Professional Documents
Culture Documents
200-301 Cisco Certified Network Associate: (Version 3.0)
200-301 Cisco Certified Network Associate: (Version 3.0)
200-301
(Version 3.0)
QUESTION: 1
What are two advantages of private RFC 1918 addressing?
Answer: A,E
Explanation
The primary advantages of private RFC 1918 addressing is address conservation and network security. It
is only RFC 1918 addresses that are assigned to internal hosts and network devices. They are assigned to
a privately managed routing domain that is not routable across the internet. As a result, the same
addresses are assignable to different companies. Only public addressing is uniquely assigned. There is
added security since the private addresses are not exposed to the internet.
QUESTION: 2
What IOS commands will display the operational status of IPv4 configured addresses? (Select three)
Answer: A,B,C
QUESTION: 3
What subnet mask enables at least 40 host IP addresses per subnet?
1|Page
Cisco Certified Network Associate – 200-301
A. 255.255.255.192(/26]
B. 255.255.255.224(/27)
C. 255.255.255.240(/28)
D. 255.255.255.248(/29)
Answer: A
Explanation
Refer to the Class C subnetting table for a subnet mask that enables at least 40 hosts addresses. The
nearest subnet mask is 255.255.255.192 that allows you to assign a maximum of 62 host IP addresses to
network interfaces.
QUESTION: 4
What is the maximum number of host addresses that are assignable to network interfaces with a class C
address of 192.168.1.0/24?
A. 255
B. 254
C. None
D. 1
E. 256
Answer: B
Explanation
Class C subnetting is available for class C, class B and class A addresses. 192.168.1.0/24 is a class C
address with a default (classful) subnet mask of 255.255.255.0 so it is not subnetting. There is only a
single subnet 192.168.1.0 with host address range 192.168.1.1/24 to 192.168.1.254/24 that enables 254
hosts addresses. The next classful subnet is 192.168.2.0/24 with 254 host addresses available.
QUESTION: 5
What is the length of an IPv6 address?
A. 64 bits
B. 48 bits
C. 32 bits
D. 128 bits
Answer: D
2|Page
Cisco Certified Network Associate – 200-301
QUESTION: 6
What feature most correctly describes wireless SSID?
A. BSSID
B. VLAN
C. WLAN
D. Subnet
Answer: C
Explanation
SSID is a wireless LAN (WLAN). Multiple AP can be assigned to same SSID. WLAN is configured with radio,
security and QoS settings. The common practice is to assign a single SSID to a VLAN and VLAN to a
subnet.
QUESTION: 7
What three channels are non-overlapping in 2.4 GHz frequency band?
A. 1
B. 2
C. 6
D. 11
E. 23
Answer: A,C,D
Explanation
The older 2.4 GHz band provides only three non-overlapping channels. As a result, with more than three
access points, you start assigning from channel 1 again.
QUESTION: 8
What cable type is required to connect the same device type?
A. crossover
B. serial
C. straight-through
D. rollover
Answer:
Explanation
Crossover cable is used when connecting two switches or two routers for example. The straight-through
cable is used to connect dissimilar devices such as switch to router or host to switch.
3|Page
Cisco Certified Network Associate – 200-301
QUESTION: 9
What are three primary differences between TCP and UDP?
A. TCP is connection-oriented
B. TCP provides best effort delivery model
C. TCP is faster than UDP
D. TCP is preferred for video streaming
E. TCP provides flow control and error correction
F. TCP provides retransmission of dropped packets
Answer: A,E,F
Explanation
TCP is connection-oriented with handshake setup, flow control and sequencing. The purpose is to
detect, prevent and correct packet drops. It is less efficient than UDP with increased overhead and
packet processing. UDP is faster than TCP however it is connectionless with no guarantee of packet
delivery (best effort). Some applications such as video streaming prefer UDP where there is less latency
resulting from retransmissions.
QUESTION: 10
What command displays IP parameters on a Windows host?
A. ifconfig
B. telnet
C. ipconfig/all
D. show ip interface
Answer: C
Explanation
Host-1 is enabled as a DHCP client to obtain IP addressing from the DHCP server. The ipconfig /all
command verifies there is no IP addressing currently assigned to host-1. The IP address 169.254.237.117
is a private IPv4 link-local address that is assigned when DHCP request fails. It provides connectivity only
within the same subnet.
c:/> ipconfig /all
FastEthernet0 Connection: (default port)
Connection-specific DNS Suffix
Physical Address : 0007.EC0D.ED75
Link-local IPv6 Address : FE80::207:ECFF:FE0D:ED75
Autoconfiguration IP Address : 169.254.237.117
Subnet Mask : 255.255.0.0
4|Page
Cisco Certified Network Associate – 200-301
QUESTION: 11
What are three characteristics of Spine-Leaf architecture?
Answer: A,B
Explanation
Cisco is now promoting what is called Spine-Leaf architecture. It is comprised of a 2-Tier layered design
with switches connected via full mesh topology. There are leaf switches connected in a full mesh
topology to each spine switch. As a result, each switch is only a single-hop to a neighbor for east-west
traffic with low latency connections. Newer fabric architecture defines a physical underlay and virtual
overlay that supports L2 and/or L3 designs. The virtual overlay is unique to Spine-Leaf and required for
programmability and SDN applications. Cisco DNA Center is based on fabric architecture.
QUESTION: 12
What additional route is added to routing table when interface Gi0/0 is enabled with IP address
172.33.2.1/24?
A. 172.33.2.1/24
B. 172.33.2.1/32
C. 172.33.2.0/32
D. 172.33.2.0/24
E. none
Answer: B
Explanation
Connected routes are not manually configured or dynamic. They are automatically added to a routing
table. The route entry includes a local network interface. Local router interfaces are configured with an
IP address that is within a particular subnet. Anytime routing services are enabled, you will notice at
5|Page
Cisco Certified Network Associate – 200-301
least some connected routes in the routing table. The router installs a corresponding local host route as
well for each connected interface. It is assigned a /32 subnet mask that indicates a host route.
C 172.33.2.1/24 is directly connected, Ethernet1/0
L 172.33.2.1/32 is directly connected, Ethernet1/0
QUESTION: 13
Refer to the network topology drawing where Host-1 is sending a packet to Server-1. What is the source
and destination MAC address at P1. In addition, what is the source and destination IP address at P2?
6|Page
Cisco Certified Network Associate – 200-301
Answer:
Explanation
The source and destination MAC address are rewritten at each router hop. The switch only examines the
source and destination MAC address. Host-1 sends data to server-1 at P1 with source MAC address of
network interface (0000.000a.aaaa). The destination MAC address at P1 is router-1 interface Gi0/1
(0000.000b.bbbb). Switch-1 must only read and forward based on the destination MAC address. The
source and destination IP address do not change in packets as they traverse the network. The
forwarding path at P1 is from host-1 to server-1. The source IP address is 192.168.1.1 (host-1) and
destination IP address is 192.168.3.1 (server-1).
P1: source MAC address = 0000.000a.aaaa
P1: destination MAC address = 0000.000b.bbbb
P2: source IP address = 192.168.1.1 (host-1)
P2: destination IP address = 192.168.3.1 (server-1)
QUESTION: 14
What is the correct syntax for an IPv6 static route?
Answer: D
QUESTION: 15
What is the correct syntax for an IPv6 default route?
7|Page
Cisco Certified Network Associate – 200-301
Answer: B
QUESTION: 16
What interface errors are caused by duplex mismatch?
A. collisions
B. runts
C. giants
D. MTU mismatch
Answer: A
Explanation
Collisions occur mostly when there is a duplex setting mismatch between host and switch interfaces. In
addition collisions can occur when there is a bad network interface card (NIC) or cabling error. Giant
frames (1600 bytes) result either from a faulty NIC card or an MTU misconfiguration on an interface. The
output of show interfaces list various layer 2 errors including runts, giants, collisions and CRC errors. The
most common cause of CRC and runts is collisions. Gigabit Ethernet ports do not support half-duplex at
all. The older 10/100/1000 interfaces permitted half-duplex with lower speed settings.
QUESTION: 17
What are three advantages of next-generation firewalls over traditional firewalls?
A. malware protection
B. throughput
C. lower cost
D. real-time monitoring
E. load balancing
F. open standards-based
Answer: A,B,D
Explanation
Cisco has developed Next-Generation Firewalls (NGFW) to enhance security for internet and cloud
connections. It is based on dynamic monitoring, detection and prevention. In addition, there is deep
packet inspection to the application layer and higher throughput.
QUESTION: 18
What are two components of a Virtual Machine (VM)?
A. hypervisor
8|Page
Cisco Certified Network Associate – 200-301
B. application
C. processor
D. firewall
E. operating system
Answer: B,E
Explanation
The components of a virtual machine include application, operating system and configuration settings.
QUESTION: 19
Select two statements that correctly describe frame switching operation?
Answer: C,D
QUESTION: 20
Select the correct IOS commands to configure a switch access port and assign VLAN 10?
Answer: D
Explanation
The following interface level IOS commands configure an access port and assign any connected host to
VLAN 10 for that interface.
switch(config-if)# switchport mode access
switch(config-if)# switchport access vlan 10
QUESTION: 21
9|Page
Cisco Certified Network Associate – 200-301
A. 0
B. unassigned
C. 1
D. 4094
Answer: C
QUESTION: 22
What is the only VLAN type permitted on an access port where there is already an existing VLAN
assigned?
A. data
B. voice
C. management
D. extended
Answer: B
QUESTION: 23
What statements correctly describe switch trunking? (Select two)
Answer: A,C
Explanation
Switch trunks forward multiple VLANs across a Layer 2 domain. They enable communication between
the same VLANs only.
QUESTION: 24
What is the default number assigned to a native VLAN?
A. 1
B. 0
C. 999
10 | P a g e
Cisco Certified Network Associate – 200-301
D. None
Answer: A
Explanation
Cisco switch assigns the default management VLAN 1 to the native VLAN for trunking.
QUESTION: 25
How do you verify all trunk interfaces that are operational on a switch?
Answer: C
QUESTION: 26
What DTP mode supports negotiation of access mode and trunk mode interfaces?
A. dynamic trunk
B. dynamic auto
C. dynamic desirable
D. dynamic on
Answer: B
Explanation
DTP dynamic auto mode listens for DTP packets from neighbors. There is a trunk established when the
neighbor is configured with dynamic desirable mode or is configured for static trunk mode. The switch
port with dynamic auto configured is set to access mode when trunk negotiation fails.
QUESTION: 27
What IOS command enables CDP globally after it is disabled?
A. cdp
B. cdp run
C. cdp enable
D. cdp on
Answer: B
11 | P a g e
Cisco Certified Network Associate – 200-301
Explanation
CDP is enabled on Cisco devices globally by default including the network interfaces. Enable CDP on a
specific interface only with the following IOS interface level command.
switch(config-if)# cdp enable
The following IOS command enables CDP globally on the network device including all interfaces.
switch (config)# cdp run
QUESTION: 28
What IOS command will enable a channel group for LACP?
Answer: A
QUESTION: 29
What port type for a switch interface has lowest cost to the root bridge?
A. designated port
B. alternate port
C. rout port
D. bridge port
Answer: C
Explanation
The Spanning Tree election assigns root bridge along with designated, root and alternate ports to
neighbor switches. The root port is a switch port on a neighbor switch that has the least cost path to the
root bridge (switch). It is primary (facing) forwarding link to the root bridge that received the best BPDU.
QUESTION: 30
What is the purpose of STP?
12 | P a g e
Cisco Certified Network Associate – 200-301
Answer: C
Explanation
The primary purpose of STP is to eliminate Layer 2 loops that create broadcast storms and destabilize
network.
QUESTION: 31
What is an operational mode for Cisco wireless access point?
A. LAP
B. CAPWAP
C. admin
D. broadcast
Answer: A
QUESTION: 32
How does wireless controller LAG interface connect to switch?
A. LACF EtherChannel
B. Static Etherchannel with trunk interface
C. PAgP Etherchannel
D. switch access port
Answer: B
Explanation
Cisco wireless controllers support Link Aggregation Group (LAG) to bundle multiple physical controller
ports into a static Etherchannel (LAG) interface. The advantage is higher bandwidth, redundancy and
load balancing. Cisco appliance-based controllers have multiple Ethernet ports available for switch
connectivity. There is support for only a single LAG group per controller. Link aggregation is static (on
mode) only for controller and switch-side interfaces. There is no support for LACP or PAgP on the
controller port or switch-side interface. EtherChannel is configured with trunking to forward multiple
VLANs across link.
QUESTION: 33
What IOS commands enable Cisco device management from a web browser with an encrypted
connection? (Select two)
13 | P a g e
Cisco Certified Network Associate – 200-301
A. ip http secure-server
B. https secure-server
C. ip http authentication local
D. http sewer-secure
E. ip http local authentication
Answer: A,C
Explanation
Cisco devices can be configured and managed from a web browser. There are various applications such
as Cisco Network Assistant with GUI for easier management.
QUESTION: 34
What two methods enable an encrypted management connection to a wireless controller?
A. SSH
B. Telnet
C. HTTP Server
D. AAA
E. Console
Answer: A,C
QUESTION: 35
The following is an OSPF route entry from a routing table. What is the metric calculation?
A. 128
B. 238
C. 110
D. 0
Answer: B
QUESTION: 36
What route type is selected when 172.16.1.0/26 is advertised from the following route sources?
14 | P a g e
Cisco Certified Network Associate – 200-301
Answer: E
Explanation
Routes are selected for install into the local routing table based on administrative distance (AD). The
route with the lowest AD is selected when there are multiple routes from different routing sources to
the same destination. Any directly connected interface (host route) has the lowest administrative
distance of all route sources.
QUESTION: 37
What route (prefix) is selected in the routing table to destination IP address 192.168.1.1?
A. 192.168.1.0/28
B. 192.168.1.0/26
C. 192.168.1.0/25
D. 192.168.1.0/27
Answer: A
Explanation
Routers select the longest subnet (prefix) when there are multiple routes to the same destination. It is
called Longest Match Rule. The route selected for packets to destination IP address 192.168.1.1 is
192.168.1.0/28
QUESTION: 38
What attributes determine route and best path selection? (Select three)
Answer: D,E,F
Explanation
The router selects routes to install in the routing table. Sometimes there are multiple routes from
multiple routing protocols to the same destination. The administrative distance of a route determines
the route installed in the routing table. The longest match rule selects the route with the longest subnet
mask (prefix) from routes in the routing table. The metric is used to select best path to destination and
where multiple paths exist.
15 | P a g e
Cisco Certified Network Associate – 200-301
QUESTION: 39
When does a router discard a packet? (Select the best answer)
Answer: A
Explanation
The router will discard a packet when there is no route at all. That would include dynamic routes (OSPF
etc.), static route and finally default route.
QUESTION: 40
Refer to the network drawing. Select two commands so that when either are configured on router-1,
would provide a static route to network 172.16.12.0/24 on router-3?
16 | P a g e
Cisco Certified Network Associate – 200-301
Answer: D,E
Explanation
The following are two options for configuring a static route on router-1 to network address
172.16.12.0/24
router-1(config)# ip route 172.16.12.0 255.255.255.0 172.16.1.2
router-1(config)# ip route 172.16.12.0 255.255.255.0 Serial0/1
The first static route command configures the next hop as the IP address of a neighbor router interface
(172.16.1.2). The second static route configures the next hop as an exit interface (Serial0/1) on router-1.
Wildcard masks are not used when configuring static routes. The correct format for a static route is the
following:
ip route [destination IP address] [subnet mask] [next hop IP address] [interface]
QUESTION: 41
Refer to the network drawing. What route when configured on router-1 forwards all traffic destined for
the internet to router-2?
17 | P a g e
Cisco Certified Network Associate – 200-301
Answer: A
Explanation
The default route will forward all traffic to the configured next hop IP address (172.16.2.2). Packets
arriving at Router-1 will use the default route when there is no route in the routing table to the
destination. It is typically configured as a gateway of last resort on a router. Router-1 will forward
packets with an unknown destination to the serial interface of Router-2.
router-1(config)# ip route 0.0.0.0 0.0.0.0 172.16.2.2
QUESTION: 42
Refer to the network topology drawing. Select the correct IOS command to configure a floating (backup)
static route on router-1 to network address 192.168.3.0/24?
18 | P a g e
Cisco Certified Network Associate – 200-301
Answer: D
Explanation
The following IOS command will configure a backup static route (floating) on router-1 to subnet
192.168.3.0/24 with an administrative distance of 200.
router-1 (config)# ip route 192.168.3.0 255.255.255.0 172.16.2.2 200
• destination subnet (route) = 192.168.3.0
• subnet mask = 255.255.255.0 (/24)
• next hop IP address = 172.16.2.2
• administrative distance = 200
Traffic destined for subnet 192.168.3.0 is forwarded to next hop address 172.16.2.2. The administrative
distance is a local value and affects route selection. The default administrative distance for a static route
is 1. Assigning a value of 200 to the static route makes it a floating static route. That is often used as a
backup route when a primary link fails.
QUESTION: 43
After network convergence has occurred, what standard OSPF packets are sent at regular intervals
between routers?
19 | P a g e
Cisco Certified Network Associate – 200-301
Answer: A
Explanation
OSPF hello packets are sent at fixed intervals based on the hello timer setting. The purpose of hello
packets are to discover neighbors and establish neighbor adjacency. In addition, hello packets are sent
as keepalives to confirm the connected neighbor is active. The neighbor is declared unreachable when
hello packets are not received for the interval of the dead timer.
QUESTION: 44
What is the purpose of OSPF hello packets? (Select two)
Answer: A,B
Explanation
The OSPF link-state routing protocol builds and maintains a topology database. The hello packets
discover neighbors and establish neighbor adjacencies first. The routes are exchanged between all OSPF
routers to build the topology database.
QUESTION: 45
What are two primary advantages of deploying a single OSPF area network design?
Answer: A,D
Explanation
The single OSPF area design reduces the number of LSAs advertised between routers. There are Intra-
Area LSAs only comprised of Router (Type 1) and Network (Type 2) links. All areas must be connected
20 | P a g e
Cisco Certified Network Associate – 200-301
directly to the backbone (area 0). The virtual link is not required where there is only a single area. It
connects an area to the backbone area through an already connected area.
QUESTION: 46
What two statements are correct concerning the configuration and feature support of OSPFv2?
Answer: A,B
Explanation
OSPF is a classless routing protocol and hop count is unlimited.
QUESTION: 47
What are three possible reasons why routers cannot establish an OSPF adjacency?
Answer: A,B,D
Explanation
OSPF enables routes to advertise based on a subnet and an associated wildcard mask. Any interface that
is not within that subnet range won’t be enabled. OSPF hello timers must match on the interfaces that
connect OSPF neighbors and router ID must be unique. Single-area OSPF allows for assigning any
number to the area. It is only Multi-Area OSPF that requires an area 0.
QUESTION: 48
What router is elected Designated Router (DR) when all are assigned the default priority setting?
21 | P a g e
Cisco Certified Network Associate – 200-301
Answer: D
QUESTION: 49
What OSPF network type is assigned to an Ethernet network interface?
A. Broadcast
B. Point-to-point
C. Multipoint
D. Point-to-multipoint
Answer: A
Explanation
OSPF network types are configured automatically based on the network interface media. For example,
OSPF automatically assigns Broadcast network type to an Ethernet interface. There are serial interfaces
as well that are assigned Point-to-Point network type. It is not a shared broadcast link as with an
Ethernet segment. The OSPF serial interfaces connect only to a single neighbor.
QUESTION: 50
What is the primary purpose of OSPF router ID?
Answer: D
Explanation
OSPF routers must be assigned a router ID that is a unique identifier to all connected OSPF neighbors.
The router ID is advertised in routing updates to identify where updates originated. Cisco default OSPF
configuration has no router ID assigned. The following commands configure a router ID from router
configuration mode.
router ospf 1
router-id 192.168.255.1
QUESTION: 51
How are route advertisements enabled between OSPF neighbors ?
A. default route
B. network area command only (router process)
22 | P a g e
Cisco Certified Network Associate – 200-301
Answer: D
Explanation
OSPF is enabled with the network area command configured from OSPF router configuration mode.
OSPF can be enabled directly as well on an interface with a command that specifies OSPF process ID and
area assigned. For example assigning an interface to OSPF process 1 and advertise routes to area 0
would require ip ospf 1 area 0 command. The result is that OSPF will advertise the subnet assigned to
that interface to OSPF neighbors. It takes precedence as well when a subnet from the network area
command is within the range of an interface subnet address.
QUESTION: 52
What IOS command is used to display the collection of OSPF link-states?
Answer: B
Explanation
OSPF creates a global topology database with all Link State Advertisements (LSA) sent from all OSPF
neighbors.
QUESTION: 53
What network protocol creates a virtual router for default gateway redundancy?
A. CDP
B. OSPF
C. HSRP
D. PAgP
Answer: C
QUESTION: 54
How are DHCP requests forwarded from clients when the DHCP server is on a different subnet?
23 | P a g e
Cisco Certified Network Associate – 200-301
B. proxy arp
C. ip helper-address
D. dhcp default-server
Answer: C
Explanation
DHCP relay is a feature configured on either a Layer 3 switch or router. It is required to forward DHCP
requests from client hosts when the DHCP server is on a different subnet that hosts.
QUESTION: 55
What are two primary services provided by Dynamic Host Configuration Protocol (DHCP)?
Answer: B,D
Explanation
The DHCP server is responsible for dynamic configuration of host IP settings. In addition it manages the
renewal of new IP addresses from an address pool.
QUESTION: 56
What IOS command is used to create a static NAT between an inside local IP address and inside global IP
address?
A. ip nat pool
B. ip nat outside
C. ip nat dmz
D. ip nat inside source
Answer: D
Explanation
The static NAT statement creates a 1:1 mapping between a local IP address and a global IP address. The
following configures a static NAT between inside local IP address 192.168.1.1 (private) and inside global
IP address 200.16.1.1 (internet routable).
24 | P a g e
Cisco Certified Network Associate – 200-301
QUESTION: 57
What are two advantages of Network Address Translation (NAT)?
Answer: C,D
Explanation
The primary advantage of NAT is to map multiple private IP addresses to a single or multiple public
routable IP addresses. The ISP does not have a public routable IP address available for every private IP
address. NAT allows for configuring a pool of public IP addresses. The private IP address is dynamically
mapped for that internet session only. As a result there is no requirement to readdress local hosts for
internet access. The NAT translation has the advantage of protecting the private IP address assignments.
The private addresses are not advertised providing additional security for internet connectivity. The
remote hosts send packets to the public destination IP address.
QUESTION: 58
What IOS command is used to display NTP operational status and stratum level?
Answer: D
Explanation
The IOS command show ntp status displays NTP operational status such as server synchronization and
stratum level for a Cisco device.
25 | P a g e
Cisco Certified Network Associate – 200-301
QUESTION: 59
What protocol is responsible for resolving hostnames to IP addresses?
A. DHCP
B. ARP
C. DNS
D. NTP
Answer: C
QUESTION: 60
What is the default QoS trust state for Cisco network interfaces?
A. Trusted
B. None
C. Disabled
D. untrusted
Answer: D
Explanation
All network interfaces are untrusted as a global default setting. Switches will remark all frames arriving
at untrusted interfaces to CoS =0. Enabling QoS globally and configuring trust state per interface is
required to trust packet markings. The 802.1q protocol used for trunking has the CoS priority field. The
CoS marking can only be applied to frames traversing trunk links. Untagged packets (native VLAN) are
assigned the default Class of Service (CoS) priority of the ingress switch port. Voice VLAN is the
exception for Cisco IP phones.
QUESTION: 61
What IOS commands are mandatory to enable SSHv2 on a Cisco network device? (Select three)
Answer: C,D,E
Explanation
26 | P a g e
Cisco Certified Network Associate – 200-301
The transport input command allows Telnet and SSH management traffic as a default. Local
authentication is configured with a username and password.
QUESTION: 62
What are the components of a standard ACL?
Answer: D
QUESTION: 63
What IOS command permits Telnet traffic only from host 10.1.1.1/24 to host 10.1.2.1/24?
Answer: D
Explanation
The following IOS command permits Telnet traffic from host 10.1.1.1/24 to host 10.1.2.1/24
access-list 100 permit tcp host 10.1.1.1 host 10.1.2.1 eq 23
The access control list (ACL) statement reads from left to right as - permit all tcp traffic from source host
only to destination host that is Telnet (23). The TCP refers to applications that are TCP-based. The UDP
keyword is used for applications that are UDP-based such as SNMP for instance. The 0.0.0.0 wildcard
mask requires a match on all 4 octets of source address (10.1.1.1)
QUESTION: 64
What port number or keyword is assignable within an extended ACL to permit or deny HTTP?
A. 80
B. http
C. 443
D. web
Answer: A
27 | P a g e
Cisco Certified Network Associate – 200-301
Explanation
There are keywords and port numbers that are assignable for different applications. In this example,
web-based applications (HTTP) are represented in an extended ACL with TCP port 80 or www keyword.
There is HTTPS as well, however that is assigned TCP port 443 or https keyword.
QUESTION: 65
What IOS command will configure the local username admin with privileged EXEC mode access and
password cisconet?
Answer: D
Explanation
The following IOS command configures username admin and assigns highest privilege level 15 with
password cisconet for local authentication.
device(config)# username admin privilege 15 password cisconet
QUESTION: 66
What global IOS command is used to configure username admin with highest privilege level access and
secret password cisconet?
Answer: D
Explanation
The following IOS command will configure a username called admin with privilege level 15 and secret
password cisconet. The secret password uses an MD5 hash by default to encrypt that is more secure
than type 7 encryption. Note that secret passwords do not require service password encryption. Some
network devices have multiple password types however and would use service password-encryption.
device(config)# username admin privilege 15 secret cisconet
QUESTION: 67
What are three examples of solutions for physical access security?
28 | P a g e
Cisco Certified Network Associate – 200-301
A. biometric scan
B. rack lock
C. swipe card
D. digital certificate
Answer: A,B,C
QUESTION: 68
What services are provided by DHCP snooping? (select two)
Answer: B,D
Explanation
DHCP snooping is a security feature that acts like a firewall between untrusted hosts and trusted DHCP
servers. The services provided by DHCP snooping include the following:
• Permit DHCP packets to a trusted port only.
• Prevent rogue DHCP servers from offering IP addresses to hosts.
QUESTION: 69
What security solution prevents connecting any unauthorized network device hardware to the
corporate network?
Answer: C
Explanation
The purpose of port security is to optimize security through network switch access control. For instance
plugging a laptop from home into the Ethernet jack at work could affect network operations. The switch
port enabled with Port Security would deny access based on the unknown MAC address.
29 | P a g e
Cisco Certified Network Associate – 200-301
QUESTION: 70
What statement is NOT correct when comparing authentication and authorization?
Answer: A
QUESTION: 71
What wireless authentication protocol provides the most security?
A. WPA3
B. WPA2
C. AES
D. Open
E. WPA2-PSK
Answer: A
Explanation
The best wireless security for authentication and encryption of wireless clients is WPA3. Cisco supports
WPA2 (Enterprise) with RADIUS server authentication and AES data encryption. It is currently the best
security available for Cisco wireless devices. There is WPA2-PSK (Personal) as well that is based on a
static passphrase only with no user authentication.
QUESTION: 72
What are four advantages of SDN compared with traditional network architecture?
A. agility
B. open standards
C. dynamic
D. faster deployment
E. distributed control plane
Answer: A,B,C,D
Explanation
SDN controllers are based on a centralized single network control plane.
30 | P a g e
Cisco Certified Network Associate – 200-301
QUESTION: 73
What three statements correctly describe SDN architecture?
Answer: A,B
Explanation
Software Defined Networking (SDN) is an architecture that separates the control plane from the data
plane. The purpose for that is to abstract underlying network infrastructure. That allows
programmability of supported network devices. It is similar to the hypervisor paradigm shift that
abstracts (separates) server hardware from software components including operating systems,
applications and virtual appliances. The same idea is applied to the network infrastructure with overlays
and programmable services.
QUESTION: 74
What are four advantages of an SDN Controller?
Answer: ABEF
Explanation
The following statements accurately describe SDN Controller.
31 | P a g e
Cisco Certified Network Associate – 200-301
QUESTION: 75
What is the purpose of a southbound API?
Answer: A
Explanation
SDN overlay has a separate control plane and management plane. The data plane underlay is
communicated via southbound APIs. The southbound API is a software program that connects physical
network infrastructure (data plane) with an SDN controller.
QUESTION: 76
Select three network overlay components?
A. OSPF
B. VXLAN
C. switch
D. VPN tunnel
E. OTV
Answer: BDE
Explanation
Cisco DNA architecture fabric overlay is a logical topology that creates virtual connections between
endpoints.
QUESTION: 77
How does Cisco DNA enable automation? (select two)
A. CDP
B. Controllers
C. Underlays
D. Open APIs
32 | P a g e
Cisco Certified Network Associate – 200-301
Answer: BD
Explanation
Cisco DNA enables automation and programmability via controllers and open APIs.
QUESTION: 78
What is the corresponding CRUD operation for an HTTP GET verb?
A. READ
B. POST
C. PUT
D. PATCH
Answer: A
Explanation
The purpose of CRUD is primarily manipulation of database records for a variety of traditional
application platforms. Recently, it has been adapted as well for web-based applications. CRUD methods
are mapped to HTTP verbs for creating REST API and compliance with REST architecture.
You can define a REST API for creating web services based on CRUD operations as a result. For example,
consider an online shopping cart where CRUD is used to READ a web page where some CCNA books are
listed. The next operation is CREATE to checkout and send payment for selected item. You could then
change your shipping location with an UPDATE operation. The DELETE operation is used to
remove/cancel a shopping cart session that was started.
QUESTION: 79
What task is not suitable for Puppet, Chef or Ansible?
A. install software
B. configure multiple switches
C. copy (backup) files
D. deploy virtual machines
Answer: D
Explanation
There are various open source configuration management tools that enable automation and
orchestration of basic and complex tasks. They were originally developed for cloud computing however
they are used to manage on-premises infrastructure as well. Some of the most popular automation tools
include Puppet, Chef and Ansible.
QUESTION: 80
33 | P a g e
Cisco Certified Network Associate – 200-301
What are some disadvantages of traditional network management when compared with network
automation? (select three)
A. scripting
B. hardware only
C. CLI
D. manual
E. slower
Answer: CDE
Explanation
The advent of network programmability and automation tools is radically changing how network
infrastructure is managed. In fact, manufacturing automation is an industrial example that caused
production efficiency to multiply. Compared with traditional networking, automation has astonishing
advantages that is transforming the management of wired, wireless and virtualized network
infrastructure. Network automation lowers operational costs, enables deployment agility, and unified
policies.
Previously, traditional networking was based on a silo view where each network device was statically
managed separately. There is much more accomplished, in less time and at a lower cost while
minimizing network outages. Having a centralized, real-time network view is fundamental to
automation. Create unified policies for device configuration, security, wireless and systems
management. The following list of management tasks are common to network automation.
QUESTION: 81
Select the IP address that is publicly assigned from an ISP?
A. 192.168.100.1/24
B. 172.16.1.1/24
C. 200.200.1.1/24
D. 10.100.1.1/24
Answer: C
Explanation
All public addressing is not within RFC 1918 private address space and assigned by ISP.
QUESTION: 82
Select the IP address that is assignable to a router interface?
A. 224.0.0.10
34 | P a g e
Cisco Certified Network Associate – 200-301
B. 127.0.0.1
C. 192.168.1.0
D. 192.168.1255
E. 172.16.1.1
Answer: E
Explanation
There is only IP address 172.16.1.1 option that is assignable to a router interface (host address). You
cannot assign network, broadcast, multicast or test loopback addresses to a network interface.
QUESTION: 83
Select the network address that is part of RFC 1918 private assigned address space?
A. 172.16.0.0/12
B. 172.33.0.0/24
C. 12.0.0.0/7
D. 192.169.0.0/23
Answer: A
Explanation
RFC 1918 defines private IP address space from each address class. The private IP addressing is not
public routable across the internet. The standard practice is for companies to assign private addressing
to all inside hosts. NAT is deployed at the internet edge where private addresses are translated to public
routable addresses. The following are the RFC 1918 private IP address ranges:
10.0.0.0 - 10.255.255.255 /8
172.16.0.0 - 172.31.255.255 /12
192.168.0.0 - 192.168.255.255 /16
QUESTION: 84
What subnet mask is required to assign 15 host IP addresses?
A. 255.255.255.252(/30)
B. 255.255.255.248(/29)
C. 255.255.255.240(/28)
D. 255.255.255.224(/27)
Answer: D
Explanation
Refer to the Class C subnetting table for a subnet mask that enables at least 15 host addresses. The
nearest subnet mask is 255.255.255.224 that allows you to assign a maximum of 30 host IP addresses to
35 | P a g e
Cisco Certified Network Associate – 200-301
network interfaces. It is not only physical interfaces assigned an IP address. There are logical addresses
such as loopback address and SVI as well.
QUESTION: 85
What IP addresses are not in the same subnet?
A. 192.168.1.1/30, 192.168.1.2/30
B. 192.168.1.2/30, 192.168.1.3/30
C. 192.168.1.3/30, 192.168.1.4/30
D. 192.168.1.5/30, 192.168.1.6/30
Answer: C
QUESTION: 86
What IOS command enables IPv6 packet forwarding on a Cisco router?
A. ipv6 enable
B. ipv6 host
C. ipv6 link-local
D. ipv6 unicast
E. ipv6 unicast-routing
Answer: E
Explanation
The following IOS global command enables IPv6 packet forwarding on a Cisco router.
router(config)# ipv6 unicast-routing
QUESTION: 87
What is the maximum length of an SSID?
A. 32 characters
B. 48 characters
C. 12 characters
D. 11 characters
Answer: A
Explanation
SSID is a network name (WLAN) with a maximum 32 characters allowed.
36 | P a g e
Cisco Certified Network Associate – 200-301
QUESTION: 88
Select two characteristics of a wireless RF cell?
A. half-duplex
B. full-duplex
C. CSMA/CA
D. CSMA/CD
E. multiple collision domains
Answer: AC
Explanation
Any wireless RF cell deployed with access points are essentially bridges with half-duplex transmission to
clients. CSMA/CA is enabled for media access contention.
QUESTION: 89
What are four differences between SDN and traditional network architecture?
Answer: ABDE
Explanation
SDN overlay has a control plane and a management plane. The data plane underlay is communicated via
southbound APIs.
QUESTION: 90
What are three characteristics of Cisco DNA architecture?
A. performance
B. open platform
C. analytics
D. automation
E. troubleshooting
Answer: BCD
Explanation
37 | P a g e
Cisco Certified Network Associate – 200-301
QUESTION: 91
What is the default encoding standard for JSON?
A. UTF-8
B. UTF-44
C. HTTP
D. ASCII
Answer: A
QUESTION: 92
What are three advantages of JSON?
A. platform independent
B. enable data sharing
C. less bandwidth than XML
D. network security
E. HTML data interchange format
Answer: ABC
Explanation
JSON is an open standard file format that is platform independent. That enables easier integration and
data sharing between web-based applications and lower bandwidth usage.
QUESTION: 93
What configuration management tool is well-suited to quick automation tasks?
A. Ansihle
B. XML
C. JSON
D. UTF
Answer: A
QUESTION: 94
What are three differences between SMF and MMF cabling media?
38 | P a g e
Cisco Certified Network Associate – 200-301
Answer: ABD
QUESTION: 95
What transport protocol is connection-oriented?
A. UDP
B. IP
C. TCP
D. NTP
Answer: C
QUESTION: 96
What interface counter is most often associated with duplex mismatches?
A. runts
B. duplex
C. CRC
D. early collisions
E. late collisions
Answer: E
Explanation
The misconfiguration of duplex setting between switches causes collisions on a switch port. The late
collisions interfaces counter increase as a result. Note that duplex mismatch has no affect on the
operational state of interfaces (up/up). Packets are still forwarded however performance is often
affected.
QUESTION: 97
What is collapsed core architecture?
A. 3-Tier
B. Spine-Leaf
39 | P a g e
Cisco Certified Network Associate – 200-301
C. 2-Tier
D. WAN topology
Answer: C
QUESTION: 98
What host command displays the network interface settings on a Linux computer?
A. ipconfig -a
B. netconfig -a
C. ifconfig -a
D. netstat -a
Answer: C
QUESTION: 99
What is the primary purpose of a router?
Answer: D
QUESTION: 100
What component enables sharing of server hardware among multiple Virtual Machines (VM)?
A. virtual interface
B. vPath
C. supervisor
D. hypervisor
Answer: D
QUESTION: 101
Refer to the network topology. Host-1 has sent data to server-1 on switch-1. What will switch-1 do with
the frame when it arrives?
40 | P a g e
Cisco Certified Network Associate – 200-301
Answer: B
Explanation
The destination MAC address is unknown. The switch will unicast flood (MAC learning) the frame out all
ports except the port where the frame was learned from (Gi1/1). Server-1 with the matching destination
MAC address receives the frame. The switch updates the MAC address table with the MAC address and
associated port (Gi1/3) of server-1. That occurs when data is sent in return path from server-1 to host-1.
QUESTION: 102
What is the default aging timer in seconds for a Cisco switch?
A. 300
B. 0
C. 60
D. 100
Answer: A
41 | P a g e
Cisco Certified Network Associate – 200-301
QUESTION: 103
What are three primary advantages of VLANs?
Answer: ADF
Explanation
VLANs do not prevent broadcast storms, they minimize the size and effect of the broadcast storm on
neighbor switches and hosts. The VLAN is a broadcast domain and as such broadcasts are not advertised
outside of the VLAN. Network security is optimized with VLANs by segmenting sensitive traffic and filter
it from other network traffic. Bandwidth efficiency is accomplished through segmenting broadcast
domains with VLANs. Unicasts, broadcasts and multicasts are not forwarded between VLANs minimizing
bandwidth utilization. VLANs ease the adds, moves and deleting of hosts on the network. LANs control
and filter user access to network services based on department for instance.
QUESTION: 104
What command will display all VLANs that are operational (active)?
A. show vlan id
B. show vlan brief
C. show vlan all
D. show ip interface brief
Answer: B
QUESTION: 105
What statements correctly describe Cisco switch VLAN 1? (select three)
42 | P a g e
Cisco Certified Network Associate – 200-301
Answer: BE
Explanation
VLAN 1 is assigned as the default VLAN for all switch ports. The purpose of VLAN 1 is to forward
management traffic (CDP, LACP, STP etc.) between switches. The following are correct statements
concerning VLAN 1.
Cisco switch assigns VLAN 1 as a default to all switch ports.
Default VLAN 1 is the management VLAN and cannot be deleted.
Assigning user traffic to VLAN 1 creates a security vulnerability.
Native VLAN for switch trunk interfaces is assigned to VLAN 1 as default setting.
QUESTION: 106
VLAN 10 is assigned as the native VLAN to switch-1. What happens when frames are sent to neighbor
switch-2 that has a default configuration?
Answer: B
Explanation
Cisco default setting for a switch is to assign the native VLAN to VLAN 1. Any neighbor switch must be
assigned to the same VLAN or a native VLAN mismatch error will occur.
QUESTION: 107
What two statements are characteristic of the 802.1q protocol?
A. open standard
B. prevents VLAN mismatches
C. VLAN membership tag
D. tunnel protocol
E. Cisco proprietary
Answer: AC
Explanation
802.1q protocol is the current Cisco default encapsulation for switch trunks. It is an open standard that
supports multi-vendor switch connectivity. The purpose of 802.1q is to enable forwarding of multiple
VLANs across a trunk link. That is accomplished by tagging each frame with VLAN membership.
Encapsulation and forwarding of frames starts after layer 2 convergence with STP and DTP has
43 | P a g e
Cisco Certified Network Associate – 200-301
established the trunk. The Ethernet frame header is modified as a result of adding the 4-byte VLAN tag
so that the Ethernet frame increases to 1522 bytes. The standard Ethernet MTU size is 1500 bytes + 18
byte header + 4 byte tag (1522 bytes). That requires recalculation of the FCS value used for CRC.
QUESTION: 108
What IOS command will initially allow only VLAN 11 across a trunk for a default switch configuration?
Answer: A
Explanation
Any switch with a default configuration permits all VLANs across an enabled trunk interface. The IOS
command switchport trunk allowed vlan 11 is exclusive and permits only VLAN 11. Cisco IOS command
switchport trunk allowed vlan add 11 for example, is used only after allowing a subset of VLANs across a
trunk interface. The IOS command switchport trunk allowed vlan remove 11 is a similar command that
would remove VLAN/s previously allowed.
QUESTION: 109
What is required to negotiate dynamic trunking between switches?
Answer: C
QUESTION: 110
What is advertised between LLDP neighbors by default?
A. timer interval
B. chassis ID, port ID and TTL
C. VLAN tag
D. IOS version, port ID
Answer: B
44 | P a g e
Cisco Certified Network Associate – 200-301
QUESTION: 111
What is the purpose of a channel group?
Answer: A
Explanation
Layer 2 and Layer 3 port channel interfaces are supported. There is channel-group command that binds
the port channel interface to an EtherChannel. The Layer 2 port channel is a logical interface comprised
of EtherChannel access ports or trunk ports. The Layer 2 port channel is created automatically based on
the channel-group number. The supported channel-group numbers are 1 - 4096.
The Layer 3 port channel is a routed logical interface comprised of EtherChannel access ports or trunk
ports. The following configuration is supported on a Multilayer switch where routed ports are available.
QUESTION: 112
What statements best describe Rapid PVST+ protocol? (select two)
Answer: CD
Explanation
Rapid Per VLAN Spanning Tree Plus (RPVST+) enables a spanning tree instance per VLAN with RSTP fast
convergence. It was developed to support 802.1q encapsulation for Cisco devices only. The original
802.1d standard was designed for a single broadcast domain. STP prevents broadcast storms caused by
Layer 2 loops.
QUESTION: 113
What new STP port state is enabled with RSTP (802.1w) for faster convergence?
A. blocking
B. listening
C. forwarding
45 | P a g e
Cisco Certified Network Associate – 200-301
D. discarding
Answer: D
Explanation
The advantage of Rapid Spanning Tree Protocol (RSTP) is faster Layer 2 convergence. It is backward
compatible with 802.1d enabled switches. The newer 802.1w (RSTP) standard is comprised of only three
port states. They include discarding, learning and forwarding. STP will transition switch ports through all
STP port states to arrive at either forwarding or discarding state.
QUESTION: 114
How is a root bridge elected when there are multiple switches with a default configuration?
Answer: C
Explanation
The root bridge elected for a spanning tree instance is the switch with the lowest bridge ID. STP
calculates a unique numerical value for the bridge ID based on the switch priority setting and MAC
address. The switch with the lowest bridge ID is elected as root bridge. The tie breaker is lowest MAC
address, when switches are assigned the same priority. The bridge ID is calculated by STP to assign the
root bridge per VLAN. The priority setting for a Cisco switch with a default configuration is 32768. You
can manually configure a lower switch priority as well to assign root bridge.
QUESTION: 115
What are the three advantages of Wireless LAN Controllers?
Answer: ABC
Explanation
The purpose of Wireless LAN Controllers (WLC) is deployment and configuration of access points. In
addition they are responsible for dynamic RF cell optimization.
46 | P a g e
Cisco Certified Network Associate – 200-301
QUESTION: 116
What access point operational mode is required when connecting to a wireless controller?
A. Hybrid
B. Client
C. LAP
D. DCA
E. Autonomous
Answer: C
Explanation
WLC was developed to centralize administration of thousands of access points. The lightweight access
point (LAP) is an operational mode and architecture. You are required to convert any autonomous mode
access points to LAP for use with controllers.
QUESTION: 117
What is not assigned to WLAN ID configuration?
A. security protocol
B. QoS service level
C. SSID name
D. radio settings
E. management protocol
Answer: E
QUESTION: 118
The following is an OSPF route from a routing table. What is the administrative distance?
O 192.168.12.8/30 [110/128] via 192.168.12.5, 00:35:36, Serial0/0
A. 128
B. 110
C. 0
D. 238
Answer: B
QUESTION: 119
47 | P a g e
Cisco Certified Network Associate – 200-301
EIGRP, OSPF and RIPv2 are advertising routes to the same destination. What route is installed based on
the following routing table information?
EIGRP = [90/1252335]
OSPF = [110/10]
RIPv2 = [120/3]
A. RIPv2 route
B. all three routes are installed
C. OSPF route
D. EIGRP route
E. OSPF and RIPv2 routes
Answer: D
QUESTION: 120
Based on the routing table shown below, when the router receives a packet with destination IP address
192.168.1.65, what is the next hop address?
48 | P a g e
Cisco Certified Network Associate – 200-301
A. 192.168.2.2
B. 192.168.2.1
C. 172.33.1.1
D. 192.168.2.3
E. 192.168.2.4
Answer: A
Explanation
The longest match is in effect when there are multiple routes to the same destination (192.168.1.65).
The 192.168.1.64/26 is the correct prefix with the longest match subnet prefix (/26). It is a static route
(S) with 192.168.2.2 as the next hop address. The destination route 192.168.1.65 is within the subnet
192.168.1.128/25 range as well. The /26 prefix is longer than the /25 route.
S 192.168.1.64/26 [1/0] via 192.168.2.2
49 | P a g e
Cisco Certified Network Associate – 200-301
QUESTION: 121
What route is installed in the routing table to destination 192.168.1.0/27 when routes are advertised
from the following sources?
A. OSPF route
B. static route
C. default route
D. RIPv2 route
Answer: B
QUESTION: 122
What two statements are correct concerning static routing?
Answer: AC
QUESTION: 123
What IOS command advertises a local default route to all connected neighbors?
A. ip route
B. default-network
C. default-information originate
D. default-gateway
Answer: C
Explanation
The purpose of default-information originate is to advertise the default route configured on the local
router to all connected neighbors. It is often configured on a data center router for advertising a route
to the internet.
QUESTION: 124
How is a floating static route configured?
50 | P a g e
Cisco Certified Network Associate – 200-301
Answer: C
QUESTION: 125
What is the valid connected host route?
A. 172.16.1.1/32
B. 192.168.255.254/24
C. 172.16.0.0/32
D. 10.0.0.0/8
Answer: A
QUESTION: 126
What is required for OSPF to establish a neighbor adjacency?
Answer: D
Explanation
The purpose of OSPF hello packets are to discover neighbors and establish neighbor adjacency. Hello
packets are also sent to maintain neighbor relationships and confirm that a neighbor is still active. OSPF
routers establish adjacency with all connected neighbors for bidirectional communication. That enables
all routers to synchronize database and routing tables. There is a hello timer configured to send hello
packets at fixed intervals.
All timers must match between directly connected neighbor interfaces. OSPF neighbor adjacency is not
formed when there is a mismatch of hello or dead timers. The following describe additional reasons why
neighbor adjacency would not occur between neighbors.
• Subnet mismatch
• Network type mismatch
• Timers mismatch
• MTU mismatch
51 | P a g e
Cisco Certified Network Associate – 200-301
• Area ID mismatch
QUESTION: 127
How is designated router (DR) elected when all routers have a default configuration?
Answer: C
Explanation
• Router default OSPF priority = 1
• Router with highest configured OSPF priority is elected DR
• Router with highest router ID address is elected DR when priorities are equal. First preference is
an explicitly configured router ID.
QUESTION: 128
What OSPF network type elects a Designated Router (DR)?
A. broadcast
B. point-to-point
C. multicast
D. unicast
Answer: A
Explanation
It is only OSPF broadcast network type that elects a Designated Router (DR) and Backup Designated
Router (BDR). An example of a broadcast network is Ethernet.
QUESTION: 129
What addressing is assigned to an OSPF broadcast network? (select two)
A. Subnet
B. VLAN
C. Loopback
D. Multiple subnets
E. SVI
52 | P a g e
Cisco Certified Network Associate – 200-301
Answer: AB
QUESTION: 130
What is selected as router ID first when configured on a router?
Answer: D
Explanation
OSPF Router ID Selection
1. Unique 32-bit IPv4 dotted-decimal address.
2. Purpose is to identify each router for routing updates and adjacency.
3. Manually configured router ID is preferred first.
4. The highest IP address on a loopback interface is assigned when no router ID is configured.
5. The highest IP address of any active physical interface is assigned if no loopback interface exists.
QUESTION: 131
What is the default OSPF reference bandwidth?
A. 100 Mbps
B. 1000 Mbps
C. 10000 Mbps(10 GE)
D. 10 Mbps
Answer: A
QUESTION: 132
What field in the IP header prevents routing loops by limiting the maximum number of hops possible?
A. TTL
B. ICMP
C. MTU
D. CRC
E. ToS
53 | P a g e
Cisco Certified Network Associate – 200-301
Answer: A
Explanation
The IP header has a field called Time-to-Live (TTL) that has a default value of 255. The purpose of TTL is
to prevent packets from infinitely looping as a result of a routing loop. The TTL field is decremented by
one with each router hop. That guarantees the packet will be discarded after 255 hops.
QUESTION: 133
What IOS command will display OSPF adjacency state?
Answer: A
QUESTION: 134
What design feature is required to create a single virtual router from two separate routers?
Answer: C
Explanation
The virtual router is based on a shared virtual IP address and MAC address. The virtual addressing is
assigned to the active router. The standby router is assigned the virtual addressing when the active
router isn't available. The redundancy feature allows for fast failover to the standby router.
QUESTION: 135
What is required to configure a router as a DHCP client?
54 | P a g e
Cisco Certified Network Associate – 200-301
Answer: A
QUESTION: 136
What service is provided by DHCP?
Answer: C
QUESTION: 137
What IP address translation technique allows for the most internet connections based on a single public
IP address?
Answer: E
Explanation
NAT overload is referred to as Port Address Translation is an IP address translation technique that
translates the most internal (private) IP addresses to a single or multiple public IP addresses. It is an
enhancement to NAT that assigns a unique source port number to each translated IP address. The host
IP address for instance could be identified with 200.200.1.1:10 as the translated source IP address. The
10 is the unique source port making the translated IP address unique. The 16 bit source port field allows
for translating 65,535 private (internal) IP addresses to a a public IP address. There is support for a pool
of addresses or single interface.
192.168.1.1:10 -> 200.200.1.1:10
192.168.1.2:11 -> 200.200.1.1:11
192.168.1.3:12 -> 200.200.1.1:12
QUESTION: 138
What two statements accurately describe the operation of static NAT?
55 | P a g e
Cisco Certified Network Associate – 200-301
Answer: CD
Explanation
The static NAT translation is a 1:1 configured mapping between local and global addresses. As a result
they are a permanent entry in the NAT translation table. They enable a remote host connection from an
outside (external) network.
QUESTION: 139
What statements correctly describe Network Time Protocol (NTP)? (select four)
Answer: ABC
Explanation
The following are all correct statements concerning NTP network protocol.
• Provides time source for logging and time stamp transactions
• N+1 server redundancy supported (NTP master + failover)
• Reference is UTC coordinated universal time
• DNS is required for resolving time server IP address
QUESTION: 140
What is NTP stratum?
Answer: D
QUESTION: 141
What IOS command forwards DNS requests originating from a Cisco device to a DNS server?
56 | P a g e
Cisco Certified Network Associate – 200-301
A. ip-server
B. ip dns-server
C. ip name sewer
D. ip name-server
Answer: D
Explanation
This feature is often enabled to allow network administrators to start a Telnet/SSH session based on a
hostname instead of IP address.
QUESTION: 142
What SNMP traps generated from the Cisco device are logged when the following IOS command is
configured? (select four)
A. warnings
B. alerts
C. informational
D. errors
E. notices
F. emergencies
Answer: ABDF
Explanation
The IOS command enables a Cisco device to log SNMP trap from 0 (zero) up to and including level 4. The
traps are logged to the Syslog server. The Syslog servers receive informational (trap 6) and lower
numbered messages as a default. The logging facility default setting is local7 for switches and routers.
device (config)# logging trap 4
The following alert level traps are generated with level 4 logging:
• Emergencies (level 0)
• Alerts (level 1)
• Errors (level 3)
• Warnings (level 4)
QUESTION: 143
What statement does NOT correctly describes Syslog server?
A. Syslog is UDP-based
57 | P a g e
Cisco Certified Network Associate – 200-301
Answer: C
QUESTION: 144
Select the network interface type where Class of Service (CoS) marking is supported?
Answer: E
Explanation
The only network interface that supports Class of Service (CoS) marking is an Ethernet switch trunk. The
802.1q tag is added to an Ethernet frame when trunking is enabled. The 802.1q field is used for VLAN
membership tagging. That allows forwarding of multiple VLANs between switches. There is a 3 bit field
used for CoS marking and prioritization (queuing) of traffic. Routers can only examine the CoS marking
of a frame and trust or remark the layer 3 packet. The router would specifically strip off the original
frame and rewrite MAC addressing. In addition the router would either trust the CoS value or rewrite a
DSCP value equal to the CoS marking. Serial interfaces do not use frames and have no MAC address.
Layer 2 switches are configured with a trust state that determines frame handling. Cisco IP phones mark
all voice traffic to the switch with default CoS 5. In addition a trunk is created from the IP phone to the
switch when the voice VLAN feature is enabled. The trunk tags voice packets from the phone and data
from the host to an access port on the switch.
QUESTION: 145
What is the primary advantage of SSH over Telnet for remote management of Cisco devices?
A. encryption
B. local authentication
C. AAA authentication
D. performance
Answer: A
58 | P a g e
Cisco Certified Network Associate – 200-301
QUESTION: 146
What are two services that are suitable for TFTP server?
Answer: AB
QUESTION: 147
Refer to the following router configuration. ACL 100 is not configured correctly and denying all traffic
from all subnets. What interface level IOS command immediately removes the effect of ACL 100?
Answer: B
Explanation
The ACL must be applied to an interface for it to inspect and filter any traffic. In addition the in | out
keywords specify the direction to filter packets at the interface. The output from show ip interface
command lists the ACL and direction configured for the interface.
The ACL is applied with interface level IOS command ip access-group 100 out. To remove filtering
requires deleting the ip access- group from the interface, whether inbound or outbound. The ip access-
group in | out command refers to an ACL by name or number. The access-class in | out command filters
VTY line access only.
59 | P a g e
Cisco Certified Network Associate – 200-301
QUESTION: 148
What last statement is required for proper IPv6 operation when deploying multiple ACL deny
statements?
Answer: E
Explanation
Proper IPv6 operation requires ACL permit ipv6 any any (all traffic) as a last statement when there are
multiple ACL deny statements.
QUESTION: 149
What extended ACL will deny access to all applications on a server?
Answer: E
Explanation
The command deny ip is used to deny access to all applications. IP is Layer 3 and includes all TCP/UDP
application ports that are at a higher (less specific) OSI layer.
QUESTION: 150
What is the only extended ACL that will NOT deny client access to web-based applications on a server?
Answer: D
60 | P a g e
Cisco Certified Network Associate – 200-301
QUESTION: 151
What two statements are correct concerning the following IOS command?
device(config)# service password-encryption
Answer: BE
Explanation
The purpose of service password-encryption command is to encrypt passwords in the running and
startup configuration scripts. It applies to all passwords except secret passwords.
QUESTION: 152
What command enables VTY lines with local authentication?
A. login
B. login local
C. local login
D. login authentication default
Answer: B
QUESTION: 153
What is not a component of Multi-Factor Authentication (MFA)?
Answer: D
QUESTION: 154
What is the purpose of dynamic ARP inspection?
61 | P a g e
Cisco Certified Network Associate – 200-301
Answer: A
Explanation
The primary purpose for configuring Dynamic ARP Inspection (DAI) is to prevent man-in-the-middle
(MITM) hacker attacks. They are Layer 2 attacks that cause ARP table poisoning.
QUESTION: 155
What is the effect of configuring the following commands on a switch interface?
switch(config-if)# switchport port-security
switch(config-if)# switchport port-security mac-address sticky
Answer: D
Explanation
The IOS commands enable port security on a switch port interface. In addition the sticky keyword saves
the dynamically learned MAC address to the running configuration script. The sticky MAC addresses do
not age out of the MAC address table. The switch does have to relearn the MAC addresses after every
reboot unless the running configuration is saved to startup configuration file. Removing the sticky
keyword causes dynamically learned the MAC addresses to persist in the MAC address table only for the
connected session.
QUESTION: 156
What encryption cipher is currently supported when deploying WPA Enterprise (WPA2)?
A. AES
B. MD5
C. TKIP
D. SAE
Answer:
62 | P a g e
Cisco Certified Network Associate – 200-301
QUESTION: 157
How is wireless security enabled with WPA2-PSK?
A. dynamically
B. passphrase
C. SSID
D. MD5
Answer: B
QUESTION: 158
Select three network underlay components?
A. OSPF
B. VXLAN
C. Switch
D. Router
E. VPN
Answer: A,C,D
Explanation
Cisco DNA architecture describes an underlay and virtual fabric overlay. The underlay is physical
hardware and network protocols.
QUESTION: 159
Select three characteristics of network overlays?
A. routing protocols
B. encapsulation
C. IP address isolation
D. data plane forwarding
E. virtual topology
Answer: B,C,E
Explanation
Network overlays use encapsulation to enable virtual topology connections and address isolation.
63 | P a g e
Cisco Certified Network Associate – 200-301
QUESTION: 160
What configuration and maintenance events are best suited for automation? (select three)
Answer: A,B,C
Explanation
Automation tasks are often deployed for software compliance, initial device configuration, and
repeatable tasks.
QUESTION: 161
Select the valid host IP address from the following options?
A. 172.16.1.255/24
B. 192.168.1.0/24
C. 192.168.1.3.1/30
D. 10.10.1.1/30
Answer: D
Explanation
All addresses are either a network address or broadcast address except 10.10.1.1/30 host address.
QUESTION: 162
What subnet mask would allow you to create at least 60 subnets for connecting 60 branch offices to the
data center?
A. 255.255.255.252 (/30)
B. 255.255.255.248 (/29)
C. 255.255.255.240 (/28)
D. 255.255.255.0 (/24)
Answer: A
Explanation
Refer to the Class C subnetting table and subnet column for at least 60 subnets. There is subnet mask
255.255.255.252 that allows a maximum of 64 subnets. The same subnet mask also allows you to assign
a maximum of 2 host IP addresses to interfaces. Any point-to-point link connecting two routers for
64 | P a g e
Cisco Certified Network Associate – 200-301
example only requires two host IP addresses. Each router has a Layer 3 interface that is assigned an IP
address.
QUESTION: 163
What subnet mask is required to assign 127 host IP addresses from network address 192.168.100.0?
A. 255.255.255.0
B. 255.255.255.192
C. 255.255.255.128
D. 255.255.255.255
Answer: A
Explanation
Most subnets often require less than 127 hosts that are assigned to a single VLAN. You have probably
noticed that class C subnetting applies to class A, B, C addresses. Refer to the class C subnetting table
and host column for at least 127 hosts. The nearest is 254 hosts with the default class C subnet mask
255.255.255.0 (classful). There is only a single subnet available. The key to understanding class C
subnetting is the wasted number of host addresses that are available with default subnet masks for all
class addresses.
QUESTION: 164
Select two advantages of IPv4 private addressing?
Answer: AD
Explanation
The deployment of private addressing enables intranet (private) connectivity and management of
private routing domains.
QUESTION: 165
What prefix is assigned to any IPv6 link local address?
A. FD00::/8
B. FE80::/64
C. 2000::/3
65 | P a g e
Cisco Certified Network Associate – 200-301
D. ::/128
Answer: B
QUESTION: 166
What IPv6 addressing method is most similar to DHCPv4?
A. stateful DHCPv6
B. SLAAC
C. stateless DHCPv6
D. static
Answer: A
Explanation
Stateful DHCPv6 is most similar to DHCPv4 for IPv4 addressing. The IPv6 client sends a broadcast request
to the nearest DHCPv6 server for IP address configuration. The DHCPv6 server assigns the IPv6 address
and any additional required addressing configuration such as default gateway and DNS server.
QUESTION: 167
How do you extend RF cell range and cell coverage? (select three)
A. antenna
B. repeater
C. higher data rate
D. higher frequency
E. transmit power
Answer: ABE
Explanation
The primary techniques for extending RF cell range to clients include stronger gain antenna, signal
repeater and higher transmit power. Extending the cell range is often at a lower data rate however.
QUESTION: 168
What are three common sources of RF interference in 2.4 GHz frequency band?
66 | P a g e
Cisco Certified Network Associate – 200-301
E. microwave oven
Answer: BDE
Explanation
There is notably a lot of RF environmental interference in the 2.4 GHz band and a primary reason for
promoting 5 GHz access points.
QUESTION: 169
What are the default PoE settings for a Cisco switch? (select two)
Answer: AC
Explanation
Cisco default switch port settings for PoE are auto-enabled and maximum power per device based on
the negotiation.
QUESTION: 170
What are the advantages of Power over Ethernet? (select two)
A. cost effective
B. extend wireless network
C. performance
D. security
E. automation
Answer: AB
QUESTION: 171
What are the default settings on a switch port for duplex and speed?
A. autonegotiation
B. none
C. fulI-1000
D. auto-1000
67 | P a g e
Cisco Certified Network Associate – 200-301
Answer: A
QUESTION: 172
What two commands can verify the MAC address of a Windows client?
A. Ipconfig /all
B. show mac address-table
C. show mac-address-table
D. show hosts
Answer: AB
QUESTION: 173
What will a network switch do when a frame arrives and there is no table entry for the destination MAC
address?
Answer: E
Explanation
MAC learning is activated on a switch when there is no destination MAC address for a frame in the MAC
address table. The switch floods frame out of all switch ports except where the frame was learned. The
server with matching destination MAC address responds to switch with a frame. The switch examines
frame and adds the destination MAC address to MAC address table.
QUESTION: 174
What Layer 2 interface errors are caused by collisions? (select two)
A. CRC
B. TTL
C. giants
D. runts
E. UDLD
68 | P a g e
Cisco Certified Network Associate – 200-301
Answer: AD
Explanation
The output of show interfaces list various layer 2 errors including runts, giants, collisions and CRC errors.
The most common cause of CRC and runts is collisions. Gigabit Ethernet switch ports have eliminated
collisions unless there is a configuration error or hardware issue. Collisions occur mostly when there is a
duplex setting mismatch between host and switch interfaces. In addition collisions can occur when there
is a bad network interface card (NIC) or cabling error. Giant frames (1600 bytes) result either from a
faulty NIC card or an MTU misconfiguration on an interface.
QUESTION: 175
What application is not TCP-based?
A. SNMP
B. SSH
C. Telnet
D. HTTP
Answer: A
QUESTION: 176
What primary service does a Layer 2 access switch provide?
Answer: E
Explanation
The primary purpose of a Layer 2 access switch is to make forwarding decisions based on destination
MAC address. The MAC address table is created with a list of destination MAC address for each
connected device. In addition, the switch port assigned and VLAN membership. Layer 3 switches also
provide per-hop routing services and traffic aggregation.
The following is a summary of network services:
• Layer 2 switch only read Ethernet frame header and forward traffic.
• All switches create and maintain the MAC address table.
• There is a separate collision domain per Gigabit port.
• There is a separate broadcast domains per VLAN.
69 | P a g e
Cisco Certified Network Associate – 200-301
QUESTION: 177
How many broadcast domains are created with 10 VLANs and 40 switch ports?
A. 1
B. 10
C. 40
D. 50
Answer: B
QUESTION: 178
What VLANs cannot be deleted? (select the best answer)
A. 2, 1005
B. 1, 1 002-1 005
C. 1, 1006-4094
D. 1002-1005
Answer: B
QUESTION: 179
What three options correctly describe VLAN configuration on a switch?
Answer: ABD
Explanation
The following are the guidelines for deploying VLANs to a Cisco switch.
• Normal Range VLANs = 1-1005
• VLAN 1, 1002 -1005 are automatically created and cannot be deleted
QUESTION: 180
How many VLANs are configured on a default switch configuration?
A. 1
70 | P a g e
Cisco Certified Network Associate – 200-301
B. 2
C. 1005
D. 4094
Answer: A
QUESTION: 181
What is the correct IOS command to enable the voice VLAN on a switch port?
Answer: C
QUESTION: 182
What VLANs are allowed across a trunk by default?
A. 1
B. 1-4094
C. None
D. 1, 1002-1005
Answer: B
Explanation
Cisco default is to allow all VLANs (1-4094) across a trunk interface.
QUESTION: 183
What is the purpose of the native VLAN?
Answer: D
Explanation
The native VLAN forwards management frames untagged across trunk interface.
71 | P a g e
Cisco Certified Network Associate – 200-301
QUESTION: 184
How is the IP address of a TFTP server communicated to Cisco IP phones?
A. DHCP option 43
B. DHCP option 150
C. DHCP option 82
D. not supported
Answer: B
QUESTION: 185
What options are available for enabling DHCP services to clients? (select two)
Answer: AB
QUESTION: 186
What IOS command displays IP address, MAC address and lease expiration of all DHCP enabled hosts?
Answer: A
Explanation
The following IOS command lists the bindings for all DHCP enabled hosts.
router# show ip dhcp binding
IP Address Hardware Address Lease Expire Type
172.16.1.1 0000.000a.aaaa Aug 16 2021 17:00 PM Auto
172.16.1.2 0000.000b.bbbb Aug 16 2021 17:00 PM Auto
172.16.1.3 0000.000c.cccc Aug 16 2021 17:00 PM Auto
172.16.1.4 0000.000d.dddd Aug 16 2021 17:00 PM Auto
72 | P a g e
Cisco Certified Network Associate – 200-301
QUESTION: 187
What are two primary services provided by Network Address Translation?
Answer: AD
Explanation
Network Address Translation (NAT) translates private IP addressing (RFC1918) to a public routable IP
address for outbound internet traffic. The inbound traffic from the internet is translated (mapped) to a
private IP address.
QUESTION: 188
What is the purpose of Network Time Protocol (NTP)?
Answer: B
QUESTION: 189
What IOS command is required to disable DNS services on a Cisco device?
A. no ip name-sewer
B. no ip domain-lockup
C. no ip domain-server
D. no ip host
E. no ip dns-server
Answer: B
Explanation
The following IOS command disables DNS services on a Cisco device. It is enabled as a default setting
and required for DNS services. Client endpoints already have a DNS server configured where they send
requests typically from DHCP.
73 | P a g e
Cisco Certified Network Associate – 200-301
router(config)# no ip domain-lookup
QUESTION: 190
What network protocol monitors and communicates the operational state of network devices?
A. CDP
B. SNMP
C. Syslog
D. HTTP server
Answer: B
QUESTION: 191
What message type is sent from an SNMP agent to communicate operational status?
A. Trap
B. CDP
C. MIB and Trap
D. Inform only
Answer: A
QUESTION: 192
What is the Syslog default facility level?
A. local7
B. local1
C. local5
D. none
Answer: A
QUESTION: 193
What is the default messaging severity level for Syslog?
A. debug
B. notice
C. informational
74 | P a g e
Cisco Certified Network Associate – 200-301
D. alert
Answer: C
Explanation
Informational (Level 6) severity messages and lower are enabled as a default.
QUESTION: 194
What per-hop behavior (PHB) occurs first when QoS is enabled?
A. queuing
B. marking
C. classification
D. shaping
E. congestion avoidance
Answer: C
QUESTION: 195
What are two examples of Exploits?
A. default password
B. misconfigured firewall rule
C. phishing
D. spoofing
E. software error
Answer: CD
Explanation
Exploit - Attack strategy that leverages an existing security vulnerability. The exploit is software designed
to attack a specific vulnerability. (malware, root kit etc.) email phishing, MITM, spoofing, DDoS.
QUESTION: 196
What are two examples of mitigation techniques?
A. awareness training
B. Man-In-The-Middle (MITM)
C. software update
D. root kit
75 | P a g e
Cisco Certified Network Associate – 200-301
Answer: AC
Explanation
Mitigation - Specific techniques employed to decrease or eliminate the security threat level of a
vulnerability. Some examples include awareness training, software updates, IPS, firewall inspection,
Incident response and vulnerability assessment testing.
QUESTION: 197
What is recommended as part of any security awareness training? (select two)
Answer: AB
QUESTION: 198
What is the ONLY extended ACL that will permit access to web-based applications on a server?
Answer: B
Explanation
A. ACL is incorrect. The keyword web is not valid.
C. ACL is incorrect. The keyword HTTP is not valid.
D. ACL is incorrect. It is true that permit ip would allow all applications, however it not correctly
configured here. Any ACL with either permit ip or deny ip does not support any protocol number or ACL
keyword for an application. You would get an error message. When you configure permit ip or deny ip
there is only an IP address, subnet, or subnet range specified.
QUESTION: 199
What extended ACL will permit SSH traffic from host 192.168.1.1 to any network device?
76 | P a g e
Cisco Certified Network Associate – 200-301
Answer: A
Explanation
ACL permits SSH (TCP port 22) session from host 192.168.1.1 to any destination. Cisco permits either a
keyword or port number for ACL.
B. This ACL is incorrect. There is a subnet address configured instead of a host address and any refers to
all source traffic.
C. This ACL is incorrect. There is subnet address instead of host address.
D. This ACL is incorrect. The destination host is not valid.
QUESTION: 200
Why should you apply a standard ACL near the destination?
Answer: C
Explanation
There is only a source IP address or subnet specified with a standard ACL and no destination address.
The effect of applying it near the destination prevents excessive unwanted traffic filtering.
QUESTION: 201
What last statement is mandatory for IPv4 extended access lists?
Answer: A
Explanation
This statement is mandatory since all Cisco ACLs have an implicit deny as a last statement. It permits all
traffic that does not match any ACL filtering statements.
77 | P a g e
Cisco Certified Network Associate – 200-301
QUESTION: 202
What IOS command enables trunking on a switch port interface?
Answer: A
Explanation
Cisco switches will use default settings unless explicitly configured.
QUESTION: 203
What statement is correct concerning the native VLAN?
Answer: A
Explanation
The native VLAN is only operational on a trunk interface.
QUESTION: 204
What is the purpose of switchport nonegotiate command on a switch port?
Answer: A
Explanation
Configuring switchport nonegotiate command on a switch port explicitly configured as access mode or a
static trunk disables DTP frames. The command prevents advertising DTP frames and recommended for
security purposes. The following are methods for disabling DTP frames on a switch interface.
• switchport mode access command
• switchport mode trunk command
• switchport nonegotiate command on access port or static trunk
78 | P a g e
Cisco Certified Network Associate – 200-301
QUESTION: 205
How do you enable LLDP globally and disable per interface? (select three)
A. lldp enable
B. no lldp receive
C. no lldp transmit
D. lldp run
E. lldp send
Answer: BCD
QUESTION: 206
What protocol is responsible for power negotiation between PoE switch port and IP phone?
A. ARP
B. DHCP
C. CDP
D. 802.1q
Answer: C
Explanation
CDP is enabled by default on a switch for a variety of management features including detection and
power negotiation.
QUESTION: 207
What will NOT disable EtherChannel operation?
A. duplex mismatch
B. protocol mode mismatch
C. protocol mismatch
D. 6 switch ports per channel group
Answer: D
QUESTION: 208
What switch port modes are assignable to an EtherChannel?
79 | P a g e
Cisco Certified Network Associate – 200-301
Answer: A
QUESTION: 209
How is STP information communicated between switches?
A. BPDU
B. ARP
C. CDP
D. LLDP
Answer: A
QUESTION: 210
What route is installed in the routing table to 172.16.3.0/24 when routes are advertised from the
following sources?
A. EIGRP route
B. OSPF route
C. static route
D. default route
E. host route
Answer: E
Explanation
This example includes a dynamic routing protocols, static routes and a connected host route. The route
with lowest administrative distance of zero is the connected host route.
QUESTION: 211
What route is selected when multiple routes exist from the same routing protocol to the same
destination?
80 | P a g e
Cisco Certified Network Associate – 200-301
Answer: C
Explanation
The administrative distance and metric assigned to a route will determine what route is installed in the
routing table. Metric is a path cost assigned to a specific route. Metric is only considered after
administrative distance. The route with the lowest metric is installed when there are multiple routes
from the same routing protocol to the same destination.
Each dynamic routing protocol calculates metric differently. For example, OSPF calculates metric for
each route that is based exclusively on link bandwidth. Some routing protocols such as OSPF and EIGRP
support equal cost load balancing. That is enabled automatically when multiple routes exist from the
same routing protocol with the same lowest metric. All routes are installed in the routing table and
packets are forwarded across multiple paths to a destination.
QUESTION: 212
What is the administrative distance of OSPF?
A. 90
B. 110
C. 100
D. 120
E. 170
Answer: B
Explanation
The administrative distance of OSPF is 110.
QUESTION: 213
The following is an OSPF route entry from a routing table. What is the destination subnet?
O 192.168.12.8/30 [110/128] via 192.168.12.5 00:35:36, Serial0/0
A. 192.168.12.8/24
B. 192.168.12.0/30
C. 192.168.12.0/24
D. 192.168.12.8/30
Answer: D
QUESTION: 214
81 | P a g e
Cisco Certified Network Associate – 200-301
Answer: A
QUESTION: 215
What route type is often configured as a failover to a primary link?
A. static route
B. default route
C. floating static route
D. OSPF default route
Answer: C
QUESTION: 216
How are OSPF routing updates sent from non-DR routers to DR/BDR routers?
Answer: D
Explanation
OSPF uses reserved multicast address 224.0.0.6 for sending routing updates from Non-DR routers to
DR/BDR routers. All OSPF routers send hello packets to multicast address 224.0.0.5 and listen for routing
updates from Designated Router (DR).
QUESTION: 217
What router is elected Backup Designated Router (BDR) from the following where priorities are equal?
82 | P a g e
Cisco Certified Network Associate – 200-301
D. router-4-(router ID = 172.16.1.4)
Answer: C
QUESTION: 218
What router is elected Designated Router (DR) from the following?
A. router-1 (priority = 1)
B. router-2 (priority = 3)
C. router-3 (priority = 10)
D. router-4 (priority = 5)
Answer: C
Explanation
OSPF designated router (DR) advertises routing updates to all connected spokes on a shared (broadcast)
network. The most common example of a broadcast network type is Ethernet. OSPF DR minimizes
routing updates between OSPF neighbors on a broadcast network. It is a hub router that advertises
routing updates via 224.0.0.6 multicast addresses. Consider that a network broadcast segment refers to
a common subnet or VLAN.
Designated Router (DR) Election
1. Router default OSPF priority = 1
2. Router with highest configured OSPF priority is elected DR
3. Router with highest router ID address is elected DR when priorities are equal. First preference is an
explicitly configured router ID.
4. When no router ID is explicitly configured, the highest loopback address is assigned as router ID for a
router. DR election then compares that router ID with neighbors for DR election.
5. Router assigns the highest physical interface address as router ID for OSPF when no loopback
interface exists. DR election then compares that router ID with neighbors for DR election.
6. Router with second highest priority is elected BDR.
7. Router with second highest router ID is elected BDR.
QUESTION: 219
How do you configure the OSPF network type?
A. per interface
B. OSPF router process
C. network area command
D. interface priority command
Answer: A
83 | P a g e
Cisco Certified Network Associate – 200-301
QUESTION: 220
What wildcard mask is required to ONLY advertise subnet 172.16.1.0/24 to OSPF neighbors?
Answer: A
Explanation
OSPF and access control lists (ACL) use wildcard masks to select subnets or a range of subnet addresses.
In this example, advertising only 172.16.1.0/24 to neighbors requires 0.0.0.255 wildcard mask. That will
mask off the first three octets (172.16.1) and advertise subnet 172.16.1.0 to neighbors.
QUESTION: 221
Refer to the network topology drawing. Router-1 cannot establish an OSPFv2 neighbor adjacency with
router-2. What is the most probable cause based on the options provided?
84 | P a g e
Cisco Certified Network Associate – 200-301
Answer: A
Explanation
OSPF enabled routers establish adjacency with neighbors for communicating operational status and
routing updates. The routing messages use timers that must match between directly connected
neighbors. OSPF neighbor adjacency is not formed when there is a mismatch of hello or dead timers.
The following describe some additional reasons why a neighbor adjacency would not occur between
OSPF enabled neighbors.
• network type mismatch
• interface MTU mismatch
• area ID mismatch
• timer mismatch
• OSPF neighbor physical interfaces not in the same subnet
QUESTION: 222
Refer to the network topology drawing. What is the source MAC address and destination MAC address
of the packet at P1 when it is forwarded to Router-2?
85 | P a g e
Cisco Certified Network Associate – 200-301
Answer: D
Explanation
The router is the only network device that rewrites source and destination MAC address. The source
MAC address is derived from router-1 exit interface. The destination MAC address is derived from the
next hop router-2 interface. As a result, router-1 rewrites the MAC address of the Ethernet interface
(Gi1/1) where the frame was learned as source MAC address. Router-1 also rewrites the MAC address of
router-2 Ethernet interface Gi1/1 as destination MAC address. The MAC address of router-2 interface
Gi1/1 is obtained from the ARP table of router-1.
• source MAC address = 0000.000c.cccc
• destination MAC address = 0000.000d.dddd
QUESTION: 223
What three statements accurately describe the TTL field of an IP header?
Answer: B,C,D
Explanation
The purpose of Time-to-Live (TTL) is to limit the number of hops an IP packet can traverse. The TTL field
of the IP header is decremented by one for each router hop. The packet is discarded after 255 hops to
prevent a routing loop.
QUESTION: 224
What are Cisco proprietary First Hop Redundancy Protocols? (select two)
86 | P a g e
Cisco Certified Network Associate – 200-301
A. HSRP
B. VRRP
C. GLBP
D. ESRP
E. DMVRP
Answer: A,C
Explanation
Cisco proprietary protocols are only supported on Cisco network devices.
QUESTION: 225
What two network interface types are configurable for First Hop Redundancy Protocols (FHRP)?
A. loopback interface
B. management interface
C. physical interface
D. VLAN interface
E. trunk interface
Answer: C,D
QUESTION: 226
There is a local router interface assigned IP address 192.168.12.1/24. What IOS commands would enable
that interface to ONLY advertise 192.168.12.0/24 subnet to OSPF neighbors in area 0?
A. router ospf 1
network 192.168.1211 0.0.0.255 area 0
B. router ospf 1
network 192.168.12.0 0.0.255.255 area 0
C. router ospf1
network 192.168.12. 255.255.255.0 area 0
D. router ospf1
network 192.168.12.1 255.255.255 0 area 0
Answer: A
Explanation
87 | P a g e
Cisco Certified Network Associate – 200-301
There is a local router interface with 192.168.12.1/24 assigned IP address. What IOS commands would
enable that interface to ONLY advertise 192.168.12.0/24 subnet to OSPF neighbors in area 0?
OSPF is a classless routing protocol and wildcard masks are required to define subnets for route
advertisements. OSPF network area command enables OSPF routing on all local interfaces that are
assigned an address within the subnet range specified. The routes are advertised to the area assigned
and all neighbor/s assigned to that area.
For example, an interface assigned 192.168.1.1 is enabled for OSPF when network area command is
configured with 192.168.0.0/16 or 192.168.1.0/24 network address. The subnet (route) is then
advertised to the area assigned. OSPF can be enabled directly on an interface as well. For example,
assigning interface Fa0/1 to OSPF process 1 and area 0 would require interface command ip ospf 1 area
0. The result is OSPF will advertise the subnet assigned to that local interface to OSPF neighbors. It takes
precedence as well when a subnet from the network area command is within the same range of an
interface subnet address.
QUESTION: 227
What OSPF network type is assigned to a serial interface?
E. Broadcast
F. Point-to-point
G. WAN
H. Multicast
Answer: B
Explanation
Serial interfaces on a router are assigned OSPF point-to-point network type.
QUESTION: 228
What statements are correct concerning DR/BDR communication with spoke routers? (select two)
Answer: C
QUESTION: 229
Select the correct statement concerning OSPF operation?
88 | P a g e
Cisco Certified Network Associate – 200-301
Answer: D
QUESTION: 230
What host command on a Windows client is used to manually delete and request a new IP address from
a DHCP server?
A. host/release/renew
B. ipconfig/release/renew
C. ip address/release/renew
D. dhcp/renew/release
Answer: B
QUESTION: 231
What IOS command will configure a local user account with privileged EXEC mode security access?
Answer: D
QUESTION: 232
What is NOT a Cisco security default setting?
Answer: C
89 | P a g e
Cisco Certified Network Associate – 200-301
QUESTION: 233
What client authentication method is supported with Cisco WPA2 Enterprise brand wireless security?
A. Open
B. SSID
C. RADIUS
D. Passphrase
E. SAE
Answer: C
QUESTION: 234
Select the option that enables the most wireless security from the following?
A. SSID broadcast
B. Open authentication
C. WPA2-PSK
D. WPA2
Answer: D
QUESTION: 235
What are two examples of biometric authentication methods?
A. Hair color
B. Fingerprint
C. Height
D. Voice recognition
Answer: B,D
QUESTION: 236
What three statements are correct concerning SDN architecture?
90 | P a g e
Cisco Certified Network Associate – 200-301
Answer: A,C,E
Explanation
The southbound API provides connectivity between SDN Controller and data plane. The data plane
includes the physical and virtual (VM) network devices. The SDN Controller relays information via
southbound APIs to network devices. It is the translation point between the SDN policy engine and
network infrastructure. Network equipment vendors such as Cisco now support OpenFlow southbound
API.
The policy engine is defined at SDN applications where requests are sent via northbound APIs. There are
Cisco extensible network controller and agent for switches and routers and APIs. The following
statements correctly describe the purpose of SDN APIs.
• SDN applications requests are sent via northbound APIs.
• SDN Controller relays information via southbound APIs to network devices
• Cisco DNA Center has an SDN Controller.
QUESTION: 237
What is a northbound API?
Answer: C
Explanation
SDN applications communicate with the SDN controller via northbound APIs such as REST API programs.
SDN architecture defines a services abstraction layer where REST API software modules communicate
with SDN controller. There is a device abstraction layer as well that defines communication between
SDN controller and network infrastructure (southbound API).
QUESTION: 238
What are CRUD acronym events?
91 | P a g e
Cisco Certified Network Associate – 200-301
Answer: C
QUESTION: 239
What is the equivalent HTTP operation mapped to CRUD Create operation?
A. GET
B. POST
C. GET, POST
D. PUT
Answer: B
Explanation
HTTP CRUD
POST = CREATE
GET = READ
PUT = UPDATE
DELETE = DELETE
QUESTION: 240
Select the option that is NOT an HTTP verb from the following?
A. GET
B. POST
C. PUT
D. PATCH
E. UPDATE
Answer: E
QUESTION: 241
How many IPv4 addresses are not assignable to network interfaces within any subnet?
A. 1
B. 2
C. 3
D. 4
Answer: B
Explanation
92 | P a g e
Cisco Certified Network Associate – 200-301
Each network interface is assigned a single host IP address. There are logical interfaces as well such as
loopback interfaces and SVIs assigned an IP address. Each subnet is assigned a reserved network address
and broadcast address that cannot be assigned to any physical or logical network interface.
QUESTION: 242
Select the only valid network address from the following?
A. 192.168.1.254/30
B. 172.33.1.2/24
C. 192.168.1.4/30
D. 10.10.255.254/24
Answer: C
Explanation
The only network address is 192.168.1.4/30 based on subnetting rules. All other options are host range
addresses and are assignable to network interfaces. Contrast that with host IP addresses that are
assignable to a network interface.
Subnet 1
Network address = 192.168.1.0
Host range = 192.168.1.1 - 192.168.1.2
Broadcast address = 192.168.1.3
Subnet 2
Network address = 192.168.1.4
Host range = 192.168.1.5 - 192.168.1.6
Broadcast address = 192.168.1.7
QUESTION: 243
Select the class C address from the following?
A. 172.16.1.1
B. 192.168.1.1
C. 10.10.10.1
D. 191.200.1.1
Answer: B
Explanation
Class C address range extends from 192.0.0.0 - 223.255.255.255 with a default subnet mask of
255.255.255.0 (/24).
93 | P a g e
Cisco Certified Network Associate – 200-301
QUESTION: 244
Select the IP address within RFC 1918 private range addressing?
A. 192.168.100.124
B. 172.33.1.1/24
C. 200.200.1.1/27
D. 12.10.1.1/25
Answer: A
Explanation
The only RFC 1918 private address is 192.168.100.1/24 from the options available. All other listed IP
addresses are not within private address range and are public range addresses.
QUESTION: 245
Select the classless IP address from the following?
A. 192.168.1.1/24
B. 172.16.1.1/16
C. 10.10.10.1/8
D. 172.33.1.1/27
Answer: D
Explanation
Classful addresses use a default subnet mask for a specific address class. Classless addresses use a
nondefault subnet mask for a specific address class. All options are default subnet masks for that
address class except 172.33.1.1/27 address.
QUESTION: 246
What wildcard mask is required to select 172.33.0.0/16 subnet?
A. 0.0.255.255
B. 0.255.255.255
C. 0.0.0.255
D. 0.0.3.255
Answer: A
Explanation
The wildcard mask is a technique for matching specific IP address or range of IP addresses. It is used by
routing protocols to advertise subnets and access control lists (ACL) for packet filtering. The wildcard
94 | P a g e
Cisco Certified Network Associate – 200-301
mask is an inverted mask where the matching IP address or range is based on 0 bits. The additional bits
are set to 1 as no match required. The wildcard 0.0.0.0 is used to match a single IP address.
QUESTION: 247
What IPv6 addresses are not routable outside the local subnet? (select two)
A. link local
B. unique local
C. local link
D. local unicast
Answer: AB
QUESTION: 248
How do you assign the host identifier portion of an IPv6 address from an Ethernet MAC address?
A. eui-64 keyword
B. static address
C. stateful DHCPv6
D. eui-128 keyword
Answer: A
QUESTION: 249
What IOS command enables IPv6 autoconfiguration on an interface?
A. ipv6 autoconfig
B. ipv6 address slaac
C. ipv6 address autoconfig
D. ipv6 unicast-routing
Answer: C
QUESTION: 250
What wireless standard natively supports both 2.4 GHz and 5 GHz spectrum (dual-band)?
A. 802.11a
B. 802.11b
95 | P a g e
Cisco Certified Network Associate – 200-301
C. 802.11g
D. 802.11n
Answer: D
Explanation
The only wireless standard that natively supports dual band 2.4 GHz and 5 GHz is 802.11n access points.
There is 802.11ac wireless as well that is designed only for 5 GHz band. It does have backward
compatibility with 802.11n in 2.4 GHz band however at a lower rate.
QUESTION: 251
What two wireless standards provide more than three non-overlapping channels?
A. 802.11a
B. 802.11b
C. 802.11
D. 802.11n
Answer: AC
Explanation
The 5 GHz band has less interference and provides 23 non-overlapping channels.
QUESTION: 252
What factors contribute to lower throughput across an RF cell? (select four)
A. number of clients
B. multiple radio standards
C. building structure
D. co-channel interference
E. adding more access points
Answer: ABCD
Explanation
There are various factors that contribute to lower throughput between clients and access point. Adding
more access points is an option provided there is not overlapping or co-channel interference.
QUESTION: 253
What duplex settings minimize interface errors?
96 | P a g e
Cisco Certified Network Associate – 200-301
A. hard code
B. auto/auto
C. on/auto
D. on/on
E. full/full
Answer: B
Explanation
Best practice is to configure auto-negotiation of duplex (auto) on both switches. In addition there is an
option to manually configure (hard code) matching duplex settings.
QUESTION: 254
What services do Layer 3 switches provide? (select two)
A. automation
B. examine packet only
C. malware detection
D. traffic aggregation
E. default gateway
Answer: DE
QUESTION: 255
What three statements correctly describe Power over Ethernet (PoE)?
Answer: ABC
QUESTION: 256
What are primary considerations when selecting Cisco hardware for PoE deployment? (select two)
97 | P a g e
Cisco Certified Network Associate – 200-301
Answer: CD
Explanation
The primary considerations when selecting hardware include power requirements and PoE standards
compliance. For example, IP phones and wireless access points specify a wattage rating for each model
and PoE standards (or pre-standard) supported. The network switch also specifies PoE standards
support for connecting devices. Consider as well with access points the maximum wattage required for
full functionality such as all radios operational.
QUESTION: 257
What are two services provided with a switch trunk?
Answer: CE
Explanation
The purpose of a switch trunk is to forward traffic from multiple VLANs between neighbor switches. In
addition, network administrators can limit the VLANs permitted across trunk interface. Switch trunk
interfaces do not route traffic between different VLANs.
QUESTION: 258
You have a switch with a default configuration and asked to enable trunking on an interface. What IOS
command will initially allow only VLAN 10 and VLAN 100 across a trunk?
Answer: A
Explanation
The default trunk configuration allows all VLAN traffic from range 1-4094 across the trunk. To allow a
range of consecutive VLANs such as VLAN 1 to VLAN 100 for example, use hyphen (1-100). For a non-
consecutive list such as VLAN 9 and 100 to 200 use commas and hyphens (9,100-200). The following IOS
interface command will only allow VLAN 10 and VLAN 100 across the trunk.
98 | P a g e
Cisco Certified Network Associate – 200-301
QUESTION: 259
What statements are correct concerning the native VLAN? (select two)
Answer: BC
Explanation
The native VLAN is used to forward untagged frames across a switch trunk. Layer 2 control plane traffic
such as DTP and STP protocols are always sent across native VLAN. The native VLAN is assigned to VLAN
1 as a default. That VLAN is also the Cisco management VLAN for switches. The native VLAN should not
be assigned to VLAN 1 to prevent security or STP issues. Cisco security best practice is to assign the
native VLAN to any available nondefault VLAN.
The following are correct statements for the native VLAN:
• The native VLAN must match between connected switches.
• The native VLAN forwards untagged management frames across a switch trunk.
• The native VLAN for switch trunk is assigned to VLAN 1 by default.
QUESTION: 260
What DTP mode ONLY listens for request frames from a switch neighbor?
A. passive mode
B. on mode
C. desirable mode
D. auto mode
Answer: D
QUESTION: 261
What two statement are correct concerning Cisco Discovery Protocol (CDP)?
99 | P a g e
Cisco Certified Network Associate – 200-301
Answer: BC
Explanation
CDP is enabled globally as a default and can detect native VLAN mismatches.
QUESTION: 262
What option is NOT a Cisco default?
Answer: D
QUESTION: 263
What IOS command disables CDP frames globally on a switch?
A. no cdp run
B. no cdp enable
C. cdp disable
D. cdp none
Answer: A
QUESTION: 264
What is an advantage of LACP over PAgP?
Answer: A
QUESTION: 265
100 | P a g e
Cisco Certified Network Associate – 200-301
What LACP mode is required on at least one switch interface to enable dynamic EtherChannel?
A. passive
B. desirable
C. active
D. On
E. auto
Answer: C
QUESTION: 266
What is the difference between Layer 2 and Layer 3 EtherChannel?
Answer: C
QUESTION: 267
What are the maximum number of switch ports assignable to LACP EtherChannel?
A. 8
B. 16
C. 4
D. 32
Answer: B
Explanation
There is support for assigning 8 operational switch ports and 8 standby switch ports for redundancy.
QUESTION: 268
What is the default priority on a Cisco switch?
A. 1
B. 0
C. 4094
D. 32768
101 | P a g e
Cisco Certified Network Associate – 200-301
E. 26765
Answer: D
QUESTION: 269
Select the IPv6 unique local address?
A. 2000::/3
B. FE80::/8
C. FD00::/8
D. ::1/128
Answer: C
QUESTION: 270
How do you change the root bridge selected for Rapid PVST+?
Answer: B
Explanation
This is Cisco proprietary protocol that is based on the newer RSTP standard. It is designed with all the
advantages of RSTP for a switching domain with multiple VLANs. Most switches are configured with
multiple VLANs that each define a broadcast domain. STP is a Layer 2 protocol that is only enabled per
VLAN. Rapid Per VLAN Spanning Tree (RPVST+) enables a separate spanning tree instance per VLAN. It
was developed to support trunking and 802.1q encapsulation for Cisco devices.
The root bridge elected for a spanning tree instance is the switch with the lowest bridge ID. STP
calculates a unique numerical value for the bridge ID based on the switch priority setting and MAC
address. The switch with the lowest bridge ID is elected as root bridge. The tie breaker is lowest MAC
address, when switches are assigned the same priority. There is a root bridge elected per VLAN for Rapid
PVST+ (RPVST+). Assign a lower priority to a VLAN on a switch to elect that switch as root bridge for that
VLAN.
QUESTION: 271
What port type is assigned to all switch interfaces of a root bridge?
102 | P a g e
Cisco Certified Network Associate – 200-301
A. Root
B. Alternate
C. Bridge
D. designated
Answer: D
QUESTION: 272
What switch port mode is recommended for PortFast?
Answer: D
QUESTION: 273
What is the advantage of PortFast?
Answer: A
QUESTION: 274
What are three mandatory components of Cisco Unified Wireless Network (CUWN) architecture?
A. network switch
B. Autonomous mode access points
C. wireless controller
D. Lightweight mode access points
E. RADIUS server
Answer: ACD
Explanation
103 | P a g e
Cisco Certified Network Associate – 200-301
Cisco Unified Wireless Network (CUWN) architecture is comprised of lightweight access points, wireless
controller and network switch. The RADIUS server is an optional security feature.
QUESTION: 275
What routing protocol uses bandwidth exclusively to calculate path metric?
A. EIGRP
B. RIPv2
C. OSPF
D. BGP
Answer: C
Explanation
OSPF uses a single cost metric that is based exclusively on link bandwidth between neighbor routers.
QUESTION: 276
What network performance metric/s are used to calculate OSPF cost?
Answer: C
Explanation
Each routing protocol has a unique method for calculating route metrics (cost). OSPF calculates cost
based on link bandwidth. The default cost of an OSPF enabled Fast Ethernet link = 1 (100 Mbps/100
Mbps). The lowest link cost assignable to a link is 1 even though the calculation could arrive at a lower
number. The reference bandwidth is configurable for OSPF with the following IOS commands.
router(config)# router ospf 1
router(config-router)# auto-cost reference-bandwidth 1000
The reference bandwidth must match for all routers in the same OSPF routing domain. Route
redistribution advertises routes between different routing domains (OSPF, BGP etc).
QUESTION: 277
The following is an OSPF route entry from a routing table. What is the next hop address?
O 192.168.12.8/30 [110/128] via 192.168.12.5, 00:35:36, Serial0/0
104 | P a g e
Cisco Certified Network Associate – 200-301
A. 192.168.12.8
B. 192.168.12.5/30
C. Serial0/0
D. 192.168.12.0
E. 192.168.12.5
Answer: E
QUESTION: 278
What are three characteristics of Single-Area OSPF?
Answer: ABE
QUESTION: 279
What route (prefix) is selected to destination IP address 10.10.100.1?
A. 10.10.100.0/24
B. 10.10.100.0/25
C. 10.10.100.0/26
D. 10.10.100.0/27
Answer: D
Explanation
Routers select the longest subnet (prefix) when there are multiple routes to the same destination. It is
called Longest Match Rule. The route selected to destination IP address 10.10.100.1 is 10.10.100.0/27
QUESTION: 280
What attribute determines the route installed in the routing table when multiple routes exist from
different routing protocols to the same destination?
105 | P a g e
Cisco Certified Network Associate – 200-301
Answer: C
Explanation
The router selects what routes to install in the routing table. Sometimes there are multiple routes from
multiple routing protocols to the same destination. The route with lowest administrative distance
determines the route that is installed in the routing table. The route sources would include static,
default and connected host routes.
QUESTION: 281
What static routes when configured on router-1 and router-2 provide bidirectional forwarding between
192.168.1.0/24 and 172.16.3.0/24 subnets? (select two)
Answer: BE
Explanation
There are no dynamic routing protocols such as OSPF that automatically advertise routes between
neighbors. All routes between endpoints must have a return or reverse path. The solution is to configure
a static route on each router for both directions.
router-1(config)# ip route 172.16.3.0 255.255.255.0 192.168.2.2
router-2(config)# ip route 192.168.1.0 255.255.255.0 192.168.2.1
When hosts send data to the server, router-1 will use the static route with next hop address to reach the
server subnet. Conversely, when the server returns data, router-2 will use the static route with next hop
to the host subnet. The following describes router logic for all packets that are originating at a host.
106 | P a g e
Cisco Certified Network Associate – 200-301
Source Path
The first IOS command reads - to reach server destination subnet 172.16.3.0 forward packets to next
hop 192.168.2.2 address.
Reverse Path
The second IOS command reads - to reach host destination subnet 192.168.1.0 forward packets to next
hop 192.168.2.1 address.
QUESTION: 282
What default route will forward all traffic to next hop address of 172.33.1.2?
Answer: A
Explanation
The default route configured on an internet router for example will forward all traffic to the configured
next hop IP address (172.33.1.2). That is typically the public interface of an ISP router. Packets arriving at
the internet router will use the default route when there is no route in the routing table to the
destination. It is configured as a gateway of last resort on a router.
internet-1(config)# ip route 0.0.0.0 0.0.0.0 172.33.1.2
QUESTION: 283
Select the correct IOS command to configure a floating (backup) static route on router-1 to destination
172.16.10.0/24 with next hop address 192.168.2.1?
Answer: D
Explanation
The following IOS command will configure a backup static route (floating) on router-1 to subnet
172.16.10.0/24 with an administrative distance of 200.
router-1(config)# ip route 172.16.10.0 255.255.255.0 192.168.2.1 200
• destination IP address (route) = 172.16.10.0
• subnet mask = 255.255.255.0 (/24)
107 | P a g e
Cisco Certified Network Associate – 200-301
Traffic destined for subnet 172.16.10.0/24 is forwarded to next hop 192.168.2.1 with administrative
distance of 200. That is higher than the default administrative distance for a static route of one (1).
Assigning a value of 200 to the static route makes it a floating static route. That is higher than all routing
protocols so that it is only installed when the static route is removed. The static route is removed when
primary link fails for example, and floating static route is a failover.
QUESTION: 284
What router is elected Designated Router (DR) when all are assigned the default priority setting?
Answer: C
Explanation
The router with the highest numerical router ID address is elected Designated Router (DR) when all
routers have default OSPF priority (1). In this example, from left to right, 192.168.1.3 is highest IP
address and router-3 is elected DR.
QUESTION: 285
What IOS interface command is used to change the OSPF network type to broadcast on a network
interface?
Answer: A
QUESTION: 286
What statement is correct concerning OSPF router ID?
108 | P a g e
Cisco Certified Network Associate – 200-301
Answer: C
QUESTION: 287
What statement is correct concerning OSPF configuration?
Answer: C
QUESTION: 288
What statement best describes where traffic policing is most effective?
Answer: E
Explanation
The following IOS command will configure a backup static route (floating) on router-1 to subnet
172.16.10.0/24 with an administrative distance of 2.
router-1(config)# ip route 172.16.10.0/24 255.255.255.0 192.168.2.1 2
• destination IP address (route) = 172.16.10.0
• subnet mask = 255.255.255.0 (/24)
• next hop IP address = 192.168.2.1
• administrative distance = 2
Traffic destined for subnet 172.16.10.0/24 is forwarded to next hop 192.168.2.1 with administrative
distance of two. That is higher than the default administrative distance for a static route of one (1).
Assigning a value of 2 to the static route makes it a floating static route. That is often used as a backup
route when a primary link fails.
109 | P a g e
Cisco Certified Network Associate – 200-301
QUESTION: 289
What three options best describe where traffic shaping is most effective?
A. prevents ISP from dropping packets that exceed maximum data rate
B. delay sensitive traffic
C. minimizes effect of any single user or application traffic on network performance
D. provides multiple packet handling options
E. shapes traffic to lower rate than what is available with customer physical interface
Answer: ACE
Explanation
The primary purpose of traffic shaping is to limit the maximum data rate on an egress network interface.
The queuing of packets is used to prevent packet forwarding from exceeding CIR. There is support for
applying traffic shaping to a single user or application. That minimizes the effect of any internet traffic
and bandwidth hogging for instance. The queuing of packets can affect delay sensitive traffic with higher
latency. The following is a list of the correct features and operation of shaping.
• Minimize the effect of any single user traffic on network performance.
• Prevent ISP from dropping packets that exceed maximum data rate (CIR)
• Shape traffic to lower rate than what is available with customer physical interface.
QUESTION: 290
What is NOT an example of a QoS marking technique?
A. CoS
B. DSCP
C. IP Precedence
D. PHB
Answer: D
QUESTION: 291
What is NOT a service provided by TFTP server?
Answer: D
110 | P a g e
Cisco Certified Network Associate – 200-301
QUESTION: 292
What are two differences between TFTP and FTP?
Answer: BC
QUESTION: 293
What authentication method is used by SNMPv2?
A. local authentication
B. MD5 hash
C. community string
D. AES-SHA
Answer: C
QUESTION: 294
What is the difference between dynamic NAT pool and NAT overload?
Answer: B
Explanation
Dynamic NAT pool translates each private IP address to an available public IP address in the NAT pool.
The network administrator assigns a range of public addresses to a pool. All public IP addresses in the
pool are shared by all inside private IP addresses. They are allocated for the session on a first come first
served basis. The maximum number of simultaneous internet connections at any time is limited by the
number of public IP addresses in the NAT pool. NAT overload assigns only a single public IP address or
outside interface to translate private IP addresses.
QUESTION: 295
111 | P a g e
Cisco Certified Network Associate – 200-301
How does NAT enable private host addresses for internet access? (select the best answer)
Answer: C
QUESTION: 296
What is NOT required when configuring SSH access on a router?
A. local authentication
B. RSA encryption key
C. transport input all
D. ip domain-name command
Answer: C
Explanation
Cisco default setting is to allow all management protocols however it is recommended you only allow
SSH. That is accomplished with transport input ssh command.
QUESTION: 297
Select three correct statements that are recommended best practices for creating and applying ACLs?
Answer: AD
Explanation
There are some recommended best practices when creating and applying access control lists (ACL). The
network administrator should apply a standard access list closest to the destination. The standard access
list is comprised of a source IP address and wildcard mask.
It is very general and can inadvertently filter traffic incorrectly. Applying the standard access list near the
destination where filtering is required prevents possible over filtering. The extended access list should
112 | P a g e
Cisco Certified Network Associate – 200-301
be applied closest to the source. The extended access list is granular (specific) and filters traffic based on
stringent requirements. It includes source address, destination address, protocols and port numbers.
Applying an extended access list closest to the source prevents traffic that should be filtered from
traversing the network. That conserves bandwidth and additional processing required at each router
hop from source to destination.
Some access control lists (ACL) are comprised of multiple statements. The ordering of statements is key
to the ACL working as expected. The router starts from the top (first) and cycles through all statements
until a matching statement is found. The packet is dropped where no match exists. The administrator
should order ACL statements from most specific to least specific. Assigning least specific statements first
will sometimes cause a match to occur with an ACL that wasn't intended for that packet. As a result the
match on the intended ACL statement never occurs.
The more specific ACL statement is characterized by source and destination address with shorter
wildcard masks (more zeros). In addition, protocols and port numbers are often specified. The first ACL
statement is more specific than the second ACL statement. There is an implicit deny any any statement
added to the end of each ACL.
QUESTION: 298
Refer to the network topology drawing. Router-1 is configured with the following access control list
(ACL) configuration. The purpose is to deny all access from 192.168.0.0/16 subnets to server-1. Select
the correct network device, interface and direction to apply the ACL?
113 | P a g e
Cisco Certified Network Associate – 200-301
Answer: E
Explanation
The named ACL denies all traffic from all 192.168.0.0/16 subnets to server-1. That is accomplished with
the wildcard mask 0.0.255.255. The host portion for a Class C address is the 4th octet. ACL is applied
outbound on router-1 interface Gi1/1. That filters traffic nearest to the source and from all
192.168.0.0/16 connected subnets. Applying the ACL inbound on router-1 interface Gi0/0
(192.168.1.0/24) or Gi1/0 (192.168.2.0/24) would only deny hosts access from that connected subnet
and not both
QUESTION: 299
Select the correctly configured standard ACL?
114 | P a g e
Cisco Certified Network Associate – 200-301
Answer: B
Explanation
The standard access list (ACL) has a number range from 1-99 and 1300-1999. It specifies permit/deny
traffic from a source address with a wildcard mask. The extended access list (ACL) number range is 100-
199 and 2000-2699. It specifies permit/deny with source and destination IP address, IP/TCP/UDP
protocols and destination ports.
QUESTION: 300
What number is not assignable to a standard ACL?
A. 1
B. 99
C. 100
D. 1300
Answer: C
Explanation
Standard ACL numbering range includes 1-99 and 1300-1999
QUESTION: 301
Select the statement that correctly describes how an ACL is applied?
A. only one ACL can be applied per interface, inbound or outbound, per Layer 3 protocol
B. only one ACL can be applied per interface, inbound per protocol
C. multiple ACL can be applied per interface, inbound or outbound, per Layer 3 protocol
D. only one ACL can be applied per interface
Answer: A
Explanation
The access lists are characterized by a single or multiple permit/deny statements. The purpose is to filter
traffic inbound or outbound on a selected interface. The result is a single ACL can be applied in one
direction only per Layer 3 protocol. There is support for a maximum of two ACLs per interface per
protocol. That would include for instance a single IP ACL applied inbound and single IP ACL applied
outbound.
QUESTION: 302
What IOS command applies an extended ACL to an interface outbound?
115 | P a g e
Cisco Certified Network Associate – 200-301
Answer: B
QUESTION: 303
What IOS command applies an extended ACL to a VTY line?
A. ip access-group
B. ip access-list
C. ip access class
D. ip access-class
Answer: D
Explanation
It is common to apply an access-list to VTY lines for security purposes. For example denying all access
from a specific subnet/s. The correct command is "ip access-class" for applying named ACL to VTY lines.
QUESTION: 304
What are equivalent CRUD events mapped to HTTP operations for RESTful API?
Answer: D
QUESTION: 305
What extended ACL will deny Telnet traffic from hosts on subnet 192.168.10.0/24 to any network
device?
Answer: C
116 | P a g e
Cisco Certified Network Associate – 200-301
Explanation
A. ACL is incorrect. host is not correct for a subnet and wildcard mask is missing.
B. ACL is incorrect. TCP port number 21 is FTP application.
D. ACL is incorrect. host is not correct for a subnet and wildcard mask is missing.
QUESTION: 306
What extended ACL will deny TFTP traffic from host 192.168.1.1 to host 192.168.3.1?
Answer: D
Explanation
A. ACL is incorrect. The host should not refer to a subnet address. The any command permits access to
all destination addresses.
B. ACL is incorrect. The source IP address (192.168.1.1) should be first and destination IP address
(192.168.3.1) last in any extended ACL configuration.
C. ACL is incorrect. TFTP is UDP-based and the ACL references a subnet to all destinations instead of
source and destination host IP addresses.
QUESTION: 307
What IOS command will configure the console port with a password?
A. line console 0
login local
B. line console 0
password cisconet
login
C. console line0
password cisconet
enable login
D. console 0
password cisconet
login
117 | P a g e
Cisco Certified Network Associate – 200-301
Answer: B
QUESTION: 308
What are three differences between SSL and IPsec VPN?
Answer: HIJ
QUESTION: 309
What are three password alternatives to the traditional text string?
A. biometric
B. digital certificate
C. sotware token
D. RADIUS server
E. local authentication
Answer: ABC
QUESTION: 310
What is the length of WPA2-PSK wireless passphrase key?
A. 8-63 characters
B. 10-64 characters
C. 1-48 characters
D. 12-32 characters
Answer: A
QUESTION: 311
What are three standard layers of SDN architecture?
118 | P a g e
Cisco Certified Network Associate – 200-301
A. Application Layer
B. Control Layer
C. Infrastructure Layer
D. Network Layer
E. Access Layer
Answer: ABC
Explanation
SDN architecture is comprised of the following three primary layers.
Application Layer
SDN applications communicate with the SDN controller via northbound APIs.
Control Layer
SDN Controller provides control plane services and manage network service requests from applications
to infrastructure devices. Cisco APIC-EM is an example of an SDN controller.
Infrastructure Layer
Comprised of data plane network devices such as switches. They communicate with the SDN controller
via southbound APIs at the service abstraction layer
QUESTION: 312
What are the advantages of automation compared with traditional network management? (select three)
A. faster
B. scripting
C. dynamic
D. CLI
E. error-free
Answer: ABC
QUESTION: 313
What tasks are well suited to configuration tools such as Puppet, Chef and Ansible? (select three)
119 | P a g e
Cisco Certified Network Associate – 200-301
Answer: ABC
QUESTION: 314
What automation tool is based on an agentless architecture?
A. Ansible
B. Chef
C. Puppet
D. DNA
Answer: A
QUESTION: 315
What network protocol is required by Puppet server for communication with agents?
A. SSH
B. JSON
C. HTTPS
D. REST API
Answer: C
QUESTION: 316
Select the statement that is incorrect?
Answer: B
QUESTION: 317
What is not a data encoding method for HTTP?
A. ISO-8859-1
B. ASCII
C. UTF-8
120 | P a g e
Cisco Certified Network Associate – 200-301
D. JSON
Answer: D
QUESTION: 318
What tool is best suited to verify and maintain state consistency for configuration and security
compliance?
A. Ansible
B. Chef
C. Puppet
D. YAML
E. XML
Answer: C
QUESTION: 319
What configuration tool supports features such as “test before deploy” and verify changes?
A. HTML
B. JSON
C. REST API
D. XML
E. Puppet
Answer: E
QUESTION: 320
What are the keys represented with the following JSON object? (select two)
{
"ccna" : {
"name" : "shaun",
"age" : "35",
}
}
A. Ccna
B. Name
121 | P a g e
Cisco Certified Network Associate – 200-301
C. Shaun
D. Age
E. “name” : “shaun”
Answer: BD
Answer:
SW-1 Configuration
SW-1(config)# vlan 9
SW-1(config-vlan)# vlan 10
SW-1(config-vlan)# vlan 11
SW-1(config-vlan)# vlan 9
SW-1(config-vlan)# name voice
SW-1(config)# interface Fa0/3
SW-1(config-if)# switchport mode access
SW-1(config-if)# switchport access vlan 10
SW-1(config-if)# switchport voice vlan 9
SW-1(config)# interface Fa0/4
SW-1(config-if)# switchport mode access
SW-1(config-if)# switchport access vlan 11
SW-1# show running-config
SW-1# show vlan brief
122 | P a g e
Cisco Certified Network Associate – 200-301
Link Autonegotiation
Configure autonegotiation on a switch port for Cisco best practice recommendations.
Step 1: Verify the configuration of SW-1 interface Fa0/3
Step 2: Verify the operational status of all switch interfaces on SW-1 and specifically Fa0/3
Step 3: Configure SW-1 interface Fa0/3 for autonegotiation of duplex and speed
Step 4: Verify that SW-1 interface Fa0/3 is configured correctly
Step 5: Verify that SW-1 interface Fa0/3 is now operational
Answer:
SW-1# show running-config
SW-1# show ip interface brief
SW-1(config)# interface Fa0/3
SW-1(config-if)# duplex auto
SW-1(config-if)# speed auto
SW-1# show running-config
Cisco IOS command show-running config does not display Cisco default settings in the running
configuration. That is a Cisco convention. Operational commands however will verify if default settings
are active on an interface or network device.
Static Trunking
Configure a static trunk (manual) to forward multiple VLANs between SW-1 and SW-3.
SW-1 Configuration
Step 1: Configure static trunk mode on interface Fa0/2
Step 2: Assign native VLAN 999 on trunk interface
Step 3: Allow only VLAN 9, VLAN 10, VLAN 11 and VLAN 12 on trunk interface
SW-3 Configuration
Step 4: Configure static trunk mode on interface Fa0/1
Step 5: Assign native VLAN 999 on trunk interface
Step 6: Allow only VLAN 9, VLAN 10, VLAN 11 and VLAN 12 on trunk interface
Step 7: Verify that your static trunk is configured correctly on SW-1 and SW-3
Step 8: Verify that your static trunk is operational between SW-1 and SW-3
123 | P a g e
Cisco Certified Network Associate – 200-301
Step 9: Ping from host-1 to server-1 (192.168.1.2) and verify network connectivity
Answer:
SW-1(config)# interface Fa0/2
SW-1(config-if)# switchport mode trunk
SW-1(config-if)# switchport trunk native vlan 999
SW-1(config-if)# switchport trunk allowed vlan 9-12
SW-3(config)# interface Fa0/1
SW-3(config-if)# switchport mode trunk
SW-3(config-if)# switchport trunk native vlan 999
SW-3(config-if)# switchport trunk allowed vlan 9-12
SW-1# show running-config
SW-1# show interfaces trunk
SW-3# show running-config
SW-3# show interfaces trunk
Layer 2 EtherChannel
Configure an EtherChannel interface between SW-2 and SW-4 based on LACP.
SW-2 Configuration
Step 1: Assign interface Fa0/3 to channel group 1 and to send LACP negotiation frames
Step 2: Assign interface Fa0/4 to channel group 1 and to send LACP negotiation frames
Step 3: Configure port channel 1 interface as a static trunk with Cisco default settings
Step 4: Disable DTP frames across the port channel interface
Step 5: Verify that EtherChannel is configured correctly on SW-2
SW-4 Configuration
Step 1: Assign interface Fa0/3 to channel group 1 and listen for LACP negotiation frames
Step 2: Assign interface Fa0/4 to channel group 1 and listen for LACP negotiation frames
Step 3: Configure port channel 1 interface as a static trunk with Cisco default settings
Step 4: Disable DTP frames across the port channel interface
Step 5: Verify that EtherChannel is configured correctly on SW-4
Step 6: Verify that EtherChannel is operational between SW-2 and SW-4
Step 7: Ping from host-2 to server-2 and verify network connectivity.
Step 8: Ping from wireless host-3 to server-3 and verify network connectivity.
Answer:
SW-2(config)# interface Fa0/3
124 | P a g e
Cisco Certified Network Associate – 200-301
Local Authentication
Configure a local account on SW-3 for user authentication security access.
Step 1: Configure a local account on SW-3 with privilege level 15 security access
username: ccna password: ccnalabs
Step 2: Configure VTY 0 4 lines for local authentication
Step 3: Enable password encryption so passwords are not readable in configuration script
Step 4: Verify that your configuration is correct and passwords are now unreadable as well
Answer:
SW-3(config)# username ccna privilege 15 password ccnalabs
SW-3(config)# line vty 0 4
SW-3(config-line)# login local
SW-3(config-line)# exit
SW-3(config)# service password-encryption
SW-3# show running-config
125 | P a g e
Cisco Certified Network Associate – 200-301
Answer:
Wrap It Up
Step 1: Save running configuration to startup configuration on SW-1
Step 2: Save running configuration to startup configuration on SW-2
Step 3: Save running configuration to startup configuration on SW-3
Step 4: Save running configuration to startup configuration on SW-4
Answer:
SW-1(config)# enable secret ccnalabs
SW-1# show running-config
SW-1# exit
SW-1> enable
Password: ccnalabs
SW-1#
SW-2(config)# enable secret ccnalabs
SW-2# show running-config
SW-2# exit
SW-2> enable
Password: ccnalabs
Wrap It Up
SW-2# copy running-config startup-config
SW-1# copy running-config startup-config
SW-3# copy running-config startup-config
SW-4# copy running-config startup-config
126 | P a g e
Cisco Certified Network Associate – 200-301
Single-Area OSPFv2
router-3
Enable OSPFv2 globally on router-3 and advertise a connected subnet to neighbors.
Step 1: Enable OSPFv2 with process ID 1.
Step 2: Assign router ID 192.168.255.3
Step 3: Advertise 192.168.0.0/16 connected subnet to area 0.
Step 4: Verify that your configuration is correct.
router-2
Enable OSPFv2 globally on router-2 and advertise all connected subnets to neighbors.
Step 1: Enable OSPFv2 with process ID 1.
Step 2: Assign router ID 192.168.255.2
Step 3: Advertise 192.168.0.0/16 connected subnets to area 0.
Step 4: Advertise subnet 172.16.3.0/24 to area 0.
Step 5: Verify that your configuration is correct.
router-1
Enable OSPFv2 globally on router-1 and advertise all connected subnets to neighbors.
Step 1: Enable OSPFv2 with process ID 1.
Step 2: Assign router ID 192.168.255.1
Step 3: Advertise 192.168.0.0/16 connected subnets to area 0.
Step 4: Advertise host subnet 172.16.1.0/24 to area 0.
Step 5: Advertise wireless host subnet 172.16.2.0/24 to area 0.
Step 6: Verify that your configuration is correct.
Step 7: Click [Fast Forward Time] to speed up network convergence.
Step 8: Verify that OSPF routes from neighbors are now in the local routing table.
Step 9: Verify neighbor adjacency is established between each router.
Step 10: Ping from host-1 to server-1 (172.16.3.1) and verify routing is working correctly.
Step 11: Ping from Guest to server-1 (172.16.3.1) and verify routing is working correctly.
Step 12: Ping from host-1 to router-3 (192.168.1.2) and verify routing is working correctly.
Step 13: Ping from Guest to router-3 (192.168.1.2) and verify routing is working correctly.
Answer:
router-3(config)# router ospf 1
router-3(config-rtr)# router-id 192.168.255.3
router-3(config-rtr)# network 192.168.0.0 0.0.255.255 area 0
router-3# show running-config
router-2(config)# router ospf 1
router-2(config-rtr)# router-id 192.168.255.2
router-2(config-rtr)# network 192.168.0.0 0.0.255.255 area 0
router-2(config-rtr)# network 172.16.3.0 0.0.0.255 area 0
127 | P a g e
Cisco Certified Network Associate – 200-301
OSPF is a classless routing protocol and wildcard masks are required to define subnets for advertising
routes. OSPF network area command enables OSPF routing on all local interfaces that are assigned an
address within the subnet range specified. For example, an interface that is assigned 192.168.1.1 is
enabled for OSPF when network area command is configured with 192.168.0.0/16 or 192.168.1.0/24
network address. The subnet (route) is then advertised to the area assigned. OSPF can be enabled
directly on an interface as well. For example, assigning interface Fa0/1 to OSPF process ID 1 and area 0 is
configured with ip ospf 1 area 0 interface command. OSPF will advertise the subnet assigned to
interface Fa0/1 to OSPF neighbors. It takes precedence as well when a subnet from network area
command is configured.
Answer:
router-1# show ip route
router-2# show ip route
router-3(config)# ip route 0.0.0.0 0.0.0.0 172.33.1.2
router-3(config)# router ospf 1
128 | P a g e
Cisco Certified Network Associate – 200-301
Answer:
router-1(config)# ip route 200.200.2.0 255.255.255.0 192.168.2.2
router-1# show running-config
router-1# show ip route
router-2(config)# ip route 200.200.2.0 255.255.255.0 200.200.1.2
router-2# show running-config
router-2# show ip route
129 | P a g e
Cisco Certified Network Associate – 200-301
Answer:
router-3(config)# interface Fa2/0
router-3(config-if)# ip nat outside
router-3(config)# interface Fa0/0
router-3(config-if)# ip nat inside
router-3(config)# ip nat pool internet 172.33.1.1 172.33.1.1 netmask 255.255.255.0
router-3(config)# access-list 100 permit ip 172.16.0.0 0.0.255.255 any
router-3(config)# ip nat inside source list 100 pool internet overload
router-3# show running-config
ISP(config)# interface Fa0/0
ISP(config-if)# ip nat outside
ISP(config)# interface Fa1/0
ISP(config-if)# ip nat inside
ISP(config)# ip nat inside source static tcp 10.10.1.1 80 172.33.1.2 80
ISP# show running-config
router-3# show ip nat translation
ISP# show ip nat translation
130 | P a g e
Cisco Certified Network Associate – 200-301
Step 6: Configure VTY 0 4 lines so that only SSH protocol is permitted inbound.
Step 7: Verify that your configuration is correct.
Step 8: Start SSH session from host-1 to router-3 and verify that it is working correctly.
c:/> ssh –l admin 192.168.1.2
Password: ccnaexam
router-3# exit
Step 9: Verify that Telnet session is not permitted on VTY lines from host-1 to router-3.
c:/> telnet 192.168.1.2
Answer:
router-3(config)# username admin privilege 15 password ccnaexam
router-3(config)# ip domain-name ccna.cisconet.com
router-3(config)# ip ssh version 2
router-3(config)# crypto key generate rsa
The name for the keys will be: router-3.ccna.cisconet.com
Choose the size of the key modulus in the range of 360 to 2048 for your
General Purpose Keys. Choosing a key modulus greater than 512 may take a few minutes.
How many bits in the modulus [512]: 768
router-3(config)# line vty 0 4
router-3(config-line)# login local
router-3(config-line)# transport input ssh
router-3# show running-config
Standard ACL
Step 1: Start browser on host-1 and connect to AWS cloud server (200.200.2.1) to verify it is permitted.
Step 2: Configure standard ACL 99 on AWS router.
Step 3: Deny access from hosts in subnet 172.16.1.0/24 (VLAN 10) to AWS cloud server.
Step 4: Permit all other traffic that does not match any ACL statement.
Step 5: Apply standard ACL 99 to the correct interface and direction on AWS router.
Step 6: Verify that your configuration is correct.
Step 7: Ping from Guest to AWS cloud server and verify access is permitted.
Step 8: Ping from host-1 to AWS cloud server and verify access is denied.
Step 9: Ping from host-2 to AWS cloud server and verify access is denied.
Answer:
AWS(config)# access-list 99 deny 172.16.1.0 0.0.0.255
AWS(config)# access-list 99 permit any
AWS(config)# interface Fa0/0
131 | P a g e
Cisco Certified Network Associate – 200-301
AWS(config)# ip access-group 99 in
AWS# show running-config
AWS# copy running-config startup-config
Extended ACL
Step 1: Configure extended ACL 100 on router-1.
Step 2: Deny host-1 from starting web-based applications (HTTP) on server-1.
Step 3: Permit all other traffic that does not match any ACL statement.
Step 4: Apply ACL 100 to the correct interface and direction on router-1.
Step 5: Verify that your configuration is correct.
Step 6: Start browser from host-1 to server-1 (172.16.3.1) and verify access is denied.
Step 7: Start browser from host-2 to server-1 (172.16.3.1) and verify access is permitted.
Answer:
router-1(config)# access-list 100 deny tcp host 172.16.1.1 host 172.16.3.1 eq www
router-1(config)# access-list 100 permit ip any any
router-1(config)# interface Fa0/0
router-1(config-if)# ip access-group 100 in
router-1# show running-config
132 | P a g e
Cisco Certified Network Associate – 200-301
Answer:
router-1(config)# ip access-list extended guest-access
router-1(config-ext-nacl)# remark security filtering for wireless guests
router-1(config-ext-nacl)# deny tcp 172.16.2.0 0.0.0.255 host 172.16.3.1 eq www
router-1(config-ext-nacl)# deny tcp 172.16.2.0 0.0.0.255 any eq telnet
router-1(config-ext-nacl)# deny tcp 172.16.2.0 0.0.0.255 any eq 22
router-1(config-ext-nacl)# permit ip any any
router-1(config)# interface Fa3/0
router-1(config-if)# ip access-group guest-access in
c:/> ssh –l admin 192.168.1.2
c:/> telnet 192.168.1.2
router-1# show running-config
DHCP Relay
Switch to dynamic addressing on all host endpoints with a DHCP server on a different subnet.
Step 1: Enable DHCP on host-1, host-2 and Guests to request dynamic addressing.
Step 2: Verify that all hosts are now assigned local APIPA addressing (169.254.x.x) only.
Step 3: Configure DHCP relay feature on router-1 interface Fa3/0 for Guest subnet.
Step 4: Configure DHCP relay feature on router-1 interface Fa0/0 for VLAN 10 subnet.
Step 5: Verify that your configuration is correct on router-1.
Step 6: Click [Fast Forward Time] several times for network convergence and verify that all hosts are
now assigned a valid IP address.
Wrap It Up
Step 1: Save running configuration to startup configuration on AWS router.
Step 2: Save running configuration to startup configuration on router-1.
Step 3: Save running configuration to startup configuration on router-2.
Step 4: Save running configuration to startup configuration on router-3.
Answer:
DHCP Relay
Host-1 / Host-2: Select Config Folder / Fastethernet0 / IP Configuration DHCP
Guest: Select Config Folder / Wireless0 / IP Configuration DHCP
c:/> ipconfig /all
router-1(config)# interface Fa3/0
router-1(config-if)# ip helper-address 172.16.3.2
router-1(config)# interface Fa0/0
router-1(config-if)# ip helper-address 172.16.3.2
133 | P a g e
Cisco Certified Network Associate – 200-301
Wrap it Up
router-1# copy running-config startup-config
router-2# copy running-config startup-config
router-3# copy running-config startup-config
A. Fa0/1, Fa0/2
B. Fa0/1
C. Fa0/3, Fa0/4
D. Fa0/2
Answer: A
Explanation
Correct Answer: Fa0/1, Fa0/2
134 | P a g e
Cisco Certified Network Associate – 200-301
What does n-802.1q represent from show interfaces trunk command on SW-1?
A. non-trunk
B. negotiated trunk
C. non-802.1q trunk
D. native VLAN disabled on trunk
Answer: B
Explanation
Correct Answer: n-802.1q indicates that Fa0/1 is a dynamically negotiated (DTP) trunk.
135 | P a g e
Cisco Certified Network Associate – 200-301
A. Gig0/1, Gig0/2
B. all switch ports
C. Fa0/1, Fa0/2, Fa0/3, Fa0/4
136 | P a g e
Cisco Certified Network Associate – 200-301
Answer: D
Explanation
SW-1# show vlan brief
Answer: Fa0/24, Gig0/1, Gig0/2
* Cisco default VLAN is the management VLAN 1.
A. VLAN 999
B. VLAN 1
C. NONE
D. VLAN 1005
Answer: A
Explanation
SW-3# show interfaces trunk
Answer: native VLAN 999
Display the operational status of ONLY VLAN 12 on SW-3 and verify the switch port assigned?
137 | P a g e
Cisco Certified Network Associate – 200-301
Answer: D
Explanation
SW-3# show vlan id 12
A. LACP
B. PAgP
C. DTP
D. NONE
E. static
Answer: A
Explanation
SW-4# show etherchannel summary
138 | P a g e
Cisco Certified Network Associate – 200-301
Answer: C
Explanation
SW-2# show etherchannel port-channel
A. SW-1
B. SW-2
C. SW-3
D. SW-4
Answer: C
Explanation
SW-3# show spanning-tree vlan 12
139 | P a g e
Cisco Certified Network Associate – 200-301
What is the Spanning Tree Protocol (STP) that is operational for the switching domain?
A. pvst+
B. rstp
C. rapid pvst+
D. 802.1d
Answer: C
Explanation
SW-1# show spanning-tree summary
Correct Answer: switch is in rapid-pvst mode (RPVST+)
* Issue command on any switch within the same switching domain.
SW-1 interface Fa0/4 is assigned to host-2. Ping from host-2 to server-2 (192.168.2.2).
Identify the MAC address of host-2 in the MAC address table of SW-1?
A. 0001.1077.16AB
B. 0001.1707.16BA
C. 0012.1607.15BA
D. 0002.1707.16BA
Answer: D
Explanation
SW-1# show mac address-table
140 | P a g e
Cisco Certified Network Associate – 200-301
This operational simulation (Part 1) includes 12 questions and has a time limit of 40 minutes. Select
suitable IOS command/s to answer each question and verify the operational state of network devices.
Step 1. Start Packet Tracer lab named operational sim 1 so that it is active.
Step 2. Packet Tracer --> Options menu --> Preferences --> uncheck always show port labels.
Do NOT use show running-config command for this operational simulation.
Cisco CLI help facility (?) is available to search IOS commands.
A. Fa0/1
B. Fa0/4
C. Fa0/3
D. Fa0/2
E. NONE
Answer: B
Explanation
SW-1# show port-security
A. shutdown
B. restrict
C. protect
D. disable
Answer: A
Explanation
Violation mode shutdown (switch port is shutdown when there is a port security violation)
141 | P a g e
Cisco Certified Network Associate – 200-301
Verify that unknown route 172.33.1.0/24 is not installed in the routing table of router-1. Ping from host-
2 to 172.33.1.1 address and verify routing to that subnet is working correctly. Identify the default route
installed in the routing table of router-3?
Answer: D
Explanation
router-3# show ip route
S* 0.0.0.0/0 [1/0] via 172.33.1.254 (default route)
142 | P a g e
Cisco Certified Network Associate – 200-301
A. point-to-point
B. broadcast
C. ethernet
D. multipoint
Answer: B
Explanation
router-1# show ip ospf interface Fa1/0
BROADCAST
143 | P a g e
Cisco Certified Network Associate – 200-301
A. 1
B. 10
C. NONE
D. 12
Answer: D
Explanation
switch-4# show vlan brief
VLAN 12
What route source is selected in the routing table of router-1 for packets destined to server-1 subnet
(172.16.3.0/24) at the data center?
A. static
B. default
C. OSPF
D. connected
Answer: C
Explanation
router-1# show ip route
O 172.16.3.0 [110/2] via 192.168.3.2, 00:10:42, FastEthernet1/0
Route Source = OSPF
144 | P a g e
Cisco Certified Network Associate – 200-301
Display the running configuration on router-1. What is the purpose of Extended ACL 100?
A. ACL 100 will deny access from wireless guests to all applications on server-1
B. ACL 100 will deny access from all hosts to web-based applications on server-1.
C. ACL 100 will deny access from wireless guests to web-based applications on server-1.
D. ACL 100 will deny access from wireless guests to the internet.
Answer: C
Explanation
router-1# show running-config
router-1# show access-lists
ACL will deny access from host-1 to the cloud server and permit host-2 access to the cloud server.
Applying named ACL inbound on router interface Fa0/0 only affects hosts assigned to 192.168.1.0/24
subnet.
145 | P a g e
Cisco Certified Network Associate – 200-301
This operational simulation (Part 2) includes 12 questions and has a time limit of 40 minutes. Select IOS
command/s to answer each question and verify the operational state of network devices.
Step 1. Close active Packet Tracer lab named operational sim 1 first.
Step 2. Start Packet Tracer lab named operational sim 2 so that it is active.
Step 3. Packet Tracer --> Options menu --> Preferences --> uncheck always show port labels.
Step 4. Click [Fast Forward Time] when lab first starts for faster network convergence.
Step 5. Answer each question and proceed to end of simulation score and answer review.
Display the running configuration on router-1. What is the purpose of Extended named ACL http-filter?
A. ACL will deny access from all hosts to the cloud server.
B. ACL will deny access from host-1 and host-2 to the cloud server.
C. ACL will deny access from all 192.168.0.0/16 subnets to the cloud server
D. ACL will deny access from host-1 to the cloud server and permit host-2 access to the cloud
server.
Answer: D
Explanation
router-1# show running-config
router-1# show access-lists
ACL will deny access from host-1 to the cloud server and permit host-2 access to the cloud server.
Applying named ACL inbound on router interface Fa0/0 only affects hosts assigned to 192.168.1.0/24
subnet.
146 | P a g e
Cisco Certified Network Associate – 200-301
Ping from host-2 to cloud server (172.33.1.254) and verify that NAT is operational on router-3. Display
the running configuration on router-3 with show running-config and identify all subnets permitted
internet access?
Answer: C
Explanation
router-3# show ip nat translation
router-3# show running-config
Private (inside) subnets permitted internet access (all 192.168.0.0/16 subnets)
147 | P a g e
Cisco Certified Network Associate – 200-301
Why is 172.33.1.254 address used instead of 172.16.1.1 to access the cloud server?
A. 172.16.1.1 is a private IP address [RFC 1918) and not routable across the internet.
B. 172.16.1.1 is a global outside IP address and not assignable to static NAT
C. 172.16.1.1 is a public IP address and not assignable to static NAT.
D. 172.16.1.1 is a global inside IP address and already assigned to NAT pool
Answer: A
Explanation
172.16.1.1 is a private IP address (RFC 1918) and not routable across the internet. There is a static NAT
statement on ISP to map between private and public address zones with TCP port 80 (www) for web-
based applications.
Identify the elected OSPF Designated Router (DR) with an IOS command issued from router-1?
A. router-1
B. router-2
C. router-3
D. none
Answer: C
Explanation
148 | P a g e
Cisco Certified Network Associate – 200-301
What next hop address does router-2 use to forward packets to the wireless Guest subnet?
A. 192.168.3.0
B. 192.168.3.1
C. 192.168.3.2
D. 192.168.3.3
E. 192.168.2.254
F. Fa0/0
149 | P a g e
Cisco Certified Network Associate – 200-301
Answer: B
Explanation
router-2# show ip route
S 192.168.2.0/24 [1/0] via 192.168.3.1
Next hop address = 192.168.3.1
Local exit interface = FastEthernet0/0
A. Fa1/0, Fa2/0
B. Fa1/0, Fa3/0
C. Fa0/0
D. Fa0/0, Fa1/0
Answer: D
Explanation
router-2# show ip interface brief
Fa0/0, Fa1/0
150 | P a g e
Cisco Certified Network Associate – 200-301
This operational simulation (Part 2) includes 12 questions and has a time limit of 40 minutes. Select IOS
command/s to answer each question and verify the operational state of network devices.
Step 1. Close active Packet Tracer lab named operational sim 1 first.
Step 2. Start Packet Tracer lab named operational sim 2 so that it is active.
Step 3. Packet Tracer --> Options menu --> Preferences --> uncheck always show port labels.
Step 4. Click [Fast Forward Time] when lab first starts for faster network convergence.
Step 5. Answer each question and proceed to end of simulation score and answer review.
Router-1 interface Fa1/0 is connected to SW-4. Identify the router ID assigned to router-1?
A. 192.168.1.3
B. 192.168.255.3
C. 192.168.255.1
D. 192.168.255.2
E. 192.168.3.1
Answer: C
Explanation
router-1# show ip ospf interface Fa1/0
router-ID = 192.168.255.1
_______________________________________________________________________________
151 | P a g e