Scribd
Upload
667 views11 pages

Number: 200-301 Passing Score: 800 Time Limit: 120 Min File Version: 0

The document provides information about the Cisco Certified Network Associate (200-301 CCNA) exam, including the exam number, passing score, time limit, and file version. It also includes 20 sample exam questions related to networking topics such as MAC address tables, MACsec keying, Cisco ASA features, SNMP authentication, NTP configuration in Cisco ISE, VPN types, elliptic curve cryptography, Cisco WSA traffic monitoring, Firepower module commands, and routing protocols. The questions provide the question text, correct answer, and an explanation for each answer.

Uploaded by

Geekware Peru
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
667 views11 pages

Number: 200-301 Passing Score: 800 Time Limit: 120 Min File Version: 0

The document provides information about the Cisco Certified Network Associate (200-301 CCNA) exam, including the exam number, passing score, time limit, and file version. It also includes 20 sample exam questions related to networking topics such as MAC address tables, MACsec keying, Cisco ASA features, SNMP authentication, NTP configuration in Cisco ISE, VPN types, elliptic curve cryptography, Cisco WSA traffic monitoring, Firepower module commands, and routing protocols. The questions provide the question text, correct answer, and an explanation for each answer.

Uploaded by

Geekware Peru
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 11

200-301

Number: 200-301
Passing Score: 800
Time Limit: 120 min
File Version: 0

200-301

Cisco Certified Network Associate (200-301 CCNA)

More dumps and materials -> https://t.me/ciscoCat


Exam A

QUESTION 1
All 30 users on a single floor of a building are complaining about network slowness. After investigating the
access switch, the network administrator notices that the MAC address table is full (10,000 entries) and all
traffic is being flooded out of every port. Which action can the administrator take to prevent this from occurring?

A. Configure port-security to limit the number of mac-addresses allowed on each port


B. Upgrade the switch to one that can handle 20,000 entries
C. Configure private-vlans to prevent hosts from communicating with one another
D. Enable storm-control to limit the traffic rate
E. Configure a VACL to block all IP traffic except traffic to and from that subnet

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 2
Which two keying mechanisms are available within MACsec? (Choose two.)

A. IKE
B. GDOI
C. SAP
D. MKA
E. Diffie-Hellman

Correct Answer: CD
Section: (none)
Explanation

Explanation/Reference:
Reference: https://www.cisco.com/c/dam/en/us/solutions/collateral/enterprise/design-zone-security/
how_to_intro_macsec_ndac_guide.pdf

QUESTION 3
Which two features are supported on the Cisco Adaptive Security Virtual Appliance? (Choose two.)

A. high availability
B. EtherChannel
C. site-to-site VPN
D. PAK-based licensing
E. multiple contexts
F. clustering

Correct Answer: AC
Section: (none)
Explanation

Explanation/Reference:
Reference: https://www.cisco.com/c/en/us/products/collateral/security/adaptive-security-virtual-appliance-asav/
datasheet-c78-733399.html

More dumps and materials -> https://t.me/ciscoCat


QUESTION 4
Which type of authentication and encryption does SNMPv3 use at the authPriv security level?

A. username authentication with MD5 or SHA encryption


B. MD5 or SHA authentication with DES encryption
C. username authentication with DES encryption
D. DES authentication with MD5 or SHA encryption

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:
Reference: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/snmp/configuration/xe-3se/3850/snmp-xe-3se-
3850-book/nm-snmp-snmpv3.pdf

QUESTION 5
Which identity store option allows you to modify the directory services that run on TCP/IP?

A. Lightweight Directory Access Protocol


B. RSA SecurID server
C. RADIUS
D. Active Directory

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 6
Which statement about system time and NTP server configuration with Cisco ISE is true?

A. The system time and NTP server settings can be configured centrally on the Cisco ISE.
B. The system time can be configured centrally on the Cisco ISE, but NTP server settings must be configured
individually on each ISE node.
C. NTP server settings can be configured centrally on the Cisco ISE, but the system time must be configured
individually on each ISE node.
D. The system time and NTP server settings must be configured individually on each ISE node.

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:

QUESTION 7
Which option is required for inline security group tag propagation?

A. Cisco Secure Access Control System


B. hardware support
C. Security Group Tag Exchange Protocol (SXP) v4

More dumps and materials -> https://t.me/ciscoCat


D. Cisco Identity Services Engine

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 8
Which protocol sends authentication and accounting in different requests?

A. RADIUS
B. TACACS+
C. EAP-Chaining
D. PEAP
E. EAP-TLS

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 9
Your company network security policy requires that all network traffic be tunneled to the corporate office. End
users must be able to access local LAN resources when they connect to the corporate network. Which two
configurations do you implement in Cisco AnyConnect? (Choose two.)

A. split-exclude tunneling
B. local LAN access
C. static routes
D. Client Bypass Protocol
E. tunnel all

Correct Answer: BE
Section: (none)
Explanation

Explanation/Reference:

QUESTION 10
Refer to the exhibit. Which type of VPN is used in the configuration?

More dumps and materials -> https://t.me/ciscoCat


A. DMVPN
B. FlexVPN
C. SSL VPN
D. Cisco GET VPN

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 11
What advantage does elliptic curve cryptography have over RSA cryptography?

A. ECC compresses the enciphered data


B. ECC has wider industry adoption
C. ECC utilizes symmetric encryption for greater performance
D. ECC provides greater security with a smaller key size

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:
Reference: https://www.leaderssl.com/articles/345-what-is-ecc-and-why-you-should-use-it

QUESTION 12
Which description of the Layer 4 traffic Monitor on a Cisco WSA is true?

A. monitors suspicious traffic across all the TCP/UDP ports


B. decrypts SSL traffic to monitor for malicious content
C. prevents data exfiltration by searching all the network traffic for specified sensitive information
D. blocks traffic from URL categories that are known to contain malicious content

Correct Answer: A
Section: (none)

More dumps and materials -> https://t.me/ciscoCat


Explanation

Explanation/Reference:

QUESTION 13
Which command do you run to reset a Firepower module on a Cisco ASA 5585-X firewall?

A. sw-module module sfr recover boot


B. sw-module module sfr reload
C. hw-module module 1 reload
D. hw-module module 1 recover boot

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:
Reference: https://www.cisco.com/c/en/us/td/docs/security/asa/asa93/configuration/firewall/asa-firewall-cli/
modules-sfr.html

QUESTION 14
Which deployment model on a Cisco ASA Firepower module in multiple-context mode allows you to evaluate
the contents of the traffic without affecting the network?

A. inline mode
B. passive monitor-only mode
C. inline tap monitor-only mode
D. passive tap monitor-only mode

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:
Reference: https://www.cisco.com/c/en/us/td/docs/security/asa/asa912/configuration/firewall/asa-912-firewall-
config/access-sfr.html

QUESTION 15
Which API uses HTTP messages to transfer data to applications residing on different hosts?

A. OpenStack
B. REST
C. OpenFlow
D. OpFlex

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:
Reference: CCNA ICND2 Study Guide: Exam 200-105 By Todd Lammle page 375

QUESTION 16
Refer to the exhibit.

More dumps and materials -> https://t.me/ciscoCat


All of the routers in the network are configured with the ip subnet-zero command. Which network addresses
should be used for Link A and Network A? (Choose two.)

A. Link A – 172.16.3.0/30
B. Link A – 172.16.3.112/30
C. Network A – 172.16.3.48/26
D. Network A – 172.16.3.128/25
E. Link A – 172.16.3.40/30
F. Network A –172.16.3.192/26

Correct Answer: AD
Section: (none)
Explanation

Explanation/Reference:

QUESTION 17
Which configuration register value can you set on a Cisco device so that it ignores the NVRAM when it boots?

A. 0x2124
B. 0x2120
C. 0x2142
D. 0x2102

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:

QUESTION 18
Which two characteristics are representative of a link-state routing protocol? (Choose two.)

More dumps and materials -> https://t.me/ciscoCat


A. provides common view of entire topology
B. exchanges routing tables for its own routes with neighbor
C. calculates feasible path
D. utilizes event-triggered updates
E. utilizes frequent periodic updates

Correct Answer: AD
Section: (none)
Explanation

Explanation/Reference:

QUESTION 19
Which three statements about the features of SNMPv2 and SNMPv3 are true? (Choose three.)

A. SNMPv3 enhanced SNMPv2 security features


B. SNMPv3 added the Inform protocol message to SNMP.
C. SNMPv2 added the Inform protocol message to SNMP
D. SNMPv3 added the GetBulk protocol messages to SNMP
E. SNMPv2 added the GetBulk protocol message to SNMP.
F. SNMPv2 added the GetNext protocol message to SNMP.

Correct Answer: ACE


Section: (none)
Explanation

Explanation/Reference:

QUESTION 20
Which technology could be used on top of an MPLS VPN to add confidentiality?

A. IPsec
B. AES
C. SSL
D. 3DES

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 21
Which SNMPv3 security level provides authentication using HMAC with MD5, but does not use encryption?

A. authPriv
B. authNoPriv
C. NoauthPriv
D. noAuthNoPriv

Correct Answer: B

More dumps and materials -> https://t.me/ciscoCat


Section: (none)
Explanation

Explanation/Reference:

QUESTION 22
You have implemented a dynamic blacklist, using security intelligence to block illicit network activity. However,
the blacklist contains several approved connections that users must access for business purposes.
Which action can you take to retain the blacklist while allowing users to access the approved sites?

A. Create a whitelist and manually add the approved addresses


B. Edit the dynamic blacklist to remove the approved addresses
C. Disable the dynamic blacklist and deny the specific address on a whitelist while permitting the others
D. Disable the dynamic blacklist and create a static blacklist in its place

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 23
What tab contains access point configuration in the WCS?

A. Controller > Access Points


B. Configure > Access Points
C. General > Configure > Access Points
D. System > Configure > Access Points

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:
Explanation:

QUESTION 24
A network engineer in the GUI of WCS version 7 wants to add an access point to a map. Where can this
command be found within the drop-down menu?

A. Monitor > Maps


B. Reports > Maps
C. Monitor > Network Summary
D. Configure > Maps

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:
Explanation:
The physical location of the client (such as building, floor, and so on). Clicking the map location displays
information in the Monitor > Maps page.
http://www.cisco.com/c/en/us/td/docs/wireless/wcs/7-0/configuration/guide/WCS70cg/7_0clientmgmt.html

More dumps and materials -> https://t.me/ciscoCat


QUESTION 25
You are configuring SNMPv1/v2c on a WLC. What should you do for improved security?

A. Remove the default SNMPv1 community.


B. Remove the default SNMPv1 and SNMPv2 communities.
C. Remove the default SNMPv2 community.
D. Remove the default SNMPv3 users.

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:
Explanation:
The controller has commonly known default values of "public" and "private" for the read-only and read-write
SNMP community strings. Using these standard values presents a security risk. If you use the default
community names, and since these are known, the community names could be used to communicate to the
controller using SNMP. Therefore, we strongly advise that you change these values.
Step 1
Choose Management and then Communities under SNMP. The SNMP v1 / v2c Community page appears.
Step 2

If "public" or "private" appears in the Community Name column, hover your cursor over the blue drop-down
arrow for the desired community and choose Remove to delete this community.
Step 3
Click New to create a new community. The SNMP v1 / v2c Community > New page appears.
Step 4

In the Community Name text box, enter a unique name containing up to 16 alphanumeric characters. Do not
enter "public" or "private."
Step 5
In the next two text boxes, enter the IPv4/IPv6 address and IP Mask/Prefix Length from which this device
accepts SNMP packets with the associated community and the IP mask.
Step 6
Choose Read Only or Read/Write from the Access Mode drop-down list to specify the access level for this
community.
Step 7
Choose Enable or Disable from the Status drop-down list to specify the status of this community.
Step 8
Click Apply to commit your changes.
Step 9
Click Save Configuration to save your settings.
Step 10

Repeat this procedure if a "public" or "private" community still appears on the SNMP v1 / v2c Community page.

QUESTION 26
A customer needs wireless access points on a different VLAN from the controller to join via broadcast. Which
two commands are required on the Layer 3 switch? (Choose two.)

A. ip forward-protocol tcp 5246


B. ip helper-address <WLC-Multicast-Address>
C. ip helper-address <WLC-Virtual-Address>
D. ip forward-protocol udp 5246
E. ip helper-address <WLC-Management-Address>

More dumps and materials -> https://t.me/ciscoCat


Correct Answer: DE
Section: (none)
Explanation

Explanation/Reference:
Reference: https://community.cisco.com/t5/other-wireless-mobility-subjects/capwap-discovery-using-
broadcasts-only/td-p/2377189

QUESTION 27
An engineer has been asked to upgrade the code on a WLC that is running Cisco AireOS 8.0. Which two
protocols can be used to download the code file to the controller? (Choose two.)

A. SNMPv2c
B. FTP
C. SNMPv3
D. SFTP
E. HTTPS

Correct Answer: BD
Section: (none)
Explanation

Explanation/Reference:

More dumps and materials -> https://t.me/ciscoCat

You might also like