Download CCNA 200-301 Complete Exam Study Guide Questions and Answers and more Exams Computer Networks in PDF only on Docsity!
CCNA 200- 301 COMPLETE EXAM STUDY GUIDE QUESTIONS
WITH THE BEST SCORES 2025
AAA stands for authentication, authorization, and accounting. -- Answer ✔✔ True Which effect does the aaa new-model configuration command have? -- Answer ✔✔ It enables AAA services on the device. What is the primary difference between AAA authentication and authorization? -- Answer ✔✔ Authentication identifies and verifies a user who is attempting to access a system, and authorization controls the tasks the user can perform. (Exhibit which password must an engineer use to enter the enable mode?) -- Answer ✔✔ testing What is a difference between RADIUS and TACACS+? -- Answer ✔✔ TACACS+ separates authentication and authorization, and RADIUS merges them How do AAA operations compare regarding user identification, user services and access control? -- Answer ✔✔ Authentication identifies users and accounting tracks user services An email user has been lured into clicking a link in an email sent by their company's security organization. The webpage that opens reports that it was safe but the link could have contained malicious code. Which type of security program is in place? -- Answer ✔✔ user awareness An engineer is asked to protect unused ports that are configured in the default VLAN on a switch. Which two steps will fulfill the request? -- Answer ✔✔ Administratively shut down the ports. Configure the port type as access and place in VLAN 99.
Which configuration is needed to generate an RSA key for SSH on a router? -- Answer ✔✔ Assign a DNS domain name Which two conditions must be met before SSH can operate normally on a Cisco IOS switch? -- Answer ✔✔ The switch must be running a k9 (crypto) IOS image. The ip domain-name command must be configured on the switch. When a site-to-site VPN is used, which protocol is responsible for the transport of user data? -- Answer ✔✔ IPsec Which set of action satisfy the requirement for multi-factor authentication? -- Answer ✔✔ The user enters a user name and password, and then clicks a notification in an authentication app on a mobile device. Which two statements about the purpose of the OSI model are accurate? -- Answer ✔✔ Defines the network functions that occur at each layer. Facilitates an understanding of how information travels throughout a network. What is the default behavior of a Layer 2 switch when a frame with an unknown destination MAC address is received? -- Answer ✔✔ The Layer 2 switch floods packets to all ports except the receiving port in the given VLAN. What is the destination MAC address of a broadcast frame? -- Answer ✔✔ ff:ff:ff:ff:ff:ff Which action is taken by a switch port enabled for PoE power classification override? -- Answer ✔✔ If a monitored port exceeds the maximum administrative value for power, the port is shutdown and err-disabled. In which way does a spine and-leaf architecture allow for scalability in a network when additional access ports are required? -- Answer ✔✔ A leaf switch can be added with connections to every spine switch. A frame that enters a switch fails the Frame Check Sequence. Which two interface counters are incremented? -- Answer ✔✔ CRC, Input Errors
What is the name of the layer in the Cisco borderless switched network design that is considered to be the backbone used for high-speed connectivity and fault isolation? -- Answer ✔✔ Core A company needs to interconnect several branch offices across a metropolitan area. The network engineer is seeking a solution that provides high-speed converged traffic, including voice, video, and data on the same network infrastructure. The company also wants easy integration to their existing LAN infrastructure in their office locations. Which technology should be recommended? -- Answer ✔✔ Ethernet WAN Which two WAN architecture options help a business improve scalability and reliability for the network? -- Answer ✔✔ Dynamic Routing Dual-homed Branches Which WAN access technology is preferred for a small office / home office architecture? -- Answer ✔✔ Broadband cable access Which two functions are performed by the core layer in a three-tier architecture? -- Answer ✔✔ Provide uninterrupted forwarding service. Ensure timely data transfer between layers. Which function is performed by the collapsed core layer in a two-tier architecture? -- Answer ✔✔ Enforcing routing policies Which statement identifies the functionality of virtual machines? -- Answer ✔✔ The hypervisor can virtualize physical components including CPU, memory, and storage. An organization has decided to start using cloud-provided services. Which cloud service allows the organization to install its own operating system on a virtual machine? -- Answer ✔✔ Infrastructure-as-a-service Anycompany has decided to reduce its environmental footprint by reducing energy costs, moving to a smaller facility, and promoting telecommuting. What service or technology would support this requirement? -- Answer ✔✔ Cloud services
What are two fundamentals of virtualization? -- Answer ✔✔ It allows logical network devices to move traffic between virtual machines and the rest of the physical network. It allows multiple operating systems and applications to run independently on one physical server. What role does a hypervisor provide for each virtual machine in server virtualization? -- Answer ✔✔ Control and distribution of physical resources. A manager asks a network engineer to advise which cloud service models are used so employees do not have to waste their time installing, managing, and updating software which is only used occasionally. Which cloud service model does the engineer recommend? -- Answer ✔✔ software-as-a-service How can the Cisco Discovery Protocol be used? -- Answer ✔✔ To allow a switch to discover the devices that are connected to its ports, to determine the hardware platform of the device, and to determine the IP addresses of connected Cisco devices. (All) In a CDP environment, what happens when the CDP interface on an adjacent device is configured without an IP address? -- Answer ✔✔ CDP uses the IP address of another interface for that neighbor. Which command should you enter to configure an LLDP delay time of 5 seconds? -- Answer ✔✔ lldp reinit 5 Which command is used to enable LLDP globally on a Cisco IOS ISR? -- Answer ✔✔ lldp run (Exhibit how to get CDP codes) Capability Codes: k - Router, I - Trans Bridge, B - source Route bridge -- Answer ✔✔ show cdp neighbor Which command is used to specify the delay time in seconds for LLDP to initialize on any interface? -- Answer ✔✔ lldp reinit
(Exhibit network administrator wants VLAN 67 traffic to be untagged between SW1 and SW2 while all other VLANs remain tagged) -- Answer ✔✔ [set native VLAN] switchport trunk native vlan 67 (Exhibit a frame of VLAN1 of SW1 is sent to SW2 where the frame received on VLAN2, why?) -- Answer ✔✔ Native vlan mismatches (Exhibit which action is expected from SW1 when the untagged frame is received on the GigabitEthernet0/1 interface?) -- Answer ✔✔ The frame is processed in VLAN 5 (Exhibit a network administrator is configuring an EtherChannel between SW1 and SW2. SW1 configuration shown, what is correct for SW2?) -- Answer ✔✔ C. interface FastEthernet 0/ channel-group 1 mode desirable switchport trunk encapsulation dot1q switchport mode trunk ! interface FastEthernet 0/ channel-group 1 mode desirable switchport trunk encapsulation dot1q switchport mode trunk What occurs to frames during the process of frame flooding? -- Answer ✔✔ Frames are sent to every port on the switch in the same VLAN except from the originating port. (Exhibit an administrator is tasked with configuring a voice VLAN. What is the expected outcome when a Cisco phone is connected to the GigabitEthernet 3/1/4 port on a switch?) -- Answer ✔✔ The phone sends and receives data in VLAN 50 but a workstation connected to the phone sends and receives data in VLAN 1. (Exhibit what commands are needed to add a subinterface to Ethernet0/0 on R1 to allow for VLAN 20, with IP address 10.20.20.1/24) -- Answer ✔✔ R1 (config)#interface ethernet0/0. R1 (config)#encapsulation dot1q 20 R1(config)#ip address 10.20.20.1 255.255.255.
(Exhibit which outcome is expected when PC_A sends data to PC_B) -- Answer ✔✔ The source and destination MAC addresses remain the same. (Exhibit a network administrator assumes a task to complete the connectivity between PC A and the File Server. Switch A and Switch B have been partially configured with VLANs 10, 11, 12, and 13. What is the next step in the configuration? -- Answer ✔✔ Add VLAN 13 to the trunk links on Switch A and Switch B for VLAN propagation. An engineer must establish a trunk link between two switches. The neighboring switch is set to trunk or desirable mode. What action should be taken? -- Answer ✔✔ configure switchport mode dynamic desirable An engineer requires a scratch interface to actively attempt to establish a trunk link with a neighbor switch. What command must be configured? -- Answer ✔✔ switchport mode dynamic desirable An engineer must configure interswitch VLAN communication between a Cisco switch and a third-party switch. Which action should be taken? -- Answer ✔✔ configure IEEE 802.1q How does STP prevent forwarding loops at OSI Layer 2? -- Answer ✔✔ Port blocking What is the primary effect of the spanning-tree portfast command? -- Answer ✔✔ It minimizes spanning-tree convergence time Which result occurs when PortFast is enabled on an interface that is connected to another switch? -- Answer ✔✔ Spanning tree may fail to detect a switching loop in the network that causes broadcast storms. (Exhibit how does SW2 interact with other switches in this VTP domain?) -- Answer ✔✔ It forwards only the VTP advertisements that it receives on its trunk ports. (Exhibit what two conclusions should be made about this configuration, show spanning- tree vlan 30) -- Answer ✔✔ The spanning-tree mode is Rapid PVST+ The root port is FastEthernet 2/
(Exhibit show etherchannel summary) Which two commands were used to create port channel 10? -- Answer ✔✔ interface range g0/0- 1 channel-group 10 mode active interface range g0/0- 1 channel-group 10 mode passive Which two command sequences must you configure on a switch to establish a Layer 3 EtherChannel with an open-standard protocol? -- Answer ✔✔ interface GigabitEthernet0/0/ channel-group 10- mode active interface port-channel 10 no switchport ip address 172.16.0.1 255.255.255. What is the difference regarding reliability and communication type between TCP and UDP? -- Answer ✔✔ TCP is reliable and is a connection-oriented protocol, UDP is not reliable and is a connectionless protocol. How do TCP and UDP differ in the way they provide reliability for delivery of packets? -
- Answer ✔✔ TCP provides flow control to avoid overwhelming a receiver by sending too many packets at once, UDP sends packets to the receiver in a continuous stream without checking for sequencing. How do TCP and UDP differ in the way they guarantee packet delivery? -- Answer ✔✔ TCP uses checksum, acknowledgement, and retransmissions, and UDP uses checksums only. How do TCP and UDP differ in the way that they establish a connection between two endpoints? -- Answer ✔✔ TCP uses the three-way handshake and UDP does not guarantee message delivery. An engineer must configure a/30 subnet between two routers. Which usable IP address and subnet mask combination meets this criteria? -- Answer ✔✔ interface e0/ description to HQ-A371:
ip address 209.165.201.2 255.255.255. (Exhibit which statement explains the configuration error message that is received, #int GigEth 1/0/1) -- Answer ✔✔ It is a broadcast IP address Which network allows devices to communicate without the need to access the Internet? -- Answer ✔✔ 172.28.0.0/ Which function does the range of private IPv4 addresses perform? -- Answer ✔✔ Allows multiple companies to each use the same addresses without conflicts, (Exhibit an engineer must add a subnet for a new office that will add 20 users to the network. Which IPv4 network and subnet mask combination does the engineer assign to minimize wasting addresses?) -- Answer ✔✔ 10.10.225.32 255.255.255. A corporate office uses four floors in a building 1 - 24 2 - 29 3 - 28 4 - 22 Which subnet summarizes and gives the most efficient distribution of IP addresses for the router configuration? -- Answer ✔✔ 192.168.0.0/25 as summary and 192.168.0.0/ for each floor (Exhibit a network technician is asked to design a small network with redundancy. The exhibit represents this design, with all hosts configured in the same VLAN. What conclusions can be made about this design?) -- Answer ✔✔ The router will not accept the addressing scheme. Which goal is achieved by the implementation of private IPv4 addressing on a network? -
- Answer ✔✔ Provides an added level of protection against Internet exposure. An office has 8 floors with approximately 30-40 users per floor. What command must be configured on the router Switched Virtual Interface to use address space efficiently? -
- Answer ✔✔ ip address 192.168.0.0 255.255.255.
(Exhibit which prefix does Router 1 use for traffic to Host A) -- Answer ✔✔ 10.10.13.208/ Router A learns the same route from two different neighbors, one of the neighbor routers is an OSPF neighbor and the other is an EIGRP neighbor. What is the administrative distance of the route that will be installed in the routing table? -- Answer ✔✔ 90 (Exhibit how does router R1 handle traffic to 192.168.10.16) -- Answer ✔✔ It selects the RIP route because it has the longest prefix: inclusive of the destination address (Exhibit which path is used by the router for Internet traffic) -- Answer ✔✔ 0.0.0.0/ (Exhibit a router reserved these five routes from different routing information sources. Which two routes does the router install in its routing table?) -- Answer ✔✔ OSPF route 10.0.0.0/ EIGRP route 10.0.0.1/ A packet is destined for 10.10.1.22. Which static route does the router choose to forward the packet? -- Answer ✔✔ ip route 10.10.1.20 255.255.255.252 10.10.255. (Exhibit router R1 Fa0/0 cannot ping router R3 Fa0/1. Which action must be taken in router R1 to help resolve the configuration issue?) -- Answer ✔✔ Configure a static route with 10.10.10.2 as the next hop to reach the 20.20.20.0/24 network. (Exhibit router R1 is running three different routing protocols. Which route characteristic is used by the router to forward the packet that it receives for destination IP 172.16.32.1?) -- Answer ✔✔ longest prefix Router R1 must send all traffic without a matching routing-table entry to 192.168.1.1. Which configuration accomplishes this task? -- Answer ✔✔ R1#config t R1(config)#ip routing R1(config)#ip route 0.0.0.0 0.0.0.0 192.168.1. (Exhibit how does router R1 handle traffic to 192.168.12.16?) -- Answer ✔✔ It selects the RIP route because it has the longest prefix inclusive of the destination address.
R1 has learned route 10.10.10.0/24 via numerous routing protocols. Which route is installed? -- Answer ✔✔ Route with the lowest administrative distance. What are two reasons for an engineer to configure a floating static route? -- Answer ✔✔ To automatically route traffic on a secondary path when the primary path goes down. To enable fallback static routing when the dynamic routing protocol fails. (Exhibit a packet is being sent across router R1 to host 172.16.3.14. To which destination does the router send the packet?) -- Answer ✔✔ 207.165.200.254 via Serial0/0/ (Exhibit which route type is configured to reach the internet) -- Answer ✔✔ default route (Exhibit router R2 is configured with multiple routes to reach network 10.1.1.0/24 from router R1. What protocol is chosen by router R2 to reach the destination network 10.1.1.0/24? -- Answer ✔✔ static (Exhibit which command configures a floating static route to provide a backup to the primary link?) -- Answer ✔✔ ip route 209.165.200.224 255.255.255. 209.165.202.129. What is the purpose of the show ip ospf interface command? -- Answer ✔✔ displaying OSPF-related interface information When OSPF learns multiple paths to a network, how does it select a route? -- Answer ✔✔ It divides a reference bandwidth of 100Mbps by the actual bandwidth of the existing interface to calculate the router with the lowest cost. A user configured OSP and advertised the Gigabit Ethernet interface in OSPF. By default, which type of OSPF network does this interface belong to? -- Answer ✔✔ broadcast
(Exhibit which configuration issue is preventing the OSPF neighbor relationship from being established between the two routers?) -- Answer ✔✔ R1 interface Gi1/0 has a larger MTU size. Which two minimum parameters must be configured on an active interface to enable OSPFv2 to operate? -- Answer ✔✔ OSPF area OSPF process ID (Exhibit after the configuration is applied, the two routers fail to establish an OSPF neighbor relationship. What is the reason for the problem?) -- Answer ✔✔ Router2 is using the default hello timer. Which step in the link-state routing process is described by a router sending Hello packets out all of the OSPF-enabled interfaces? -- Answer ✔✔ Establishing neighbor adjacencies (Exhibit if the switch reboots and all routers have to re-establish OSPF adjacencies, which routers will become the new DR and BDR?) -- Answer ✔✔ Router R3 will become the DR and router R1 will become the BDR. (Exhibit what action establishes the OSPF neighbor relationship without forming an adjacency?) -- Answer ✔✔ Modify hello interval (?) (Exhibit what is the next hop address for traffic that is destined to host 10.0.1.5?) -- Answer ✔✔ 10.0.1. An engineer must configure an OSPF neighbor relationship between router R1 and R3. The authentication configuration has been configured and the connecting interfaces are in the same 192.168.1.0/30 subnet. What are the next two steps to complete the configuration? -- Answer ✔✔ Configure the interfaces as OSPF active on both sides. Configure both interfaces with the same area ID. A router running EIGRP has learned the same route from two different paths. Which parameter does the router use to select the best path? -- Answer ✔✔ metric
Which two actions influence the EIGRP route selection process? -- Answer ✔✔ The router calculates the best backup path to the destination route and assigns it as the feasible successor. The router calculates the feasible distance of all paths to the destination route. By default, how does EIGRP determine the metric of a route for the routing table? -- Answer ✔✔ IT uses the =bandwidth and delay values of the path to calculate the route metric. (Exhibit which route type does the routing protocol Code D represent in the output?) -
- Answer ✔✔ route learned through EIGRP. (D is EIGRP, E is EGP) Which statement about the nature of NAT overload is true? -- Answer ✔✔ Applies a one-to-many relationship to internal IP addresses (Exhibit an engineer configured NAT translations and has verified that the configuration is correct. Which IP address is the source IP?) -- Answer ✔✔ 172.23.103. Which keyword in a NAT configuration enables the use of one outside IP address for multiple inside hosts? -- Answer ✔✔ Overload Which type of address is the public IP address of a NAT device? -- Answer ✔✔ Inside Global (Exhibit router R1 is configured with static NAT. Addressing on the router and the web server are correctly configured, but there is no connectivity between the web server and users on the Internet. What is a possible reason for this lack of connectivity?) -- Answer ✔✔ The router NAT configuration has an incorrect inside local address. An engineer is configuring NAT to translate the source subnet of 10.10.0.0/24 to any of three addresses 192.168.3.1, 192.168.3.2, 192.168.3.3. Which configuration should be used?) -- Answer ✔✔ Option C (enable, conf t ip nat pool) Which command should you enter to configure a device as an NTP server? -- Answer ✔✔ ntp master
How does HSRP provide first hop redundancy? -- Answer ✔✔ It uses a shared virtual MAC and a virtual IP address to a group of routers that serve as the default gateway for hosts on a LAN What is the primary purpose of a First Hop Redundancy Protocol? -- Answer ✔✔ It reduces routing failures by allowing more than one router to represent itself, as the default gateway of a network. When the active router in an HSRP group fails, what router assumes the role and forwards packetrs? -- Answer ✔✔ standby (Exhibit a network engineer must block access for all computers on VLAN 20 to the web server via HTTP. All other computers must be able to access the web server. Which configuration when applied to switch A accomplishes this task?) -- Answer ✔✔ config t ip access-list extended wwwblock deny tcp any host 10.30.0.100 eq 80 permit ip any any int vlan 20 ip access-group wwwblock in (Exhibit an extended ACL has been configured and applied to router R2. The configuration failed to work as intended. Which two changes stop outbound traffic on TCP ports 25 and 80 to 10.0.20.0/26 from the 10.0.10.0/26 subnet while still allowing all other traffic?) -- Answer ✔✔ Add a "permit ip any any" statement at the end of ACL 101 for allowed traffic. The source and destination IPs must be swapped in ACL 101 While examining excessive traffic on the network, it is noted that all incoming packets on an interface appear to be allowed even though an IPv4 acl is applied to the interface. Which two misconfigurations cause this behavior? -- Answer ✔✔ A matching permit statement is too high in the access list. The ACL is empty.
(Exhibit what configuration on R1 denies SSH access from PC-1 to any R1 interface and allows all other traffic?) -- Answer ✔✔ access-list 100 deny tcp host 172.16.1.33 any eq 22 access-list 100 permit ip any any interface GigabitEthernet0/ ip access-group 100 in (Exhibit an administrator configures the following ACL in order to prevent devices on the 192.168.1.0 subnet from accessing the server at 10.1.1.5. Where should the administrator place this ACL for the most efficient use of network resources?) -- Answer ✔✔ inbound on router A Fa0/ (Exhibit which two configurations would be used to create and apply a standard access list on R1, so that only the 10.0.70.0/25 network devices are allowed to access the internal database server?) -- Answer ✔✔ A. R1(config)# interface GigabitEthernet0/ R1(config-if)# ip access-group 5 out R1(config)# access-list 5 permit 10.0.70.0 0.0.0. (Exhibit a network administrator must permit SSH access to remotely manage routers in a network. The operations team resides on the 10.20.1.0/25 network. Which command will accomplish this task? -- Answer ✔✔ no access-list 2699 deny ip any 10.20.1.0 0.0.0. Which command prevents password from being stored in the configuration as plaintext on a router or switch? -- Answer ✔✔ service password-encryption (Exhibit an administrator configures four switches for local authentication using passwords that are stored in a cryptographic hash. The four switches must also support SSH access for administrators to manage the network infrastructure. Which switch is configured correctly to meet these requirements? -- Answer ✔✔ SW3 (username admin1 secret) The service password-encryption command is entered on a router. What is the effect of this configuration? -- Answer ✔✔ restricts unauthorized users from viewing clear-text passwords in the running configuration
