Cisco 200-301

Cisco Certified Network Associate

Version: 3.0
 Cisco 200-301 Exam
QUESTION NO: 1

A switch receives an incoming frame with a frame check sequence that differs from the one
included from the sending station. What will the router do with this frame?

A.
Increment the frame error count by one and forward the frame.

B.
Increment the frame error count by one and drop the frame.

C.
Send a collision notification.

D.
Drop the frame without incrementing any error counters.

Answer: B
Explanation:

QUESTION NO: 2

Which of the following message types are used to create the TCP three-way handshake? (Choose
three.)

A.
ACK

B.
FIN

C.
RST

D.
SYN/ACK

E.
ACK

Answer: A,D,E
Explanation:

"Pass Any Exam. Any Time." - www.actualtests.com 2

 Cisco 200-301 Exam

QUESTION NO: 3

Which of the following is an 802.11 frame type is a management frame?

A.
Reserved

B.
Trigger

C.
RTS

D.
Association Response

Answer: D
Explanation:

QUESTION NO: 4

Using virtual machines and hypervisors, which of the following hardware components can be
virtualized? (Choose two.)

A.
Disk storage

B.
Power supplies

C.
Memory

D.
Monitors

Answer: A,C
Explanation:

"Pass Any Exam. Any Time." - www.actualtests.com 3

 Cisco 200-301 Exam
QUESTION NO: 5

A frame arrives on switch SW1 destined to an unknown layer 2 MAC address. What will SW1 do
with this frame?

A.
SW1 will drop the frame

B.
SW 1 will send an ICMP destination unreachable to the source.

C.
SW1 will forward the frame to all ports

D.
SW1 will forward the frame to all ports except for the one that the frame arrived on.

Answer: D
Explanation:

QUESTION NO: 6

You want to implement RFC 3021 to assign an IP address to router R1 on a point to point link.
Which of the following is a viable option for this?

A.
10.10.1.129/30

B.
10.1.1.1 255.255.255.252

C.
10.0.0.2/31

D.
10.0.0.4 255.255.255.255

Answer: C
Explanation:

"Pass Any Exam. Any Time." - www.actualtests.com 4

 Cisco 200-301 Exam
QUESTION NO: 7

Which of the following is a valid RFC 1918 IP address?

A.
192.158.69.1

B.
172.15.133.1

C.
172.30.30.1

D.
100.10.10.1

Answer: C
Explanation:

QUESTION NO: 8

You need to implement and manage a wireless network consisting of approximately 100 access
points. Which of the following would be the most helpful in the configuration and management of
these devices?

A.
RADIUS server

B.
WLC

C.
SIEM

D.
NMS

Answer: B
Explanation:

"Pass Any Exam. Any Time." - www.actualtests.com 5

 Cisco 200-301 Exam
QUESTION NO: 9

Which of the following protocols do Cisco devices use to manage POE devices?

A.
SNMP

B.
CDP

C.
LLDP

D.
STP

Answer: B
Explanation:

QUESTION NO: 10

An incoming frame arrives on a Cisco switch and that frame is forwarded to every port on the
same VLAN except for the one in which it arrived on. What is this process known as?

A.
ARP

B.
Broadcasting

C.
Unicasting

D.
Flooding

Answer: D
Explanation:

QUESTION NO: 11
"Pass Any Exam. Any Time." - www.actualtests.com 6
 Cisco 200-301 Exam
Private IP address space is defined in which RFC?

A.
RFC 1918

B.
RFC 5534

C.
RFC 1819

D.
RFC 3384

Answer: A
Explanation:

QUESTION NO: 12

In your 2.4 Ghz wireless network you want to configure the channels in your access points to not
overlap to reduce interference. Which 3 channels should you use in the AP’s?

A.
1, 2, 3

B.
1, 4, 7

C.
1, 6, 11

D.
1, 5, 19

Answer: C
Explanation:

QUESTION NO: 13

Which of the following are attributes of TCP? (Choose three.)

"Pass Any Exam. Any Time." - www.actualtests.com 7
 Cisco 200-301 Exam
A.
flow control

B.
Requires acknowledgements

C.
sliding window

D.
connectionless

E.
operates at layer 5 of the OSI model.

Answer: A,B,C
Explanation:

QUESTION NO: 14

Which of the following are used to terminate fiber optic cabling (Choose two.)

A.
BNC

B.
LC

C.
RJ-45

D.
SC

Answer: B,D
Explanation:

QUESTION NO: 15

Which of the following statements are true regarding the differences between UDP and TCP?

"Pass Any Exam. Any Time." - www.actualtests.com 8

 Cisco 200-301 Exam
A.
UDP uses acknowledgements and sequencing for reliable delivery, TCP is connectionless.

B.
UDP uses FCS and Discard eligible messages for reliable delivery, TCP is connectionless.

C.
TCP uses FCS and Discard eligible messages for reliable delivery, TCP is connection oriented.

D.
TCP uses acknowledgements and sequencing for reliable delivery, UDP is connectionless.

Answer: D
Explanation:

QUESTION NO: 16

Which of the following are the three components of the Three-tier Hierarchical Networking Model
used in many Cisco based networks? (Choose three.)

A.
Distribution

B.
Core

C.
Spoke

D.
Access

E.
Leaf

Answer: A,B,D
Explanation:

QUESTION NO: 17

"Pass Any Exam. Any Time." - www.actualtests.com 9

 Cisco 200-301 Exam
Which of the following statements are true regarding IPv6 Global unicast addresses (GUAs)?

A.
They are limited to the local link only

B.
They are used for IPV6 multicasting applications.

C.
They are used for private IPv6 networks.

D.
They are globally routable, similar to public IPv4 addresses

Answer: D
Explanation:

QUESTION NO: 18

A new network has the following remote offices

Site 1 has 14 users

Site 2 has 130 users.

Site three has 268 users

You have been tasked with assigning a subnet for each of these locations using the private
10.0.0.0/8 subnet. Which of the following addressing schemes should be used to ensure the least
amount of addressing waste, while ensuring no subnets overlap?

A.
10.0.0.0/28 for site 1, 10.0.0.16/24 for site 1, and 10.0.1.0/23 for site 3.

B.
10.0.0.0/28 for site 1, 10.0.0.16/24 for site 1, and 10.0.0.0/23 for site 3.

C.
10.0.0.0/27 for site 1, 10.0.0.16/24 for site 1, and 10.0.1.0/23 for site 3.

D.
10.0.0.0/28 for site 1, 10.0.0.0/24 for site 1, and 10.0.0.0/23 for site 3.

"Pass Any Exam. Any Time." - www.actualtests.com 10

 Cisco 200-301 Exam
Answer: A
Explanation:

QUESTION NO: 19

Which of the following technologies can be used to logically bind multiple physical interfaces into
one single logical interface? (Choose two.)

A.
PaGP

B.
PVSTP

C.
RSTP

D.
LACP

Answer: A,D
Explanation:

QUESTION NO: 20

You want to ensure that all access to your Cisco devices are secure and want to implement SSH
access to them. Which of the following must be done to enable this? (Choose two.)

A.
Configure a DNS domain name on the devices.

B.
Implement AAA

C.
Configure an NTP server

D.
Implement CEF

"Pass Any Exam. Any Time." - www.actualtests.com 11

 Cisco 200-301 Exam
E.
Generate an RSA key

Answer: A,E
Explanation:

QUESTION NO: 21

You are part of a network management team. You have been tasked with adding a leaf switch and
connecting the spine switch to all leaf switches in the fabric. What type of architecture is used?

A.
ACI Fabric

B.
Spine and leaf architecture

C.
ACI Container architecture

D.
Redundant architecture

Answer: B
Reference:

https://www.cisco.com/c/en/us/products/collateral/switches/nexus-7000-series-switches/white-
paper-c11-737022.html

QUESTION NO: 22

Which component of a virtual architecture can virtualize memory, storage and a processor while
being hidden from guest machines?

A.
Simulator

B.
Virtual machine
"Pass Any Exam. Any Time." - www.actualtests.com 12
 Cisco 200-301 Exam
C.
Host machine

D.
Hypervisor

Answer: D
Reference:

https://www.paessler.com/it-explained/virtualization

QUESTION NO: 23

You have been tasked with enabling Ipv6 on an interface. You execute the following command:

(config-if) # ipv6 enable

What type of address will this command generate?

A.
Automatic generation of link-local address using modified EUI-64 interface ID on the MAC address

B.
Direct link-local address using EUI-64 interface ID

C.
Automatic generation of site-local address using modified EUI-64 interface ID in low order 64 bits
of address

D.
Manual generation of link-local address using modified EUI-64 interface ID on the MAC address.

Answer: A
Reference:

https://www.cisco.com/c/en/us/td/docs/security/asa/asa72/configuration/guide/conf_gd/ipv6.html#
wp1041881

"Pass Any Exam. Any Time." - www.actualtests.com 13

 Cisco 200-301 Exam
QUESTION NO: 24

Which of the following type of addresses are used in neighbor soliciation messages when using
IPv6 multicast addressing?

A.
All nodes addresses

B.
link-local addresses

C.
Anycast addresses

D.
Solicited node addresses

Answer: D
Reference:

https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipv6/configuration/xe-3s/ipv6-xe-36s-book/ip6-
multicast.html

QUESTION NO: 25

"Pass Any Exam. Any Time." - www.actualtests.com 14

 Cisco 200-301 Exam

Refer to the exhibit. Which component of the VTP domain summary advertisement packet shows
the IP address of a switch that incremented the configuration revision?

A.
Update TimeStamp

B.
MD5 digest

C.
Updater identity

D.
Management Domain Name

Answer: C
Reference:

https://www.cisco.com/c/en/us/support/docs/lan-switching/vtp/10558-21.html

"Pass Any Exam. Any Time." - www.actualtests.com 15

 Cisco 200-301 Exam
QUESTION NO: 26

There are multiple paths having equal metrics to the same destination. What should be done on
equal cost paths to have a smooth operational process?

A.
cost

B.
static route

C.
load balancing

D.
forwarding decisions

Answer: C
Reference:

https://www.cisco.com/c/en/us/support/docs/ip/enhanced-interior-gateway-routing-protocol-
eigrp/8651-21.html

QUESTION NO: 27

Which of the following events happens before routing information is exchanged when OSPF is
initiated on a network? (Choose two.)

A.
multicast hello packets are used to discover neighbors

B.
adjacency building process is optimized by electing DR and BDR for every multi-access network

C.
unicast hello packets discover neighbors

D.
DR and BDR is elected to optimize point-to-point network

E.
Neighbor discovery is initiated by BDR

"Pass Any Exam. Any Time." - www.actualtests.com 16

 Cisco 200-301 Exam
F.
NBMA network is broadcasted.

Answer: A,B
Reference:

https://www.cisco.com/c/en/us/support/docs/ip/open-shortest-path-first-ospf/13693-22.html

QUESTION NO: 28

Which technology, by default, uses bandwidth and delay values of the path to calculate route
metric on a network?

A.
OSPF

B.
DR and BDR

C.
reference bandwidth

D.
EIGRP

Answer: D
Reference:

https://www.cisco.com/c/en/us/support/docs/ip/enhanced-interior-gateway-routing-protocol-
eigrp/16406-eigrp-toc.html

QUESTION NO: 29

An administrator uses the following command to send traffic to 192.168.1.1:

R1#Config t

R1(config)#ip routing

"Pass Any Exam. Any Time." - www.actualtests.com 17

 Cisco 200-301 Exam
R1(config)#ip route 0.0.0.0 0.0.0.0 192.168.1.1

Which of the following is true?

A.
R1 sends all traffic with matching routing-table entry to 192.168.1.1

B.
R1 sends all traffic without matching routing-table entry to 192.168.1.1

C.
R1 sends all traffic with default-route to 192.168.1.1

D.
R1 sends routing taffic with default-gateway to table entry in 192.168.1.1

Answer: B
Explanation:

QUESTION NO: 30

An administrator wants to use a static route on a router to send a packet. The following command
is executed:

ip route 10.10.1.20 255.255.255.252 10.10.255.1

Which IP address is this packet destined to?

A.
10.10.1.20

B.
10.10.1.19

C.
10.10.1.21

D.
10.10.1.22

Answer: D

"Pass Any Exam. Any Time." - www.actualtests.com 18

 Cisco 200-301 Exam
Explanation:

QUESTION NO: 31

Which type of route can be used to enable fallback static routing in the event of dynamic routing
failure and to route traffic on secondary path automatically in case primary path fails completely?

A.
Dynamic path route

B.
Summary route

C.
Floating static route

D.
Route summarization

Answer: C
Explanation:

QUESTION NO: 32

A router has three routing processes running; EIGRP, RIP and IGRP. All three processes have
learned various routes to 10.10.24.0/24. How will each process choose its best path to the
network?

A.
Using lowest administrative distance

B.
Using prefix length of the routing address

C.
Using low cost metrics

D.
Using medium administrative distance

"Pass Any Exam. Any Time." - www.actualtests.com 19

 Cisco 200-301 Exam
Answer: A
Reference:

https://www.cisco.com/c/en/us/support/docs/ip/enhanced-interior-gateway-routing-protocol-
eigrp/8651-21.html

QUESTION NO: 33

Which of the following two conditions are triggered by LSA overload condition? (Choose two.)

A.
Critical Alert

B.
LSDB size restriction

C.
Warning

D.
OSPF MAXLSACritical

E.
overload critical alert

F.
Permanent shutdown

Answer: C,F
Reference:

https://www.arista.com/en/um-eos/eos-section-31-3-configuring-ospfv2

QUESTION NO: 34

Which commands can alter default minimum threshold, maximum threshold and MPD value
assigned by IOS when Weighted Random Early Detection is configured? (Choose two.)

A.

"Pass Any Exam. Any Time." - www.actualtests.com 20

 Cisco 200-301 Exam
#random-detect precedence precedence_value

B.
#random-detect dscp dscp_value

C.
#random-detect (dscp-based)

D.
#random-detect (prec-based)

Answer: A,B
Reference:

https://www.ciscopress.com/articles/article.asp?p=352991&seqNum=8

QUESTION NO: 35

Which event triggers routing instance to be flapped?

A.
Warning-level message sent to a syslog server

B.
Critical-level message sent to a syslog server

C.
Notice-level message sent to a syslog server

D.
Message sent to the syslog server and emailed to administrative console

Answer: C
Explanation:

QUESTION NO: 36

Which of the following types of NTP pool based associations can be configured between router
and the devices connected to it? (Choose two.)

"Pass Any Exam. Any Time." - www.actualtests.com 21

 Cisco 200-301 Exam
A.
NTP configure mode

B.
Server time mode

C.
Client mode

D.
Symmetric active mode

Answer: C,D
Reference:

https://www.cisco.com/c/en/us/td/docs/routers/ncs6000/software/ncs6k-r6-3/system-
management/configuration/guide/b-system-management-cg-ncs6000-63x/b-system-management-
cg-ncs6000-63x_chapter_0111.pdf (3)

QUESTION NO: 37

An administrator is configuring Expression MIB. He wants to use counter expressions that can be
identified based on difference from one sample to the next. He also wants to continuous sampling
for the application. Which sampling should be used?

A.
Changed sampling

B.
Absolute sampling

C.
Iterative sampling

D.
Delta sampling

Answer: D
Reference:

https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/snmp/configuration/xe-16/snmp-xe-16-book/nm-
snmp-cfg-snmp-support.html#GUID-3180DD30-BFF4-4055-84A3-E129F8A6B351

"Pass Any Exam. Any Time." - www.actualtests.com 22

 Cisco 200-301 Exam

QUESTION NO: 38

Cisco DHCP FORCENEW command authenticated message based on the authentication mode
specified. Which of the following two features does FORCENEW command support? (Choose
two.)

A.
Token based authentication for basic protection against accidentally instantiated DHCP servers

B.
Change to the state of FORCENEW

C.
MD5 based authentication using single use value generated by the source as message
authentication code.

D.
Retains FORCENEW message that fails authentication for retries.

Answer: A,C
Reference:

https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipaddr_dhcp/configuration/12-4/dhcp-12-4-
book/config-dhcp-client.html

QUESTION NO: 39

Which component of SNMP sends information about MIB variables in response to requests from
the NMS?

A.
SNMPv2

B.
SNMP agent

C.
SNMP get-next-request

D.
SNMP traps.
"Pass Any Exam. Any Time." - www.actualtests.com 23
 Cisco 200-301 Exam
Answer: B
Reference:

https://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cucm/service/9_0/rtmt/CUCM_BK_CCC89
2E7_00_cucm-managed-services-guide-90/CUCM_BK_CCC892E7_00_cucm-manager-
managed-services-guide_chapter_0100.html

QUESTION NO: 40

Which of the following two are prerequisites for configuring DHCP server? (Choose two.)

A.
Disable Cisco DHCP server and relay agent permanently

B.
Use enable service dhcp command to enable relay agent and dhcp service

C.
Open Port 67 and verify it by using show ip sockets details command

D.
Enable DHCP relay agent service by using enable DHCP relay command

E.
Enable DHCP broadcast and forward it to configured DHCP server

Answer: C,E
Reference:

https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipaddr_dhcp/configuration/xe-3s/dhcp-xe-3s-
book/config-dhcp-server-xe.html

QUESTION NO: 41

Which NTP command displays timestamp and date of the latest configuration update?

A.
Show ntp trusted-keys

"Pass Any Exam. Any Time." - www.actualtests.com 24

 Cisco 200-301 Exam
B.
Show ntp internal

C.
Show ntp-running-config

D.
Show running-config ntp

Answer: D
Reference:

https://www.cisco.com/c/en/us/td/docs/routers/connectedgrid/cgr1000/1_0/software/configuration/g
uide/sysmgmt/SysMgmt_Book/sm_ntp_cgr1000.html

QUESTION NO: 42

A system restart message event has occurred. Which message level will be sent to a syslog
server?

A.
Warning level message

B.
Notice level message

C.
Critical warning message

D.
System event change message

Answer: B
Reference:

https://www.ciscopress.com/articles/article.asp?p=426638&seqNum=3

QUESTION NO: 43

"Pass Any Exam. Any Time." - www.actualtests.com 25

 Cisco 200-301 Exam
What is used for the information on the type of packet being encapsulated and connection
between client and server in a site-to-site VPN?

A.
L2TP

B.
PPTP

C.
GRE

D.
L2F

Answer: C
Reference:

https://www.cisco.com/c/en/us/support/docs/security-vpn/ipsec-negotiation-ike-protocols/14106-
how-vpn-works.html

QUESTION NO: 44

In AAA services, which service verifies an authenticated user and grants permission for a specific
task?

A.
Authentication

B.
Authorization

C.
Accounting

D.
Authorization, Authentication and Accounting

Answer: B
Explanation:

"Pass Any Exam. Any Time." - www.actualtests.com 26

 Cisco 200-301 Exam
QUESTION NO: 45

You are conducting user awareness training at your office. As an engineer you are particularly
concerned with clickbait emails which are an example of deceptive phishing. How can an attacker
gain access to the system using clickbait?

A.
By sending an email from Microsoft that contains a link with malicious code. That code opens a
webpage and asks users to enter their credentials or other personal information

B.
By sending an email from a reliable bank with deceptive code in the URL. The URL redirect to the
original webpage of the bank and asks for credentials

C.
By sending an email with a deceptive link from an email provider. The link instructs users to do
action on their workstation

D.
By sending an email with a link that contains a real threat. It instructs users to provide certain
details that are vital for the user’s company.

Answer: A
Explanation:

QUESTION NO: 46

An engineer wants to configure CPU ACLs pn a Cisco WLC. To check the details of ACL, which
command should he use to display the table shown in the exhibit?

A.
Show acl detailed

"Pass Any Exam. Any Time." - www.actualtests.com 27

 Cisco 200-301 Exam
B.
Show access-list

C.
Show acl summary

D.
Show acl cpu

Answer: A
Reference:

https://www.cisco.com/c/en/us/support/docs/wireless-mobility/wlan-security/71978-acl-wlc.html

QUESTION NO: 47

What happens if you don’t use label key-label command with crypto key generate rsa configuration
mode?

A.
The fully qualified domain name of the router will be used

B.
IOS will assign a label of its own to the key pairs

C.
IOS will assign a name for the key pair that is being imported

D.
The fully qualified domain name of the server will be used

Answer: A
Reference:

https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/security/a1/sec-a1-xe-3se-3850-cr-book/sec-a1-
xe-3se-3850-cr-book_chapter_0110.html

QUESTION NO: 48

"Pass Any Exam. Any Time." - www.actualtests.com 28

 Cisco 200-301 Exam
A network specialist wants to configure AES as the strong encryption type in a WLAN. Which
authentication method is most suitable for this type of encryption?

A.
WPA1-PSK

B.
WPA2-PSK

C.
WPA

D.
CKIP

Answer: B
Explanation:

QUESTION NO: 49

An engineer is configuring IPv4 ACLs on Cisco router. A standard ACL and an extended ACL is
configured. When the configuration is finished, the router showed a conflict in standard and
extended ACLs and all incoming traffic is allowed on the interface. What is the reason for this
conflict?

A.
Standard ACL and an extended ACL cannot have the same name

B.
Standard ACL is not working due to misconfigured VLAN maps

C.
Extended ACL for packet filters has not been configured

D.
ICMP messages are unreachable on extended ACL

Answer: A
Reference:

https://www.cisco.com/en/US/docs/switches/lan/catalyst3850/software/release/3.2_0_se/multibook
/configuration_guide/b_consolidated_config_guide_3850_chapter_0110100.html

"Pass Any Exam. Any Time." - www.actualtests.com 29

 Cisco 200-301 Exam

QUESTION NO: 50

What does Simultaneous Authentication of Equals (SAE) does in WPA3 authentication method?

A.
SAE adds a step to a password connection that makes it impossible for brute force attackers to
expose the password

B.
SAE creates an encryption algorithm for the password during transit of the data

C.
SAE negotiates with the server and jumbles up a password so that brute force attackers cannot
figure it out.

D.
SAE uses CNSA 192-bit encryption to encrypt passphrase during the data transit

Answer: A
Reference:

https://www.cisco.com/c/en/us/td/docs/wireless/controller/8-10/config-
guide/b_cg810/wlan_security.html

QUESTION NO: 51

Layer 2 MAC can be implemented in a distributed manner. Which control mechanism provides
reachability information to Layer 2 MAC?

A.
Layer-3 reachability control

B.
Centralized plane control

C.
Collocated network control

D.
Layer-2 reachability control

"Pass Any Exam. Any Time." - www.actualtests.com 30

 Cisco 200-301 Exam
Answer: D
Reference:

https://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/Data_Center/VMDC/SDN/SDN.html

QUESTION NO: 52

Which network design can reduce operational costs and enable faster and reliable changes?

A.
Agile network

B.
Network automation

C.
Silo based network architecture

D.
Network orchestration

Answer: B
Explanation:

QUESTION NO: 53

Which two management access tenants are available in APIC REST API? (Choose two.)

A.
Dynamic management access

B.
In-band management access

C.
Post management access

D.
Out-of-Band management access

"Pass Any Exam. Any Time." - www.actualtests.com 31

 Cisco 200-301 Exam
Answer: B,D
Reference:

https://www.cisco.com/c/en/us/td/docs/switches/datacenter/aci/apic/sw/2-
x/rest_cfg/2_1_x/b_Cisco_APIC_REST_API_Configuration_Guide/b_Cisco_APIC_REST_API_Co
nfiguration_Guide_chapter_010.html

QUESTION NO: 54

Which entity can perform almost all control plane functions effectively replacing devices distributed
control plane?

A.
Centralized control plane

B.
Northbound interface

C.
Southbound interface

D.
SDN controller

Answer: D
Explanation:

QUESTION NO: 55

Which of the two type of attacks can be identified using the real-time monitoring and pervasive
view of Cisco Stealthwatch? (Choose two.)

A.
Brute force attack

B.
drive-by attack

C.
Cross-site scripting attack
"Pass Any Exam. Any Time." - www.actualtests.com 32
 Cisco 200-301 Exam
D.
Zero-day attack

E.
Malware

Answer: D,E
Reference:

https://www.cisco.com/c/en/us/products/collateral/cloud-systems-management/dna-center/nb-06-
dna-center-faq-cte-en.html

QUESTION NO: 56

Which of the following two software is required for North bound client application? (Choose two.)

A.
Cisco PTC

B.
Cisco Meraki

C.
JDK kit 1.3

D.
Python IDE

E.
XML DTD

Answer: A,C
Reference:
https://www.cisco.com/c/en/us/td/docs/net_mgmt/packet_telephony_center_virtual_switch/2-
1/developer/guide/VSchap1.html

QUESTION NO: 57

Which Cisco API does not intertact directly with the managed network?
"Pass Any Exam. Any Time." - www.actualtests.com 33
 Cisco 200-301 Exam
A.
PTC southbound interface

B.
Synchronization interface

C.
PTC northbound interface

D.
REST interface

Answer: C
Reference:
https://www.cisco.com/c/en/us/td/docs/net_mgmt/packet_telephony_center_virtual_switch/2-
0/developer/guide/VSchap1.pdf (2)

QUESTION NO: 58

A company wants to deploy complex application on cloud. Which cloud service can they use to
develop and deploy applications without the restrictions of a platform?

A.
Software-as-a-service

B.
Infrastructure-as-a-service

C.
platform-as-a-service

D.
container-as-a-service

Answer: D
Reference:

https://blogs.cisco.com/cloud/the-next-evolution-of-paas

QUESTION NO: 59
"Pass Any Exam. Any Time." - www.actualtests.com 34
 Cisco 200-301 Exam
Which type of network can replace configuring ports with access VLAN and updating IP ACLs with
endpoint groups and policies?

A.
Traditional networks

B.
Cisco DNA Center

C.
Siloed networks

D.
Agile networks

Answer: B
Explanation:

QUESTION NO: 60

What is the main job of Southbound interface in a software defined networking environment?

A.
It elaborates the way SDN controller interact with application plane.

B.
It creates an external network that can be used for load-balancing applications.

C.
It defines a way SDN controllers interact with forwarding plane.

D.
It defines a way SDN controllers can interact with control plane

Answer: C
Reference:

https://www.econfigs.com/ccna-7-7-c-northbound-and-southbound-apis/

QUESTION NO: 61
"Pass Any Exam. Any Time." - www.actualtests.com 35
 Cisco 200-301 Exam
How does Control plane process in controller-based networking controls the data plane?

A.
By creating IP routing table, an ARP table and switch MAC address table

B.
By adding or removing entries on individual devices

C.
By creating OSPF on each data plane on a router

D.
By matching packet destination address and forwarding it to the the matched route.

Answer: A
Reference:

https://www.ciscopress.com/articles/article.asp?p=2995354&seqNum=2

QUESTION NO: 62

Which Cisco campus management product supports a variety of extensibility option including
cross-domain adapters and third-party SDKs?

A.
Cisco Meraki

B.
Cisco Digital Architecture

C.
Cisco DNA Center

D.
Cisco SDN

Answer: C
Explanation:

QUESTION NO: 63
"Pass Any Exam. Any Time." - www.actualtests.com 36
 Cisco 200-301 Exam
Which of the following are main principals of Cisco DNA?

A.
Analytics, open platform, physical and virtual infrastructure

B.
Business intent, policy, digital transformation

C.
digital transformation automation, cloud

D.
Extended enterprise, automation and policy.

Answer: A
Explanation:

QUESTION NO: 64

Which technology provides a system for logical network devices to pass traffic between virtual
machines and the physical network and have multiple operating systems and applications running
independently on one physical server?

A.
Agile network

B.
Virtualization

C.
Cloud-native

D.
network-as-a-service

Answer: B
Explanation:

QUESTION NO: 65

"Pass Any Exam. Any Time." - www.actualtests.com 37

 Cisco 200-301 Exam
Which feature of Cisco DNA center implements DPI to identify endpoint clients accessing the
network?

A.
Cisco User defined network (UDN)

B.
Cisco group-based policy telemetry (GPT)

C.
Cisco AI endpoint analytics (AI)

D.
Cisco automated endpoint detection analytics (EDA)

Answer: C
Reference:

https://www.cisco.com/c/en/us/products/collateral/cloud-systems-management/dna-center/nb-06-
dna-center-faq-cte-en.html

QUESTION NO: 66

Which command is used to lists the commands currently held in history buffer?

A.
Show command history

B.
Show history

C.
Show history | include command

D.
Show configure terminal

Answer: B
Explanation:

"Pass Any Exam. Any Time." - www.actualtests.com 38

 Cisco 200-301 Exam
QUESTION NO: 67

When a network engineer try to access router using, which command forces Cisco IOS to prompt
for username and password, and to check these credential against local database of router?

A.
Login

B.
Login local

C.
Login username local

D.
Login local telnet

Answer: B
Explanation:

QUESTION NO: 68

What are the prerequisites for the physical ports to become a single L3 etherchannel? (Choose
three.)

A.
Physical ports must use same speed

B.
Physical ports must use same vlan

C.
Physical ports must use same Trunking protocol

D.
Physical ports must use same duplex

E.
Physical ports must configured with "no switchport" command

F.
Physical ports must configured with "switchport mode l3" command

"Pass Any Exam. Any Time." - www.actualtests.com 39

 Cisco 200-301 Exam
Answer: A,D,E
Explanation:

QUESTION NO: 69

How much difference we can see in between two consecutive configurable root bridge priority
values which we assign in STP/RSTP configuration?

A.
1024

B.
2048

C.
4096

D.
8192

Answer: C
Explanation:

QUESTION NO: 70

Which technology original IEEE standard is 802.1w ?

A.
STP

B.
PVST+

C.
RSTP

D.
MSTP

Answer: C

"Pass Any Exam. Any Time." - www.actualtests.com 40

 Cisco 200-301 Exam
Explanation:

QUESTION NO: 71

At which layer does IP fragmentation occur?

A.
Network

B.
Transport

C.
Physical

D.
Data-Link

Answer: A
Explanation:

QUESTION NO: 72

Which misconfiguration in trunk link causes frames to jump from one vlan to another while
crossing the trunk link?

A.
Mismatched Trunk Encapusaltion

B.
Mismatched Allowed VLAN

C.
Mismatched Native VLAN

D.
Mismatched VLAN Trunking Protocol

E.
Mismatched DTP configuration

"Pass Any Exam. Any Time." - www.actualtests.com 41

 Cisco 200-301 Exam
Answer: C
Explanation:

QUESTION NO: 73

By which command an engineer change the default DR/BDR election process in OSPF?

A.
ip ospf DR

B.
ip ospf priority

C.
ip ospf designated DR

D.
ip ospf secondary

Answer: B
Explanation:

QUESTION NO: 74

Which command can be used to check the Hello and Dead timers value in an OSPF process?

A.
Show ip ospf

B.
Show ip ospf interface

C.
Show ip ospf timers

D.
Show interface ospf timers

Answer: B

"Pass Any Exam. Any Time." - www.actualtests.com 42

 Cisco 200-301 Exam
Explanation:

QUESTION NO: 75

Which of these statements are true regarding the syslog logging service?

A.
Its primary function is the ability to gather logging information for monitoring and troubleshooting.

B.
Its primary function is the ability to gather configuration information for monitoring and
troubleshooting.

C.
It cannot select the type of logging information that is captured

D.
It can only works with L3 devices.

Answer: A
Explanation:

QUESTION NO: 76

Name the popular destinations for syslog messages? (Choose three.)

A.
Logging buffer

B.
TFTP Server

C.
FTP Server

D.
TFTP Client

E.
Syslog Server

F.
"Pass Any Exam. Any Time." - www.actualtests.com 43
 Cisco 200-301 Exam
Console Line

Answer: A,E,F
Explanation:

QUESTION NO: 77

Which syslog level generates system messages that do not affect device functionality?

A.
Level 1

B.
Level 3

C.
Level 6

D.
Level 8

E.
Level 5

Answer: C
Explanation:

QUESTION NO: 78

An engineer wants to view logs generated during offices hours. Which command he configure to
force logged events to display the date and time?

A.
service time log date time

B.
syslog timestamps log datetime

C.
service timestamps log datetime
"Pass Any Exam. Any Time." - www.actualtests.com 44
 Cisco 200-301 Exam
D.
logging timestamps date time

Answer: C
Explanation:

QUESTION NO: 79

An engineer wanta to configure a router R1 to send log messages of levels 4 and lower to the
syslog server at 10.10.10.187. How it can be achieved?

A.
R1(config)# logging 10.10.10.0/24

R1(config)# logging level 4

R1(config)# logging source-interface GigabitEthernet 0/0

B.
R1(config)# logging 10.10.10.187

R1(config)# logging trap 5

R1(config)# logging source-interface GigabitEthernet 0/0

C.
R1(config)# logging 10.10.10.187

R1(config)# logging level 4

R1(config)# logging source-interface GigabitEthernet 0/0

D.
R1(config)# logging 10.10.10.187

R1(config)# logging trap 4

R1(config)# logging source-interface GigabitEthernet 0/0

Answer: D
Explanation:

"Pass Any Exam. Any Time." - www.actualtests.com 45

 Cisco 200-301 Exam
QUESTION NO: 80

An network engineer wants to take backup of a running config of a router using USB drive. Which
command is used to verify that the USB drive is there and confirm the name?

A.
show file systems

B.
dir file systems

C.
show file systems usb

D.
show file systems disk0

Answer: A
Explanation:

QUESTION NO: 81

Which configuration register value informs the router to ignore the startup config file on bootup?

A.
0x2142

B.
0x2042

C.
0x2242

D.
0x2141

Answer: A
Explanation:

QUESTION NO: 82
"Pass Any Exam. Any Time." - www.actualtests.com 46
 Cisco 200-301 Exam
Which commands ensures that the router uses the startup config file on bootup?

A.
config-register 0x2142 global configuration mode command

B.
config-register 0x2102 Interface configuration mode command

C.
config-register 0x2102 global configuration mode command

D.
config-register 0x2102 Romman mode command

E.
config-register 0x2202 global configuration mode command

Answer: C
Explanation:

QUESTION NO: 83

Which command is used to know whether router's system clock is synchronized with ntp server or
not?

A.
show ntp status

B.
show ntp sync

C.
show ntp server status

D.
show ntp

Answer: A
Explanation:

"Pass Any Exam. Any Time." - www.actualtests.com 47

 Cisco 200-301 Exam
QUESTION NO: 84

At which multicast IP address OSPF send its Hello packets?

A.
224.0.0.3

B.
224.0.0.4

C.
224.0.0.5

D.
224.0.0.6

Answer: C
Explanation:

QUESTION NO: 85

During OSPF neighborship process, after which neighborship state, routers can immediately move
on to the process of database exchange ?

A.
ExStart

B.
Exchange

C.
2-Way

D.
Loading

Answer: C
Explanation:

QUESTION NO: 86
"Pass Any Exam. Any Time." - www.actualtests.com 48
 Cisco 200-301 Exam
What is the role of the BDR in OSPF?

A.
BDR watches the status of the DR and takes over for the DR if it fails.

B.
DR watches the status of the BDR and takes over for the BDR if it fails

C.
BDR watches the status of the DR and takes over for the DR after neighborship state FULL.

D.
BDR and DR both are responsible to exchange data in a multiaccess network.

Answer: A
Explanation:

QUESTION NO: 87

Which of the following statements regarding the OSPF cost is true? (Choose two.)

A.
OSPF adds the cost for incoming interfaces in the route

B.
OSPF does not add the cost for incoming interfaces in the route

C.
OSPF does not add the cost for Outgoing interfaces in each route

D.
OSPF adds the cost for Outgoing interfaces in each route

Answer: B,D
Explanation:

QUESTION NO: 88

What are the contents of a Network LSA in OSPF?

"Pass Any Exam. Any Time." - www.actualtests.com 49

 Cisco 200-301 Exam
A.
RID, interfaces, IP address/mask, current interface state (status)

B.
DR and BDR IP addresses, subnet ID, mask

C.
Subnet ID, mask, RID of ABR that advertises the LSA

D.
interfaces, IP address/mask ,Subnet ID

Answer: B
Explanation:

QUESTION NO: 89

What is the significance of the OSPF state 2WAY/DROTHER? (Choose two.)

A.
Neighbor state is 2-way, and the neighbor is neither the DR nor BDR

B.
Local router is also a DROther router

C.
Local router is also a DR router

D.
Local router is also a BDR router

E.
Neighbor state is 2-way, and the neighbor is either the DR or BDR

Answer: A,B
Explanation:

QUESTION NO: 90

What is the default OSPF cost of Ethernet and FastEthernet interfaces?

"Pass Any Exam. Any Time." - www.actualtests.com 50

 Cisco 200-301 Exam
A.
Ethernet- 100 and FastEthernet- 1

B.
Ethernet- 10 and FastEthernet- 1

C.
Ethernet- 100 and FastEthernet- 10

D.
Ethernet- 1 and FastEthernet- 10

Answer: B
Explanation:

QUESTION NO: 91

An engineer want to change the reference bandwidth of OSPF, what is the Cisco recommended
method of doing this?

A.
OSPF reference bandwidth setting the different on all OSPF routers in an enterprise network

B.
OSPF reference bandwidth setting the same on all OSPF routers in an area

C.
OSPF reference bandwidth setting the same on all OSPF routers in backbone area

D.
OSPF reference bandwidth setting the same on all OSPF routers in an enterprise network

Answer: D
Explanation:

QUESTION NO: 92

Which command is used to change number of equal cost routes in routing table?

A.
"Pass Any Exam. Any Time." - www.actualtests.com 51
 Cisco 200-301 Exam
maximum-paths number

B.
maximum-equal-paths number

C.
maximum-routes number

D.
max-paths number

Answer: A
Explanation:

QUESTION NO: 93

Which of these are common Human Security Vulnerabilities? (Choose two.)

A.
Phishing

B.
DOS-attack

C.
Man-in-middle attack

D.
Social Engineering

Answer: A,D
Explanation:

QUESTION NO: 94

Which feature in NGFW looks deep into the application layer data to identify the application?

A.
AMP

"Pass Any Exam. Any Time." - www.actualtests.com 52

 Cisco 200-301 Exam
B.
AVC

C.
URL Filtering

D.
NGIPS

E.
APP Flitering

Answer: B
Explanation:

QUESTION NO: 95

An engineer wants to bind MAC address of the device dynamically with the switchport, whenever
device get connected. Which command will fulfil this task?

A.
switchport portsecurity mac-address bind-dynamic

B.
switchport portsecurity mac-address dynamic

C.
switchport portsecurity mac-address mac-address

D.
switchport portsecurity mac-address sticky

Answer: D
Explanation:

QUESTION NO: 96

Which port-security violation mode Disables the interface by putting it in an err disabled state,
discarding all traffic?

"Pass Any Exam. Any Time." - www.actualtests.com 53

 Cisco 200-301 Exam
A.
Protect

B.
Restrict

C.
Shutdown

D.
Disable

Answer: C
Explanation:

QUESTION NO: 97

How do you recover a port from an err-disabled state caused by Port-security? (Choose two.)

A.
Go to that interface and use "no shutdown "

B.
Go to that interface and use "shutdown " and then "no shutdown"

C.
Configure automatic recovery using "errdisable recovery cause psecure-violation" and "errdisable
recovery interval" commands

D.
Configure automatic recovery using "errdisable recovery cause psecure-violation" and "errdisable
recovery timer" commands

E.
Configure automatic recovery using "errdisable recovery cause port-secure-violation" and
"errdisable recovery timer" commands

Answer: B,C
Explanation:

QUESTION NO: 98
"Pass Any Exam. Any Time." - www.actualtests.com 54
 Cisco 200-301 Exam
Which tab in the WLAN configuration screen of a WLC configures VLAN mapping?

A.
Advanced

B.
Policy-Mapping

C.
General

D.
Security

Answer: C
Explanation:

QUESTION NO: 99

"Pass Any Exam. Any Time." - www.actualtests.com 55

 Cisco 200-301 Exam

Which set of commands should be used to enable DHCP snooping in the topology shown in the
exhibit?

A.

B.

"Pass Any Exam. Any Time." - www.actualtests.com 56

 Cisco 200-301 Exam

C.

D.

Answer: C
Explanation:

QUESTION NO: 100

R1 has been configured as shown below.

"Pass Any Exam. Any Time." - www.actualtests.com 57

 Cisco 200-301 Exam

A remote ssh session to R1 fails. What is the problem in this configuration?

A.
The transport input command is missing.

B.
The service password-encryption feature is not enabled.

C.
The privilege level is misconfigured.

D.
CEF is disabled.

Answer: A

"Pass Any Exam. Any Time." - www.actualtests.com 58

 Cisco 200-301 Exam
Explanation:

QUESTION NO: 101

Refer to the exhibit. PC1 fails to access the internet. What is misconfigured in the network?

A.
PC1

B.
G1

C.
ACL

D.
G0

E.
The NAT statement

"Pass Any Exam. Any Time." - www.actualtests.com 59

 Cisco 200-301 Exam
Answer: C
Explanation:

QUESTION NO: 102

Refer to the exhibit and the command output shown below.

"Pass Any Exam. Any Time." - www.actualtests.com 60

 Cisco 200-301 Exam

A user at 192.168.100.100/24 is trying to access a file server at 10.10.10.100/24 without success.

What must be configured to allow network connectivity between the two IP addresses?

A.
Set the gateway of last resort to 192.168.100.1 on router0.

B.
Disable OSPF on router0.

C.
Change the IP address of the user's device to 10.10.10.101.

D.
Set the default route on the user's device to 192.168.100.1.

Answer: D
Explanation:

QUESTION NO: 103

"Pass Any Exam. Any Time." - www.actualtests.com 61

 Cisco 200-301 Exam

Which ports should be configured as trunks in the wireless topology shown in the exhibit?

A.
G0/1 only

B.
G0/1, G0/15, and G0/16

C.
G0/15 and G0/16

D.
G0/15 only

E.
G0/16 only

Answer: A
Explanation:

"Pass Any Exam. Any Time." - www.actualtests.com 62

 Cisco 200-301 Exam
QUESTION NO: 104

Refer to the exhibit. What will be displayed in the CDP table on Router2?

A.
Device ID: Router1, Port ID: Gig 0/1

B.
Device ID: Router2, Port ID: Gig 0/2

C.
Device ID: Router1, Port ID: Gig 0/2

D.
Device ID: Router2, Port ID: Gig 0/1

Answer: A
Explanation:

QUESTION NO: 105 DRAG DROP

Match each IPv6 address type with its use case.

"Pass Any Exam. Any Time." - www.actualtests.com 63

 Cisco 200-301 Exam

Answer:

Explanation:

QUESTION NO: 106

"Pass Any Exam. Any Time." - www.actualtests.com 64
 Cisco 200-301 Exam
Which layer or layers in the three-tier architecture framework are primarily responsible for routing,
filtering, and policing?

A.
Core and distribution

B.
Distribution

C.
Core

D.
Core and access

E.
Access

Answer: B
Explanation:

QUESTION NO: 107

Within a local network, which device is at the edge of a broadcast domain?

A.
Router

B.
Access point

C.
Perimeter firewall

D.
Switch

Answer: A
Explanation:

"Pass Any Exam. Any Time." - www.actualtests.com 65

 Cisco 200-301 Exam
QUESTION NO: 108

A workstation is powered on and connected to a Cisco switch. The switch port LED does not turn
amber or green. All other port switches are blinking green.

What is the most likely way to resolve the issue?

A.
Replace the cable with a crossover cable.

B.
Reboot the switch.

C.
Reseat the network cable.

D.
Reboot the workstation.

Answer: C
Explanation:

QUESTION NO: 109 DRAG DROP

Match the protocol with its characteristic.

"Pass Any Exam. Any Time." - www.actualtests.com 66

 Cisco 200-301 Exam

Answer:

"Pass Any Exam. Any Time." - www.actualtests.com 67

 Cisco 200-301 Exam

Explanation:

"Pass Any Exam. Any Time." - www.actualtests.com 68

 Cisco 200-301 Exam

QUESTION NO: 110

Which IPv6 command is used to define a static host name-to-address mapping in the host name
cache?

A.
IPv6 host

B.
IPv6 local

C.
IPv6 unicast-routing

D.
IPv6 address

"Pass Any Exam. Any Time." - www.actualtests.com 69

 Cisco 200-301 Exam
Answer: A
Explanation:

QUESTION NO: 111

Refer to the following partial output from a macOS Martha laptop:

What can be verified from this output?

A.
The IPv6 address is f0:18:98:1f:bc:01.

B.
The IP address is 192.168.1.101/24.

C.
The default route is 192.168.1.255.

D.
The IP address is 192.168.1.101/25.

Answer: B
Explanation:

QUESTION NO: 112

Which command disables ISL?

"Pass Any Exam. Any Time." - www.actualtests.com 70

 Cisco 200-301 Exam
A.
switchport allowed VLAN

B.
switchport mode trunk

C.
switchport trunk encapsulation dot1q

D.
switchport mode access

Answer: C
Explanation:

QUESTION NO: 113

Which ports will become the root ports in the RSTP topology shown in the exhibit? (Choose two.)

A.
G0/1 on SW1

B.
G0/1 on SW2

C.
F0/1 on SW2

D.
F0/1 on SW1
"Pass Any Exam. Any Time." - www.actualtests.com 71
 Cisco 200-301 Exam
E.
G0/2 on SW3

F.
G0/1 on SW3

Answer: B,F
Explanation:

QUESTION NO: 114

Which wireless deployment option offers a controllerless infrastructure for up to 100 APs?

A.
Mobility Express

B.
Unified

C.
Autonomous

D.
Cloud

Answer: A
Explanation:

QUESTION NO: 115

Examine the following routing table:

"Pass Any Exam. Any Time." - www.actualtests.com 72

 Cisco 200-301 Exam

Which set of commands would create this routing table?

A.

B.

C.

"Pass Any Exam. Any Time." - www.actualtests.com 73

 Cisco 200-301 Exam
D.

Answer: C
Explanation:

QUESTION NO: 116

HSRP has been enabled on R1 under Gi0/1 and R2 under Gi0/1 using the following parameters:

What will be the HSRP status of both devices?

A.
R1: backup

R2: master

B.
"Pass Any Exam. Any Time." - www.actualtests.com 74
 Cisco 200-301 Exam
R1: master

R2: backup

C.
R1: standby

R2: active

D.
R1: active

R2: standby

Answer: D
Explanation:

QUESTION NO: 117

A Cisco switch is being configured for SSH access. What command is needed to prevent non-SSH
connections?

A.
no transport input telnet

B.
transport input telnet

C.
transport input ssh

D.
line vty 0 7

Answer: C
Explanation:

QUESTION NO: 118

A company implements a AAA solution. What can the company use for accounting?

"Pass Any Exam. Any Time." - www.actualtests.com 75

 Cisco 200-301 Exam
A.
Syslog

B.
MFA

C.
QoS

D.
Local authentication database

Answer: A
Explanation:

QUESTION NO: 119 DRAG DROP

Match each protocol with the plane it operates in.

Answer:

"Pass Any Exam. Any Time." - www.actualtests.com 76

 Cisco 200-301 Exam
Explanation:

QUESTION NO: 120

Which of the following is used to identify an object in a data structure?

A.
URI

B.
API

C.
YANG

D.
JSON and XML

Answer: A
Explanation:

QUESTION NO: 121

Which of the following uses valid JSON object syntax?

A.
{[type,code]: [1,2]}

B.
[{"type","code"}: {1","2"}]

"Pass Any Exam. Any Time." - www.actualtests.com 77

 Cisco 200-301 Exam
C.
{"type,code": [1,2]}

D.
{"type","code": "1","2"}

E.
{["type","code"]: ["1 ","2"]}

Answer: C
Explanation:

QUESTION NO: 122

Refer to the exhibit. PC1 should be the only device from VLAN 2 that is allowed to access Srv1.
Network traffic should be limited to a minimum.

Where should an ACL be created to accomplish this?

A.
CoreB G0/1 out

B.
CoreB G0/1 in

"Pass Any Exam. Any Time." - www.actualtests.com 78

 Cisco 200-301 Exam
C.
CoreA G0/2 in

D.
CoreA G0/2 out

Answer: C
Explanation:

QUESTION NO: 123

What NAT configuration has been accomplished with the configuration shown below?

ip nat inside source static tcp 192.168.1.17 80 177.61.2.4 80

A.
Twice NAT

B.
Static one-to-one NAT

C.
Static PAT

D.
Dynamic PAT

Answer: C
Explanation:

QUESTION NO: 124

Refer to the following configuration:

"Pass Any Exam. Any Time." - www.actualtests.com 79

 Cisco 200-301 Exam

What is missing in the LACP configuration to enable it as the main interface to the WAN?

A.
Port channel 1 has no IP configuration set.

B.
The reboot command was not issued next.

C.
The LACP administrative key is not set.

D.
Port channel 1 has no ports in passive mode.

Answer: A
Explanation:

QUESTION NO: 125

What is the primary reason behind implementing the RFC 1918 standard in a company?

A.
Mitigating an MitM attack
"Pass Any Exam. Any Time." - www.actualtests.com 80
 Cisco 200-301 Exam
B.
Multiple devices behind a firewall trying to access the internet

C.
Enhancing the standard STP protocol

D.
Several switches creating a full mesh topology with potential loops

Answer: B
Explanation:

QUESTION NO: 126

What will be the result of installing an IPS sensor using the promiscuous mode?

A.
The sensor can actively block a network attack.

B.
Signatures cannot be updated.

C.
End users will be impacted due to slow network transfers.

D.
The sensor receives a copy of the traffic only.

Answer: D
Explanation:

QUESTION NO: 127

Refer to the output shown below:

"Pass Any Exam. Any Time." - www.actualtests.com 81

 Cisco 200-301 Exam

Which statements about this configuration are correct? (Choose two.)

A.
The interface IPv6 address is 00d0.ba84.6002.

B.
The interface has jumbo frames configured.

C.
The interface is operational.

D.
The interface frame rate is 125000 KBs.

Answer: B,D
Explanation:

QUESTION NO: 128

SW0 and SW1 have four VLANs configured: 1, 2, 7, and 8. There is a trunk enabled, as shown in
the exhibit.

"Pass Any Exam. Any Time." - www.actualtests.com 82

 Cisco 200-301 Exam

What will be the result of executing the switchport trunk allowed vlan 5 command under interface
Gi0/1 on SW0?

A.
VLANs 1, 2, 5, 7, and 8 will be allowed on the trunk. Only VLAN 5 will be active on the trunk.

B.
Only VLAN 5 will be allowed on the trunk. There will be no active VLANs on the trunk.

C.

"Pass Any Exam. Any Time." - www.actualtests.com 83

 Cisco 200-301 Exam
VLANs 1, 2, 5, 7, and 8 will be allowed and active on the trunk.

D.
Only VLAN 5 will be allowed and active on the trunk.

Answer: B
Explanation:

QUESTION NO: 129 DRAG DROP

Match each routing table component with its use case.

Answer:

Explanation:

"Pass Any Exam. Any Time." - www.actualtests.com 84

 Cisco 200-301 Exam

QUESTION NO: 130

Refer to the following command output from a router (R1):

Which IP address on the internal network is serving the HTTP content to the outside hosts?

A.
127.0.0.1

B.
10.1.1.5

C.
192.168.2.23

D.
192.168.2.3

Answer: B
Explanation:

QUESTION NO: 131

"Pass Any Exam. Any Time." - www.actualtests.com 85
 Cisco 200-301 Exam
The Cisco router is configured to send alerts to an external syslog server. Logs are being
received, but known errors are not being logged.

The output of the show logging command is shown below:

How should the router be configured to ensure that the highest detailed logs are passed to the
syslog server?

A.
Enable Buffer logging.

B.
Set Trap logging to emergencies.

C.
Set Monitor logging to errors.

D.
Set Trap logging to debugging.

Answer: D
Explanation:

QUESTION NO: 132

A WLC has been configured to allow both local and RADIUS-based administrators. What will
happen if the same user exists both locally and in the RADIUS database?

A.
WLC reports an error.

B.
"Pass Any Exam. Any Time." - www.actualtests.com 86
 Cisco 200-301 Exam
WLC allows an administrator to choose the logon option.

C.
WLC uses the local database.

D.
WLC contacts the RADIUS server using the Authentication-Challenge message.

Answer: C
Explanation:

QUESTION NO: 133

One port is not visible in the output of the show vlan command on a production switch. What is the
most likely reason?

A.
The port has been converted into a trunk port.

B.
The port is down.

C.
There are no devices connected.

D.
The port has been shut down.

Answer: A
Explanation:

QUESTION NO: 134

Which feature of an NGFW is designed to protect the network against malware infections?

A.
SPI

B.
NGIPS
"Pass Any Exam. Any Time." - www.actualtests.com 87
 Cisco 200-301 Exam
C.
AMP

D.
AVC

Answer: C
Explanation:

QUESTION NO: 135

A virtual machine (VM) requires Layer 2 transport to another virtual machine on a different
physical host.

What needs to be added to the hypervisors to make transport possible?

A.
Virtualization Service Client

B.
Virtual switch

C.
VMFS

D.
HBA

Answer: B
Explanation:

QUESTION NO: 136

Which IOS command verifies the IPv4 address of an interface?

A.
show flash

B.
"Pass Any Exam. Any Time." - www.actualtests.com 88
 Cisco 200-301 Exam
show running-config

C.
show ip route

D.
show boot-config

Answer: B
Explanation:

QUESTION NO: 137

Which IPv6 address is valid?

A.
2001:db8:1:130g:ab9:C0a8:102b

B.
2001.db8.1..ab9.C0a8.102b

C.
2001:db8:1::ab9:C0a8:102b

D.
2001:db8:1:130h:ab9:C0a8:102b

Answer: C
Explanation:

QUESTION NO: 138

A user reports that they are unable to access a file share (\\fileserver01.baylyparker.local) on a
colleague’s workstation. The output of the ipconfig /all command on their Microsoft Windows 10
workstation is as follows:

"Pass Any Exam. Any Time." - www.actualtests.com 89

 Cisco 200-301 Exam

Additionally, the run command ping command:

What is the most likely reason for the issue?

A.
The DNS server address is incorrect.

B.
The default gateway is incorrect.

"Pass Any Exam. Any Time." - www.actualtests.com 90

 Cisco 200-301 Exam
C.
The IPv4 address is incorrect.

D.
The node type is incorrect.

Answer: B
Explanation:

QUESTION NO: 139

Which feature is available in both TCP and UDP and is designed to combine multiple data streams
by using source and destination port numbers?

A.
Multiplexing

B.
CRC

C.
Encapsulation

D.
Windowing

Answer: A
Explanation:

QUESTION NO: 140

What are two main requirements for implementing the spine-leaf topology? (Choose two.)

A.
The leaf switches are not interconnected.

B.
The 802.1d protocol should be enabled on the leaf switches only.

C.
"Pass Any Exam. Any Time." - www.actualtests.com 91
 Cisco 200-301 Exam
The spine switches are not interconnected.

D.
There should be at least two hops between the leaf and spine switches.

E.
The leaf switches should be the root bridges of the network.

Answer: A,C
Explanation:

QUESTION NO: 141

What two types of integration does Cisco DNA Center offer? (Choose two.)

A.
Ensure silos of wired, wireless, and WAN networks.

B.
Enforce and monitor common policies.

C.
Disable integration with other 3rd party vendors.

D.
Disable IBN across the WAN.

E.
Ensure end-to-end compliance with regulations.

Answer: B,E
Explanation:

QUESTION NO: 142

What is the default timeout option for a WLC telnet session?

A.
3 minutes

"Pass Any Exam. Any Time." - www.actualtests.com 92

 Cisco 200-301 Exam
B.
5 minutes

C.
10 minutes

D.
15 minutes

Answer: B
Explanation:

QUESTION NO: 143

A routing table has two routes to the same destination. The administrative distance is 110.

Which routing protocol would the router use by default to determine which route to take?

A.
IS-IS

B.
Connected interface

C.
OSPF

D.
BGP

Answer: C
Explanation:

QUESTION NO: 144

What subnet mask should be used to create an IPv4 host route?

A.
/24
"Pass Any Exam. Any Time." - www.actualtests.com 93
 Cisco 200-301 Exam
B.
/32

C.
/128

D.
/0

Answer: B
Explanation:

QUESTION NO: 145

Which SNMP message is initiated by an agent and sent to an NMS if an error occurs?

A.
Trap

B.
GetNext

C.
Get

D.
Walk

Answer: A
Explanation:

QUESTION NO: 146

Which three steps are required to enable SSH on a Cisco device? (Choose three.)

A.
Create an RSA key pair using the crypto key generate rsa command in the privileged EXEC mode.

B.
Create an RSA key pair using the crypto key generate rsa command in the global configuration
"Pass Any Exam. Any Time." - www.actualtests.com 94
 Cisco 200-301 Exam
mode.

C.
Create an RSA key pair using the ip ssh command in the global configuration mode.

D.
Configure a hostname and domain name in the global configuration mode.

E.
Allow SSH connections using the transport input command in the line configuration mode.

F.
Configure a hostname and domain name in the privileged EXEC mode.

G.
Allow SSH connections using the transport input command in the global configuration mode.

Answer: B,D,E
Explanation:

QUESTION NO: 147

Which two combinations of authentication methods are considered MFA? (Choose two.)

A.
PIN and password

B.
Username and password

C.
Password and fingerprint

D.
PIN and smart card

E.
Fingerprint and retina

Answer: C,D
Explanation:

"Pass Any Exam. Any Time." - www.actualtests.com 95

 Cisco 200-301 Exam
QUESTION NO: 148

What is the primary goal of the SBI in an SDN?

A.
Interaction with the data plane

B.
Communication between the controller and an application

C.
Control plane isolation

D.
Application plane management

Answer: A
Explanation:

QUESTION NO: 149

Which feature of the Cisco Wireless LAN Controller is an advancement from traditional wireless
setups?

A.
Support for all Lightweight Access Points

B.
Port mirroring

C.
Access Point out-of-bound management

D.
Centralized device configuration

Answer: D
Explanation:

QUESTION NO: 150

"Pass Any Exam. Any Time." - www.actualtests.com 96
 Cisco 200-301 Exam
An administrator configures link aggregation on the switches and enables link aggregation on a
Cisco 2500 Series Wireless Controller.

What command should the administrator run as the last step in configuring link aggregation on the
Cisco Wireless Controller?

A.
reset peer-system

B.
transfer download port

C.
save config

D.
reset system

Answer: D
Explanation:

QUESTION NO: 151

Why would a network use IPv4 private addressing?

A.
To have addresses that do not use DHCP

B.
To have addresses that are registered by IANA

C.
To have addresses that are available for local networks

D.
To have addresses directly routable through the public internet

Answer: C
Explanation:

"Pass Any Exam. Any Time." - www.actualtests.com 97

 Cisco 200-301 Exam
QUESTION NO: 152

Refer to the exhibit. What will be entered in the CAM table of SW1 after receiving FRAME1?

A.
IP ADDRESS: 192.168.1.8; TYPE: DYNAMIC; PORT: G0/1

B.
MAC ADDRESS: 6E12.2101.A4C8; TYPE: DYNAMIC; PORT: F0/24

C.
MAC ADDRESS: 1A32.2401 .E4A1; TYPE: DYNAMIC; PORT: G0/1

D.
MAC ADDRESS: 6E12.2101.A4C8; TYPE: DYNAMIC; PORT: G0/1

E.
IP ADDRESS: 192.168.1.8; TYPE: DYNAMIC; PORT: F0/24

Answer: D
Explanation:

QUESTION NO: 153

Review the partial output from Router1:

"Pass Any Exam. Any Time." - www.actualtests.com 98

 Cisco 200-301 Exam

Which statement is NOT correct?

A.
There are three directly connected routes.

B.
One route has been defined as a static route.

C.
There are no EIGRP routes defined.

D.
172.18.10.70 is reachable by a directly connected route.

Answer: D
Explanation:

QUESTION NO: 154

"Pass Any Exam. Any Time." - www.actualtests.com 99

 Cisco 200-301 Exam

Refer to the exhibit. PC1 should be allowed to telnet to Srv1. All other ports and services should
be blocked for any traffic destined for Srv1 from PC1. Which set of commands should be used?

A.

B.

C.

"Pass Any Exam. Any Time." - www.actualtests.com 100

 Cisco 200-301 Exam

D.

Answer: A
Explanation:

QUESTION NO: 155

When a switchport is configured with sticky MAC address learning, which three statements are
true? (Choose three.)

A.
The default maximum number of MAC addresses to be sticky learned is one.

B.
Sticky learned MAC addresses will appear in the output of the show mac address-table dynamic
command.

C.
Sticky learned MAC addresses will appear in the output of the show mac address-table static
command.

D.
The default maximum number of MAC addresses to be sticky learned is eight.

"Pass Any Exam. Any Time." - www.actualtests.com 101

 Cisco 200-301 Exam
E.
The sticky MAC addresses will be saved in the startup configuration file automatically.

F.
Sticky learned MAC addresses will appear in the output of the show mac address-table secure
command.

Answer: A,C,F
Explanation:

QUESTION NO: 156

Which of the following is a valid JSON file?

A.

B.

C.

"Pass Any Exam. Any Time." - www.actualtests.com 102

 Cisco 200-301 Exam

D.

Answer: C
Explanation:

QUESTION NO: 157

"Pass Any Exam. Any Time." - www.actualtests.com 103

 Cisco 200-301 Exam
Refer to the exhibit. Which path will be taken by R0 to get to LAN2 if all routers have RIP enabled?

A.
R1-R2

B.
R3-R6-R5

C.
R7-R6-R5

D.
R3-R4-R5

Answer: A
Explanation:

QUESTION NO: 158

Which RSTP feature shuts down an access port once it receives a superior BPDU?

A.
PortFast

B.
Port security

C.
Loop guard

D.
BPDU guard

Answer: D
Explanation:

QUESTION NO: 159

What will be the result of executing the following command in a Windows command-line session?

"Pass Any Exam. Any Time." - www.actualtests.com 104

 Cisco 200-301 Exam
ipconfig /release *s*

A.
It discards the IP configuration for all NICs with an adapter name including the letter s.

B.
It sends the DHCPNACK message to the DHCP server with the s parameter.

C.
It sends the DHCPInform message to the DHCP server with the s parameter.

D.
It discards the IP configuration for all NICs with an adapter name of * and s.

Answer: A
Explanation:

QUESTION NO: 160 DRAG DROP

Drag each type of device to its associated function.

Answer:

"Pass Any Exam. Any Time." - www.actualtests.com 105

 Cisco 200-301 Exam

Explanation:

QUESTION NO: 161

Which of the following IP addresses is host-assignable?

A.
1.2.0.0/8

B.
127.1.2.3/8

C.
225.1.2.3/24

D.
192.168.1.47/28

"Pass Any Exam. Any Time." - www.actualtests.com 106

 Cisco 200-301 Exam
Answer: A
Explanation:

QUESTION NO: 162

The GUI of a WLC offers five options when editing a WLAN profile: Security, General, QoS,
Policy-mapping, and Advanced. Which tab should be used to configure the WLC to override the
default AAA servers for the WLAN?

A.
QoS

B.
Advanced

C.
Security

D.
Policy-Mapping

E.
General

Answer: C
Explanation:

QUESTION NO: 163

What single-digit code is used in a syslog message?

A.
IP address

B.
Severity

C.
Timestamp

"Pass Any Exam. Any Time." - www.actualtests.com 107

 Cisco 200-301 Exam
D.
Seq no

Answer: B
Explanation:

QUESTION NO: 164

What will be the result of configuring R1 as shown in the exhibit?

A.
The OSPF cost to get to 172.16.1.4 will be 110.

B.
G0/0 will show no OSPF neighbors.

C.
"Pass Any Exam. Any Time." - www.actualtests.com 108
 Cisco 200-301 Exam
The gateway of last resort will be used to access a remote host with the IP address 192.168.15.1.

D.
The administrative distance of OSPF will be 90.

Answer: C
Explanation:

QUESTION NO: 165

A network administrator discovers a traffic loop that is causing slow inter VLAN connectivity.

What could be a possible reason for this?

A.
PMTUD black hole

B.
Lack of trunk port on a switch

C.
Packet corruption

D.
Asymmetrically configured EtherChannel

Answer: D
Explanation:

QUESTION NO: 166

"Pass Any Exam. Any Time." - www.actualtests.com 109

 Cisco 200-301 Exam

Refer to the exhibit. PC1 cannot ping PC2. Which device has been misconfigured?

A.
G0/1 on R1

B.
PC2

C.
PC1

D.
G0/2 on R1

Answer: B
Explanation:

QUESTION NO: 167

"Pass Any Exam. Any Time." - www.actualtests.com 110

 Cisco 200-301 Exam

Refer to the exhibit.

All Switches are configured for VLAN 100.

Which switch in the exhibit is the root bridge?

A.
Switch1

B.
Switch2

C.
Switch3

D.
Switch0

Answer: C
Explanation:

"Pass Any Exam. Any Time." - www.actualtests.com 111

 Cisco 200-301 Exam
QUESTION NO: 168

What is the advantage of using RADIUS for management purposes on a WLC?

A.
Fast UDP connection

B.
No need for a username and password

C.
Full packet encryption

D.
Centralized AAA

Answer: D
Explanation:

QUESTION NO: 169

Which router will become the DR in the multiaccess broadcast topology of the five routers shown
below?

A.
Router1

B.
Router2

C.
Router3
"Pass Any Exam. Any Time." - www.actualtests.com 112
 Cisco 200-301 Exam
D.
Router4

E.
Router5

Answer: B
Explanation:

QUESTION NO: 170

Which DNS record maps a domain name to an IP address in IPv6?

A.
A

B.
MX

C.
NS

D.
AAAA

Answer: D
Explanation:

QUESTION NO: 171

In a wireless network protected by WPA3, which algorithm is used to check the integrity of a
message?

A.
GMAC

B.
CBC-MAC

C.
"Pass Any Exam. Any Time." - www.actualtests.com 113
 Cisco 200-301 Exam
AES

D.
SHA

Answer: A
Explanation:

QUESTION NO: 172

Which two features differentiate a controller-based network from a traditional network? (Choose
two.)

A.
Centralized data planes

B.
Centralized SBI and NBI

C.
More programmability options

D.
Centralized control planes

E.
No need for the OpenFlow and OpFlex protocols

Answer: C,D
Explanation:

QUESTION NO: 173

A switch rejects the crypto key command in the process of enabling SSH. What should be done to
fix the problem?

A.
Change the configuration register value to 0x2142.

B.
"Pass Any Exam. Any Time." - www.actualtests.com 114
 Cisco 200-301 Exam
Update the IOS.

C.
Reload the switch.

D.
Use the ip ssh command instead of the crypto key command.

Answer: B
Explanation:

QUESTION NO: 174

What is NOT true about the role of administrative distance in forwarding decision making on a
router?

A.
All supported protocols have default administrative distances.

B.
Administrative distance decides which route is the backup route when the primary fails.

C.
Administrative distance can change after flushing the routing table.

D.
Administrative distance prioritizes routes when multiple routes to the same network are known.

Answer: C
Explanation:

QUESTION NO: 175

Below is partial output from the show etherchannel summary command.

"Pass Any Exam. Any Time." - www.actualtests.com 115

 Cisco 200-301 Exam

What is the status of this EtherChannel?

A.
Layer 3 Down

B.
Layer 2 Fully operational

C.
Layer 3 Fully operational

D.
Layer 2 Down

Answer: D
Explanation:

QUESTION NO: 176

Which statement is true about configuring a default VLAN on Cisco Catalyst Switches?

A.
The default VLAN is VLAN 0 and cannot be changed.

B.
The default VLAN is VLAN 1 and can be changed in switch-config mode.

C.
The default VLAN is VLAN 1 and cannot be changed.

D.
The default VLAN is VLAN 0 and can be changed in switch-config mode.

Answer: C

"Pass Any Exam. Any Time." - www.actualtests.com 116

 Cisco 200-301 Exam
Explanation:

QUESTION NO: 177

SW01 and SW02 are configured as shown in the exhibit. What will be the result of this
configuration?

A.
SW01 and SW02 will switch to full duplex after receiving the first frame.

B.
SW01 will not report a duplex mismatch. SW02 will renegotiate all parameters.

C.
SW01 will report a duplex mismatch. Network performance might be affected.

D.
Both switches will drop all frames in the network.

Answer: C
Explanation:

"Pass Any Exam. Any Time." - www.actualtests.com 117

 Cisco 200-301 Exam
QUESTION NO: 178

SW1 and SW2 have formed a trunk as shown in the exhibit. VLAN 5 is the only VLAN allowed and
active.

What will SW1 do with a frame coming from PC1 and destined to PC2?

A.
SW1 will report a collision.

B.
SW1 will add a VLAN tag of 5 and forward it to PC1.

C.
SW1 will drop the frame.

D.
SW1 will add a VLAN tag of 5 and forward it to SW2.

E.
SW1 will send the frame untagged to SW2.

Answer: E
Explanation:

"Pass Any Exam. Any Time." - www.actualtests.com 118

 Cisco 200-301 Exam

QUESTION NO: 179

What tool should a network engineer use to create configuration templates?

A.
Git

B.
Puppet

C.
NETCONFAPIs

D.
RESTful APIs

Answer: B
Explanation:

QUESTION NO: 180

Gratuitous ARP messages can be exploited to make which two kinds of attacks? (Choose two.)

A.
DDoS

B.
Spoofing attack

C.
DoS

D.
Reconnaissance attack

E.
Eavesdropping

F.
Amplification attack

"Pass Any Exam. Any Time." - www.actualtests.com 119

 Cisco 200-301 Exam
Answer: B,E
Explanation:

QUESTION NO: 181

Configuration change is required on a Cisco 2500 Series Wireless Controller (WLC) over a
wireless network using Cisco WLAN Express. After unplugging an existing Access Point (AP) and
plugging in a new AP into the WLC port 4, the administrator notices the lack of a CiscoAirProvision
SSID.

What could be the reason for this?

A.
The WLC has to be reset to factory defaults for WLAN Express to work

B.
WLAN Express should only be used to configure a WLC over a wired connection

C.
The AP has to be reset to factory defaults for WLAN Express to work

D.
The AP will only broadcast a CiscoAirProvision SSID when it is connected to port 1 on a WLC

Answer: A
Explanation:

QUESTION NO: 182

SW1 is configured as shown below. How many IPv6 addresses will be visible after executing the
show ipv6 interface brief on SW1 for interface VLAN 1?

"Pass Any Exam. Any Time." - www.actualtests.com 120

 Cisco 200-301 Exam
A.
0

B.
3

C.
2

D.
1

Answer: C
Explanation:

QUESTION NO: 183

What framework integrates with the port-based access control system and is commonly used to
deploy secure enterprise wireless networks?

A.
EAP

B.
MD5

C.
TLS

D.
FAST

Answer: A
Explanation:

QUESTION NO: 184

Which of the following is a benefit of migrating a farm of on-premises email virtual servers to an
SAAS solution?

"Pass Any Exam. Any Time." - www.actualtests.com 121

 Cisco 200-301 Exam
A.
No need to manage mailbox permissions

B.
No need to manage the VMs

C.
No need to monitor available disk space for emails

D.
No need to manage user permissions

Answer: B
Explanation:

QUESTION NO: 185

A network has experienced a number of MitM attacks. Which three mitigation techniques could be
used to secure the network? (Choose three.)

A.
VACL

B.
Encryption

C.
QoS

D.
DAI

E.
User training

Answer: B,D,E
Explanation:

QUESTION NO: 186

"Pass Any Exam. Any Time." - www.actualtests.com 122

 Cisco 200-301 Exam
A company wants to deploy a clientless VPN portal for end users with strong authentication and
encryption. Which VPN protocol should the company use?

A.
L2TP

B.

C.
IPsec

D.
SSL

Answer: D
Explanation:

QUESTION NO: 187 DRAG DROP

Match an AAA concept with its basic usage. Not all options are used.

Answer:

"Pass Any Exam. Any Time." - www.actualtests.com 123

 Cisco 200-301 Exam

Explanation:

QUESTION NO: 188

"Pass Any Exam. Any Time." - www.actualtests.com 124

 Cisco 200-301 Exam

In the topology shown in the exhibit, which interface should be configured using the ip helper
command?

A.
CoreA G0/2

B.
SW1 G0/2

C.
DHCP_Srv G0/1

D.
CoreA G0/1

E.
SW1 G0/1

Answer: A
Explanation:

QUESTION NO: 189 DRAG DROP

Match each QoS profile with its default application assignment on a WLC.

"Pass Any Exam. Any Time." - www.actualtests.com 125

 Cisco 200-301 Exam

Answer:

Explanation:

QUESTION NO: 190

"Pass Any Exam. Any Time." - www.actualtests.com 126

 Cisco 200-301 Exam
An IP phone fails to establish a connection with a switch that is configured using the correct voice
VLAN.

What should be enabled on the switch to fix the problem?

A.
QoS

B.
CDP

C.
FTP

D.
TFTP

Answer: B
Explanation:

QUESTION NO: 191

What will a switch do with a frame destined for the MAC address of FFFF.FFFF.FFFF?

A.
Drop the frame due to an invalid destination MAC address

B.
Send the frame out all ports in the particular VLAN

C.
Send the frame out all ports in all VLANs

D.
Add the FFFF.FFFF.FFFF address as a dynamic entry

Answer: B
Explanation:

QUESTION NO: 192

"Pass Any Exam. Any Time." - www.actualtests.com 127
 Cisco 200-301 Exam

What will be the cost of the root path on SW0 for the network shown in the exhibit?

A.
4

B.
8

C.
19

D.
23

Answer: D
Explanation:

"Pass Any Exam. Any Time." - www.actualtests.com 128

 Cisco 200-301 Exam

QUESTION NO: 193

Refer to the partial output of the show run command:

snmp-server group ADMIN v3 priv

What statement is true about this configuration?

A.
Cryptographic authentication is required, but not encrypted packets.

B.
Cryptographic authentication is required, and the packets are encrypted.

C.
There is no cryptographic authentication, but there are encrypted packets.

D.
There is no cryptographic authentication or encrypted packets.

Answer: B
Explanation:

QUESTION NO: 194

What is the correct syntax of the command to validate whether Dynamic ARP Inspection is
enabled on VLAN1?

A.
show ip arp inspection vlan1

B.
ip arp inspection 1

C.
ip arp inspection vlan1

D.
show ip arp inspection vlan 1

"Pass Any Exam. Any Time." - www.actualtests.com 129

 Cisco 200-301 Exam
Answer: D
Explanation:

QUESTION NO: 195

Refer to the partial output from the show running-config command:

What command would exclude the first block of 10 IP addresses from being assigned by DHCP?

A.
ip dhcp database 192.168.3.2-11

B.
ip dhcp excluded-address 192.168.3.1 192.168.3.10

C.
ip dhcp excluded-address 192.168.3.2 192.168.3.11

D.
ip dhcp database 192.168.3.1 192.168.3.10

Answer: C
Explanation:

QUESTION NO: 196

Which two encryption methods are available when configuring a new WLAN with WPA2? (Choose
two.)

"Pass Any Exam. Any Time." - www.actualtests.com 130

 Cisco 200-301 Exam
A.
TKIP

B.
AES

C.
IPsec

D.
RC4

Answer: A,B
Explanation:

QUESTION NO: 197

The LAN behind a firewall has been configured using the network address 172.31.0.0/16. What is
the outcome of this configuration?

A.
The LAN network has an incorrect subnet mask.

B.
Devices in the LAN can access the internet directly.

C.
The firewall must have NAT enabled for LAN devices to access the internet.

D.
The firewall will use the LAN address as its inside and outside IP address.

Answer: C
Explanation:

QUESTION NO: 198

What is the main security reason behind deprecating the wireless TKIP standard?

A.
"Pass Any Exam. Any Time." - www.actualtests.com 131
 Cisco 200-301 Exam
Using a 32-bit key

B.
Using AES-128

C.
Having no re-keying mechanism

D.
Using RC4

Answer: D
Explanation:

QUESTION NO: 199

Which command displays the routing table on a Linux device?

A.
show ip route

B.
netstat

C.
ipconfig

D.
ifconfig

Answer: B
Explanation:

QUESTION NO: 200

Router2 displays the following routing entry for 10.11.10.0/24:

"Pass Any Exam. Any Time." - www.actualtests.com 132

 Cisco 200-301 Exam

What will the show ip route command display for this route?

A.
10.11.10.0/24 [1/110] via 1.1.1.1,18:23:28, GigabitEthernet0/1

B.
10.11.10.0/24 [110/1] via 1.1.1.1,18:23:28, GigabitEthernet0/1

C.
10.11.10.0/24 [110/2] via 1.1.1.1,18:23:28, GigabitEthernet0/1

D.
R 10.11.10.0/24 [110/1] via 1.1.1.1,18:23:28, GigabitEthernet0/1

E.
10.11.10.0/24 [2/110] via 1.1.1.1,18:23:28, GigabitEthernet0/1

F.
R 10.11.10.0/24 [110/2] via 1.1.1.1,18:23:28, GigabitEthernet0/1

Answer: C
Explanation:

QUESTION NO: 201

What is the equivalent of a traditional access layer switch in DNA Center?

A.
IS-IS

B.
SDA edge node

"Pass Any Exam. Any Time." - www.actualtests.com 133

 Cisco 200-301 Exam
C.
VXLAN

D.
VLAN

Answer: B
Explanation:

QUESTION NO: 202

Which three statements are true about voice ports? (Choose three.)

A.
The switch should consider incoming tagged traffic as data VLAN traffic. It should consider
incoming untagged traffic as voice VLAN traffic.

B.
If interface e0/4 is a voice port, it will appear in the output of the show interfaces trunk command.

C.
If interface e0/4 is a voice port, it will appear in the output of the show interfaces e0/4 trunk
command.

D.
The switch should consider incoming untagged traffic as data VLAN traffic. It should consider
incoming tagged traffic as voice VLAN traffic.

E.
If port security is configured on a voice port, the default maximum MAC number should be used.

F.
A switch's CDP configurations can be left to the default settings.

Answer: C,D,F
Explanation:

QUESTION NO: 203

"Pass Any Exam. Any Time." - www.actualtests.com 134

 Cisco 200-301 Exam

Refer to the exhibit. The network admin reports that PC A fails to ping PC B. Which of the
following options can solve this issue? (Choose two.)

A.
Remove switchport port-security mac-address from switch A.

B.
Remove switchport voice vlan 11 from switch A.

C.
Remove switchport voice vlan 11 from switch B.

D.
Add switchport port-security maximum 2 to interface e0/1 on switch B.

E.
Add switchport port-security maximum 2 to interface e0/1 on switch A.

F.
Remove switchport port-security mac-address from switch B.

Answer: D,F
Explanation:

QUESTION NO: 204

Which of the following features represents a great advantage of DNAC as a network manager
compared to traditional network managers?

"Pass Any Exam. Any Time." - www.actualtests.com 135

 Cisco 200-301 Exam
A.
Converged wired and wireless management

B.
Path trace

C.
Single-pane-of-glass

D.
Plug and Play

Answer: B
Explanation:

QUESTION NO: 205

R1 has been configured using the point-to-point OSPF topology. What is the result of this
configuration?

A.
R1 will not send hello messages.

B.
R1 will report a mismatch error.

C.
R1 will not form a neighbor automatically.

D.
R1 will not use the DR/BDR concept.

Answer: D
Explanation:

QUESTION NO: 206

When building an ESS wireless topology, what should match across all access points?

A.
"Pass Any Exam. Any Time." - www.actualtests.com 136
 Cisco 200-301 Exam
Virtual MAC address

B.
BSSID

C.
Virtual IP address

D.
SSID

E.
IBSS

Answer: D
Explanation:

QUESTION NO: 207

What should be used by end devices as the default gateway in a network supported by VRRP?

A.
Master

B.
Backup

C.
Secondary IP

D.
VIP

Answer: D
Explanation:

QUESTION NO: 208

Which feature is supported by both FTP and TFTP?

"Pass Any Exam. Any Time." - www.actualtests.com 137

 Cisco 200-301 Exam
A.
Adding and removing of directories

B.
Passive and active mode

C.
File transfers

D.
3-way handshake

Answer: C
Explanation:

QUESTION NO: 209

Which API type is a southbound type?

A.
Python

B.
REST API

C.
JSON

D.
OpenFlow

Answer: D
Explanation:

QUESTION NO: 210

What is the purpose of enabling NTP authentication?

A.
To authenticate the time sources to which local devices synchronize
"Pass Any Exam. Any Time." - www.actualtests.com 138
 Cisco 200-301 Exam
B.
To provide an option for a username and password for NTP masters

C.
To provide an SHA-based authentication key

D.
To authenticate an administrator trying to modify NTP settings

Answer: A
Explanation:

QUESTION NO: 211

SW01 and SW02 have formed an EtherChannel. Based on a partial output of the show
etherchannel detail command from SW01 shown below, what EtherChannel mode has been
configured on the other switch?

A.
Passive

B.
Active

C.
Auto

"Pass Any Exam. Any Time." - www.actualtests.com 139

 Cisco 200-301 Exam
D.
Desirable

Answer: B
Explanation:

QUESTION NO: 212

What is the minimum set of one-way QoS values for a VoIP exchange?

A.
Latency: 300ms; Jitter: 30ms; Loss: 1%

B.
Latency: 150ms; Jitter: 30ms; Loss: 10%

C.
Latency: 150ms; Jitter: 30ms; Loss: 1%

D.
Latency: 150ms; Jitter: 100ms; Loss: 1%

Answer: C
Explanation:

QUESTION NO: 213

Which of the following is a benefit of controller-based networking over a traditional network?

A.
No APIs needed

B.
Ability to control the network devices via southbound APIs

C.
Less compute capacity required

D.
Less scripting required
"Pass Any Exam. Any Time." - www.actualtests.com 140
 Cisco 200-301 Exam
Answer: B
Explanation:

QUESTION NO: 214

Which two pieces of information can be found in the output of the ifconfig command in Linux?
(Choose two.)

A.
Active network connections

B.
Default gateway

C.
CLOSE_WAIT sessions

D.
MTU

E.
Physical address

Answer: D,E
Explanation:

QUESTION NO: 215

Refer to the following partial output:

"Pass Any Exam. Any Time." - www.actualtests.com 141

 Cisco 200-301 Exam
What does the Aging Time define?

A.
The hold time before a MAC address is entered into the MAC table

B.
How long before a MAC address is converted into CAM

C.
How long before the MAC table is cleared

D.
How long a dynamic MAC address will remain in the MAC table

Answer: D
Explanation:

QUESTION NO: 216

What correctly describes the characteristics of an SSID?

A.
An SSID can use up to 64 alphanumeric characters.

B.
An SSID can include any alphanumeric character.

C.
Characters in an SSID are case-sensitive.

D.
An SSID can include spaces.

Answer: C
Explanation:

QUESTION NO: 217

SW1 has LLDP enabled globally. Port Gi0/7 should not receive or send any LLDP updates. Which
commands should be used to configure the switch?
"Pass Any Exam. Any Time." - www.actualtests.com 142
 Cisco 200-301 Exam
A.
interface GigabitEthernet0/7

no lldp run

B.
interface GigabitEthernet0/7

no lldp transmit

no lldp receive

C.
interface GigabitEthernet0/7

no lldp med-tlv-select network-policy

D.
interface GigabitEthernet0/7

no lldp med-tlv-select inventory-management

Answer: B
Explanation:

"Pass Any Exam. Any Time." - www.actualtests.com 143