DON'T WANT TO MISS A THING?

Certification Exam Passing Tips

Latest exam news and discount info

Curated and up-to-date by our experts

Yes, send me the newsletter

Pass CCNA 200-301 Exam with Real Cisco Associated Exam Questions

Prepare for success in the Cisco Certified Network Associate (CCNA) 200-301 exam with our comprehensive exam preparation resources. Our practice exams feature real exam questions and answers designed to mirror the actual CCNA200-301 exam, providing you with a realistic test environment to assess your knowledge and readiness. Our study material includes in-depth coverage of key topics like network fundamentals, network access, IP connectivity, IP services, security fundamentals, and automation. With our exam dumps and practice tests, you can strengthen your understanding of crucial concepts and enhance your exam-taking skills. Our exam resources are curated to help you prepare effectively, giving you the confidence to successfully pass the CCNA 200-301 exam and earn your Cisco Certified Network Associate certification.
Take other online exams

Question #1
Refer to the exhibit. How should the configuration be updated to allow PC1 and PC2 access to the Internet?
A. odify the configured number of the second access list
B. hange the ip nat inside source command to use interface GigabitEthernet0/0
C. emove the overload keyword from the ip nat inside source command
D. dd either the ip nat {inside|outside} command under both interfaces
View answer
Correct Answer: D

View The Updated 200-301 Exam Questions

SPOTO Provides 100% Real 200-301 Exam Questions for You to Pass Your 200-301 Exam!

Question #2
What is the purpose of the ip address dhcp command?
A. o configure an interface as a DHCP relay
B. o configure an interface as a DHCP client
C. o configure an interface as a DHCP helper
D. o configure an interface as a DHCP server
View answer
Correct Answer: B
Question #3
Refer to the exhibit. Which configuration enables DHCP addressing for hosts connected to interface FastEthernet0/1 on router R4?
A. nterface FastEthernet0/1 ip helper-address 10
B. nterface FastEthernet0/0 ip helper-address 10
C. nterface FastEthernet0/0 ip helper-address 10
D. nterface FastEthernet0/1 ip helper-address 10
View answer
Correct Answer: A
Question #4
DRAG DROP (Drag and Drop is not supported)Drag and drop the SNMP manager and agent identifier commands from the left onto the functions on the right.Select and Place:
A. ee Explanation section for answer
View answer
Correct Answer: A
Question #5
An engineer is configuring SSH version 2 exclusively on the R1 router. What is the minimum configuration required to permit remote management using the cryptographic protocol?
A. ostname R1 service password-encryption crypto key generate rsa general-keys modulus 1024 username cisco privilege 15 password 0 cisco123 ip ssh version 2 line vty 0 15 transport input ssh login local
B. ostname R1 ip domain name cisco crypto key generate rsa general-keys modulus 1024 username cisco privilege 15 password 0 cisco123 ip ssh version 2 line vty 0 15 transport input ssh login local
C. ostname R1 crypto key generate rsa general-keys modulus 1024 username cisco privilege 15 password 0 cisco123 ip ssh version 2 line vty 0 15 transport input ssh login local
D. ostname R1 ip domain name cisco crypto key generate rsa general-keys modulus 1024 username cisco privilege 15 password 0 cisco123 ip ssh version 2 line vty 0 15 transport input all login local
View answer
Correct Answer: B
Question #6
Which per-hop traffic-control feature does an ISP implement to mitigate the potential negative effects of a customer exceeding its committed bandwidth?
A. olicing
B. ueuing
C. arking
D. haping
View answer
Correct Answer: A
Question #7
DRAG DROP (Drag and Drop is not supported)Drag and drop the QoS terms from the left onto the descriptions on the right.Select and Place:
A. ee Explanation section for answer
View answer
Correct Answer: A
Question #8
Which remote access protocol provides unsecured remote CLI access?
A. onsole
B. elnet
C. SH
D. ash
View answer
Correct Answer: B
Question #9
DRAG DROP (Drag and Drop is not supported)Drag and drop the functions of SNMP fault-management from the left onto the definitions on the right.Select and Place:
A. ee Explanation section for answer
View answer
Correct Answer: A
Question #10
Refer to the exhibit. Which router or router group are NTP clients?
A. 1
B. 2 and R3
C. 1, R3, and R4
D. 1, R2, and R3
View answer
Correct Answer: D
Question #11
Refer to the exhibit. What is the next step to complete the implementation for the partial NAT configuration shown?
A. odify the access list for the internal network on e0/1
B. econfigure the static NAT entries that overlap the NAT pool
C. pply the ACL to the pool configuration
D. onfigure the NAT outside interface
View answer
Correct Answer: B
Question #12
What is a syslog facility?
A. ost that is configured for the system to send log messages
B. assword that authenticates a Network Management System to receive log messages
C. roup of log messages associated with the configured severity level
D. et of values that represent the processes that can generate a log message
View answer
Correct Answer: D
Question #13
DRAG DROP (Drag and Drop is not supported)Drag and drop the functions of DHCP from the left onto any of the positions on the right. Not all functions are used.Select and Place:
A. ee Explanation section for answer
View answer
Correct Answer: A
Question #14
Refer to the exhibit. A newly configured PC fails to connect to the internet by using TCP port 80 to www.cisco.com. Which setting must be modified for the connection to work?
A. ubnet Mask
B. NS Servers
C. efault Gateway
D. HCP Servers
View answer
Correct Answer: B
Question #15
Which QoS queuing method discards or marks packets that exceed the desired bit rate of traffic flow?
A. BWFQ
B. olicing
C. LQ
D. haping
View answer
Correct Answer: B
Question #16
Which QoS per-hop behavior changes the value of the ToS field in the IPv4 packet header?
A. haping
B. olicing
C. lassification
D. arking
View answer
Correct Answer: D
Question #17
What is the function of FTP?
A. lways operated without user connection validation
B. ses block number to identify and mitigate data-transfer errors
C. elies on the well-known UDO port 69 for data transfer
D. ses two separate connections for control and data traffic
View answer
Correct Answer: D
Question #18
How does TFTP operate in a network?
A. rovides secure data transfer
B. elies on the well-known TCP port 20 to transmit data
C. ses block numbers to identify and mitigate data-transfer errors
D. equires two separate connections for control and data traffic
View answer
Correct Answer: C
Question #19
Refer to the exhibit. Which plan must be implemented to ensure optimal QoS marking practices on this network?
A. rust the IP phone markings on SW1 and mark traffic entering SW2 at SW2
B. s traffic traverses MLS1 remark the traffic, but trust all markings at the access layer
C. emark traffic as it traverses R1 and trust all markings at the access layer
D. s traffic enters from the access layer on SW1 and SW2, trust all traffic markings
View answer
Correct Answer: A
Question #20
How does QoS optimize voice traffic?
A. y reducing bandwidth usage
B. y reducing packet loss
C. y differentiating voice and video traffic
D. y increasing jitter
View answer
Correct Answer: C
Question #21
Which QoS tool can you use to optimize voice traffic on a network that is primarily intended for data traffic?
A. RED
B. IFO
C. Q
D. FQ
View answer
Correct Answer: C
Question #22
Refer to the exhibit. Users on existing VLAN 100 can reach sites on the Internet. Which action must the administrator take to establish connectivity to the Internet for users in VLAN 200?
A. efine a NAT pool on the router
B. onfigure the ip nat outside command on another interface for VLAN 200
C. onfigure static NAT translations for VLAN 200
D. pdate the NAT_INSIDE_RANGES ACL
View answer
Correct Answer: D
Question #23
An organization secures its network with multi-factor authentication using an authenticator app on employee smartphones. How is the application secured in the case of a user's smartphone being lost or stolen?
A. he application requires the user to enter a PIN before it provides the second factor
B. he application requires an administrator password to reactivate after a configured interval
C. he application verifies that the user is in a specific location before it provides the second factor
D. he application challenges a user by requiring an administrator password to reactivate when the smartphone is rebooted
View answer
Correct Answer: A
Question #24
Which device performs stateful inspection of traffic?
A. witch
B. irewall
C. ccess point
D. ireless controller
View answer
Correct Answer: B
Question #25
A network administrator enabled port security on a switch interface connected to a printer. What is the next configuration action in order to allow the port to learn the MAC address of the printer and insert it into the table automatically?
A. nable dynamic MAC address learning
B. mplement static MAC addressing
C. nable sticky MAC addressing
D. mplement auto MAC address learning
View answer
Correct Answer: C
Question #26
Refer to the exhibit. An engineer booted a new switch and applied this configuration via the console port. Which additional configuration must be applied to allow administrators to authenticate directly to enable privilege mode via Telnet using a local username and password?
A. 1(config)#username admin R1(config-if)#line vty 0 4 R1(config-line)#password p@ss1234 R1(config-line)#transport input telnet
B. 1(config)#username admin privilege 15 secret p@ss1234 R1(config-if)#line vty 0 4 R1(config-line)#login local
C. 1(config)#username admin secret p@ss1234 R1(config-if)#line vty 0 4 R1(config-line)#login local R1(config)#enable secret p@ss1234
D. 1(config)#username admin R1(config-if)#line vty 0 4 R1(config-line)#password p@ss1234
View answer
Correct Answer: B
Question #27
Which effect does the aaa new-model configuration command have?
A. t enables AAA services on the device
B. t configures the device to connect to a RADIUS server for AAA
C. t associates a RADIUS server to the group
D. t configures a local user on the device
View answer
Correct Answer: A
Question #28
Refer to the exhibit. Which two events occur on the interface, if packets from an unknown Source address arrive after the interface learns the maximum number of secure MAC address? (Choose two.)
A. P SLA
B. yslog
C. etFlow
D. NMPv3
View answer
Correct Answer: AE
Question #29
Refer to the exhibit. Which two statements about the interface that generated the output are true? (Choose two.)
A. syslog message is generated when a violation occurs
B. ne secure MAC address is manually configured on the interface
C. ne secure MAC address is dynamically learned on the interface
D. ive secure MAC addresses are dynamically learned on the interface
View answer
Correct Answer: AC
Question #30
Refer to the exhibit. Which statement about the interface that generated the output is true?
A. he switch port remains administratively down until the interface is connected to another switch
B. ynamic ARP Inspection is disabled because the ARP ACL is missing
C. he switch port interface trust state becomes untrusted
D. he switch port remains down until it is configured to trust or untrust incoming packets
View answer
Correct Answer: B
Question #31
Refer to the exhibit. What is the effect of this configuration?
A. uthentication identifies and verifies a user who is attempting to access a system, and authorization controls the tasks the user performs
B. uthentication controls the system processes a user accesses, and authorization logs the activities the user initiates
C. uthentication verifies a username and password, and authorization handles the communication between the authentication agent and the user database
D. uthentication identifies a user who is attempting to access a system, and authorization validates the user's password
View answer
Correct Answer: C
Question #32
When configuring a WLAN with WPA2 PSK in the Cisco Wireless LAN Controller GUI, which two formats are available to select? (Choose two.)
A. ee Explanation section for answer
View answer
Correct Answer: BC
Question #33
DRAG DROP (Drag and Drop is not supported)Drag and drop the AAA functions from the left onto the correct AAA services on the right.Select and Place:
A. ser awareness
B. rute force attack
C. hysical access control
D. ocial engineering attack
View answer
Correct Answer: A
Question #34
DRAG DROP (Drag and Drop is not supported)Drag and drop the Cisco Wireless LAN Controller security settings from the left onto the correct security mechanism categories on the right.Select and Place:
A. ee Explanation section for answer
View answer
Correct Answer: A
Question #35
Which feature on the Cisco Wireless LAN Controller when enabled restricts management access from specific networks?
A. ACACS
B. PU ACL
C. lex ACL
D. ADIUS
View answer
Correct Answer: B
Question #36
Which set of actions satisfy the requirement for multifactor authentication?
A. he user enters a user name and password, and then re-enters the credentials on a second screen
B. he user swipes a key fob, then clicks through an email link
C. he user enters a user name and password, and then clicks a notification in an authentication app on a mobile device
D. he user enters a PIN into an RSA token, and then enters the displayed RSA key on a login screen
View answer
Correct Answer: C
Question #37
Which configuration is needed to generate an RSA key for SSH on a router?
A. onfigure VTY access
B. onfigure the version of SSH
C. ssign a DNS domain name
D. reate a user with a password
View answer
Correct Answer: C
Question #38
Refer to the exhibit. An extended ACL has been configured and applied to router R2. The configuration failed to work as intended.Which two changes stop outbound traffic on TCP ports 25 and 80 to 10.0.20.0/26 from the 10.0.10.0/26 subnet while still allowing all other traffic? (Choose two.)
A. EP
B. ES
C. C4
D. KIP
View answer
Correct Answer: AD
Question #39
An engineer must configure a WLAN using the strongest encryption type for WPA2-PSK. Which cipher fulfills the configuration requirement?
A. ee Explanation section for answer
View answer
Correct Answer: B
Question #40
While examining excessive traffic on the network, it is noted that all incoming packets on an interface appear to be allowed even though an IPv4 ACL is applied to the interface. Which two misconfigurations cause this behavior? (Choose two.)
A. estricts unauthorized users from viewing clear-text passwords in the running configuration
B. revents network administrators from configuring clear-text passwords
C. rotects the VLAN database from unauthorized PC connections on the switch
D. ncrypts the password exchange when a VPN tunnel is established
View answer
Correct Answer: BE
Question #41
The service password-encryption command is entered on a router. What is the effect of this configuration?
A. AE encryption
B. KIP encryption
C. crambled encryption key
D. ES encryption
View answer
Correct Answer: A
Question #42
Which WPA3 enhancement protects against hackers viewing traffic on the Wi-Fi network?
A. HCP client
B. ccess point
C. outer
D. C
View answer
Correct Answer: A
Question #43
Refer to the exhibit. An administrator configures four switches for local authentication using passwords that are stored as a cryptographic hash. The four switches must also support SSH access for administrators to manage the network infrastructure. Which switch is configured correctly to meet these requirements?
A. W1
B. W2
C. W3
D. W4
View answer
Correct Answer: C
Question #44
Refer to the exhibit. What is the effect of this configuration?
A. he switch discards all ingress ARP traffic with invalid MAC-to-IP address bindings
B. ll ARP packets are dropped by the switch
C. gress traffic is passed only if the destination is a DHCP server
D. ll ingress and egress traffic is dropped because the interface is untrusted
View answer
Correct Answer: A
Question #45
When a site-to-site VPN is used, which protocol is responsible for the transport of user data?
A. Psec
B. KEv1
C. D5
D. KEv2
View answer
Correct Answer: A
Question #46
Which type of wireless encryption is used for WPA2 in preshared key mode?
A. ES-128
B. KIP with RC4
C. ES-256
D. C4
View answer
Correct Answer: C
Question #47
DRAG DROP (Drag and Drop is not supported)Drag and drop the threat-mitigation techniques from the left onto the types of threat or attack they mitigate on the right.Select and Place:
A. ee Explanation section for answer
View answer
Correct Answer: A
Question #48
Which command prevents passwords from being stored in the configuration as plain text on a router or switch?
A. nable secret
B. nable password
C. ervice password-encryption
D. sername cisco password encrypt
View answer
Correct Answer: C
Question #49
Which goal is achieved by the implementation of private IPv4 addressing on a network?
A. rovides an added level of protection against Internet exposure
B. rovides a reduction in size of the forwarding table on network routers
C. llows communication across the Internet to other private networks
D. llows servers and workstations to communicate across public network boundaries
View answer
Correct Answer: A
Question #50
Which type of attack is mitigated by dynamic ARP inspection?
A. DoS
B. alware
C. an-in-the-middle
D. orm
View answer
Correct Answer: C
Question #51
What is a function of a remote access VPN?
A. stablishes a secure tunnel between two branch sites
B. ses cryptographic tunneling to protect the privacy of data for multiple users simultaneously
C. sed exclusively when a user is connected to a company's internal network
D. llows the users to access company internal network resources through a secure tunnel
View answer
Correct Answer: D
Question #52
Refer to the exhibit. A network administrator must permit SSH access to remotely manage routers in a network. The operations team resides on the 10.20.1.0/25 network. Which command will accomplish this task?
A. ccess-list 2699 permit udp 10
B. o access-list 2699 deny tcp any 10
C. ccess-list 2699 permit tcp any 10
D. o access-list 2699 deny ip any 10
View answer
Correct Answer: D
Question #53
A port security violation has occurred on a switch port due to the maximum MAC address count being exceeded. Which command must be configured to increment the security-violation count and forward an SNMP trap?
A. witchport port-security violation access
B. witchport port-security violation protect
C. witchport port-security violation restrict
D. witchport port-security violation shutdown
View answer
Correct Answer: C
Question #54
What is a practice that protects a network from VLAN hopping attacks?
A. nable dynamic ARP inspection
B. onfigure an ACL to prevent traffic from changing VLANs
C. hange native VLAN to an unused VLAN ID
D. mplement port security on internet-facing VLANs
View answer
Correct Answer: C
Question #55
Where does a switch maintain DHCP snooping information?
A. n the CAM table
B. n the frame forwarding database
C. n the MAC address table
D. n the binding database
View answer
Correct Answer: D
Question #56
A network administrator must configure SSH for remote access to router R1. The requirement is to use a public and private key pair to encrypt management traffic to and from the connecting client. Which configuration, when applied, meets the requirements?
A. 1#enable R1#configure terminal R1(config)#ip domain-name cisco
B. 1#enable R1#configure terminal R1(config)#ip domain-name cisco
C. 1#enable R1#configure terminal R1(config)#ip domain-name cisco
D. 1#enable R1#configure terminal R1(config)#ip domain-name cisco
View answer
Correct Answer: D
Question #57
When a WLAN with WPA2 PSK is configured in the Wireless LAN Controller GUI, which format is supported?
A. ecimal
B. SCII
C. nicode
D. ase64
View answer
Correct Answer: B
Question #58
Refer to the exhibit. A network administrator has been tasked with securing VTY access to a router. Which access-list entry accomplishes this task?
A. ccess-list 101 permit tcp 10
B. ccess-list 101 permit tcp 10
C. ccess-list 101 permit tcp 10
D. ccess-list 101 permit tcp 10
View answer
Correct Answer: D
Question #59
Which security program element involves installing badge readers on data-center doors to allow workers to enter and exit based on their job roles?
A. hysical access control
B. iometrics
C. ole-based access control
D. ultifactor authentication
View answer
Correct Answer: A
Question #60
Which function is performed by DHCP snooping?
A. istens to multicast traffic for packet forwarding
B. ate-limits certain traffic
C. ropagates VLAN information between switches
D. rovides DDoS mitigation
View answer
Correct Answer: B
Question #61
DRAG DROP (Drag and Drop is not supported)An engineer is configuring an encrypted password for the enable command on a router where the local user database has already been configured. Drag and drop the configuration commands from the left into the correct sequence on the right. Not all commands are used.Select and Place:
A. ee Explanation section for answer
View answer
Correct Answer: A
Question #62
Which protocol is used for secure remote CLI access?
A. elnet
B. TTP
C. TTPS
D. SH
View answer
Correct Answer: D
Question #63
Which implementation provides the strongest encryption combination for the wireless environment?
A. EP
B. PA + TKIP
C. PA + AES
D. PA2 + AES
View answer
Correct Answer: D
Question #64
What does physical access control regulate?
A. ccess to networking equipment and facilities
B. ccess to servers to prevent malicious activity
C. ccess to specific networks based on business function
D. ccess to computer networks and file systems
View answer
Correct Answer: A
Question #65
A network engineer is asked to configure VLANS 2, 3, and 4 for a new implementation. Some ports must be assigned to the new VLANS with unused ports remaining. Which action should be taken for the unused ports?
A. onfigure in a nondefault native VLAN
B. onfigure ports in the native VLAN
C. onfigure ports in a black hole VLAN
D. onfigure ports as access ports
View answer
Correct Answer: C
Question #66
When a WPA2-PSK WLAN is configured in the Wireless LAN Controller, what is the minimum number of characters that is required in ASCII format?
A.
B.
C. 2
D. 8
View answer
Correct Answer: B
Question #67
What mechanism carries multicast traffic between remote sites and supports encryption?
A. SATAP
B. Psec over ISATAP
C. RE
D. RE over IPsec
View answer
Correct Answer: D
Question #68
Refer to the exhibit. An access-list is required to permit traffic from any host on interface Gi0/0 and deny traffic from interface Gi0/1. Which access list must be applied?
A. p access-list standard 99 permit 10
B. p access-list standard 99 permit 10
C. p access-list standard 199 permit 10
D. p access-list standard 199 permit 10
View answer
Correct Answer: A
Question #69
Refer to the exhibit. Which two commands must be configured on router R1 to enable the router to accept secure remote-access connections? (Choose two.)
A. uthorization
B. uthentication
C. ccounting
D. onfidentiality
View answer
Correct Answer: BC
Question #70
Which action implements physical access control as part of the security program of an organization?
A. etting up IP cameras to monitor key infrastructure
B. onfiguring a password for the console port
C. acking up syslogs at a remote location
D. onfiguring enable passwords on network devices
View answer
Correct Answer: B
Question #71
Which field within the access-request packet is encrypted by RADIUS?
A. uthorized services
B. assword
C. uthenticator
D. sername
View answer
Correct Answer: B
Question #72
A Cisco engineer is configuring a factory-default router with these three passwords:-The user EXEC password for console access is p4ssw0rd1.-The user EXEC password for Telnet access is s3cr3t2.-The password for privileged EXEC mode is priv4t3p4ss.Which command sequence must the engineer configure?
A. nable secret priv4t3p4ss ! line con 0 password p4ssw0rd1 ! line vty 0 15 password s3cr3t2
B. nable secret priv4t3p4ss ! line con 0 password p4ssw0rd1 login ! line vty 0 15 password s3cr3t2 login
C. nable secret priv4t3p4ss ! line con 0 password login p4ssw0rd1 ! line vty 0 15 password login s3cr3t2 login
D. nable secret privilege 15 priv4t3p4ss ! line con 0 password p4ssw0rd1 login ! line vty 0 15 password s3cr3t2 login
View answer
Correct Answer: D
Question #73
Refer to the exhibit. An access list is created to deny Telnet access from host PC-1 to RTR-1 and allow access from all other hosts. A Telnet attempt from PC-2 gives this message: "% Connection refused by remote host." Without allowing Telnet access from PC-1, which action must be taken to permit the traffic?
A. dd the access-list 10 permit any command to the configuration
B. emove the access-class 10 in command from line vty 0 4
C. dd the ip access-group 10 out command to interface g0/0
D. emove the password command from line vty 0 4
View answer
Correct Answer: A
Question #74
DRAG DROP (Drag and Drop is not supported)An engineer is tasked to configure a switch with port security to ensure devices that forward unicasts, multicasts, and broadcasts are unable to flood the port. The port must be configured to permit only two random MAC addresses at a time. Drag and drop the required configuration commands from the left onto the sequence on the right. Not all commands are used.Select and Place:
A. ee Explanation section for answer
View answer
Correct Answer: A
Question #75
What is a function of Opportunistic Wireless Encryption in an environment?
A. rovide authentication
B. rotect traffic on open networks
C. ffer compression
D. ncrease security by using a WEP connection
View answer
Correct Answer: B
Question #76
DRAG DROP (Drag and Drop is not supported)Drag and drop the AAA features from the left onto the corresponding AAA security services on the right. Not all options are used.Select and Place:
A. ee Explanation section for answer
View answer
Correct Answer: A
Question #77
Refer to the exhibit. Clients on the WLAN are required to use 802.11r. What action must be taken to meet the requirement?
A. nder Protected Management Frames, set the PMF option to Required
B. nable CCKM under Authentication Key Management
C. et the Fast Transition option and the WPA gtk-randomize State to disable
D. et the Fast Transition option to Enable and enable FT 802
View answer
Correct Answer: D
Question #78
Refer to the exhibit. What must be configured to enable 802.11w on the WLAN?
A. et Fast Transition to Enabled
B. nable WPA Policy
C. et PMF to Required
D. nable MAC Filtering
View answer
Correct Answer: B
Question #79
Which encryption method is used by WPA3?
A. KIP
B. ES
C. AE
D. SK
View answer
Correct Answer: C
Question #80
Which type of traffic is sent with pure IPsec?
A. ulticast traffic from a server at one site to hosts at another location
B. roadcast packets from a switch that is attempting to locate a MAC address at one of several remote sites
C. nicast messages from a host at a remote site to a server at headquarters
D. panning-tree updates between switches that are at two different sites
View answer
Correct Answer: C
Question #81
How does authentication differ from authorization?
A. uthentication is used to record what resource a user accesses, and authorization is used to determine what resources a user can access
B. uthentication verifies the identity of a person accessing a network, and authorization determines what resource a user can access
C. uthentication is used to determine what resources a user is allowed to access, and authorization is used to track what equipment is allowed access to the network
D. uthentication is used to verify a person's identity, and authorization is used to create syslog messages for logins
View answer
Correct Answer: B
Question #82
An engineer has configured the domain name, user name, and password on the local router. What is the next step to complete the configuration for a Secure Shell access RSA key?
A. rypto key import rsa pem
B. rypto key generate rsa
C. rypto key zeroize rsa
D. rypto key pubkey-chain rsa
View answer
Correct Answer: B
Question #83
Which type if network attack overwhelms the target server by sending multiple packets to a port until the half-open TCP resources of the target are exhausted?
A. YN flood
B. eflection
C. eardrop
D. mplification
View answer
Correct Answer: A
Question #84
Which two components comprise part of a PKI? (Choose two.)
A. ee Explanation section for answer
View answer
Correct Answer: CD
Question #85
After a recent security breach and a RADIUS failure, an engineer must secure the console port of each enterprise router with a local username and password.Which configuration must the engineer apply to accomplish this task?
A. aa new-model line con 0 password plaintextpassword privilege level 15
B. aa new-model aaa authorization exec default local aaa authentication login default radius username localuser privilege 15 secret plaintextpassword
C. sername localuser secret plaintextpassword line con 0 no login local privilege level 15
D. sername localuser secret plaintextpassword line con 0 login authentication default privilege level 15
View answer
Correct Answer: A
Question #86
Which wireless security protocol relies on Perfect Forward Secrecy?
A. EP
B. PA2
C. PA
D. PA3
View answer
Correct Answer: A
Question #87
What is a zero-day exploit?
A. t is when the network is saturated with malicious traffic that overloads resources and bandwidth
B. t is when an attacker inserts malicious code into a SQL server
C. t is when a new network vulnerability is discovered before a fix is available
D. t is when the perpetrator inserts itself in a conversation between two parties and captures or alters data
View answer
Correct Answer: C
Question #88
What are two examples of multifactor authentication? (Choose two.)
A. onsumption-based billing
B. dentity verification
C. ser-activity logging
D. ervice limitations
View answer
Correct Answer: BC
Question #89
Which characteristic differentiates the concept of authentication from authorization and accounting?
A. nspecting specific files and file types for malware
B. uthorizing potentially compromised wireless traffic
C. uthenticating end users
D. RL filtering
View answer
Correct Answer: B
Question #90
What is a function of Cisco Advanced Malware Protection for a Next-Generation IPS?
A. KIP/MIC encryption
B. mall Wi-Fi application
C. reshared key
D. 02
View answer
Correct Answer: A
Question #91
Which two practices are recommended for an acceptable security posture in a network? (Choose two.)
A. t uses SAE for authentication
B. t uses RC4 for encryption
C. t uses TKIP for encryption
D. t uses a 4-way handshake for authentication
View answer
Correct Answer: DE
Question #92
How does WPA3 improve security?
A. orrelates user activity with network events
B. erves as a controller within a controller-based network
C. ntegrates with a RADIUS server to enforce Layer 2 device authentication rules
D. akes forwarding decisions based on learned MAC addresses
View answer
Correct Answer: A
Question #93
What is a function of a Next-Generation IPS?
A. ee Explanation section for answer
View answer
Correct Answer: A
Question #94
DRAG DROP (Drag and Drop is not supported)Drag and drop the elements of a security program from the left onto the corresponding descriptions on the right.Select and Place:
A. ee Explanation section for answer
View answer
Correct Answer: A
Question #95
Which IPsec transport mode encrypts the IP header and the payload?
A. ipe
B. ransport
C. ontrol
D. unnel
View answer
Correct Answer: D
Question #96
What is the default port-security behavior on a trunk link?
A. t places the port in the err-disabled state if it learns more than one MAC address
B. t causes a network loop when a violation occurs
C. t disables the native VLAN configuration as soon as port security is enabled
D. t places the port in the err-disabled state after 10 MAC addresses are statically configured
View answer
Correct Answer: A
Question #97
Which device separates networks by security domains?
A. ntrusion protection system
B. irewall
C. ireless controller
D. ccess point
View answer
Correct Answer: B
Question #98
How are VLAN hopping attacks mitigated?
A. anually implement trunk ports and disable DTP
B. onfigure extended VLANs
C. ctivate all ports and place in the default VLAN
D. nable dynamic ARP inspection
View answer
Correct Answer: A
Question #99
Which enhancements were implemented as part of WPA3?
A. orward secrecy and SAE in personal mode for secure initial key exchange
B. 02
C. ES-64 in personal mode and AES-128 in enterprise mode
D. KIP encryption improving WEP and per-packet keying
View answer
Correct Answer: A
Question #100
When a site-to-site VPN is configured which IPsec mode provides encapsulation and encryption of the entire original IP packet?
A. Psec transport mode with AH
B. Psec tunnel mode with AH
C. Psec transport mode with ESP
D. Psec tunnel mode with ESP
View answer
Correct Answer: D
Question #101
An engineer is configuring remote access to a router from IP subnet 10.139.58.0/28. The domain name, crypto keys, and SSH have been configured. Which configuration enables the traffic on the destination router?
A. ine vty 0 15 access-class 120 in ! ip access-list extended 120 permit tcp 10
B. nterface FastEthernet0/0 ip address 10
C. nterface FastEthernet0/0 ip address 10
D. ine vty 0 15 access-group 120 in ! ip access-list extended 120 permit tcp 10
View answer
Correct Answer: A
Question #102
In an SDN architecture, which function of a network node is centralized on a controller?
A. reates the IP routing table
B. iscards a message due filtering
C. akes a routing decision
D. rovides protocol access for remote access devices
View answer
Correct Answer: C
Question #103
Which management security process is invoked when a user logs in to a network device using their username and password?
A. uthentication
B. uditing
C. ccounting
D. uthorization
View answer
Correct Answer: A
Question #104
Refer to the exhibit. What are the two steps an engineer must take to provide the highest encryption and authentication using domain credentials from LDAP?(Choose two.)
A. mploys PKI to identify access points
B. pplies 802
C. ses TKIP
D. rotects against brute force attacks
View answer
Correct Answer: CD
Question #105
DRAG DROP (Drag and Drop is not supported)Drag and drop the Cisco IOS attack mitigation features from the left onto the types of network attack they mitigate on the right.Select and Place:
A. ee Explanation section for answer
View answer
Correct Answer: A
Question #106
Refer to the exhibit. SW1 supports connectivity for a lobby conference room and must be secured. The engineer must limit the connectivity from PC1 to the SW1 and SW2 network.The MAC addresses allowed must be limited to two. Which configuration secures the conference room connectivity?
A. nterface gi1/0/15 switchport port-security switchport port-security maximum 2
B. nterface gi1/0/15 switchport port-security switchport port-security mac-address 0000
C. nterface gi1/0/15 switchport port-security mac-address 0000
D. nterface gi1/0/15 switchport port-security mac-address 0000
View answer
Correct Answer: A
Question #107
Refer to the exhibit. An engineer is updating the management access configuration of switch SW1 to allow secured, encrypted remote configuration. Which two commands or command sequences must the engineer apply to the switch? (Choose two.)
A. estrict
B. hutdown
C. rotect
D. hutdown VLAN
View answer
Correct Answer: AC
Question #108
A customer wants to provide wireless access to contractors using a guest portal on Cisco ISE. The portal is also used by employees. A solution is implemented, but contractors receive a certificate error when they attempt to access the portal. Employees can access the portal without any errors. Which change must be implemented to allow the contractors and employees to access the portal?
A. nstall an Internal CA signed certificate on the Cisco ISE
B. nstall a trusted third-party certificate on the Cisco ISE
C. nstall an internal CA signed certificate on the contractor devices
D. nstall a trusted third-party certificate on the contractor devices
View answer
Correct Answer: B
Question #109
Which two wireless security standards use counter mode cipher block chaining Message Authentication Code Protocol for encryption and data integrity? (Choose two.)
A. CMP128
B. CMP256
C. CMP256
D. CMP128
View answer
Correct Answer: BD
Question #110
A network engineer is implementing a corporate SSID for WPA3-Personal security with a PSK. Which encryption cipher must be configured?
A. mplement port security on internet-facing VLANs
B. nable dynamic ARP inspection
C. ssign all access ports to VLANs other than the native VLAN
D. onfigure an ACL to prevent traffic from changing VLANs
View answer
Correct Answer: A
Question #111
An administrator must use the password complexity not manufacturer-name command to prevent users from adding `Cisco` as a password. Which command must be issued before this command?
A. ogin authentication my-auth-list
B. ervice password-encryption
C. assword complexity enable
D. onfreg 0x2142
View answer
Correct Answer: C
Question #112
An organization has decided to start using cloud-provided services. Which cloud service allows the organization to install its own operating system on a virtual machine?
A. latform-as-a-service
B. etwork-as-a-service
C. oftware-as-a-service
D. nfrastructure-as-a-service
View answer
Correct Answer: D
Question #113
How do traditional campus device management and Cisco DNA Center device management differ in regards to deployment?
A. raditional campus device management allows a network to scale more quickly than with Cisco DNA Center device management
B. isco DNA Center device management can deploy a network more quickly than traditional campus device management
C. isco DNA Center device management can be implemented at a lower cost than most traditional campus device management options
D. raditional campus device management schemes can typically deploy patches and updates more quickly than Cisco DNA Center device management
View answer
Correct Answer: B
Question #114
Which purpose does a northbound API serve in a controller-based networking architecture?
A. acilitates communication between the controller and the applications
B. eports device errors to a controller
C. enerates statistics for network hardware and traffic
D. ommunicates between the controller and the physical network hardware
View answer
Correct Answer: A
Question #115
What benefit does controller-based networking provide versus traditional networking?
A. llows configuration and monitoring of the network from one centralized point
B. rovides an added layer of security to protect from DDoS attacks
C. ombines control and data plane functionality on a single device to minimize latency
D. oves from a two-tier to a three-tier network architecture to provide maximum redundancy
View answer
Correct Answer: A
Question #116
What is an advantage of Cisco DNA Center versus traditional campus device management?
A. t is designed primarily to provide network assurance
B. t supports numerous extensibility options, including cross-domain adapters and third-party SDKs
C. t supports high availability for management functions when operating in cluster mode
D. t enables easy autodiscovery of network elements in a brownfield deployment
View answer
Correct Answer: B
Question #117
DRAG DROP (Drag and Drop is not supported)Drag and drop the characteristics of networking from the left onto the correct networking types on the right.Select and Place:
A. ee Explanation section for answer
View answer
Correct Answer: A
Question #118
How does Cisco DNA Center gather data from the network?
A. evices use the call-home protocol to periodically send data to the controller
B. evices establish an IPsec tunnel to exchange data with the controller
C. he Cisco CLI Analyzer tool gathers data from each licensed network device and streams it to the controller
D. etwork devices use different services like SNMP, syslog, and streaming telemetry to send data to the controller
View answer
Correct Answer: D
Question #119
Which statement compares traditional networks and controller-based networks?
A. nly controller-based networks decouple the control plane and the data plane
B. raditional and controller-based networks abstract policies from device configurations
C. nly traditional networks natively support centralized management
D. nly traditional networks offer a centralized control plane
View answer
Correct Answer: A
Question #120
Which output displays a JSON data representation?
A. ee Explanation section for answer
View answer
Correct Answer: C
Question #121
DRAG DROP (Drag and Drop is not supported)Drag and drop the descriptions of device management from the left onto the types of device management on the right.Select and Place:
A. ee Explanation section for answer
View answer
Correct Answer: A
Question #122
What software-defined architecture plane assists network devices with making packet-forwarding decisions by providing Layer 2 reachability and Layer 3 routing information?
A. anagement plane
B. ontrol plane
C. ata plane
D. olicy plane
View answer
Correct Answer: B
Question #123
What are two benefits of controller-based networking compared to traditional networking? (Choose two.)
A. orthbound API
B. EST API
C. OAP API
D. outhbound API
View answer
Correct Answer: BD
Question #124
DRAG DROP (Drag and Drop is not supported)Drag and drop the AAA terms from the left onto the descriptions on the right.Select and Place:
A. ee Explanation section for answer
View answer
Correct Answer: A
Question #125
Which option about JSON is true?
A. ses predefined tags or angle brackets () to delimit markup text
B. sed to describe structured data that includes arrays
C. sed for storing information
D. imilar to HTML, it is more verbose than XML
View answer
Correct Answer: B
Question #126
Which option best describes an API?
A. contract that describes how various components communicate and exchange data with each other
B. n architectural style (versus a protocol) for designing applications
C. stateless client-server model
D. equest a certain type of data by specifying the URL path that models the data
View answer
Correct Answer: A
Question #127
DRAG DROP (Drag and Drop is not supported)Drag and drop the characteristics of a cloud environment from the left onto the correct examples on the right.Select and Place:
A. ee Explanation section for answer
View answer
Correct Answer: A
Question #128
Which of the following is the JSON encoding of a dictionary or hash?
A. “key”: “value”}
B. “key”, “value”]
C. “key”, “value”}
D. “key”: “value”)
View answer
Correct Answer: A
Question #129
Which role does a hypervisor provide for each virtual machine in server virtualization?
A. nfrastructure-as-a-service
B. oftware-as-a-service
C. ontrol and distribution of physical resources
D. ervices as a hardware controller
View answer
Correct Answer: C
Question #130
What is the function of a server?
A. t transmits packets between hosts in the same broadcast domain
B. t provides shared applications to end users
C. t routes traffic between Layer 3 devices
D. t creates security zones between trusted and untrusted networks
View answer
Correct Answer: B
Question #131
Which CRUD operation modifies an existing table or view?
A. ead
B. pdate
C. eplace
D. reate
View answer
Correct Answer: B
Question #132
In software-defined architectures, which plane is distributed and responsible for traffic forwarding?
A. anagement plane
B. olicy plane
C. ata plane
D. ontrol plane
View answer
Correct Answer: C
Question #133
Refer to the exhibit. Which type of configuration is represented in the output?
A. nsible
B. SON
C. hef
D. uppet
View answer
Correct Answer: D
Question #134
Which configuration management mechanism uses TCP port 22 by default when communicating with managed nodes?
A. nsible
B. ython
C. uppet
D. hef
View answer
Correct Answer: A
Question #135
What does an SDN controller use as a communication protocol to relay forwarding changes to a southbound API?
A. ava
B. EST
C. penFlow
D. ML
View answer
Correct Answer: C
Question #136
What uses HTTP messages to transfer data to applications residing on different hosts?
A. penStack
B. pFlex
C. EST
D. penFlow
View answer
Correct Answer: C
Question #137
Which JSON data type is an unordered set of attribute-value pairs?
A. tring
B. rray
C. oolean
D. bject
View answer
Correct Answer: D
Question #138
Which protocol is used in Software Defined Access (SDA) to provide a tunnel between two edge nodes in different fabrics?
A. eneric Router Encapsulation (GRE)
B. irtual Local Area Network (VLAN)
C. irtual Extensible LAN (VXLAN)
D. oint-to-Point Protocol (PPP)
View answer
Correct Answer: C
Question #139
Which plane is centralized by an SDN controller?
A. anagement-plane
B. ata-plane
C. ervices-plane
D. ontrol-plane
View answer
Correct Answer: D
Question #140
Where is the interface between the control plane and data plane within the software-defined architecture?
A. pplication layer and the management layer
B. pplication layer and the infrastructure layer
C. ontrol layer and the application layer
D. ontrol layer and the infrastructure layer
View answer
Correct Answer: D
Question #141
Why would a network administrator choose to implement automation in a network environment?
A. o simplify the process of maintaining a consistent configuration state across all devices
B. o centralize device information storage
C. o implement centralized user account management
D. o deploy the management plane separately from the rest of the network
View answer
Correct Answer: A
Question #142
In software-defined architecture, which plane handles switching for traffic through a Cisco router?
A. ontrol
B. ata
C. anagement
D. pplication
View answer
Correct Answer: B
Question #143
What are two southbound APIs? (Choose two.)
A. ts modular design allows the implementation of different versions to meet the specific needs of an organization
B. t only supports auto-discovery of network elements in a greenfield deployment
C. t omits support high availability of management functions when operating in cluster mode
D. t abstracts policy from the actual device configuration
View answer
Correct Answer: DE
Question #144
What makes Cisco DNA Center different from traditional network management applications and their management of networks?
A. outhbound
B. verlay
C. orthbound
D. nderlay
View answer
Correct Answer: D
Question #145
DRAG DROP (Drag and Drop is not supported)Drag and drop the statements about networking from the left onto the corresponding networking types on the right.Select and Place:
A. ee Explanation section for answer
View answer
Correct Answer: A
Question #146
Refer to the exhibit. What is represented beginning with line 1 and ending with line 5?
A. bject
B. alue
C. ey
D. rray
View answer
Correct Answer: A
Question #147
Which CRUD operation corresponds to the HTTP GET method?
A. reate
B. ead
C. elete
D. pdate
View answer
Correct Answer: B
Question #148
What differentiates device management enabled by Cisco DNA Center from traditional campus device management?
A. LI-oriented device
B. entralized
C. evice-by-device hands-on
D. er-device
View answer
Correct Answer: B
Question #149
DRAG DROP (Drag and Drop is not supported)Drag and drop the statements about networking from the left onto the corresponding networking types on the right.Select and Place:
A. ee Explanation section for answer
View answer
Correct Answer: A
Question #150
Which two REST API status-code classes represent errors? (Choose two.)
A. cable connected to a physical switch on the network
B. ireless to an access point that is physically connected to the network
C. virtual switch that links to an access point that is physically connected to the network
D. software switch on a hypervisor that is physically connected to the network
View answer
Correct Answer: DE
Question #151
How do servers connect to the network in a virtual environment?
A. orwarding packets
B. ulticast replication at the hardware level
C. aking routing decisions
D. ragmenting and reassembling packets
View answer
Correct Answer: D
Question #152
DRAG DROP (Drag and Drop is not supported)Drag and drop the HTTP methods used with REST-based APIs from the left onto the descriptions on the right.Select and Place:
A. ee Explanation section for answer
View answer
Correct Answer: A
Question #153
What is a function of a southbound API?
A. se orchestration to provision a virtual server configuration from a web server
B. utomate configuration changes between a server and a switching fabric
C. anage flow control between an SDN controller and a switching fabric
D. acilitate the information exchange between an SDN controller and application
View answer
Correct Answer: C
Question #154
Which script paradigm does Puppet use?
A. ecipes and cookbooks
B. laybooks and roles
C. trings and marionettes
D. anifests and modules
View answer
Correct Answer: D
Question #155
Which set of methods is supported with the REST API?
A. ET, PUT, ERASE, CHANGE
B. ET, POST, MOD, ERASE
C. ET, PUT, POST, DELETE
D. ET, POST, ERASE, CHANGE
View answer
Correct Answer: C
Question #156
Which technology is appropriate for communication between an SDN controller end applications running over the network?
A. outhbound API
B. EST API
C. ETCONF
D. penFlow
View answer
Correct Answer: D
Question #157
DRAG DROP (Drag and Drop is not supported)Drag and drop each characteristic of device-management technologies from the left onto the deployment type on the right.Select and Place:
A. ee Explanation section for answer
View answer
Correct Answer: A
Question #158
What is the function of `off-the-shelf` switches in a controller-based network?
A. etting packet-handling policies
B. orwarding packets
C. roviding a central view of the deployed network
D. aking routing decisions
View answer
Correct Answer: B
Question #159
Which REST method updates an object in the Cisco DNA Center Intent API?
A. HANGE
B. PDATE
C. OST
D. UT
View answer
Correct Answer: D
Question #160
Refer to the exhibit. How many JSON objects are represented?
A.
B.
C.
D.
View answer
Correct Answer: D
Question #161
Which definition describes JWT in regard to REST API security?
A. n encrypted JSON token that is used for authentication
B. n encrypted JSON token that is used for authorization
C. n encoded JSON token that is used to securely exchange information
D. n encoded JSON token that is used for authentication
View answer
Correct Answer: C
Question #162
Refer to the exhibit. What is identified by the word `switch` within line 2 of the JSON Schema?
A. rray
B. alue
C. bject
D. ey
View answer
Correct Answer: D
Question #163
Refer to the exhibit. Which type of JSON data is shown?
A. oolean
B. rray
C. ey
D. bject
View answer
Correct Answer: D
Question #164
DRAG DROP (Drag and Drop is not supported)Drag and drop the characteristics from the left onto the technology types on the right.Select and Place:
A. ee Explanation section for answer
View answer
Correct Answer: A
Question #165
Which communication interaction takes place when a southbound API is used?
A. etween the SDN controller and PCs on the network
B. etween the SDN controller and switches and routers on the network
C. etween the SDN controller and services and applications on the network
D. etween network applications and switches and routers on the network
View answer
Correct Answer: B
Question #166
What are two characteristics of a public cloud implementation? (Choose two.)
A. ee Explanation section for answer
View answer
Correct Answer: AC
Question #167
DRAG DROP (Drag and Drop is not supported)Drag and drop the REST API call methods for HTTP from the left onto the actions they perform on the right. Not all methods are used.Select and Place:
A. ee Explanation section for answer
View answer
Correct Answer: A
Question #168
DRAG DROP (Drag and Drop is not supported)Drag and drop the REST principles from the left onto their definitions on the right.Select and Place:
A. ee Explanation section for answer
View answer
Correct Answer: A
Question #169
DRAG DROP (Drag and Drop is not supported)Drag and drop the Ansible terms from the left onto the right.Select and Place:
A. ee Explanation section for answer
View answer
Correct Answer: A
Question #170
Refer to the exhibit. How many objects keys, and JSON list values are present?
A. hree objects, two keys, and three JSON list values
B. hree objects, three keys, and two JSON list values
C. ne object, three keys, and three JSON list values
D. ne object, three keys, and two JSON list values
View answer
Correct Answer: B
Question #171
Which two primary drivers support the need for network automation? (Choose two.)
A. distributed management plane must be used
B. omplexity increases when new device configurations are added
C. ustom applications are needed to configure network devices
D. oftware upgrades are performed from a central controller
View answer
Correct Answer: CE
Question #172
What is an expected outcome when network management automation is deployed?
A. bject
B. alue
C. ey
D. rray
View answer
Correct Answer: D
Question #173
Refer to the exhibit. What is represented by `R1` and `SW1` within the JSON output?
A. ee Explanation section for answer
View answer
Correct Answer: B
Question #174
Which HTTP status code is returned after a successful REST API request?
A. 00
B. 01
C. 04
D. 00
View answer
Correct Answer: A
Question #175
With REST API, which standard HTTP header tells a server which media type is expected by the client?
A. ccept-Encoding: gzip
B. ccept-Patch: text/example; charset=utf-8
C. ontent-Type: application/json; charset=utf-8
D. ccept: application/json
View answer
Correct Answer: D
Question #176
Refer to the exhibit. How many objects are present in the given JSON-encoded data?
A. ne
B. our
C. even
D. ine
View answer
Correct Answer: C
Question #177
What is the purpose of the Cisco DNA Center controller?
A. o securely manage and deploy network devices
B. o scan a network and generate a Layer 2 network diagram
C. o secure physical access to a data center
D. o provide Layer 3 services to autonomous access points
View answer
Correct Answer: A

View The Updated CCNA Exam Questions

SPOTO Provides 100% Real CCNA Exam Questions for You to Pass Your CCNA Exam!

View Answers after Submission

Please submit your email and WhatsApp to get the answers of questions.

Note: Please make sure your email ID and Whatsapp are valid so that you can get the correct exam results.

Email:
Whatsapp/phone number: