Cisco Certified Network Associate (200-301 CCNA)

Number: 200-301
Passing Score: 825
Time Limit: 120 min
File Version: 1.0

Terakhir di update tanggal 26 Maret 2021 -SH

Exam A

QUESTION 1
A wireless administrator has configured a WLAN, however, the clients need access to a less congested 5-GHz network for their voice quality. What action must be taken to meet the
requirement?

A. enable RX-SOP
B. enable DTIM
C. enable Band Select
D. enable AAA override

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:

QUESTION 2
Which unified access point mode continues to serve wireless clients after losing connectivity to the Cisco Wireless LAN Controller?

A. sniffer
B. flexconnect
C. mesh
D. local

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 3
What is the same for both copper and fiber interfaces when using SFP modules?

A. They accommodate single-mode and multi-mode in a single module

B. They support an inline optical attenuator to enhance signal strength
C. They offer reliable bandwidth up to 100 Mbps in half duplex mode
D. They provide minimal interruption to services by being hot-swappable

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:

QUESTION 4
Refer to the exhibit. An administrator configures four switches for local authentication using passwords that are stored as a cryptographic hash. The four switches must also support SSH access for administrators to manage the network
infrastructure. Which switch is configured correctly to meet these requirements?

A. SW1
B. SW2
C. SW3
D. SW4

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:

QUESTION 5

Refer to the exhibit. An engineer is bringing up a new circuit to the MPLS provider on the Gi0/1 interface of Router1.The new circuit uses eBGP arms the route to VLAN25 from the BGP path. What is the expected behavior for the traffic flow for
route 10.10.13.0/25?

A. Traffic to 10.10.13.0/25 is asymmetrical.

B. Traffic to 10.10.13.0/25 is load balanced out of multiple interfaces
C. Route 10.10.13.0/25 is updated in the routing table as being learned from interface Gi0/1.
D. Route 10.10.13.0/25 learned via the Gi0/o interface remains in the routing table

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:

QUESTION 6
An organization secures its network with multi-factor authentication using an authenticator app on employee smartphones. How is the application secured in the case of a user's smartphone being lost or stolen?

A. The application requires the user to enter a PIN before it provides the second factor.
B. The application challenges a user by requiring an administrator password to reactivate when the smartphone is rebooted.
C. The application requires an administrator password to reactivate after a configured interval.
D. The application verifies that the user is in a specific location before it provides the second factor.

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 7

Refer to the exhibit. The default-information originate command is configured under the R1 OSPF configuration After testing, workstations or VLAN 20 at Site B cannot reach a DNS server on the internet Which action corrects the configuration
issue?

A. Configure the ip route 0.0.0.0 0.0.0.0 10.10.10.18 command on R1

B. Add the default-information originate command on R2
C. Add the always keyword to the default-information originate command on R1
D. Configure the ip route 0.0.0.0 0.0.0.0 10.10.10.2 command on R2

Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:

QUESTION 8
What is a DHCP client?

A. a workstation that requests a domain name associated with its IP address

B. a server that dynamically assigns IP addresses to hosts.
C. a host that is configured to request an IP address automatically
D. a router that statically assigns IP addresses to hosts.

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:

QUESTION 9
How does CAPWAP communicate between an access point in local mode and a WLC?

A. The access point must not be connected to the wired network, as it would create a loop.
B. The access point must be connected to the same switch as the WLC
C. The access point has the ability to link to any switch in the network, assuming connectivity to the WLC.
D. The access point must directly connect to the WLC using a copper cable.

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:

QUESTION 10
What are two benefits of network automation? (Choose two.)

A. fewer network failures

B. faster Changes with more reliable results
C. reduced operational costs
D. increased network security
E. reduced hardware footprint

Correct Answer: BC
Section: (none)
Explanation

Explanation/Reference:

QUESTION 11
The SW1 interface gO/1 is in the down/down state. Which two configurations are valid reasons for the interface condition? (Choose two.)

A. The interface is shut down.

B. The interface is error-disabled.
C. There is a duplex mismatch.
D. There is a protocol mismatch.
E. There is a speed mismatch.
Correct Answer: BE
Section: (none)
Explanation

Explanation/Reference:

QUESTION 12

Refer to the exhibit. An engineer must add a subnet for a new office that will add 20 users to the network. Which IPv4 network and subnet mask combination does the engineer assign to minimize wasting addresses?

A. 10.10.225.48 255.255.255.224
B. 10.10.225.32 255.255.255.240
C. 10.10.225.48 255.255.255.240
D. 10.10.225.32 255.255.255.224

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:

QUESTION 13
Which two tasks must be performed to configure NTP to a trusted server in client mode on a single network device? (Choose two.)

A. Verify the time zone.

B. Disable NTP broadcasts
C. Specify the IP address of the NTP server.
D. Set the NTP server private key.
E. Enable NTP authentication.

Correct Answer: CE
Section: (none)
Explanation

Explanation/Reference:

QUESTION 14
Which two actions influence the EIGRP route selection process? (Choose two.)

A. The advertised distance is calculated by a downstream neighbor to inform the local router of the bandwidth on the link.
B. The router calculates the feasible distance of all paths to the destination route.
C. The router calculates the reported distance by multiplying the delay on the exiting interface by 256.
D. The router calculates the best backup path to the destination route and assigns it as the feasible successor.
E. The router must use the advertised distance as the metric for any given route.

Correct Answer: BD
Section: (none)
Explanation

Explanation/Reference:

QUESTION 15

Refer to the exhibit. Based on the LACP neighbor status, in which mode is the SW1 port channel configured?

A. auto
B. mode on
C. active
D. passive

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:

QUESTION 16
Which command prevents passwords from being stored in the configuration as plain text on a router or switch?

A. username cisco password encrypt

B. service password-encryption
C. enable password
D. enable secret

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 17
Which design element is a best practice when deploying an 802.11b wireless infrastructure?

A. allocating nonoverlapping channels to access points that are in close physical proximity to one another
B. disabling TPC so that access points can negotiate signal levels with their attached wireless devices
C. setting the maximum data rate to 54 Mbps on the Cisco Wireless LAN Controller
D. configuring access points to provide clients with a maximum of 5 Mbps

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:

QUESTION 18

Refer to the-exhibit. Which command configures a floating static routeto provide a backup to the primary link?

A. ip route 209.165.200.224 255.255.255.224 209.165.202.129 254

B. ip route 209.165.2010 255.255.255.224 209.165.202.130
C. ip route 0.0.0.0 0.0.0.0 209.165.202.131
D. ip route 0.0.0.0 0.0.0.0 209.165.200.224

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 19

Refer to the exhibit. An engineer configured the New York router with state routes that point to the Atlanta and Washington sites. Which command must be configured on the Atlanta and Washington routers so that both sites are able to reach
the loopback2 interface on the New York router?

A. ipv6 route 0/0 Serial 0/0/0

B. ipv6 route ::/0 2000::2
C. ipv6 route ::/0 Serial 0/0/0
D. ip route 0.0.0.0 0.0.0.0 Serial 0/0/0
E. ipv6 route ::/0 Serial 0/0/1
Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:

QUESTION 20
A network engineer must create a diagram of a multivendor network. Which command must be configured on the Cisco devices so that the topology of the network can be mapped?

A. Device(config)# cdp run

B. Device(config-if)# cdp enable
C. Device(config)# flow-sampler-map topology
D. Device(config)# lldp run

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:

QUESTION 21
An engineer must configure an OSPF neighbor relationship between router R1 and R3. The authentication configuration has been configured and the connecting interfaces are in the same 192.168.1.0/30 subnet. What are the next two steps to
complete the configuration? (Choose two.)

A. configure the hello and dead timers to match on both sides

B. configure the same process ID for the router OSPF process
C. configure the interfaces as OSPF active on both sides
D. configure the same router ID on both routing processes
E. configure both interfaces with the same area ID

Correct Answer: CE
Section: (none)
Explanation

Explanation/Reference:

QUESTION 22
A user configured OSPF in a single area between two routers. A serial interface connecting R1 and R2 is running encapsulation PPP. By default, which OSPF network type is seen on this interface when the user types show ip ospf interface on
R1 or R2?

A. point-to-multipoint
B. broadcast
C. point-to-point
D. nonbroadcast

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:

QUESTION 23
A router running EIGRP has learned the same route from two different paths. Which parameter does the router use to select the best path?

A. administrative distance
B. cost
C. metric
D. as-path

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:

QUESTION 24
When configuring a WLAN with WPA2 PSK in the Cisco VWreless LAN Controller GUI, which two formats are available to select? (Choose two.)

A. base64
B. ASCII
C. binary
D. decimal
E. hexadecimal

Correct Answer: BE
Section: (none)
Explanation

Explanation/Reference:

QUESTION 25

Refer to the exhibit. A network administrator assumes a task to complete the connectivity between PC A and the File Server. Switch A and SWitch B have been partially configured with VLANs 10, 11, 12, and 13. What is the next step in the
configuration?

A. Add PC A to VLAN 10 and the File Server to VLAN 11 for VLAN segmentation,
B. Add PC A to the same subnet as the File Server allowing for intra-VLAN communication
C. Add a router on a stick between Switch A and Switch B allowing for Inter-VLAN routing
D. Add VLAN 13 to the trunk links on Switch A and Switch B for VLAN propagation
Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:

QUESTION 26
An engineer needs to configure LLDP to send the port description time length value (TLV). What command sequence must be implemented?

A. switch(config)#lldp port-description
B. switch#lldp port-description
C. switch(config-line)#lldp port-description
D. switch(config-if)#lldp port description

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 27
What is the primary difference between AAA authentication and authorization?

A. Authentication identifies and verifies a user who is attempting to access a system, and authorization controls the tasks the user can perform.
B. Authentication verifies a username and password, and authorization handles the communication between the authentication agent and the user database.
C. Authentication controls the system processes a user can access, and authorization logs the activities the user initiates
D. Authentication identifies a user who is attempting to access a system, and authorization validates the user's password.

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 28
Which goal is achieved by the implementation of private IPv4 addressing on a network?

A. provides an added level of protection against lntemet exposure

B. provides a reduction in size of the fonNarding table on network routers
C. allows servers and workstations to communicate across public network boundaries
D. allows communication across the Internet to other private networks

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 29
Refer to the exhibit. If configuring a static default route on the router with the ip route 0.0.0.0 0.0.0.0 10.13.0.1 120 command, how does the router respond?

A. lt immediately replaces the existing OSPF route in the routing table with the newly configured static route.
B. It starts sending traffic without a specific matching entry in the routing table to GigabitEthermetO/1.
C. It ignores the new static route until the existing OSPF default route is removed.
D. It starts load-balancing traffic between the two default routes

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:

QUESTION 30
What is a characteristic of spine-and-leaf architecture?

A. Each device is separated by the same number of hops.

B. It provides variable latency.
C. It provides greater predictability on STP blocked ports
D. Each link between leaf switches allows for higher bandwidth.

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:

QUESTION 31
How does HSRP provide first hop redundancy?

A. lt forwards multiple packets to the same destination over different routed links in the data path.
B. It load-balances Layer 2 traffic along the path by flooding traffic out all interfaces configured with the same VLAN.
C. It uses a shared virtual MAC and a virtual IP address to a group of routers that serve as the default gateway for hosts on a LAN
D. It load-balances traffic by assigning the same metric value to more than one route to the same destination in the IP routing table.

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:

QUESTION 32
Refer to the exhibit. A network engineer must block access for all computers on VLAN 20 to the web server via HTTP. All other computers must be able to access the web server. Which configuration when applied to switch A accomplishes this
task?

A. config t
ip access-list extended wwwblock
deny tcp any host 10.30.0.100 eq 80
permit ip any any
int vlan 20
ip access-group wwwblock in
B. config t
ip access-list extended wwwblock
permit ip any any
deny tcp any host 10.30.0.100 eq 80
int vlan 20
ip access-group wwwblock in
C. config t
ip access-list extended wwwblock
permit ip any any
deny tcp any host 10.30.0.100 eq 80
int vlan 30
ip access-group wwwblock in
D. config t
ip access-list extended wwwblock
deny tcp any host 10.30.0.100 eq 80
int vlan 10
ip access-group wwwblock in

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 33
Which statement compares traditional networks and controller-based networks?

A. Traditional and controller-based networks abstract policies from device configurations

B. Only controller-based networks decouple the control plane and the data plane
C. Only traditional networks natively support centralized management.
D. Only traditional networks offer a centralized control plane.

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 34
What configuration management mechanism uses TCP port 22 by default when communicating with managed nodes?

A. Ansible
B. Python
C. Chef
D. Puppet

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 35
What is a difference between RADIUS and TACACS+?

A. TACACS+ separates authentication and authorization, and RADIUS merges them.

B. RADIUS is most appropriate for dial authentication, but TACACS+ can be used for multiple types of authentication.
C. TACACS+ encrypts only password information, and RADIUS encrypts the entire payload.
D. RADIUS logs all commands that are entered by the administrator, but TACACS+ logs only start, stop, and interim commands.

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 36
Refer to the exhibit. To which device does Router1 send packets that are destined to host 10.10.13.165?

A. Router3
B. Router4
C. Router5
D. Router2

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 37

Refer to the exhibit. What is the effect of this configuration?

A. All ingress and egress traffic is dropped because the interface is untrusted.
B. All ARP packets are dropped by the switch.
C. Egress traffic is passed only if the destination is a DHCP server
D. The switch discards all ingress ARP traffic with invalid MAC-to-IP address bindings

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:
QUESTION 38
What are two descriptions of three-tier network topologies? (Choose two.)

A. The core layer maintains wired connections for each host.

B. The core and distribution layers perform the same functions.
C. The access layer manages routing between devices in different domains.
D. The network core is designed to maintain continuous connectivity when devices fail.
E. The distribution layer runs Layer 2 and Layer 3 technologies.

Correct Answer: DE
Section: (none)
Explanation

Explanation/Reference:

QUESTION 39

Refer to the exhibit. Which route does R1 select for traffic that is destined to 192.168.16.2?

A. 192.168.16.0/27
B. 192.168.16.0/21
C. 192.168.16.0/24
D. 192.168.26.0/26

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 40
What makes Cisco DNA Center different from traditional network management applications and their management of networks?

A. It only supports auto-discovery of network elements in a greenfield deployment.

B. It does not support high availability of management functions when operating in cluster mode.
C. It abstracts policy from the actual device configuration.
D. Its modular design allows someone to implement different versions to meet the specific needs of an organization.

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:

QUESTION 41
How do traditional campus device management and Cisco DNA Center device management differ in regards to deployment?
A. Cisco DNA Center device management can be implemented at a lower cost than most traditional campus device management options.
B. Traditional campus device management schemes can typically deploy patches and updates more quickly than Cisco DNA Center device management.
C. Traditional campus device management allows a network to scale more quickly than with Cisco DNA Center device management
D. Cisco DNA Center device management can deploy a network more quickly than traditional campus device management.

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:

QUESTION 42
Which two conditions must be met before SSH can operate normally on a Cisco IOS switch? (Choose two.)

A. IP routing must be enabled on the switch.

B. A console password must be configured on the switch
C. Telnet must be disabled on the switch.
D. The switch must be running a k9 (crypto) IOS image.
E. The ip domain-name command must be configured on the switch.

Correct Answer: DE
Section: (none)
Explanation

Explanation/Reference:

QUESTION 43

Refer to the exhibit. After the configuration is applied, the two routers fail to establish an OSPF neighbor relationship. What is the reason for the problem?

A. Router2 is using the default hello timer.

B. The network statement on Router1 is misconfigured.
C. The OSPF process IDs are mismatched.
D. The OSPF router IDs are mismatched.
Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 44
Which action must be taken to assign a global unicast IPv6 address on an interface that is derived from the MAC address of that interface?

A. enable SLAAC on an interface

B. disable the EUl-64 bit process
C. configure a stateful DHCPv6 server on the network
D. explicitly assign a link-local address

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 45
Which IPv6 address type provides communication between subnets and is unable to route on the Internet?

A. global unicast
B. multicast
C. unique local
D. link-local

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:

QUESTION 46

Refer to the exhibit. An administrator is tasked with configuring a voice VLAN. What is the expected outcome when a Cisco phone is connected to the GigabitEthernet3/1/4 port on a switch?

A. The phone sends and receives data in VLAN 50, but a workstation connected to the phone sends and receives data in VLAN 1.
B. The phone and a workstation that is connected to the phone do not have VLAN connectivity.
C. The phone sends and receives data in VLAN 50, but a workstation connected to the phone has no VLAN connectivity.
D. The phone and a workstation that is connected to the phone send and receive data in VLAN 50.

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 47
Refer to the exhibit. Which action is expected from SW1 when the untagged frame is received on the GigabitEthernet0/1 interface?

A. The frame is processed in VLAN 1.

B. The frame is dropped.
C. The frame is processed in VLAN 11.
D. The frame is processed in VLAN 5.

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:

QUESTION 48
A. Map the Layer 2 MAC address to the Layer 3 IP address and forward the frame.
B. Insert the source MAC address and port into the forwarding table and forward the frame to Sales-1.
C. Flood the frame out of all ports except on the port where Sales-1 is connected.
D. Perform a lookup in the MAC address table and discard the frame due to a missing entry.

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 49

Refer to the exhibit. An engineer must configure GigabitEthermet1/1 to accommodate voice and data traffic. Which configuration accomplishes this

A. interface gigabitethemet1/1
switchport mode access
switchport voice vlan 300
switchport access vlan 400
B. interface gigabitethemet1/1
switchport mode access
switchport access vlan 300
switchport voice vlan 400
C. interface gigabitethernet1/1
switchport mode trunk
 switchport trunk vlan 300
switchport trunk vlan 400
D. interface gigabitethemet1/1
switchport mode trunk
switchport trunk vlan 300
switchport voice vlan 400

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 50
Which role does a hypervisor provide for each virtual machine in server virtualization?

A. services as a hardware controller

B. software-as-a-service
C. control and distribution of physical resources
D. infrastructure-as-a-service

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:

QUESTION 51
Which protocol does an access point use to draw power from a connected switch?

A. Neighbor Discovery Protocol

B. Adaptive Vtfireless Path Protocol
C. Internet Group Management Protocol
D. Cisco Discovery Protocol

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:

QUESTION 52
Where does a switch maintain DHCP snooping information?

A. in the CAM table

B. in the MAC address table
C. in the binding database
D. in the frame forwarding database

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:

QUESTION 53
Which advantage does the network assurance capability of Cisco DNA Center provide over traditional campus management?

A. Cisco DNA Center automatically compares security postures among network devices, and traditional campus management needs manual comparisons.
B. Cisco DNA Center correlates information from different management protocols to obtain insights, and traditional campus management requires manual analysis.
C. Cisco DNA Center handles management tasks at the controller to reduce the load on infrastructure devices, and traditional campus management uses the data backbone.
D. Cisco DNA Center leverages YANG and NETCONF to assess the status of fabric and nonfabric devices, and traditional campus management uses CLI exclusively.

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 54
What is a network appliance that checks the state of a packet to determine whether the packet is legitimate?

A. LAN controller
B. load balancer
C. firewall
D. Layer 2 switch

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:

QUESTION 55
A network engineer must configure the router R1 GigabitEthernet1/1 interface to connect to the router R2 GigabitEthernet1/1 interface. For the configuration to be applied, the engineer must compress the address 2001:
Odb8:0000:0000:0500:000a:400F:583B Which command must be issued on the interface?

A. ipv6 address 2001 :db8:0::500:a:4F:583B

B. ipv6 address 2001:db8::500:a:400F:583B
C. ipv6 address 2001:0db8::5:a:4F:583B
D. ipv6 address 2001::db8:0000::500:a:400F:58SB

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 56
An engineer observes high usage on the 2.4GHz channels and lower usage on the 5GHz channels. What must be configured to allow clients to preferentially use 5GHz access points?

A. Re-Anchor Roamed Clients

B. EAP Split Tunnel
C. Client Band Select
D. 11ac MU-MIMO

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:
QUESTION 57
A network administrator must to configure SSH for remote access to router R1. The requirement is to use a public and private key pair to encrypt management traffic to and from the connecting client Which configuration, when applied, meets
the requirements?

A. R1#enable
R1#configure terminal
R1 (config)#ip domain-name cisco.com
R1(config)#crypto key generate rsa modulus 1024
B. R1#enable
R1#configure terminal
R1(config)#ip domain-name cisco. com
R1 (config)#crypto key encrypt rsa name myKey
C. R1#enable
R1#configure terminal
R1 (config)#ip domain-name cisco.com
R1 (config)#crypto key generate ec keysize 2048
D. R1 #enable
R1#configure terminal
R1 (config)#ip domain-name cisco.com
R1 (config)#crypto key generate ec keysize 1024

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 58
Which two QoS tools provide congestion management? (Choose two.)

A. CAR
B. CBWFQ
C. PQ
D. FRTS
E. PB

Correct Answer: BC
Section: (none)
Explanation

Explanation/Reference:

QUESTION 59
An administrator must secure the WLC from receiving spoofed association requests. Which steps must be taken to configure the WLC to restrict the requests and force the user to wait 10 ms to retry an association request?

A. Enable MAC filtering and set the SA Query timeout to 10

B. Enable 802.1x Layer 2 security and set the Comeback timer to 10
C. Enable Security Association Teardown Protection and set the SA Query timeout to 10
D. Enable the Protected Management Frame service and set the Comeback timer to 10

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:
QUESTION 60
Which command automatically generates an IPv6 address from a specified lPV6 prefix and MAC address of an interface?

A. ipv6 address 2001:D88:5:112::/64 eui-64

B. ipv6 address 2001:088:5:112::2/64 link-local
C. ipv6 address autoconfigure
D. ipv6 address dhcp

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:

QUESTION 61
Two switches are connected and using Cisco Dynamic Trunking Protocol.SW1 is set to Dynamic Auto and SW2 is set to Dynamic Desirable. What is the result of this configuration?

A. The link becomes an access port

B. The link is in a down state.
C. The link becomes a trunk port
D. The link is in an error disabled state.

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:

QUESTION 62
What is a function of TFTP in network operations?

A. transfers a configuration files from a server to a router on a congested link

B. transfers a backup configuration file from a server to a switch using a username and password
C. transfers IOS images from a server to a router for firmware upgrades
D. transfers files between file systems on a router

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:

QUESTION 63

Refer to the exhibit. How does router R1 handle traffic to 192.168.10.16?

A. lt selects the lS-lS route because it has the shortest prefix inclusive of the destination address.
B. It selects the OSPF route because it has the lowest cost.
C. It selects the EIGRP route because it has the lowest administrative distance.
D. lt selects the RIP route because it has the longest prefix inclusive of the destination address.
Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:

QUESTION 64
What mechanism carries multicast traffic between remote sites and supports encryption?

A. lPsec over ISATAP

B. GRE
C. lSATAP
D. GRE over lPsec

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:

QUESTION 65
Which feature on the Cisco Wireless LAN Controller when enabled restricts management access from specific networks?

A. Flex ACL
B. CPU ACL
C. RADIUS
D. TACACS

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 66

Refer to the exhibit. Router R1 is running three different routing protocols. Which route characteristic is used by the router to forward the packet that destination IP 172.16.32.1?

A. longest prefix
B. metric
C. cost
D. administrative distance

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 67
Refer to the exhibit. What does router R1 use as its OSPF router-ID?

A. 172.16.15.10
B. 192.168.0.1
C. 10.10.1.10
D. 10.10.10.20

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 68

Refer to the exhibit. The show ip ospf interface command has been executed on R1. How is OSPF configured?

A. A point-to-point network type is configured

B. The default Hello and Dead timers are in use.
C. There are six OSPF neighbors on this interface
D. The interface is not participating in OSPF

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 69
RouterA learns the same route from two different neighbors; one of the neighbor routers is an OSPF neighbor, and the other is an EIGRP neighbor. What is the administrative distance of the route that will be installed in the routing table?

A. 90
B. 20
C. 115
D. 110

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 70
Which mode must be used to configure EtherChannel between two switches without using a negotiation protocol?

A. desirable
B. on
C. auto
D. active

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 71

Refer to the exhibit. Which configuration on RTR-1 denies SSH access from PC-1 to any RTR-1 interface and allows all other traffic?

A. access-list 100 deny tcp host 172.161.33 any eq 23

access-list 100 permit ip any any

line vty 0 15
access-class 100 in
B. access-list 100 deny tcp host 172.16.1.33 any eq 22
access-list 100 permit ip any any

interface GigabitEthernet0/0
ip access-group 100 in
C. access-list 100 deny tcp host 172.16.1.33 any eq 23
access-list 100 permit ip any any

interface GigabitEthernet0/0
ip access-group 100 in
D. access-list 100 deny tcp host 172.16.1.33 any eq 22
access-list 100 permit ip any any

line vty 0 15
acCess-class 100 in

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:

QUESTION 72

Refer to the exhibit.With which metric was the route to host 172.16.0.202 learned?

A. 38443
B. 0
C. 110
D. 3184439

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 73
Refer to the exhibit. Which prefix does Router1 use for traffic to Host A?

A. 10.10.13.0/25
B. 10.10.13.208/29
C. 10.10.13.144/28
D. 10.10.10.0/28

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 74

Refer to the exhibit. An engineer deploys a topology in which R1 obtains its IP configuration from DHCP. If the switch and DHCP server configurations are complete and correct, which two sets of commands must be configured on R1 and R2 to
complete the task? (Choose two.)

A. R1 (config)# interface fa0/0

R1(config-if)# ip helper-address 192.0.2.2
B. R2(config)# interface gi0/0
R2(config-if)# ip helper-address 198.51.100.100
C. R1 (config)# interface fa0/0
R1 (config-if)# ip address dhcp
R1 (config-if)# no shutdown
D. R2(config)# interface gi0/0
R2(config-if)# ip address dhcp
E. R1(config)# interface fa0/0
R1(config~if)# ip helper-address 198.51.100.100

Correct Answer: BC
Section: (none)
Explanation

Explanation/Reference:

QUESTION 75
What is the effect when loopback interfaces and the configured router ID are absent during the OSPF Process configuration?

A. The lowest IP address is incremented by 1 and selected as the router ID.

B. The highest up/up physical interface IP address is selected as the router ID.
C. No router ID is set, and the OSPF protocol does not run
D. The router lD 0.0.0.0 is selected and placed in the OSPF process.

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 76

Refer to the exhibit. Only four switches are participating in the VLAN spanning-tree process.

Branch-1: priority 614440

Branch-2: priority 3XXXXXX
Branch-3: priority 0
Branch-4: root primary

Which switch becomes the permanent root bridge for VLAN 5?

A. Branch-1
B. Branch-2
C. Branch-3
D. Branch-4

Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:

QUESTION 77
Which technology can prevent client devices from arbitrarily connecting to the network without state remediation?

A. MAC Authentication Bypass

B. 802.1x
C. IP Source Guard
D. 802.11n

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 78
How does the dynamically-learned MAC address feature function?

A. It requires a minimum number of secure MAC addresses to be filled dynamically

B. Switches dynamically learn MAC addresses of each connecting CAM table
C. The ports are restricted and learn up to a maximum of 10 dynamically-learned addresses
D. The CAM table is empty until ingress traffic arrives at each port

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:

QUESTION 79
Which JSON data type is an unordered set of attribute-value pairs?

A. Object
B. String
C. Boolean
D. Array

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 80
An engineer needs to add an old switch back into a network. To prevent the switch from corrupting the VLAN database, which action must be taken?

A. Add the switch with DTP set to desirable.

B. Add the switch in the VTP domain with a lower revision number
C. Add the switch in the VTP domain with a higher revision number.
D. Add the switch with DTP set to dynamic desirable.

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 81
Which networking function occurs on the data plane?

A. processing inbound SSH management traffic

B. sending and receiving OSPF Hello packets
C. forwarding remote client/server traffic
D. facilitates spanning-tree elections

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:

QUESTION 82
When deploying syslog, which severity level logs informational messages?

A. 6
B. 4
C. 0
D. 2

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 83
What is a characteristic of RSA?

A. It requires both sides to have identical keys.

B. It uses preshared keys for encryption.
C. It is a public-key cryptosystem.
D. It is a private-key encryption algorithm.

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:

QUESTION 84
Refer to the exhibit. What two conclusions should be made about this configuration? (Choose two.)

A. The designated port is FastEthernet 2/1.

B. The spanning-tree mode is PVST+
C. The spanning-tree mode is Rapid PVST+.
D. This is a root bridge.
E. The root port is FastEthernet 2/1.

Correct Answer: CE
Section: (none)
Explanation

Explanation/Reference:

QUESTION 85
Which type of IPv6 address is publicly routable in the same way as IPv4 public addresses?

A. unique local
B. global unicast
C. multicast
D. link-local

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 86
Refer to the exhibit If OSPF is running on this network, how does Router2 handle traffic from Site B to 10.10.13.128/25 at Site A?

A. It load-balances traffic out of Fa0/1 and Fa0/2

B. It sends packets out of interface Fa0/1
C. It sends packets out of interface Fa0/2
D. It is unreachable and discards the traffic

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:

QUESTION 87
An office has 8 floors with approximately 30-40 users per floor. What command must be configured on the router Switched Virtual Interface to use address space efficiently?

A. ip address 192.168.0.0 255.255.254.0

B. ip address 192168.00 255.255.255.224
C. ip address 192.168.0.0 255.255.255.128
D. ip address 192.168.0.0 255.255.0.0

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 88
Which occurs when PortFast is enabled on an interface that is connected to another switch?

A. VTP is allowed to propagate VLAN configuration information from switch to switch automatically.
B. Root port choice and spanning tree recalculation are accelerated when a switch link goes down
C. Spanning tree may fail to detect a switching loop in the network that causes broadcast storms
D. After spanning tree converges, PortFast shuts down any port that receives BPDUs

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:
QUESTION 89
Which function does an SNMP agent perform?

A. It manages routing between Layer 3 devices in a network.

B. It requests information from remote network nodes about catastrophic system events
C. It sends information about MIB variables in response to requests from the NMS.
D. It coordinates user authentication between a network device and a TACACS+ or RADIUS server.

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:

QUESTION 90

Refer to the exhibit. The loopback1 interface of the Atlanta router must reach the loopback3 interface of the Washington router. Which two static host routes must be configured on the New York router? (Choose two.)

A. ipv6 route 2000:1/128 2012::2

B. ipv6 route 2000:1/128 2012::1
C. ipv6 route 2000:1/128 s0/0/1
D. ipv6 route 2000:3/128 2023::3
E. ipv6 route 2000:3/128 s0/0/0

Correct Answer: BD
Section: (none)
Explanation

Explanation/Reference:

QUESTION 91
Which protocol prompts the Wireless LAN Controller to generate its own local web administration SSL certificate for GUI access?

A. HTTPS
B. TACACS+
C. RADIUS
D. HTTP

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:
QUESTION 92
What does an SDN controller use as a communication protocol to relay forwarding changes to a southbound API?

A. XML
B. OpenFlow
C. REST
D. Java

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 93
What uses HTTP messages to transfer data to applications residing on different hosts?

A. OpenFIow
B. OpenStack
C. REST
D. OpFlex

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:

QUESTION 94

Refer to the exhibit Which command must be executed for Gi1/1 on SW1 to become a trunk port if Gi1/1 on SW2 is configured in desirable or trunk mode?

A. switchport mode dot1-tunnel

B. switchport mode dynamic desirable
C. switchport mode dynamic auto
D. switchport mode trunk

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:

QUESTION 95
What is a role of access points in an enterprise network?

A. support secure user logins to devices on the network

B. serve as a first line of defense in an enterprise network
C. connect wireless devices to a wired network
D. integrate with SNMP in preventing DDoS attacks

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:

QUESTION 96
Which output displays a JSON data representation?

A. {
"response". {
"taskld". {};
"url". "string"
}
"version". "string"
}
B. {
"response": {
"taskld": {};
"url": "string"
};
"version": "string"
}
C. {
"response": {
"taskld": {},
"url": "string"
},
"version": "string"
}
D. {
"response", {
"taskld", {};
"url". "string"
};
"version", "string"
}

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:

QUESTION 97
R1 has learned route 192.168.12 0/24 via IS-IS, OSPF,RIP, and Internal EIGRP. Under normal operating conditions, which routing protocol is installed in the routing table?

A. OSPF
B. RIP
C. Internal EIGRP
D. lS-IS

Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:

QUESTION 98
Which WPA3 enhancement protects against hackers viewing traffic on the Wi-Fi network?

A. SAE encryption
B. TKIP encryption
C. AES encryption
D. scrambled encryption key

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 99
What are two recommendations for protecting network ports from being exploited when located in an office space outside of an IT closet? (Choose two.)

A. configure static ARP entries

B. shut down unused ports
C. configure ports to a fixed speed
D. implement port-based authentication
E. enable the PortFast feature on ports

Correct Answer: BD
Section: (none)
Explanation

Explanation/Reference:

QUESTION 100
What is the primary purpose of a First Hop Redundancy Protocol?

A. It allows a router to use bridge priorities to create multiple loop-free paths to a single destination.
B. It reduces routing failures by allowing more than one router to represent itself as the default gateway of a network.
C. It reduces routing failures by allowing Layer 3 load balancing between OSPF neighbors that have the same link metric.
D. It allows directly connected neighbors to share configuration information.

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 101
Refer to the exhibit. An engineer is configuring the New York router to reach the Lo1 interface of the Atlanta router using interface Se0/0/0 as the primary path. Which two commands must be configured on the New York router so that it can
reach the Lol interface of the Atlanta router via Washington when the link between New York and Atlanta goes down? (Choose two.)

A. ipv6 route 2000::1/128 2012::2

B. ipv6 route 2000::1/128 2023::2 5
C. ipv6 route 2000::1/128 2012::1
D. ipv6 route 2000::1/128 2023::3 5
E. ipv6 route 2000::1/128 2012::1 5

Correct Answer: CD
Section: (none)
Explanation

Explanation/Reference:

QUESTION 102
Refer to the exhibit. Shortly after SiteA was connected to SiteB, over a new single-mode fiber path, users at SiteA report intermittent connectivity issues with applications hosted at SiteB. What is the cause of the intermittent connectivity issue?

A. High usage is causing high latency.

B. The sites were connected with the wrong cable type.
C. An incorrect SFP media type was used at SiteA
D. Interface errors are incrementing.

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:

QUESTION 103
Drag and drop the characteristics of networking from the left onto the correct networking types on the right.

Select and Place:

Correct Answer:
Section: (none)
Explanation

Explanation/Reference:

QUESTION 104
Drag and drop the application protocols from the left onto the transport protocols that it uses on the right.

Select and Place:

Correct Answer:

Section: (none)
Explanation

Explanation/Reference:
QUESTION 105
Drag and drop the threat-mitigation techniques from the left onto the types of threat or attack they mitigate on the right.

Select and Place:

Correct Answer:

Section: (none)
Explanation

Explanation/Reference:

QUESTION 106
Drag and drop the IPv4 network subnets from the left onto the correct usable host ranges on the right.

Select and Place:

Correct Answer:

Section: (none)
Explanation

Explanation/Reference:

QUESTION 107
Drag and drop the Cisco Wireless LAN Controller security settings from the left onto the correct security mechanism categories on the right.

Select and Place:

Correct Answer:
Section: (none)
Explanation

Explanation/Reference:

QUESTION 108

Refer to the exhibit. Drag and drop the networking parameters from the left onto the correct values on the right.

Select and Place:

Correct Answer:
Section: (none)
Explanation

Explanation/Reference:

QUESTION 109

Refer to the exhibit. An engineer is configuring the router to provide static NAT for the webserver. Drag and drop the configuration commands from the left onto the letters that correspond to its position in the configuration on the right.

Select and Place:

Correct Answer:

Section: (none)
Explanation

Explanation/Reference: