CCNA 200-301 Exam Dumps Free | Full Questions & Answers [updated]

Last Update: 22 April 2021

Table of Content:

I- Multiple Choice Questions

II- Drag and Drop Questions


  • Network Fundamentals
  • Network Access
  • IP Connectivity
  • IP Services
  • Security Fundamentals
  • Automation and Programmability


Multiple Choice Questions:


What are two benefits of network automation? (Choose two)

A. reduced operational costs

B. reduced hardware footprint

C. faster changes with more reliable results

D. fewer network failures

E. increased network security

Correct Answer: A C


Which command enables a router to become a DHCP client?

A. ip address dhcp

B. ip helper-address

C. ip dhcp pool

D. ip dhcp client

Correct Answer: A


Which design element is a best practice when deploying an 802.11b wireless infrastructure?

A. disabling TPC so that access points can negotiate signal levels with their attached wireless devices

B. setting the maximum data rate to 54 Mbps on the Cisco Wireless LAN Controller

C. allocating nonoverlapping channels to access points that are in close physical proximity to one another

D. configuring access points to provide clients with a maximum of 5 Mbps

Correct Answer: C


When configuring IPv6 on an interface, which two IPv6 multicast groups are joined? (Choose two)

A. 2000::/3

B. 2002::5

C. FC00::/7

D. FF02::1

E. FF02::2

Correct Answer: D E


Which option about JSON is true?

A. uses predefined tags or angle brackets (<>) to delimit markup text

B. used to describe structured data that includes arrays

C. used for storing information

D. similar to HTML, it is more verbose than XML

Correct Answer: B


Which IPv6 address type provides communication between subnets and cannot route on the Internet?

A. global unicast

B. unique local

C. link-local

D. multicast

Correct Answer: B


Which command prevents passwords from being stored in the configuration as plaintext on a router or switch?

A. enable secret

B. service password-encryption

C. username Cisco password encrypt

D. enable password

Correct Answer: B


What are two southbound APIs? (Choose two)

A. OpenFlow


C. Thrift



Correct Answer: A B


Which set of action satisfy the requirement for multifactor authentication?

A. The user swipes a key fob, then clicks through an email link

B. The user enters a user name and password, and then clicks a notification in an authentication app on a mobile device

C. The user enters a PIN into an RSA token, and then enters the displayed RSA key on a login screen

D. The user enters a user name and password and then re-enters the credentials on a second screen

Correct Answer: B


Which two capacities of Cisco DNA Center make it more extensible? (Choose two)

A. adapters that support all families of Cisco IOS software

B. SDKs that support interaction with third-party network equipment

C. customized versions for small, medium, and large enterprises

D. REST APIs that allow for external applications to interact natively with Cisco DNA Center

E. modular design that is upgradable as needed

Correct Answer: B D


An email user has been lured into clicking a link in an email sent by their company’s security organization. The webpage that opens reports that it was safe but the link could have contained malicious code. Which type of security program is in place?

A. Physical access control

B. Social engineering attack

C. brute force attack

D. user awareness

Correct Answer: D


Which type of wireless encryption is used for WPA2 in pre-shared key mode?

A. TKIP with RC4

B. RC4

C. AES-128

D. AES-256

Correct Answer: D


Which two must be met before SSH can operate normally on a Cisco IOS switch? (Choose two)

A. The switch must be running a k9 (crypto) IOS image

B. The ip domain-name command must be configured on the switch

C. IP routing must be enabled on the switch

D. A console password must be configured on the switch

E. Telnet must be disabled on the switch

Correct Answer: A B


Which type of address is the public IP address of a NAT device?

A. outside global

B. outsdwde local

C. inside global

D. insride local

E. outside public

F. inside public

Correct Answer: C


15. Refer to the exhibit. Which prefix does Router 1 use for traffic to Host A?






Correct Answer: D


How does HSRP provide first hop redundancy?

A. It load-balances traffic by assigning the same metric value to more than one route to the same destination m the IP routing table

B. It load-balances Layer 2 traffic along the path by flooding traffic out all interfaces configured with the same VLAN

C. It forwards multiple packets to the same destination over different routed links in the data path

D. It uses a shared virtual MAC and a virtual IP address to a group of routers that serve as the default gateway for hosts on a LAN

Correct Answer: D


In Which way does a spine-and-leaf architecture allow for scalability in a network when additional access ports are required?

A. A spine switch and a leaf switch can be added with redundant connections between them

B. A spine switch can be added with at least 40 GB uplinks

C. A leaf switch can be added with a single connection to a core spine switch

D. A leaf switch can be added with connections to every spine switch

Correct Answer: D


Which two actions are performed by the Weighted Random Early Detection mechanism? (Choose two)

A. It drops lower-priority packets before it drops higher-priority packets

B. It can identify different flows with a high level of granularity

C. It guarantees the delivery of high-priority packets

D. It can mitigate congestion by preventing the queue from filling up

E. It supports protocol discovery

Correct Answer: A D


A network engineer must back up 20 network router configurations globally within a customer environment. Which protocol allows the engineer to perform this function using the Cisco IOS MIB?





Correct Answer: B


Refer to the exhibit. What is the effect of this configuration?

A. The switch port interface trust state becomes untrusted

B. The switch port remains administratively down until the interface is connected to another switch

C. Dynamic ARP inspection is disabled because the ARP ACL is missing

D. The switch port remains down until it is configured to trust or untrust incoming packets

Correct Answer: A


A frame that enters a switch fails the Frame Check Sequence. Which two interface counters are incremented? (Choose two)

A. runts

B. giants

C. frame


E. input errors

Correct Answer: D E


How do TCP and UDP differ in the way that they establish a connection between two endpoints?

TCP uses synchronization packets, and UDP uses acknowledgment packets

UDP uses SYN, SYN ACK and FIN bits in the frame header while TCP uses SYN, SYN ACK and ACK bits

UDP provides reliable message transfer and TCP is a connectionless protocol

TCP uses the three-way handshake and UDP does not guarantee message delivery

Correct Answer: D


When OSPF learns multiple paths to a network, how does it select a route?

A. It multiple the active K value by 256 to calculate the route with the lowest metric

B. For each existing interface, it adds the metric from the source router to the destination to calculate the route with the lowest bandwidth

C. It divides a reference bandwidth of 100 Mbps by the actual bandwidth of the existing interface to calculate the router with the lowest cost

D. It count the number of hops between the source router and the destination to determine the router with the lowest metric

Correct Answer: C


24. Refer to the exhibit. Which password must an engineer use to enter the enable mode?

A. adminadmin123

B. default

C. testing1234

D. cisco123

Correct Answer: C


Which configuration is needed to generate an RSA key for SSH on a router?

A. Configure the version of SSH

B. Configure VTY access

C. Create a user with a password

D. Assign a DNS domain name

Correct Answer: D


26. Which output displays a JSON data representation?

A. Option A

B. Option B

C. Option C

D. Option D

Correct Answer: C


What is the primary different between AAA authentication and authorization?

A. Authentication verifies a username and password, and authorization handles the communication between the authentication agent and the user database

B. Authentication identifies a user who is attempting to access a system, and authorization validates the users password

C. Authentication identifies and verifies a user who is attempting to access a system, and authorization controls the tasks the user can perform

D. Authentication controls the system processes a user can access and authorization logs the activities the user initiates

Correct Answer: C


A Cisco IP phone receive untagged data traffic from an attached PC. Which action is taken by the phone?

A. It allows the traffic to pass through unchanged

B. It drops the traffic

C. It tags the traffic with the default VLAN

D. It tags the traffic with the native VLAN

Correct Answer: A


An engineer must configure a /30 subnet between two routers. Which usable IP address and subnet mask combination meets this criteria?

A. interface e0/0

description to HQ-A370:98968

ip address

B. interface e0/0

description to HQ-A370:98968

ip address

C. interface e0/0

description to HQ-A370:98968

ip address

D. interface e0/0

description to HQ-A370:98968

ip address

Correct Answer: D


What is a benefit of using a Cisco Wireless LAN Controller?

A. Central AP management requires more complex configurations

B. Unique SSIDs cannot use the same authentication method

C. It supports autonomous and lightweight APs

D. It eliminates the need to configure each access point individually

Correct Answer: D


What are two characteristics of a controller-based network? (Choose two)

A. The administrator can make configuration updates from the CLI

B. It uses northbound and southbound APIs to communicate between architectural layers.

C. It moves the control plane to a central point

D. It decentralizes the control plane, which allows each device to make its own forwarding decisions

E. It uses Telnet to report system issues

Correct Answer: B C


Which attribute does a router use to select the best path when two or more different routes to the same destination exist from two different routing protocols?

A. dual algorithm

B. metric

C. administrative distance

D. hop count

Correct Answer: C


33. Refer to Exhibit. How does SW2 interact with other switches in this VTP domain?

A. It processes VTP updates from any VTP clients on the network on its access ports

B. It receives updates from all VTP servers and forwards all locally configured VLANs out all trunk ports

C. It forwards only the VTP advertisements that it receives on its trunk ports

D. It transmits and processes VTP updates from any VTP Clients on the network on its trunk ports

Correct Answer: C


Which unified access point mode continues to serve wireless clients after losing connectivity to the Cisco Wireless LAN Controller?

A. sniffer

B. mesh

C. flexconnect

D. local

Correct Answer: C


Which two encoding methods are supported by REST APIs? (Choose two)






Correct Answer: BE


What are two reasons that cause late collisions to increment on an Ethernet interface? (Choose two)

A. when the sending device waits 15 seconds before sending the frame again

B. when the cable length limits are exceeded

C. when one side of the connection is configured for half-duplex

D. when Carriner Sense Multiple Access/Collision Detection is used

E. when a collision occurs after the 32nd byte of a frame has been transmitted

Correct Answer: B C


Router A learns the same route from two different neighbors, one of the neighbor routers is an OSPF neighbor and the other is an EIGRP neighbor. What is the administrative distance of the route that will be installed in the routing table?

A. 20

B. 90

C. 110

D. 115

Correct Answer: B


What is the primary effect of the spanning-tree portfast command?

A. It enables BPDU messages

B. It minimizes spanning-tree convergence time

C. It immediately puts the port into the forwarding state when the switch is reloaded

D. It immediately enables the port in the listening state

Correct Answer: B


What is the default behavior of a Layer 2 switch when a frame with an unknown destination MAC address is received?

A. The Layer 2 switch drops the received frame

B. The Layer 2 switch floods packets to all ports except the receiving port in the given VLAN

C. The Layer 2 switch sends a copy of a packet to CPU for destination MAC address learning

D. The Layer 2 switch forwards the packet and adds the destination MAC address to its MAC address table

Correct Answer: B


Refer to the exhibit. What is the effect of this configuration?

A. All ARP packets are dropped by the switch

B. Egress traffic is passed only if the destination is a DHCP server

C. All ingress and egress traffic is dropped because the interface is untrusted

D. The switch discard all ingress ARP traffic with invalid MAC-to-IP address bindings

Correct Answer: D


Refer to the exhibit. An engineer configured NAT translations and has verified that the configuration is correct. Which IP address is the source IP?





Correct Answer: D


42. Refer to the exhibit. Which route does R1 select for traffic that is destined to 192 168.16.2?



C. 192.168 26.0/26


Correct Answer: D


Which IPv6 address block sends packets to a group address rather than a single address?

A. 2000::/3

B. FC00::/7

C. FE80::/10

D. FF00::/8

Correct Answer: D


Which two values or settings must be entered when configuring a new WLAN in the Cisco Wireless LAN Controller GUI? (Choose two)

A. management interface settings

B. QoS settings

C. Ip address of one or more access points


E. Profile name

Correct Answer: D E


Which two actions influence the EIGRP route selection process? (Choose two) A. The router calculates the reported distance by multiplying the delay on the exiting Interface by 256

B. The router calculates the best backup path to the destination route and assigns it as the feasible successor

C. The router calculates the feasible distance of all paths to the destination route

D. The advertised distance is calculated by a downstream neighbor to inform the local router of the bandwidth on the link

E. The router must use the advertised distance as the metric for any given route

Correct Answer: B C


Refer to Exhibit. Which action do the switches take on the trunk link?

A. The trunk does not form and the ports go into an err-disabled status

B. The trunk forms but the mismatched native VLANs are merged into a single broadcast domain

C. The trunk does not form, but VLAN 99 and VLAN 999 are allowed to traverse the link

D. The trunk forms but VLAN 99 and VLAN 999 are in a shutdown state

Correct Answer: B


Which command is used to specify the delay time in seconds for LLDP to initialize on any interface?

A. lldp timer

B. lldp holdtimt

C. lldp reinit

D. lldp tlv-select

Correct Answer: C


An engineer configured an OSPF neighbor as a designated router. Which state verifies the designated router is in the proper mode?

A. Exchange

B. 2-way

C. Full

D. Init

Correct Answer: C


Refer to the exhibit. The show ip ospf interface command has been executed on R1. How is OSPF configured?


A. The interface is not participating in OSPF

B. A point-to-point network type is configured

C. The default Hello and Dead timers are in use

D. There are six OSPF neighbors on this interface

Correct Answer: C


An engineer is asked to protect unused ports that are configured in the default VLAN on a switch. Which two steps will fulfill the request? (Choose two)

A. Configure the ports in an EtherChannel

B. Administratively shut down the ports

C. Configure the port type as access and place in VLAN 99

D. Configure the ports as trunk ports

E. Enable the Cisco Discovery Protocol

Correct Answer: B C


Which QoS Profile is selected in the GUI when configuring a voice over WLAN deployment?

A. Bronze

B. Platinum

C. Silver

D. Gold

Correct Answer: B


Refer to the exhibit. An engineer is bringing up a new circuit to the MPLS provider on the Gi0/1 interface of Router1. The new circuit uses eBGP and teams the route to VLAN25 from the BGP path. What is the expected behavior for the traffic flow for route

A. Traffic to is load balanced out of multiple interfaces

B. Route is updated in the routing table as being learned from interface Gi0/1

C. Traffic to is a symmetrical

D. Route learned via the Gi0/0 interface remains in the routing table

Correct Answer: D


Which statement identifies the functionality of virtual machines?

A. Virtualized servers run most efficiently when they are physically connected to a switch that is separate from the hypervisor

B. The hypervisor can virtualize physical components including CPU, memory, and storage

C. Each hypervisor can support a single virtual machine and a single software switch

D. The hypervisor communicates on Layer 3 without the need for additional resources

Correct Answer: B

1 2 3 4 5 6 7 8 9 10 11 12 13Next page

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button
error: Content is protected !!