS+ can be used for multiple types of authentication

TACACS+ encrypts only password information and RADIUS encrypts the entire payload

TACACS+ separates authentication and authorization, and RADIUS merges them

RADIUS logs all commands that are entered by the administrator, but TACACS+ logs only start, stop, and interim commands

Question 78

What does an SDN controller use as a communication protocol to relay forwarding changes to a southbound API?

Options:

OpenFlow

Java

REST

XML

Question 79

Refer to the exhibit.

An access list is created to deny Telnet access from host PC-1 to RTR-1 and allow access from all other hosts A Telnet attempt from PC-2 gives this message:"% Connection refused by remote host" Without allowing Telnet access from PC-1, which action must be taken to permit the traffic?

Options:

Add the access-list 10 permit any command to the configuration

Remove the access-class 10 in command from line vty 0.4.

Add the ip access-group 10 out command to interface g0/0.

Remove the password command from line vty 0 4.

Question 80

How does a Cisco Unified Wireless network respond to Wi-Fi channel overlap?

Options:

It alternates automatically between 2.4 GHz and 5 GHz on adjacent access points

It allows the administrator to assign channels on a per-device or per-interface basis.

It segregates devices from different manufacturers onto different channels.

It analyzes client load and background noise and dynamically assigns a channel.

Question 81

What is the function of a server?

Options:

It transmits packets between hosts in the same broadcast domain.

It provides shared applications to end users.

It routes traffic between Layer 3 devices.

It Creates security zones between trusted and untrusted networks

Question 82

What is a function of TFTP in network operations?

Options:

transfers a backup configuration file from a server to a switch using a username and password

transfers files between file systems on a router

transfers a configuration files from a server to a router on a congested link

transfers IOS images from a server to a router for firmware upgrades

Question 83

A user configured OSPF and advertised the Gigabit Ethernet interface in OSPF By default, which type of OSPF network does this interface belong to?

Options:

point-to-multipoint

point-to-point

broadcast

nonbroadcast

Question 84

How do AAA operations compare regarding user identification, user services and access control?

Options:

Authorization provides access control and authentication tracks user services

Authentication identifies users and accounting tracks user services

Accounting tracks user services, and authentication provides access control

Authorization identifies users and authentication provides access control

Question 85

R1 has learned route 10.10.10.0/24 via numerous routing protocols. Which route is installed?

Options:

route with the lowest cost

route with the next hop that has the highest IP

route with the shortest prefix length

route with the lowest administrative distance

Question 86

When a WLAN with WPA2 PSK is configured in the Wireless LAN Controller GUI which format is supported?

Options:

Unicode

base64

decimal

ASCII

Question 87

Refer to the exhibit.

Between which zones do wireless users expect to experience intermittent connectivity?

Options:

between zones 1 and 2

between zones 2 and 5

between zones 3 and 4

between zones 3 and 6

Question 88

Which 802.11 frame type is indicated by a probe response after a client sends a probe request?

Options:

action

management

control

data

Question 89

While examining excessive traffic on the network, it is noted that all incoming packets on an interface appear to be allowed even though an IPv4 ACL is applied to the interface.

Which two misconfigurations cause this behavior? (Choose two)

Options:

The packets fail to match any permit statement

A matching permit statement is too high in the access test

A matching permit statement is too broadly defined

The ACL is empty

A matching deny statement is too high in the access list

Question 90

Refer to the exhibit.

A packet is being sent across router R1 to host 172.163.3.14. To which destination does the router send the packet?

Options:

207.165.200.246 via Serial0/1/0

207.165.200.254 via Serial0/0/1

207.165.200.254 via Serial0/0/0

207.165.200.250 via Serial/0/0/0

Question 91

What are two reasons for an engineer to configure a floating state route? (Choose two)

Options:

to automatically route traffic on a secondary path when the primary path goes down

to route traffic differently based on the source IP of the packet

to enable fallback static routing when the dynamic routing protocol fails

to support load balancing via static routing

to control the return path of traffic that is sent from the router

Question 92

A wireless administrator has configured a WLAN; however, the clients need access to a less congested 5-GHz network for their voice quality. What action must be taken to meet the requirement?

Options:

enable AAA override

enable RX-SOP

enable DTIM

enable Band Select

Question 93

The SW1 interface g0/1 is in the down/down state. Which two configurations are valid reasons for the interface conditions?(choose two)

Options:

There is a duplex mismatch

There is a speed mismatch

There is a protocol mismatch

The interface is shut down

The interface is error-disabled

Question 94

Which function does an SNMP agent perform?

Options:

it sends information about MIB variables in response to requests from the NMS

it requests information from remote network nodes about catastrophic system events.

it manages routing between Layer 3 devices in a network

it coordinates user authentication between a network device and a TACACS+ or RADIUS server

Question 95

An administrator must secure the WLC from receiving spoofed association requests. Which steps must be taken to configure the WLC to restrict the requests and force the user to wait 10 ms to retry an association request?

Options:

Enable Security Association Teardown Protection and set the SA Query timeout to 10

Enable MAC filtering and set the SA Query timeout to 10

Enable 802.1x Layer 2 security and set me Comeback timer to 10

Enable the Protected Management Frame service and set the Comeback timer to 10

Question 96

An engineer must configure traffic for a VLAN that is untagged by the switch as it crosses a trunk link. Which command should be used?

Options:

switchport trunk allowed vlan 10

switchport trunk native vlan 10

switchport mode trunk

switchport trunk encapsulation dot1q

Question 97

What is the primary different between AAA authentication and authorization?

Options:

Authentication verifies a username and password, and authorization handles the communication between the authentication agent and the user database.

Authentication identifies a user who is attempting to access a system, and authorization validates the users password

Authentication identifies and verifies a user who is attempting to access a system, and authorization controls the tasks the user can perform.

Authentication controls the system processes a user can access and authorization logs the activities the user initiates

Question 98

Drag and drop the AAA terms from the left onto the description on the right.

Options:

Question 99

A Cisco IP phone receive untagged data traffic from an attached PC. Which action is taken by the phone?

Options:

It allows the traffic to pass through unchanged

It drops the traffic

It tags the traffic with the default VLAN

It tags the traffic with the native VLAN

Question 100

An engineer is configuring NAT to translate the source subnet of 10.10.0.0/24 to any of three addresses 192.168.30.1, 192.168.3.2, 192.168.3.3 Which configuration should be used?

Options:

Option A

Option B

Option C

Option D

Question 101

Refer to the exhibit.

A network administrator assumes a task to complete the connectivity between PC A and the File Server. Switch A and Switch B have been partially configured with VLAN 10, 11, 12, and 13. What is the next step in the configuration?

Options:

Add PC A to VLAN 10 and the File Server to VLAN 11 fa VLAN segmentation

Add VLAN 13 to the trunk links on Switch A and Switch B for VLAN propagation

Add a router on a stick between Switch A and Switch B allowing for Inter-VLAN routing.

Add PC A to the same subnet as the Fie Server allowing for intra-VLAN communication.

Question 102

Drag and drop the Cisco Wireless LAN Controller security settings from the left onto the correct security mechanism categories on the right.

Options:

Question 103

What are two recommendations for protecting network ports from being exploited when located in an office space outside of an IT closer? (Choose two.)

Options:

enable the PortFast feature on ports

implement port-based authentication

configure static ARP entries

configure ports to a fixed speed

shut down unused ports

Question 104

Which protocol does an access point use to draw power from a connected switch?

Options:

Internet Group Management Protocol

Adaptive Wireless Path Protocol

Cisco Discovery Protocol

Neighbor Discovery Protocol

Question 105

Which type of API allows SDN controllers to dynamically make changes to the network?

Options:

northbound API

REST API

SOAP API

southbound API

Question 106

Refer to the exhibit.

The New York router is configured with static routes pointing to the Atlanta and Washington sites. Which two tasks must be performed so that the Serial0/0/0 interfaces on the Atlanta and Washington routers can reach one another?

(Choose two.)

Options:

Configure the ipv6 route 2012::/126 2023::1 command on the Washington router.

Configure the ipv6 route 2023::/126 2012::1 command on the Atlanta router.

Configure the Ipv6 route 2012::/126 s0/0/0 command on the Atlanta router.

Configure the ipv6 route 2023::/126 2012::2 command on the Atlanta router.

Configure the ipv6 route 2012::/126 2023::2 command on the Washington router.

Question 107

Refer to the exhibit.

Which action is expected from SW1 when the untagged frame is received on the GigabitEthernet0/1 interface?

Options:

The frame is processed in VLAN 5.

The frame is processed in VLAN 11

The frame is processed in VLAN 1

The frame is dropped

Question 108

When a site-to-site VPN is used, which protocol is responsible for the transport of user data?

Options:

IKEv2

IKEv1

IPsec

MD5

Question 109

Refer to the exhibit.

An administrator must configure interfaces Gi1/1 and Gi1/3 on switch SW11 PC-1 and PC-2 must be placed in the Data VLAN and Phone-1 must be placed in the Voice VLAN Which configuration meets these requirements?

Options:

Option A

Option B

Option C

Option D

Question 110

What is a capability of FTP in network management operations?

Options:

encrypts data before sending between data resources

devices are directly connected and use UDP to pass file information

uses separate control and data connections to move files between server and client

offers proprietary support at the session layer when transferring data

Question 111

What Is a syslog facility?

Options:

Host that is configured for the system to send log messages

password that authenticates a Network Management System to receive log messages

group of log messages associated with the configured severity level

set of values that represent the processes that can generate a log message

Question 112

What are two reasons that cause late collisions to increment on an Ethernet interface? (Choose two)

Options:

when the sending device waits 15 seconds before sending the frame again

when the cable length limits are exceeded

when one side of the connection is configured for half-duplex

when Carrier Sense Multiple Access/Collision Detection is used

when a collision occurs after the 32nd byte of a frame has been transmitted

Question 113

Which design element is a best practice when deploying an 802.11b wireless infrastructure?

Options:

disabling TPC so that access points can negotiate signal levels with their attached wireless devices.

setting the maximum data rate to 54 Mbps on the Cisco Wireless LAN Controller

allocating nonoverlapping channels to access points that are in close physical proximity to one another

configuring access points to provide clients with a maximum of 5 Mbps

Question 114

Refer to the exhibit.

Shortly after SiteA was connected to SiteB over a new single-mode fiber path users at SiteA report intermittent connectivity issues with applications hosted at SiteB What is the cause of the intermittent connectivity issue?

Options:

Interface errors are incrementing

An incorrect SFP media type was used at SiteA

High usage is causing high latency

The sites were connected with the wrong cable type

Question 115

Refer to the exhibit.

A packet is being sent across router R1 to host 172.16.0.14. What is the destination route for the packet?

Options:

209.165.200.254 via Serial0/0/1

209.165.200.254 via Serial0/0/0

209.165.200.246 via Serial0/1/0

209.165.200.250 via Serial0/0/0

Question 116

Which goal is achieved by the implementation of private IPv4 addressing on a network?

Options:

provides an added level of protection against Internet exposure

provides a reduction in size of the forwarding table on network routers

allows communication across the Internet to other private networks

allows servers and workstations to communicate across public network boundaries

Question 117

Which action is taken by a switch port enabled for PoE power classification override?

Options:

When a powered device begins drawing power from a PoE switch port a syslog message is generated

As power usage on a PoE switch port is checked data flow to the connected device is temporarily paused

If a switch determines that a device is using less than the minimum configured power it assumes the device has failed and disconnects

Should a monitored port exceeds the maximum administrative value for power, the port is shutdown and err-disabled

Question 118

Refer to Exhibit.

Which configuration must be applied to the router that configures PAT to translate all addresses in VLAN 200 while allowing devices on VLAN 100 to use their own IP addresses?

Options:

Option A

Option B

Option C

Option D

Question 119

Refer to the exhibit.

Only four switches are participating in the VLAN spanning-tree process.

Branch-1 priority 614440

Branch-2: priority 39082416

Branch-3: priority 0

Branch-4: root primary

Which switch becomes the permanent root bridge for VLAN 5?

Options:

Branch-1

Branch-2

Branch-3

Branch-4

Question 120

Refer to the exhibit.

Router R2 is configured with multiple routes to reach network 10 1.1 0/24 from router R1. What protocol is chosen by router R2 to reach the destination network 10.1 1 0/24?

Options:

eBGP

static

OSPF

EIGRP

Question 121

A network administrator needs to aggregate 4 ports into a single logical link which must negotiate layer 2 connectivity to ports on another switch. What must be configured when using active mode on both sides of the connection?

Options:

802.1q trunks

Cisco vPC

LLDP

LACP

Question 122

Which WPA3 enhancement protects against hackers viewing traffic on the Wi-Fi network?

Options:

TKiP encryption

AES encryption

scrambled encryption key

SAE encryption

Question 123

Refer to the exhibit.

What is the effect of this configuration?

Options:

All ARP packets are dropped by the switch

Egress traffic is passed only if the destination is a DHCP server.

All ingress and egress traffic is dropped because the interface is untrusted

The switch discard all ingress ARP traffic with invalid MAC-to-IP address bindings.

Question 124

Which two tasks must be performed to configure NTP to a trusted server in client mode on a single network device? (Choose two)

Options:

Enable NTP authentication.

Verify the time zone.

Disable NTP broadcasts

Specify the IP address of the NTP server

Set the NTP server private key

Question 125

What is a role of access points in an enterprise network?

Options:

connect wireless devices to a wired network

support secure user logins to devices or the network

integrate with SNMP in preventing DDoS attacks

serve as a first line of defense in an enterprise network

Question 126

What are two benefits of network automation? (Choose two)

Options:

reduced operational costs

reduced hardware footprint

faster changes with more reliable results

fewer network failures

increased network security

Question 127

Refer to the exhibit.

The show ip ospf interface command has been executed on R1 How is OSPF configured?

Options:

The interface is not participating in OSPF

A point-to-point network type is configured

The default Hello and Dead timers are in use

There are six OSPF neighbors on this interface

Question 128

Where is the interface between the control plane and data plane within the software-defined architecture?

Options:

control layer and the infrastructure layer

application layer and the infrastructure layer

application layer and the management layer

control layer and the application layer

Question 129

An engineer must establish a trunk link between two switches. The neighboring switch is set to trunk or desirable mode. What action should be taken?

Options:

configure switchport nonegotiate

configure switchport mode dynamic desirable

configure switchport mode dynamic auto

configure switchport trunk dynamic desirable

Question 130

What are two benefits of FHRPs? (Choose two.)

Options:

They prevent (oops in the Layer 2 network.

They allow encrypted traffic.

They are able to bundle muftlple ports to increase bandwidth

They enable automatic failover of the default gateway.

They allow multiple devices lo serve as a single virtual gateway for clients in the network

Question 131

Refer to the exhibit.

The nip server 192.168.0.3 command has been configured on router 1 to make it an NTP client of router 2. Which command must be configured on router 2 so that it operates in server-only mode and relies only on its internal clock?

Options:

Router2(config)#ntp passive

Router2(config)#ntp server 172.17.0.1

Router2(config)#ntp master 4

Router2(config)#ntp server 192.168.0.2

Question 132

Drag and drop to the characteristics of networking from the left onto the correct networking types on the right.

Options:

Question 133

Refer to the exhibit.

An engineer is tasked with verifying network configuration parameters on a client workstation to report back to the team lead. Drag and drop the node identifiers from the left onto the network parameters on the right.

Options:

Question 134

Refer to the exhibit.

What is the effect of this configuration?

Options:

The switch port interface trust state becomes untrusted

The switch port remains administratively down until the interface is connected to another switch

Dynamic ARP inspection is disabled because the ARP ACL is missing

The switch port remains down until it is configured to trust or untrust incoming packets

Question 135

Which command must be entered to configure a DHCP relay?

Options:

ip helper-address

ip address dhcp

ip dhcp pool

ip dhcp relay

Question 136

Drag and drop the application protocols from the left onto the transport protocols that it uses on the right

Options:

Question 137

Options:

Question 138

What differentiates device management enabled by cisco DNA center from traditional campus device management?

Options:

CLI-oriented device

device-by-device hands-on

centralized

per-device

Question 139

Refer to the exhibit.

A network engineer is configuring a WLAN to connect with the 172.16.10.0/24 network on VLAN 20. The engineer wants to limit the number of devices that connect to the WLAN on the USERWL SSID to 125. Which configuration must the engineer perform on the WLC?

Options:

In the Management Software activation configuration, set the Clients value to 125.

In the Controller IPv6 configuration, set the Throttle value to 125.

In the WLAN configuration, set the Maximum Allowed Clients value to 125.

In the Advanced configuration, set the DTIM value to 125.

Question 140

What is a function of the core and distribution layers in a collapsed-core architecture?

Options:

The router must use IPv4 and IPv6 addresses at Layer 3.

The core and distribution layers are deployed on two different devices to enable failover.

The router can support HSRP for Layer 2 redundancy in an IPv6 network.

The router operates on a single device or a redundant pair.

Question 141

Refer to the exhibit.

How many objects are present in the given JSON-encoded data?

Options:

one

four

seven

nine

Question 142

Refer to the exhibit.

Refer to the exhibit. The IPv6 address for the LAN segment on router R1 must be configured using the EUI-64 format. When configured which ipv6 address is produced by the router?

Options:

2001:db8:1a44:41a4:C801:BEFF:FE4A:1

2001:db8:1a44:41a4:C081:BFFF:FE4A:1

2001:db8:1a44:41a4:4562:098F:FE36:1

2001:db8:1a44:41a4:C800:BAFE:FF00:1

Question 143

Refer to the exhibit.

What is the next step to complete the implementation for the partial NAT configuration shown?

Options:

Reconfigure the static NAT entries that overlap the NAT pool

Configure the NAT outside interface

Modify the access list for the internal network on e0/1

Apply the ACL to the pool configuration

Question 144

Which port type does a lightweight AP use to connect to the wired network when it is configured in local mode?

Options:

EtherChannel

LAG

trunk

access

Question 145

Refer to the exhibit.

A packet sourced from 172.16.32 254 is destined for 172.16.32.8. What is the subnet mask of the preferred destination route?

Options:

255.255.224.0

255.255.255.0

255.255.255.192

255.255.255.252

Question 146

Refer to the exhibit. A network administrator configures the CPE to provide internet access to the company headquarters. Traffic must be load-balanced via ISP1 and ISP2 to ensure redundancy. Which two command sets must be configured on the CPE router? (Choose two.)

Options:

Question 147

Refer to the exhibit. Which type of JSON data is shown?

Options:

sequence

string

object

Boolean

Question 148

Which action must be taken when password protection is Implemented?

Options:

Use less than eight characters in length when passwords are complex.

Store passwords as contacts on a mobile device with single-factor authentication.

Include special characters and make passwords as long as allowed.

Share passwords with senior IT management to ensure proper oversight.

Question 149

Refer to the exhibit.

Which action must be taken so that neighbofing devices rapidly discover switch Cat9300?

Options:

Configure the cdp timer 10 command on switch Cat9300.

Enable portfast on the ports that connect to neighboring devices.

Configure the cdp holdtime 10 command on switch Cat9300.

Configure the cdp timer 10 command on the neighbors of switch Cat9300.

Question 150

Refer to the exhibit.

An engineer configures interface fa0/1 on SW1 and SW2 to pass traffic from two different VLANs. For security reasons, company policy requires the native VLAN to be set to a nondefault value. Which configuration meets this requirement?

Options:

Option A

Option B

Option C

Option D

Question 151

Which two transport layer protocols carry syslog messages? (Choose two.)

Options:

UDP

RTP

TCP

ARP

Question 152

Refer to Exhibit.

Rotor to the exhibit. The IP address configurations must be completed on the DC-1 and HQ-1 routers based on these requirements:

DC-1 Gi1/0 must be the last usable address on a /30

DC-1 Gi1/1 must be the first usable address on a /29

DC-1 Gi1/2 must be the last usable address on a /28

HQ-1 Gil/3 must be the last usable address on a /29

Drag and drop the commands from the left onto the destination interfaces on the right. Not all commands are used

Options:

Question 153

Refer to the exhibit.

The given Windows PC is requesting the IP address of the host at To which IP address is the request sent?

Options:

192.168.1.226

192.168.1.100

192.168.1.254

192.168.1.253

Question 154

What is a link-local all-nodes IPv6 multicast address?

Options:

ff02:0:0:0:0:0:0:1

2004:31c:73d9:683e:255::

fffe:034:0dd:45d6:789e::

fe80:4433:034:0dd::2

Question 155

Refer to the exhibit.

What are two conclusions about this configuration? {Choose two.)

Options:

The spanning-tree mode is Rapid PVST+.

This is a root bridge.

The root port is FastEthernet 2/1.

The designated port is FastEthernet 2/1.

The spanning-tree mode is PVST+.

Question 156

Refer to the exhibit. Drag and drop the learned prefixes from the left onto the preferred route methods from which they were learned on the right.

Options:

Question 157

Which type of encryption does WPA1 use for data protection?

Options:

AES

TKIP

PEAP

EAP

Question 158

Which access point mode relies on a centralized controller for management, roaming, and SSID configuration?

Options:

repeater mode

autonomous mode

bridge mode

lightweight mode

Question 159

Refer to the exhibit.

The Router1 routing table has multiple methods to reach 10.10.10.0/24 as shown. The default Administrative Distance is used. Drag and drop the network conditions from the left onto the routing methods that Router1 uses on the right.

Options:

Question 160

A network engineer is replacing the switches that belong to a managed-services client with new Cisco Catalyst switches. The new switches will be configured for updated security standards, including replacing Telnet services with encrypted connections and doubling the modulus size from 1024. Which two commands must the engineer configure on the new switches? (Choose two.)

Options:

crypto key generate rsa general-keys modulus 1024

transport input all

crypto key generate rsa usage-keys

crypto key generate rsa modulus 2048

transport Input ssh

Question 161

Drag and drop the characteristic from the left onto the IPv6 address type on the right.

Options:

Question 162

Refer to the exhibit. Clients on the WLAN are required to use 802.11r. What action must be taken to meet the requirement?

Options:

Set the Fast Transition option to Enable and enable FT 802.1X under Authentication Key Management

Set the Fast Transition option and the WPA gik-randomize State to disable

Under Protected Management Frames, set the PMF option to Required

Enable CCKM under Authentication Key Management

Question 163

Which protocol does Ansible use to push modules to nodes in a network?

Options:

SSH

SNMP

Kerberos

Telnet

Question 164

What is a valid IPv6 address record in DNS?

Options:

AAAA

CNAME

Question 165

Refer to the exhibit.

An engineer must configure router R2 so it is elected as the DR on the WAN subnet. Which command sequence must be configured?

Options:

Option

Question 166

Which plane is centralized in software-defined networking (SDN)?

Options:

Data

Control

Application

Services

Question 167

What are two functions of DHCP servers? (Choose two.)

Options:

prevent users from assigning their own IP addresses to hosts

assign dynamic IP configurations to hosts in a network

support centralized IP management

issue DHCPDISCOVER messages when added to the network

respond to client DHCPOFFER requests by issuing an IP address

Question 168

Refer to the exhibit.

What is the subnet mask for route 172.16.4.0?

Options:

255.255.248.0

255.255.254.0

255.255.255.192

255.255.240.0

Question 169

A router has two static routes to the same destination network under the same OSPF process. How does the router forward packets to the destination if the next-hop devices are different?

Options:

The router chooses the route with the oldest age.

The router load-balances traffic over all routes to the destination.

The router chooses the next hop with the lowest MAC address.

The router chooses the next hop with the lowest IP address.

Question 170

Refer to the exhibit.

An engineer must configure the interface that connects to PC 1 and secure it in a way that only PC1 is allowed to use the port No VLAN tagging can be used except for a voice VLAN. Which command sequence must be entered to configure the switch?

Options:

Option A

Option B

Option C

Option D

Question 171

What is a function performed by a web server?

Options:

provide an application that is transmitted over HTTP

send and retrieve email from client devices

authenticate and authorize a user's identity

securely store flies for FTP access

Question 172

Refer to the exhibit.

Routers R1 and R2 are configured with RIP as the dynamic routing protocol. A network engineer must configure R1 with a floating static route to serve as a backup route to network 192.168.23.0. Which command must the engineer configure on R1?

Options:

ip route 192.168.23.0 255.255.255.255 192.168.13.3 121

ip route 192.168.23.0 255.255.255.0 192.168.13.3 100

ip route 192.168.23.0 265.255.255.0 192.168.13.3 121

ip route 192.168.23.0 255.255.255.0 192.168.13.3

Question 173

Refer to the exhibit. What is the cause of the issue?

Options:

STP

port security

wrong cable type

shutdown command

Question 174

Refer to the exhibit.

How does router R1 handle traffic to the 172.16.1.4/30 subnet?

Options:

It sends all traffic over the path via 172.16.9.5 using 172.16.4.4 as a backup.

It sends all traffic over the path via 10.0.1.100.

It load-balances traffic over 172.16.9.5 and 172.16.4.4.

It sends all traffic over the path via 172.16.4.4.

Question 175

Two switches have been implemented and all interfaces are at the default configuration level. A trunk link must be implemented between two switches with these requirements:

• using an industry-standard trunking protocol

• permitting VLANs 1 -10 and denying other VLANs

How must the interconnecting ports be configured?

Options:

Option A

Option B

Option C

Option D

Question 176

Refer to the exhibit.

Router R1 must be configured to reach the 10.0.3.0/24 network from the 10.0.1.0/24 segment.

Which command must be used to configure the route?

Options:

ip route 10.0.3.0 0.255255.255 10.0.4.2

route add 10.0.3.0 mask 255.255.255.0 10.0.4.3

Ip route 10.0.3.0 255.255.255.0 10.0.4.3

route add 10.0.3.0 0.255.255.255 10.0.4.2

Question 177

What are two capabilities provided by VRRP within a LAN network? (Choose two.)

Options:

dynamic routing updates

bandwidth optimization

granular QoS

load sharing

redundancy

Question 178

What is the default port-security behavior on a trunk link?

Options:

It causes a network loop when a violation occurs.

It disables the native VLAN configuration as soon as port security is enabled.

It places the port in the err-disabled state if it learns more than one MAC address.

It places the port in the err-disabled slate after 10 MAC addresses are statically configured.

Question 179

When an access point is seeking to join wireless LAN controller, which message is sent to the AP- Manager interface?

Options:

Discovery response

DHCP request

DHCP discover

Discovery request

Question 180

How is noise defined in Wi-Fi?

Options:

ratio of signal-to-noise rating supplied by the wireless device

signals from other Wi-Fi networks that interfere with the local signal

measured difference between the desired Wi-Fi signal and an interfering Wi-Fi signal

any interference that is not Wi-Fi traffic that degrades the desired signal

Question 181

What are two reasons a switch experiences frame flooding? (Choose two.)

Options:

A defective patch cable is connected to the switch port

Topology changes are occurring within spanning-tree

An aged MAC (able entry is causing excessive updates

Port-security is configured globally

The forwarding table has overflowed

Question 182

What are two features of the DHCP relay agent? (Choose two.)

Options:

assigns DNS locally and then forwards request to DHCP server

permits one IP helper command under an individual Layer 3 interface

allows only MAC-to-IP reservations to determine the local subnet of a client

minimizes the necessary number of DHCP servers

configured under the Layer 3 interface of a router on the client subnet

Question 183

Which alternative to password authentication Is Implemented to allow enterprise devices to log in to the corporate network?

Options:

magic links

one-time passwords

digital certificates

90-day renewal policies

Question 184

Why choose Cisco DNA Center for automated lifecycle management?

Options:

To perform upgrades without service interruption

To provide fast and accurate deployment of patches and updates

To allow SSH access to all nodes in the network.

To provide software redundancy in the network.

Question 185

A network architect is deciding whether to implement Cisco autonomous access points or lightweight access points. Which fact about firmware updates must the architect consider? Unlike lightweight access points, which require

Options:

Unlike lightweight access points, which require redundant WLCs to support firmware upgrades, autonomous access points require only one WLC.

Unlike autonomous access points, lightweight access points store a complete copy of the current firmware for backup.

Unlike lightweight access points, autonomous access points can recover automatically from a corrupt firmware update.

Unlike autonomous access points, lightweight access points require a WLC to implement remote firmware updates.

Question 186

Drag and drop the elements of a security program from the left onto the corresponding descriptions on the right.

Options:

Question 187

What provides connection redundancy increased bandwidth and load sharing between a wireless LAN controller and a Layer 2 switch?

Options:

VLAN trunking

tunneling

first hop redundancy

link aggregation

Question 188

Refer to Itie exhibit

A network engineer started to configure port security on a new switch. These requirements must be met:

* MAC addresses must be learned dynamically

* Log messages must be generated without disabling the interface when unwanted traffic is seen

Which two commands must be configured to complete this task"? (Choose two)

Options:

SW(ccnfig-if)=switchport port-security mac-address sticky

SW(confKj-if)=switchport port-security violation restrict

SW(config.if)sswitchport port-security mac-address 0010.7B84.45E6

SW(config-if)aswitchport port-security maximum 2

SW(ccnfig-if)=switchport port-security violation shutdown

Question 189

Drag and drop the characteristic from the left onto the IPv6 address type on the right.

Options:

Question 190

Drag and drop the SNMP components from the left onto the description on the right.

Options:

Question 191

Refer to the exhibit.

Router R1 is added to the network and configured with the 10.0.0.64/26 and 10.0.20.0/24 subnets. However, traffic destined for the LAN on R3 is not accessible. Which command when executed on R1 defines a static route to reach the R3 LAN?

Options:

ip route 10.0.15.0 255.255.255.0 10.0.20.3

ip route 10.0.15.0 255.255.255.0 10.0.20.1

ip route 10.0.0.64 255.255.255.192 10.0.20.3

ip route 10.0.15.0 255.255.255.192 10.0.20.1

Question 192

Refer to the exhibit.

How many JSON objects are represented?

Options:

Question 193

Drag and drop the statements about networking from the left onto the corresponding networking types on the right. Not all statements are used.

Options:

Question 194

An engineer must configure neighbor discovery between the company router and an ISP

What is the next step to complete the configuration if the ISP uses a third-party router?

Options:

Enable LLDP globally.

Disable CDP on gi0/0.

Enable LLDP TLVs on the ISP router.

Disable auto-negotiation.

Question 195

Which WLC management connection type is vulnerable to man-in-the-middIe attacks?

Options:

Telnet

console

HTTPS

SSH

Question 196

Refer to the exhibit.

The New York router must be configured so that traffic to 2000::1 is sent primarily via the Atlanta site, with a secondary path via Washington that has an administrative distance of 2. Which two commands must be configured on the New York router? (Choose two.)

Options:

ipv6 route 2000::1/128 2012::1

ipv6 route 2000::1/128 2023::2 5

ipv6 route 2000::1/128 2012::1 5

ipv6 route 2000::1/128 2023::3 2

ipv6 route 2000::1/128 2012::2

Question 197

What are two disadvantages of a full-mesh topology? (Choose two.)

Options:

It needs a high MTU between sites.

It has a high implementation cost.

It must have point-to-point communication.

It requires complex configuration.

It works only with BGP between sites.

Question 198

Refer to the exhibit.

The router has been configured with a subnet to accommodate the requirement for 380 users on a subnet. The requirement already considers 30% future growth. Which configuration verifies the IP subnet on router R4?

Options:

Subnet: 10.7.54.0Subnet mask: 255.255.254.0Broadcast address: 10.7.54.255Usable IP address range: 10.7.54.1 - 10.7.55.254

Subnet: 10.7.54.0Subnet mask: 255.255.128.0Broadcast address: 10.7.55.255Usable IP address range: 10.7.54.1 - 10.7.55.254

Subnet: 10.7.54.0Subnet mask: 255.255.255.0Broadcast address: 10.7.54.255Usable IP address range: 10.7.54.1 - 10.7.55.254

Subnet: 10.7.54.0Subnet mask: 255.255.254.0Broadcast address: 10.7.55.255Usable IP address range: 10.7.54.1 - 10.7.55.254

Question 199

It work security team noticed that an increasing number of employees are becoming victims of phishing attacks. Which security program should be implemented to mitigate the problem?

Options:

email system patches

physical access control

software firewall enabled on all PCs

user awareness training

Question 200

A Cisco engineer notices thai two OSPF neighbors are connected using a crossover Ethernet cable. The neighbors are taking too long to become fully adjacent. Which command must be issued under the interface configuration on each router to reduce the time required for the adjacency to reach the FULL state?

Options:

ip ospf network broadcast

ip ospf dead-interval 40

ip ospf network point-to-point

ip ospf priority 0

Question 201

Which type of address is shared by routers in a HSRP implementation and used by hosts on the subnet as their default gateway address?

Options:

multicast address

loopback IP address

virtual IP address

broadcast address

Question 202

What is the role of disaggregation in controller-based networking?

Options:

It divides the control-plane and data-plane functions.

It summarizes the routes between the core and distribution layers of the network topology.

It enables a network topology to quickly adjust from a ring network to a star network

It streamlines traffic handling by assigning individual devices to perform either Layer 2 or Layer 3 functions.

Question 203

Which selections must be used on the WLC when implementing a RADIUS server for wireless authentication?

Options:

Client Exclusion and SSH

802.1x and the MAC address of the server

Network Access Control State and SSH

AAA Override and the IP address of the server

Question 204

Refer to the exhibit. An engineer configured the New York router with static routes that point to the Atlanta and Washington sites. Which command must be configured on the Atlanta and Washington routers so that both sites are able to reach the Lo2 interface on the New York router?

Options:

ipv6 route ::/0 Serial 0/0/0

ipv6 route 0.0.0.0 0.0.0.0 Serial 0/0/0

ipv6 route ::/0 2000::2

ipv6 route ::/0 Serial 0/0/1

Question 205

Refer to the exhibit. An LACP EtherChannel between two directly connected switches is in the configuration process.

Which command must be configured on switch SW2’s Gi0/1-2 interfaces to establish the channel to SW1?

Options:

channel-group 1 mode desirable

channel-group 1 mode on

channel-group 1 mode auto

channel-group 1 mode active

Question 206

Physical connectivity is implemented between the two Layer 2 switches,

and the network connectivity between them must be configured.

I . Configure an LACP EtherChanneI and number it as 44; configure it

between switches SWI and SW2 using interfaces EthernetO/O and

Ethernet0/1 on both sides. The LACP mode must match on both ends.

2. Configure the EtherChanneI as a trunk link.

3. Configure the trunk link with 802. Iq tags.

4. Configure VLAN 'MONITORING' as the untagged VLAN of the

EtherChannel.

==================

Guidelines

This is a lab item in which tasks will be performed on virtual devices.

• Refer to the Tasks tab to view the tasks for this lab item.

• Refer to the Topology tab to access the device console(s) and perform the tasks.

• Console access is available for all required devices by clicking the device icon or using

the tab(s) above the console window.

• All necessary preconfigurations have been applied.

• Do not change the enable password or hostname for any device.

• Save your configurations to NVRAM before moving to the next item.

• Click Next at the bottom of the screen to submit this lab and move to the next question.

• When Next is clicked, the lab closes and cannot be reopened.

Options:

Answer:

Solution is given below explanation.

Explanation:

To configure an LACP EtherChannel and number it as 44, configure it between switches SW1 and SW2 using interfaces Ethernet0/0 and Ethernet0/1 on both sides, configure the EtherChannel as a trunk link, configure the trunk link with 802.1q tags, and configure VLAN ‘MONITORING’ as the untagged VLAN of the EtherChannel, you need to follow these steps:

On both SW1 and SW2, enter the global configuration mode by using the configure terminal command.

On both SW1 and SW2, select the two interfaces that will form the EtherChannel by using the interface range ethernet 0/0 - 1 command. This will enter the interface range configuration mode.

On both SW1 and SW2, set the protocol to LACP by using the channel-protocol lacp command.

On both SW1 and SW2, assign the interfaces to an EtherChannel group number 44 by using the channel-group 44 mode active command. This will create a logical interface named Port-channel44 and set the LACP mode to active on both ends. The LACP mode must match on both ends for the EtherChannel to form.

On both SW1 and SW2, exit the interface range configuration mode by using the exit command.

On both SW1 and SW2, enter the Port-channel interface configuration mode by using the interface port-channel 44 command.

On both SW1 and SW2, configure the Port-channel interface as a trunk link by using the switchport mode trunk command.

On both SW1 and SW2, configure the Port-channel interface to use 802.1q tags for VLAN identification by using the switchport trunk encapsulation dot1q command.

On both SW1 and SW2, configure VLAN ‘MONITORING’ as the untagged VLAN of the Port-channel interface by using the switchport trunk native vlan MONITORING command.

On both SW1 and SW2, exit the Port-channel interface configuration mode by using the exit command.

On both SW1 and SW2, save the configuration to NVRAM by using the copy running-config startup-config command.

Question 207

What is the main purpose of SSH management access?

Options:

To support DES 56-bit and 3DES (168-bit) ciphers

To enable secured access to the inbound management interface

To validate management access with username and domain name only

To allow passwords protected with HTTPS encryption to be sent

Question 208

Which feature, when used on a WLC, allows it to bundle its distribution system ports into one 802.3ad group?

Options:

QinQ

ISL

PAgP

LAG

Question 209

What is the difference between the TCP and UDP protocols?

Options:

TCP ensures ordered, reliable data delivery, and UDP offers low latency and high throughput.

TCP is used for transmitting data over the internet, and UDP is used for transmitting data over a local network.

TCP manages multicast and broadcast data transfers, and UDP only handles unicast communications.

TCP is used to ensure data integrity in a file transfer, and UDP is used to broadcast a message to multiple recipients.

Question 210

Configure IPv4 and IPv6 connectivity between two routers. For IPv4, use a /28 network from the 192.168.1.0/24 private range. For IPv6, use the first /64 subnet from the 2001:0db8:aaaa::/48 subnet.

1. Using Ethernet0/1 on routers R1 and R2, configure the next usable/28 from the 192.168.1.0/24 range. The network 192.168.1.0/28 is unavailable.

2. For the IPv4 /28 subnet, router R1 must be configured with the first usable host address.

3. For the IPv4 /28 subnet, router R2 must be configured with the last usable host address.

4. For the IPv6 /64 subnet, configure the routers with the IP addressing provided from the topology.

5. A ping must work between the routers on the IPv4 and IPv6 address ranges.

Options:

Question 211

Which header must be included in a REST request from an application that requires JSON-formatted content?

Options:

Content-Type: application/json

Accept-Encoding: application/json

Accept: application/json

Accept-Language: application/json

Question 212

Which key function is provided by the data plane?

Options:

Making routing decisions

Originating packets

Forwarding traffic to the next hop

Exchanging routing table data

Question 213

Which two QoS tools provide congestion management? (Choose two.)

Options:

PBR

FRTS

CBWFQ

CAR

Question 214

Refer to the exhibit. Which configuration enables SW2 to establish an LACP EtherChannel?

Options:

Question 215

Refer to the exhibit. During initial configuration testing, the Windows workstation PC1 cannot connect with the 172.16.2.0/24 network.

Which set of actions corrects the configuration?

Options:

Change the IP address to 172.16.1.6 and change the subnet mask to 255.255.255.248.

Change the IP address to 172.16.1.6 and change the DNS servers to 172.16.1.12 and 172.16.1.13.

Change the IP address to 172.16.1.9 and change the default gateway to 172.16.1.7.

Change the IP address to 172.16.1.9 and change the DNS server to 172.16.1.12 only.

Question 216

Why would a network administrator implement the HSRP protocol?

Options:

To provide network redundancy in the case of a router failure

To use an open standard protocol that is configured on Cisco and third-party routers

To allow hosts in a network to use the same default gateway virtual IP when load-balancing traffic

To allow clients to be configured with multiple default gateway IPs

Question 217

How does automation leverage data models to reduce the operational complexity of a managed network?

Options:

Reduces the response time for specific requests to devices with many interfaces

Categorizes traffic and provides insights

Allows the controller to be vendor-agnostic

Streamlines monitoring using SNMP and other polling tools

Question 218

Which statement describes virtualization on containers?

Options:

It is a type of operating system virtualization that allows the host operating system to control the different CPU memory processes.

It emulates a physical computer and enables multiple machines to run with many operating systems on a physical machine.

It separates virtual machines from each other and allocates memory, processors, and storage to compute.

It contains a guest operating system and virtual partition of hardware for OS and requires application libraries.

Question 219

Refer to the exhibit. The routers R1-LAB and R2-LAB are configured with link-local addresses. What command must be applied to interface Gi0/0 on R1-LAB for an automated address self-assignment on the IPv6 network?

Options:

ipv6 address 2001:db8:1:0FFA:0::/64

ipv6 address 2001:db8:0:0FFA::1/64

ipv6 address 2001:db8:0:0FFA::/64 eui-64

ipv6 address 2001:db8:0:0FFA::/64 anycast

Question 220

Which interface is used to send traffic to the destination network?

10.90.207.87/26 [110/1912] via F0/7

10.90.207.87/26 [110/28968] via F0/6

10.90.207.87/26 [120/14] via F0/4

10.90.207.87/26 [120/11] via F0/5

Options:

F0/7

F0/5

F0/4

F0/6

Question 221

Drag and drop the characteristic from the left onto the cable type on the right.

Options:

Question 222

Where are the real-time control functions processed in a split MAC architecture?

Options:

Centralized cloud management platform

Central WLC

Individual AP

Client device

Question 223

An engineer must update the configuration on two PCs in two different subnets to communicate locally with each other. One PC is configured with IP address 192.168.25.128/25 and the other with 192.168.25.100/25. Which network mask must the engineer configure on both PCs to enable the communication?

Options:

255.255.255.224

255.255.255.248

255.255.255.0

255.255.255.252

Question 224

Refer to the exhibit. Configurations for the switch and PCs are complete.

Which configuration must be applied so that VLANs 2 and 3 communicate back and forth?

Options:

interface GigabitEthernet0/0

ip address 10.10.2.10 255.255.252.0

interface GigabitEthernet0/0.3

encapsulation dot1Q 3 native

ip address 10.10.2.10 255.255.252.0

interface GigabitEthernet0/0.10

encapsulation dot1Q 3

interface GigabitEthernet0/0.3

encapsulation dot1Q 10

ip address 10.10.2.10 255.255.252.0

Question 225

All physical cabling is in place. A company plans to deploy 32 new sites.

The sites will utilize both IPv4 and IPv6 networks.

1 . Subnet 172.25.0.0/16 to meet the subnet requirements and maximize

the number of hosts

Using the second subnet

• Assign the first usable IP address to e0/0 on Sw1O1

• Assign the last usable IP address to e0/0 on Sw102

2. Subnet to meet the subnet requirements and maximize

the number of hosts

c Using the second subnet

• Assign an IPv6 GUA using a unique 64-Bit interface identifier

on e0/0 on Sw101

• Assign an IPv6 GUA using a unique 64-Bit interface identifier

on eO/O on swi02

Guidelines

This is a lab item in which tasks will be performed on virtual devices.

• Refer to the Tasks tab to view the tasks for this lab item.

• Refer to the Topology tab to access the device console(s) and perform the tasks.

• Console access is available for all required devices by clicking the device icon or using

the tab(s) above the console window.

• All necessary preconfigurations have been applied.

• Do not change the enable password or hostname for any device.

• Save your configurations to NVRAM before moving to the next item.

• Click Next at the bottom of the screen to submit this lab and move to the next question.

• When Next is clicked, the lab closes and cannot be reopened.

Options:

Answer:

See the Explanation for the solution.

Explanation:

To subnet 172.25.0.0/16 to meet the subnet requirements and maximize the number of hosts, you need to determine how many bits you need to borrow from the host portion of the address to create enough subnets for 32 sites. Since 32 is 2^5, you need to borrow 5 bits, which means your new subnet mask will be /21 or 255.255.248.0. To find the second subnet, you need to add the value of the fifth bit (32) to the third octet of the network address (0), which gives you 172.25.32.0/21 as the second subnet. The first usable IP address in this subnet is 172.25.32.1, and the last usable IP address is 172.25.39.254.

To assign the first usable IP address to e0/0 on Sw101, you need to enter the following commands on the device console:

Sw101#configure terminal Sw101(config)#interface e0/0 Sw101(config-if)#ip address 172.25.32.1 255.255.248.0 Sw101(config-if)#no shutdown Sw101(config-if)#end

To assign the last usable IP address to e0/0 on Sw102, you need to enter the following commands on the device console:

Sw102#configure terminal Sw102(config)#interface e0/0 Sw102(config-if)#ip address 172.25.39.254 255.255.248.0 Sw102(config-if)#no shutdown Sw102(config-if)#end

To subnet an IPv6 GUA to meet the subnet requirements and maximize the number of hosts, you need to determine how many bits you need to borrow from the interface identifier portion of the address to create enough subnets for 32 sites. Since 32 is 2^5, you need to borrow 5 bits, which means your new prefix length will be /69 or ffff:ffff:ffff:fff8::/69 (assuming that your IPv6 GUA has a /64 prefix by default). To find the second subnet, you need to add the value of the fifth bit (32) to the fourth hextet of the network address (0000), which gives you xxxx:xxxx:xxxx:0020::/69 as the second subnet (where xxxx:xxxx:xxxx is your IPv6 GUA prefix). The first and last IPv6 addresses in this subnet are xxxx:xxxx:xxxx:0020::1 and xxxx:xxxx:xxxx:0027:ffff:ffff:ffff:fffe respectively.

To assign an IPv6 GUA using a unique 64-bit interface identifier on e0/0 on Sw101, you need to enter the following commands on the device console (assuming that your IPv6 GUA prefix is 2001:db8::/64):

Sw101#configure terminal Sw101(config)#interface e0/0 Sw101(config-if)#ipv6 address 2001:db8::20::1/69 Sw101(config-if)#no shutdown Sw101(config-if)#end

To assign an IPv6 GUA using a unique 64-bit interface identifier on e0/0 on Sw102, you need to enter the following commands on the device console (assuming that your IPv6 GUA prefix is 2001:db8::/64):

Sw102#configure terminal Sw102(config)#interface e0/0 Sw102(config-if)#ipv6 address 2001:db8::27::fffe/69 Sw102(config-if)#no shutdown Sw102(config-if)#end

Question 226

An engineer requires a switch interface to actively attempt to establish a trunk link with a neighbor switch. What command must be configured?

Options:

switchport mode dynamic desirable

switchport mode trunk

switchport nonegotiate

switchport mode dynamic auto

Question 227

Refer to the exhibit. A secondary route is required on router R1 to pass traffic to the LAN network on R2 if the primary link fails. Which command must be entered to configure the router?

Options:

ip route 10.0.2.0 255.255.255.240 10.0.0.7 92

ip route 10.0.2.0 255.255.255.248 10.0.0.6 91

ip route 10.0.2.0 256.255.255.240 10.0.0.6 91

ip route 10.0.2.0 255.255.255.248 null0 93

Question 228

Why would a network administrator choose to implement RFC 1918 address space?

Options:

to route traffic on the internet

to provide flexibility in the IP network design

to provide overlapping address space with another network

to limit the number of hosts on the network

Question 229

All physical cabling is in place. Router R4 and PCI are fully configured and

inaccessible. R4's WAN interfaces use .4 in the last octet for each subnet.

Configurations should ensure that connectivity is established end-to-end.

1 . Configure static routing to ensure RI prefers the path through R2 to

reach only PCI on R4's LAN

2. Configure static routing that ensures traffic sourced from RI will take

an alternate path through R3 to PCI in the event of an outage along

the primary path

3. Configure default routes on RI and R3 to the Internet using the least number of hops

Guidelines

This is a lab item in which tasks will be performed on virtual devices.

• Refer to the Tasks tab to view the tasks for this lab item.

• Refer to the Topology tab to access the device console(s) and perform the tasks.

• Console access is available for all required devices by clicking the device icon or using

the tab(s) above the console window.

• All necessary preconfigurations have been applied.

• Do not change the enable password or hostname for any device.

• Save your configurations to NVRAM before moving to the next item.

• Click Next at the bottom of the screen to submit this lab and move to the next question.

• When Next is clicked, the lab closes and cannot be reopened.

Options:

Answer:

See the solution below in Explanation.

Explanation:

To configure static routing on R1 to ensure that it prefers the path through R2 to reach only PC1 on R4’s LAN, you need to create a static route for the host 10.0.0.100/8 with a next-hop address of 20.0.0.2, which is the IP address of R2’s interface connected to R1. You also need to assign a lower administrative distance (AD) to this route than the default AD of 1 for static routes, so that it has a higher preference over other possible routes. For example, you can use an AD of 10 for this route. To create this static route, you need to enter the following commands on R1’s console:

R1#configure terminal R1(config)#ip route 10.0.0.100 255.0.0.0 20.0.0.2 10 R1(config)#end

To configure static routing on R1 that ensures that traffic sourced from R1 will take an alternate path through R3 to PC1 in the event of an outage along the primary path, you need to create another static route for the host 10.0.0.100/8 with a next-hop address of 40.0.0.2, which is the IP address of R3’s interface connected to R1. You also need to assign a higher AD to this route than the AD of the primary route, so that it has a lower preference and acts as a backup route. For example, you can use an AD of 20 for this route. This type of static route is also known as a floating static route. To create this static route, you need to enter the following commands on R1’s console:

R1#configure terminal R1(config)#ip route 10.0.0.100 255.0.0.0 40.0.0.2 20 R1(config)#end

To configure default routes on R1 and R3 to the Internet using the least number of hops, you need to create a static route for the network 0.0.0.0/0 with a next-hop address of the ISP’s interface connected to each router respectively. A default route is a special type of static route that matches any destination address and is used when no other specific route is available. The ISP’s interface connected to R1 has an IP address of 10.0.0.4, and the ISP’s interface connected to R3 has an IP address of 50.0.0.4. To create these default routes, you need to enter the following commands on each router’s console:

On R1: R1#configure terminal R1(config)#ip route 0.0.0.0 0.0.0.0 10.0.0.4 R1(config)#end

On R3: R3#configure terminal R3(config)#ip route 0.0.0.0 0.0.0.0 50.0.0.4 R3(config)#end

Question 230

Refer to the exhibit.

How does router R1 forward packets destined to 10.0.4.10?

Options:

via 10.0.4.2

via 10.0.0.2

via FastEthernet0/1

via FastEthernet1/1

Question 231

All physical cabling between the two switches is installed. Configure the network connectivity between the switches using the designated VLANs and interfaces.

1. Configure VLAN 100 named Compute and VLAN 200 named Telephony where required for each task.

2. Configure Ethernet0/1 on SW2 to use the existing VLAN named Available.

3. Configure the connection between the switches using access ports.

4. Configure Ethernet0/1 on SW1 using data and voice VLANs.

5. Configure Ethemet0/1 on SW2 so that the Cisco proprietary neighbor discovery protocol is turned off for the designated interface only.

Options:

Question 232

Connectivity between four routers has been established. IP connectivity must be configured in the order presented to complete the implementation. No dynamic routing protocols are included.

1. Configure static routing using host routes to establish connectivity from router R3 to the router R1 Loopback address using the source IP of 209.165.200.230.

2. Configure an IPv4 default route on router R2 destined for router R4.

3. Configure an IPv6 default router on router R2 destined for router R4.

Options:

Question 233

Drag and drop the characteristic from the left onto the IPv6 address type on the right.

Options:

Question 234

What is the function of generative AI in network operations?

Options:

It disables unused services.

It deploys network firmware updates.

It creates synthetic network configurations.

It computes optimal data storage solutions.

Question 235

What is the total number of users permitted to simultaneously browse the controller management pages when using the AireOS GUI?

Options:

Question 236

How does MAC learning function?

Options:

Enabled by default on all VLANs and interfaces

Forwards frames to a neighbor port using CDP

Overwrites the known source MAC address in the address table

Protects against denial of service attacks

Question 237

Refer to the exhibit.

Which configuration is needed to configure a WLAN with WPA2 only and with a password that is 63 characters long?

Options:

Disable WPA Policy and WPA Encryption and then enable PSK using ASCII.

Enable PSK and FT PSK and then disable WPA Policy.

Disable WPA Encryption and then enable FT PSK.

Enable PSK using Hex format and then disable WPA Policy.

Question 238

What is the maximum length of characters used in an SSID?

Options:

Question 239

IP connectivity and OSPF are preconfigured on all devices where necessary. Do not make any changes to the IP addressing or OSPF. The company policy uses connected interfaces and next hops when configuring static routes except for load balancing or redundancy without floating static. Connectivity must be established between subnet 172.20.20.128/25 on the Internet and the LAN at 192.168.0.0/24 connected to SW1:

1. Configure reachability to the switch SW1 LAN subnet in router R2.

2. Configure default reachability to the Internet subnet in router R1.

3. Configure a single static route in router R2 to reach to the Internet subnet considering both redundant links between routers R1 and R2. A default route is NOT allowed in router R2.

4. Configure a static route in router R1 toward the switch SW1 LAN subnet where the primary link must be through Ethernet0/1. and the backup link must be through Ethernet0/2 using a floating route. Use the minimal administrative distance value when required.

Options:

Question 240

Connectivity between three routers has been established, and IP services must be configured jn the order presented to complete the implementation Tasks assigned include configuration of NAT, NTP, DHCP, and SSH services.

1. All traffic sent from R3 to the R1 Loopback address must be configured for NAT on R2. All source addresses must be translated from R3 to the IP address of Ethernet0/0 on R2, while using only a standard access list named NAT To verify, a ping must be successful to the R1 Loopback address sourced from R3. Do not use NVI NAT configuration.

2. Configure R1 as an NTP server and R2 as a client, not as a peer, using the IP address of the R1 Ethernet0/2 interface. Set the clock on the NTP server for midnight on January 1, 2019.

3. Configure R1 as a DHCP server for the network 10.1.3.0/24 in a pool named TEST. Using a single command, exclude addresses 1-10 from the range. Interface Ethernet0/2 on R3 must be issued the IP address of 10.1.3.11 via DHCP.

4. Configure SSH connectivity from R1 to R3, while excluding access via other remote connection protocols. Access for user root and password Cisco must be set on router R3 using RSA and 1024 bits. Verify connectivity using an SSH session from router R1 using a destination address of 10.1.3.11. Do NOT modify console access or line numbers to accomplish this task.

Options:

Question 241

An organization developed new security policies and decided to print the policies and distribute them to all personnel so that employees review and apply the policies. Which element of a security program is the organization implementing?

Options:

Asset identification

User training

Physical access control

Vulnerability control

Question 242

Three switches must be configured for Layer 2 connectivity. The company requires only the designated VLANs to be configured on their respective switches and permitted accross any links between switches for security purposes. Do not modify or delete VTP configurations.

The network needs two user-defined VLANs configured:

VLAN 110: MARKETING

VLAN 210: FINANCE

1. Configure the VLANs on the designated switches and assign them as access ports to the interfaces connected to the PCs.

2. Configure the e0/2 interfaces on Sw1 and Sw2 as 802.1q trunks with only the required VLANs permitted.

3. Configure the e0/3 interfaces on Sw2 and Sw3 as 802.1q trunks with only the required VLANs permitted.

Options:

Question 243

Refer to the exhibit. A network engineer is adding another physical interface as a new member to the existing Port-Channel1 bundle.

Which command set must be configured on the new interface to complete the process?

Options:

switchport mode trunk

channel-group 1 mode active

no switchport

channel-group 1 mode active

no switchport

channel-group 1 mode on

switchport

switchport mode trunk

Question 244

Refer to the exhibit. What is the administrative distance for the advertised prefix that includes the host IP address 10.30.0.1?

Options:

10.0.0.2

110

Question 245

Refer to the exhibit. An administrator is configuring a new WLAN for a wireless network that has these requirements:

Dual-band clients that connect to the WLAN must be directed to the 5-GHz spectrum.

Wireless clients on this WLAN must be able to apply VLAN settings from RADIUS attributes.

Which two actions meet these requirements? (Choose two.)

Options:

Enable the Aironet IE option.

Enable the Coverage Hole Detection option.

Set the MFP Client Protection option to Required

Enable the client band select option.

Enable the allow AAA Override option

Question 246

What is an advantage of using SDN versus traditional networking when it comes to security?

Options:

SDN security is managed near the perimeter of the network with firewalls, VPNs, and IPS, and traditional networking security policies are created based on telemetry data.

SDN exposes an API to configure locally per device for security policies, and traditional networking uses northbound API for network admin interface for configuring security policies.

SDN creates a unified control point making security policies consistent across all devices, and traditional networking must be configured device by device, leaving room for error.

SDN devices communicate with each other to establish a security policy, and in traditional networking, devices communicate upstream to a central location to establish a security policy.

Question 247

Physical connectivity is implemented between the two Layer 2 switches, and the network connectivity between them must be configured

1. Configure an LACP EtherChannel and number it as 1; configure it between switches SW1 and SVV2 using interfaces Ethernet0/0 and Ethernet0/1 on both sides. The LACP mode must match on both ends

2 Configure the EtherChannel as a trunk link.

3. Configure the trunk link with 802.1 q tags.

4. Configure the native VLAN of the EtherChannel as VLAN 15.

Options:

Question 248

What is represented by the word "switch" within this JSON schema?

Options:

array

value

key

object

Question 249

IP connectivity between the three routers is configured. OSPF adjacencies must be established.

1. Configure R1 and R2 Router IDs using the interface IP addresses from the link that is shared between them.

2. Configure the R2 links with a max value facing R1 and R3. R2 must become the DR. R1 and R3 links facing R2 must remain with the default OSPF configuration for DR election. Verify the configuration after clearing the OSPF process.

3. Using a host wildcard mask, configure all three routers to advertise their respective Loopback1 networks.

4. Configure the link between R1 and R3 to disable their ability to add other OSPF routers.

Options:

Question 250

What is a characteristic of a Layer 2 switch?

Options:

Uses routers to create collision domains

Responsible for sending data in a particular sequence

Avoids MAC address storage for faster transmission

Uses the data link layer for communications

Question 251

Refer to the exhibit. All routers in the network are configured R2 must be the DR. After the engineer connected the devices, R1 was elected as the DR. Which command sequence must be configure on R2 to Be elected as the DR in the network?

Options:

Option A

Option B

Option C

Option D

Question 252

What are two fundamentals of virtualization? (choose two)

Options:

The environment must be configured with one hypervisor that serves solely as a network manager to monitor SNMP traffic

It allows logical network devices to move traffic between virtual machines and the rest of the physical network

It allows multiple operating systems and applications to run independently on one physical server.

It allows a physical router to directly connect NICs from each virtual machine into the network

It requires that some servers, virtual machines and network gear reside on the Internet

Question 253

An engineer needs to add an old switch back into a network. To prevent the switch from corrupting the VLAN database which action must be taken?

Options:

Add the switch in the VTP domain with a lower revision number

Add the switch with DTP set to dynamic desirable

Add the switch in the VTP domain with a higher revision number

Add the switch with DTP set to desirable

Question 254

Refer to the exhibit.

After the election process what is the root bridge in the HQ LAN?

Options:

Switch 1

Switch 2

Switch 3

Switch 4

Question 255

In QoS, which prioritization method is appropriate for interactive voice and video?

Options:

expedited forwarding

traffic policing

round-robin scheduling

low-latency queuing

Question 256

In which situation is private IPv4 addressing appropriate for a new subnet on the network of an organization?

Options:

There is limited unique address space, and traffic on the new subnet will stay local within the organization.

The network has multiple endpoint listeners, and it is desired to limit the number of broadcasts.

Traffic on the subnet must traverse a site-to-site VPN to an outside organization.

The ISP requires the new subnet to be advertised to the internet for web services.

Question 257

How does Cisco DNA Center gather data from the network?

Options:

Network devices use different services like SNMP, syslog, and streaming telemetry to send data to the controller

Devices establish an iPsec tunnel to exchange data with the controller

Devices use the call-home protocol to periodically send data to the controller.

The Cisco CU Analyzer tool gathers data from each licensed network device and streams it to the controller.

Question 258

What is the difference regarding reliability and communication type between TCP and UDP?

Options:

TCP is reliable and is a connection-oriented protocol UDP is not reliable and is a connectionless protocol

TCP is not reliable and is a connection-oriented protocol; UDP is reliable and is a connectionless protocol

TCP is not reliable and is a connectionless protocol; UDP is reliable and is a connection-oriented protocol

TCP is reliable and is a connectionless protocol; UDP is not reliable and is a connection-oriented protocol

Question 259

Which feature on the Cisco Wireless LAN Controller when enabled restricts management access from specific networks?

Options:

CPU ACL

TACACS

Flex ACL

RADIUS

Question 260

Which two components are needed to create an Ansible script that configures a VLAN on a switch? (Choose two.)

Options:

cookbook

task

playbook

model

recipe

Question 261

Refer to the exhibit.

What commands are needed to add a subinterface to Ethernet0/0 on R1 to allow for VLAN 20, with IP address 10.20.20.1/24?

Options:

R1(config)#interface ethernet0/0

R1(config)#encapsulation dot1q 20

R1(config)#ip address 10.20.20.1 255.255.255.0

R1(config)#interface ethernet0/0.20

R1(config)#encapsulation dot1q 20

R1(config)#ip address 10.20.20.1 255.255.255.0

R1(config)#interface ethernet0/0.20

R1(config)#ip address 10.20.20.1 255.255.255.0

R1(config)#interface ethernet0/0

R1(config)#ip address 10.20.20.1 255.255.255.0

Question 262

An engineer is configuring an encrypted password for the enable command on a router where the local user database has already been configured Drag and drop the configuration commands from the left into the correct sequence on the right Not all commands are used

Options:

Question 263

Drag and drop the IPv6 address type characteristics from the left to the right.

Options:

Question 264

Which output displays a JSON data representation?

Options:

Option A

Option B

Option C

Option D

Question 265

An engineering team asks an implementer to configure syslog for warning conditions and error conditions. Which command does the implementer configure to achieve the desired result?

Options:

logging trap 5

logging trap 2

logging trap 4

logging trap 3

Question 266

When a switch receives a frame for a known destination MAC address, how is the frame handed?

Options:

sent to the port identified for the known MAC address

broadcast to all ports

forwarded to the first available port

flooded to all ports except the one from which it originated

Question 267

What is the role of a firewall in an enterprise network?

Options:

Forwards packets based on stateless packet inspection

Processes unauthorized packets and allows passage to less secure segments of the network

determines which packets are allowed to cross from unsecured to secured networks

explicitly denies all packets from entering an administrative domain

Question 268

Which switch technology establishes a network connection immediately when it is plugged in?

Options:

PortFast

BPDU guard

UplinkFast

BackboneFast

Question 269

What is the benefit of using FHRP?

Options:

reduced management overhead on network routers

balancing traffic across multiple gateways in proportion to their loads

higher degree of availability

reduced ARP traffic on the network

Question 270

What is recommended for the wireless infrastructure design of an organization?

Options:

group access points together to increase throughput on a given channel

configure the first three access points are configured to use Channels 1, 6, and 11

include a least two access points on nonoverlapping channels to support load balancing

assign physically adjacent access points to the same Wi-Fi channel

Question 271

Which two capacities of Cisco DNA Center make it more extensible as compared to traditional campus device management? (Choose two)

Options:

adapters that support all families of Cisco IOS software

SDKs that support interaction with third-party network equipment

customized versions for small, medium, and large enterprises

REST APIs that allow for external applications to interact natively with Cisco DNA Center

modular design that is upgradable as needed

Question 272

Which spanning-tree enhancement avoids the learning and listening states and immediately places ports in the forwarding state?

Options:

BPDUfilter

PortFast

Backbonefast

BPDUguard

Exam Detail

Vendor: Cisco

Certification: CCNA

Exam Code: 200-301

Exam Name: Cisco Certified Network Associate

Last Update: Jul 31, 2025

200-301 Question Answers

Summer Special - Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: top65certs

Free and Premium Cisco 200-301 Dumps Questions Answers

Cisco Certified Network Associate Questions and Answers

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Explanation:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer: