Update: August 2, 2021
Cisco Certified Network Associate (CCNA 200-301) is the exam required to get CCNA certification.
Table of Content:
* CCNA 200-301 exam contain two types of questions:
I- Multiple Choice Questions
II- Drag and Drop Questions
· – Network Fundamentals
· – Network Access
· – IP Connectivity
· – IP Services
· – Security Fundamentals
· – Automation and Programmability
* Multiple Choice Questions:
1.What are two benefits of network automation? (Choose two)
A. reduced operational costs
B. reduced hardware footprint
C. faster changes with more reliable results
D. fewer network failures
E. increased network security
2.Which command enables a router to become a DHCP client?
A. ip address dhcp
B. ip helper-address
C. ip dhcp pool
D. ip dhcp client
3.Which design element is a best practice when deploying an 802.11b wireless infrastructure?
A. disabling TPC so that access points can negotiate signal levels with their attached wireless devices
B. setting the maximum data rate to 54 Mbps on the Cisco Wireless LAN Controller
C. allocating nonoverlapping channels to access points that are in close physical proximity to one another
D. configuring access points to provide clients with a maximum of 5 Mbps
4.When configuring IPv6 on an interface, which two IPv6 multicast groups are joined? (Choose two)
5.Which option about JSON is true?
A. uses predefined tags or angle brackets (<>) to delimit markup text
B. used to describe structured data that includes arrays
C. used for storing information
D. similar to HTML, it is more verbose than XML
6.Which IPv6 address type provides communication between subnets and cannot route on the Internet?
A. global unicast
B. unique local
7.Which command prevents passwords from being stored in the configuration as plaintext on a router or switch?
A. enable secret
B. service password-encryption
C. username Cisco password encrypt
D. enable password
8.What are two southbound APIs? (Choose two)
A. The user swipes a key fob, then clicks through an email link
B. The user enters a user name and password, and then clicks a notification in an authentication app on a mobile device
C. The user enters a PIN into an RSA token, and then enters the displayed RSA key on a login screen
D. The user enters a user name and password and then re-enters the credentials on a second screen
10.Which two capacities of Cisco DNA Center make it more extensible? (Choose two)
A. adapters that support all families of Cisco IOS software
B. SDKs that support interaction with third-party network equipment
C. customized versions for small, medium, and large enterprises
D. REST APIs that allow for external applications to interact natively with Cisco DNA Center
E. modular design that is upgradable as needed
11.An email user has been lured into clicking a link in an email sent by their company’s security organization. The webpage that opens reports that it was safe but the link could have contained malicious code. Which type of security program is in place?
A. Physical access control
B. Social engineering attack
C. brute force attack
D. user awareness
12.Which type of wireless encryption is used for WPA2 in pre-shared key mode?
A. TKIP with RC4
13.Which two must be met before SSH can operate normally on a Cisco IOS switch? (Choose two)
A. The switch must be running a k9 (crypto) IOS image
B. The ip domain-name command must be configured on the switch
C. IP routing must be enabled on the switch
D. A console password must be configured on the switch
E. Telnet must be disabled on the switch
14.Which type of address is the public IP address of a NAT device?
A. outside global
B. outsdwde local
C. inside global
D. insride local
E. outside public
F. inside public
15.15. Refer to the exhibit. Which prefix does Router 1 use for traffic to Host A?
16.How does HSRP provide first hop redundancy?
A. It load-balances traffic by assigning the same metric value to more than one route to the same destination m the IP routing table
B. It load-balances Layer 2 traffic along the path by flooding traffic out all interfaces configured with the same VLAN
C. It forwards multiple packets to the same destination over different routed links in the data path
D. It uses a shared virtual MAC and a virtual IP address to a group of routers that serve as the default gateway for hosts on a LAN
A. A spine switch and a leaf switch can be added with redundant connections between them
B. A spine switch can be added with at least 40 GB uplinks
C. A leaf switch can be added with a single connection to a core spine switch
D. A leaf switch can be added with connections to every spine switch
18.Which two actions are performed by the Weighted Random Early Detection mechanism? (Choose two)
A. It drops lower-priority packets before it drops higher-priority packets
B. It can identify different flows with a high level of granularity
C. It guarantees the delivery of high-priority packets
D. It can mitigate congestion by preventing the queue from filling up
E. It supports protocol discovery
19.A network engineer must back up 20 network router configurations globally within a customer environment. Which protocol allows the engineer to perform this function using the Cisco IOS MIB?
20.Refer to the exhibit. What is the effect of this configuration?
A. The switch port interface trust state becomes untrusted
B. The switch port remains administratively down until the interface is connected to another switch
C. Dynamic ARP inspection is disabled because the ARP ACL is missing
D. The switch port remains down until it is configured to trust or untrust incoming packets
21.A frame that enters a switch fails the Frame Check Sequence. Which two interface counters are incremented? (Choose two)
E. input errors
22.How do TCP and UDP differ in the way that they establish a connection between two endpoints?
TCP uses synchronization packets, and UDP uses acknowledgment packets
UDP uses SYN, SYN ACK and FIN bits in the frame header while TCP uses SYN, SYN ACK and ACK bits
UDP provides reliable message transfer and TCP is a connectionless protocol
TCP uses the three-way handshake and UDP does not guarantee message delivery
23.When OSPF learns multiple paths to a network, how does it select a route?
A. It multiple the active K value by 256 to calculate the route with the lowest metric
B. For each existing interface, it adds the metric from the source router to the destination to calculate the route with the lowest bandwidth
C. It divides a reference bandwidth of 100 Mbps by the actual bandwidth of the existing interface to calculate the router with the lowest cost
D. It count the number of hops between the source router and the destination to determine the router with the lowest metric
24.24. Refer to the exhibit. Which password must an engineer use to enter the enable mode?
25.Which configuration is needed to generate an RSA key for SSH on a router?
A. Configure the version of SSH
B. Configure VTY access
C. Create a user with a password
D. Assign a DNS domain name
26.Which output displays a JSON data representation?
A. Option A
B. Option B
C. Option C
D. Option D
27.What is the primary different between AAA authentication and authorization?
A. Authentication verifies a username and password, and authorization handles the communication between the authentication agent and the user database
B. Authentication identifies a user who is attempting to access a system, and authorization validates the users password
C. Authentication identifies and verifies a user who is attempting to access a system, and authorization controls the tasks the user can perform
D. Authentication controls the system processes a user can access and authorization logs the activities the user initiates
28.A Cisco IP phone receive untagged data traffic from an attached PC. Which action is taken by the phone?
A. It allows the traffic to pass through unchanged
B. It drops the traffic
C. It tags the traffic with the default VLAN
D. It tags the traffic with the native VLAN
29.An engineer must configure a /30 subnet between two routers. Which usable IP address and subnet mask combination meets these criteria?
A. interface e0/0
description to HQ-A370:98968
ip address 10.2.1.3 255.255.255.252
B. interface e0/0
description to HQ-A370:98968
ip address 192.168.1.1 255.255.255.248
C. interface e0/0
description to HQ-A370:98968
ip address 172.16.1.4 255.255.255.248
D. interface e0/0
description to HQ-A370:98968
ip address 18.104.22.168 255.255.255.252
30.What is a benefit of using a Cisco Wireless LAN Controller?
A. Central AP management requires more complex configurations
B. Unique SSIDs cannot use the same authentication method
C. It supports autonomous and lightweight APs
D. It eliminates the need to configure each access point individually
31.What are two characteristics of a controller-based network? (Choose two)
A. The administrator can make configuration updates from the CLI
B. It uses northbound and southbound APIs to communicate between architectural layers.
C. It moves the control plane to a central point
D. It decentralizes the control plane, which allows each device to make its own forwarding decisions
E. It uses Telnet to report system issues
32.Which attribute does a router use to select the best path when two or more different routes to the same destination exist from two different routing protocols?
A. dual algorithm
C. administrative distance
D. hop count
33.33. Refer to Exhibit. How does SW2 interact with other switches in this VTP domain?
B. It receives updates from all VTP servers and forwards all locally configured VLANs out all trunk ports
C. It forwards only the VTP advertisements that it receives on its trunk ports
D. It transmits and processes VTP updates from any VTP Clients on the network on its trunk ports
34.Which unified access point mode continues to serve wireless clients after losing connectivity to the Cisco Wireless LAN Controller?
35.Which two encoding methods are supported by REST APIs? (Choose two)
36.What are two reasons that cause late collisions to increment on an Ethernet interface? (Choose two)
A. when the sending device waits 15 seconds before sending the frame again
B. when the cable length limits are exceeded
C. when one side of the connection is configured for half-duplex
D. when Carriner Sense Multiple Access/Collision Detection is used
E. when a collision occurs after the 32nd byte of a frame has been transmitted
37.Router A learns the same route from two different neighbors, one of the neighbor routers is an OSPF neighbor and the other is an EIGRP neighbor. What is the administrative distance of the route that will be installed in the routing table?
38.What is the default behavior of a Layer 2 switch when a frame with an unknown destination MAC address is received?
A. The Layer 2 switch drops the received frame
B. The Layer 2 switch floods packets to all ports except the receiving port in the given VLAN
C. The Layer 2 switch sends a copy of a packet to CPU for destination MAC address learning
D. The Layer 2 switch forwards the packet and adds the destination MAC address to its MAC address table
39.Refer to the exhibit. What is the effect of this configuration?
A. All ARP packets are dropped by the switch
B. Egress traffic is passed only if the destination is a DHCP server
C. All ingress and egress traffic is dropped because the interface is untrusted
D. The switch discard all ingress ARP traffic with invalid MAC-to-IP address bindings
40.Refer to the exhibit. An engineer configured NAT translations and has verified that the configuration is correct. Which IP address is the source IP?
41. Refer to the exhibit. Which route does R1 select for traffic that is destined to 192 168.16.2?
C. 192.168 26.0/26
42.Which IPv6 address block sends packets to a group address rather than a single address?
43.Which two values or settings must be entered when configuring a new WLAN in the Cisco Wireless LAN Controller GUI? (Choose two)
A. management interface settings
B. QoS settings
C. Ip address of one or more access points
E. Profile name