CCNA Certification Practice Tests: Exam 200-301 v1.1

CCNA®

Certification Practice Tests

Exam 200-301 v1.1

Second Edition

Jon Buhagiar

Copyright © 2025 by John Wiley & Sons, Inc. All rights, including for text and data mining, AI training, and similar technologies, are reserved.

Published by John Wiley & Sons, Inc., Hoboken, New Jersey.

Published simultaneously in Canada and the United Kingdom.

ISBNs: 9781394206575 (paperback), 9781394206629 (ePDF), 9781394206612 (ePub)

No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning, or otherwise, except as permitted under Section 107 or 108 of the 1976 United States Copyright Act, without either the prior written permission of the Publisher, or authorization through payment of the appropriate per-copy fee to the Copyright Clearance Center, Inc., 222 Rosewood Drive, Danvers, MA 01923, (978) 750-8400, fax (978) 750-4470, or on the web at www.copyright.com. Requests to the Publisher for permission should be addressed to the Permissions Department, John Wiley & Sons, Inc., 111 River Street, Hoboken, NJ 07030, (201) 748-6011, fax (201) 748-6008, or online at www.wiley.com/go/permission.

Trademarks: WILEY, the Wiley logo, and Sybex are trademarks or registered trademarks of John Wiley & Sons, Inc. and/or its affiliates, in the United States and other countries, and may not be used without written permission. CCNA is a registered trademark of Cisco Technologies, Inc. All other trademarks are the property of their respective owners. John Wiley & Sons, Inc. is not associated with any product or vendor mentioned in this book.

Limit of Liability/Disclaimer of Warranty: While the publisher and author have used their best efforts in preparing this book, they make no representations or warranties with respect to the accuracy or completeness of the contents of this book and specifically disclaim any implied warranties of merchantability or fitness for a particular purpose. No warranty may be created or extended by sales representatives or written sales materials. The advice and strategies contained herein may not be suitable for your situation. You should consult with a professional where appropriate. Further, readers should be aware that websites listed in this work may have changed or disappeared between when this work was written and when it is read. Neither the publisher nor author shall be liable for any loss of profit or any other commercial damages, including but not limited to special, incidental, consequential, or other damages.

For general information on our other products and services, please contact our Customer Care Department within the United States at (800) 762-2974, outside the United States at (317) 572- 3993. For product technical support, you can find answers to frequently asked questions or reach us via live chat at https://sybexsupport.wiley.com.

Wiley also publishes its books in a variety of electronic formats. Some content that appears in print may not be available in electronic formats. For more information about Wiley products, visit our web site at www.wiley.com.

Library of Congress Control Number: 2024948043

Cover image: © Jeremy Woodhouse/Getty Images

Cover design: Wiley

Acknowledgments

I would like to thank my wife, Teresa. She has had so much patience during the writing of this book. I would also like to thank the many people who made this book possible, including the following: Kenyon Brown at Wiley Publishing for giving me the opportunity to write this book; Kim Wimpsett, for working with me as the developmental editor and making the entire project seamless; Saravanan Dakshinamurthy, for helping with production editing and guiding me through the process; Ben Piper, for serving as technical reviewer to ensure I didn’t miss any details; and Elizabeth Welch, for the many edits that helped make this book a polished product. Thank you to the many other people I’ve never met who worked behind the scenes to make this book a success.

About the Author

Jon Buhagiar, BS/ITM, MCSE, CCNA, is an information technology professional with two decades of experience in higher education and the private sector.

Jon is currently the director of information technology at RareMed Solutions. In this role, he manages projects related to the IT infrastructure and cloud services that serve multiple pharmacies operated by RareMed Solutions. In addition, he is responsible for the technology that supports hundreds of care specialists who raise the quality of life for many patients all over the world.

Jon was previously the supervisor of network operations at Pittsburgh Technical College, where he managed the data center, network infrastructure operations, and IT operations and was involved in managing projects supporting the quality of education at the college. He also served as an adjunct instructor in the college’s School of Information Technology department, where he taught courses for Microsoft and Cisco certification. Jon has been an instructor for 20+ years with several colleges in the Pittsburgh area since the introduction of the Windows NT MCSE in 1998.

Jon earned a bachelor of science degree in information technology management from Western Governors University. He also achieved an associate degree in business management from Pittsburgh Technical College. His most recent certifications are Windows Server Microsoft Certified Solutions Expert (MCSE) and the Cisco Certified Network Associate (CCNA) certification. Other certifications include CompTIA Network+, CompTIA A+, and CompTIA Project+.

In addition to his professional and teaching roles, Jon has authored the CCNA Routing and Switching Practice Tests: Exam 100-105, Exam 200-105, and Exam 200-125 (Sybex, 2017); CompTIA Network+ Review Guide: Exam N10-007, 4th Edition (Sybex, 2018), and CompTIA A+ Deluxe Study Guide: Exam 220-1102 (Sybex, 2022), CompTIA Network+ Study Guide: Exam N10-009 (Sybex Study Guide), along with Todd Lammle (Sybex, 2024). He has also served as the technical editor for the second edition of the CompTIA Cloud+ Study Guide (Sybex, 2016); CCNA Security Study Guide: Exam 210-260 (Sybex, 2018); CCNA Cloud Complete Study Guide: Exam 210-451 and Exam 210-455 (Sybex, 2018); CCNP Enterprise Certification Study Guide: Implementing (Sybex, 2018); Operating Cisco Enterprise Network Core Technologies: Exam 300-401 (Sybex, 2020). Jon has spoken at several conferences about spam and email systems. He is an active radio electronics hobbyist and has held a ham radio license for the past 20 years, KB3KGS. He experiments with electronics and has a strong focus on the Internet of Things (IoT).

About the Technical Editor

Ben Piper is a consultant and instructor who has authored multiple books and taught more than 20 training courses covering cloud, networking, programming, and DevOps. You can contact Ben by visiting his website: https://benpiper.com.

Introduction

CCNA Certification Practice Tests: Exam 200-301 is a companion volume to the CCNA Certification Study Guide. If you’re looking to test your knowledge before you take the CCNA exam, this book will help you by providing a combination of 1,200 questions that cover the CCNA objectives.

If you’re just starting to prepare for the CCNA exam, I highly recommend that you start with CCNA Certification Study Guide, Volume 1 and CCNA Certification Study Guide, Volume 2, both by Todd Lammle (Sybex, 2024), to help you learn about each of the objectives covered in the CCNA exam. Once you’re ready to test your knowledge, use this book to find places where you may need to study more or practice for the exam itself.

Since it is a companion to the CCNA Certification Study Guide books for Exam 200-301, this book is designed to be similar to taking the CCNA certification exam. It contains scenarios and standard multiple-choice questions similar to those you may encounter in the certification exam itself. The book contains eight chapters: six objective-centric chapters with 100 to 250 questions, weighted by the objectives, and two chapters that contain 100-question practice tests to simulate taking the exam. The bulk of the questions are in the IP Connectivity objective.

Cisco’s Network Certification

It used to be that to secure the holy grail of Cisco certifications—the Cisco Certified Internetwork Expert (CCIE)—you passed only one written test before being faced with a grueling, formidable hands-on lab. This intensely daunting, all-or-nothing approach made it nearly impossible to succeed and predictably didn’t work out too well for most people. Cisco responded to this issue by creating a series of new certifications, which not only made it easier to eventually win the highly coveted CCIE prize, but gave employers a way to accurately rate and measure the skill levels of prospective and current employees. This exciting paradigm shift in Cisco’s certification path truly opened doors that few were allowed through before!

Beginning in 1998, obtaining the Cisco Certified Network Associate (CCNA) certification was the first milestone in the Cisco certification climb, as well as the official prerequisite for each of the more advanced levels. Today, the Cisco CCNA exam remains as important in the scheme of Cisco certification as it was 20+ years ago. Of course, you can imagine that what we learned two decades ago has changed significantly, and so has the current Cisco CCNA exam. The CCNA exam is less focused on routing and switching than prior exams and more focused on a wider spectrum of technologies. The technologies include virtualization, wireless, and software-defined networking, just to name a few.

In May 2023, Cisco made an exciting and welcomed announcement about their certification offerings. The news is that the exam numbers no longer change, from exam to exam! This truly is exciting news for everyone who is in the midst of studying for a CCNA. Cisco has adopted a new policy of point releases for their exams when there is less than 20% of changes to the objectives. The current CCNA exam is now version 1.1 for the 200-301, which means that less than 20% changed since the last version of 1.0 of the 200-301. If more than 20% changes from exam to exam, then the major version will change to version 2.0, 3.0, and beyond.

The prior CCNA exam of 200-301 was retroactively assigned the version of v1.0.

The news gets even better because Cisco has published exactly what has changed from version 1.0 to version 1.1 for the 200-301 exam. In the future, when the minor or major version changes, Cisco is committed to publishing the delta objectives for each revision. The exam number will never change for these versions, so you can stay on pace for obtaining your certification.

Since the last release of the CCNA certification exam 200-301 v1.0, Cisco has retired the Cisco Certified Entry Network Technician (CCENT). You are now required to take the CCNA certification in one exam (200-301 v1.1), and there are no prerequisites and no separate parts as there were in the past CCNA exams. Cisco has introduced an entry-level exam called the Cisco Certified Support Technician (CCST) Networking Exam. The CCST exam is aimed at entry-level technicians who support and maintain Cisco equipment. The CCST has not replaced the CCENT, and rest assured, the CCNA is still the benchmark for network professionals.

Cisco Certified Network Associate ( CCNA )

For the uninitiated, the CompTIA A+ and Network+ certifications aren’t official prerequisites, but know that Cisco does expect you to have that type and level of experience before embarking on your Cisco certification journey. If you are just starting out on the journey of Cisco certification and prefer to stick with Cisco-centric material, a good starting point is the book CCNA Certification Study Guide, Volume 1: Exam 200-301 by Todd Lammle (Sybex, 2024), which includes many of the introductory topics you are expected to know by the time you start the CCNA exam process.

All of this gets us to the current day, when the climb to Cisco supremacy got much harder again. The fact that the certification process is getting harder really works better for you in the long run, because that which is harder to obtain only becomes that much more valuable when you finally do, right? Yes, indeed!

The CCNA (200-301) exam is extremely hard and covers a lot of material, so you have to really know your stuff. Taking a Cisco class or spending months with hands-on experience is definitely a requirement to succeed when faced with this monster! However, the CCNA certification is the most popular Cisco certification by far because it’s the most sought-after certification by all employers.

And once you have your CCNA, you don’t have to stop there—you can choose to continue and achieve an even higher certification, called the Cisco Certified Network Professional (CCNP). There are various certifications, and each one focuses on a specialty area. The CCNP Enterprise certification is still the most popular, with the Security certification coming in at a close second. And I’ve got to tell you that the Data Center certification is quickly catching up. Also good to know is that anyone with a CCNP specialty certification has all the skills and knowledge needed to attempt the notoriously dreaded but coveted CCIE specialty lab. But just becoming a CCNA can land you that job you’ve dreamed about, and that’s what this book is all about: helping you get and keep a great job!

Why Become a CCNA?

Cisco, like Microsoft and other vendors that provide certification, has created the certification process to give administrators a set of skills and to equip prospective employers with a way to measure those skills or match certain criteria. And as you probably know, becoming a CCNA is certainly the initial, key step on a successful journey toward a new, highly rewarding, and sustainable networking career.

The CCNA program was created to provide a solid introduction, not only to switching and IP connectivity but also to internetworking in general, making it helpful to you in areas not exclusively Cisco’s. And regarding today’s certification process, it’s not unrealistic that network managers—even those without Cisco equipment—require Cisco certifications for their job applicants. Rest assured, if you make it through the CCNA and are still interested in Cisco and internetworking, you’re headed down a path to certain success!

What Skills Do You Need to Become a CCNA?

This CCNA exam (200-301) tests a candidate for the knowledge and skills required to successfully install, operate, and troubleshoot a small branch office network to a medium-sized enterprise network. The exam includes questions on the operation of IP data networks, LAN switching technologies, IPv6, IP routing technologies, IP services, network device security, and basic troubleshooting. The exam also includes questions on physical and network security, network troubleshooting, and WAN technologies. We also see wireless technology added as an objective, since many networks today consist of wired and wireless technologies.

This CCNA exam has also added an objective domain to consider the expanse of virtualized networking. Both private and public cloud-based networks are included in this objective domain. The CCNA exam added the objective domain of automation and programmability to accommodate this real-world requirement. Much of what we do today must scale and be reproducible with expected results.

How Do You Become a CCNA?

All you have to do is pass the CCNA exam (200-301). Oh, but don’t you wish it were that easy? True, it’s just one test, but it’s a whopper, and to pass it you must possess enough knowledge to understand what the test writers are saying, and you need to know everything I mentioned previously! Hey, it’s hard, but it can be done!

Where Do You Take the Exams?

You may take the CCNA or any Cisco exam at any of the Pearson VUE authorized testing centers. For information, check www.pearsonvue.com or call 877-404-EXAM (3926).

To register for a Cisco exam, follow these steps:

Determine the number of the exam you want to take. (The CCNA exam is 200-301 v1.1.)

Register with the nearest Pearson VUE testing center. At this point, you will be asked to pay for the exam in advance. As of this writing, the CCNA exam is $300. The exams must be taken within one year of payment. You can schedule exams up to six weeks in advance or as late as the day you want to take it—but if you fail a Cisco exam, you must wait five days before you will be allowed to retake it. If something comes up and you need to cancel or reschedule your exam appointment, contact Pearson VUE at least 24 hours in advance.

When you schedule the exam, you’ll get instructions regarding all appointment and cancellation procedures, the ID requirements, and information about the testing-center location.

Pearson VUE has recently introduced OnVUE online proctored exams. Currently on their registration page they urge you to schedule an OnVUE online proctored exam that can be taken from the comfort of your home.

Tips for Taking Your Cisco Exams

The Cisco exams contain about 50–60 questions and must be completed in about 120 minutes or less. This information can change per exam. You must get a score of about 85 percent to pass this exam, but again, each exam can be different.

Many questions on the exam have answer choices that at first glance look identical, especially the syntax questions! So remember to read through the choices carefully because close just doesn’t cut it. If you get commands in the wrong order or forget one measly character, you’ll get the question wrong. So, practice; do the hands-on exercises found at the end of each chapter in the books CCNA Certification Study Guide, Volume 1, and CCNA Certification Study Guide, Volume 2 by Todd Lammle (Sybex, 2024), and perform them over and over again until they feel natural to you.

Also, never forget that the right answer is the Cisco answer. In many cases, more than one appropriate answer is presented, but the correct answer is the one that Cisco recommends. On the exam, you will always be told to pick one, two, or three options, never choose all that apply. The Cisco exam may include the following test formats:

Multiple-choice single answer

Multiple-choice multiple answers

Drag-and-drop

Router simulations

Cisco proctored exams will not show the steps to follow in completing a router interface configuration, but they do allow partial command responses. For example, show run, sho running, or sh running-config would be acceptable.

Here are some general tips for exam success:

Arrive early at the exam center so you can relax and review your study materials.

Read the questions carefully. Don’t jump to conclusions. Make sure you’re clear about exactly what each question asks. Read twice, answer once, is what I always tell my students.

When answering multiple-choice questions that you’re not sure about, use the process of elimination to get rid of the obviously incorrect answers first. Doing this greatly improves your odds if you need to make an educated guess.

You can no longer move forward and backward through the Cisco exams, so double-check your answer before clicking Next since you can’t change your mind.

After you complete an exam, you’ll get immediate, online notification of your pass or fail status, a printed examination score report that indicates your pass or fail status, and your exam results by section. (The test administrator will give you the printed score report.) Test scores are automatically forwarded to Cisco within five working days after you take the test, so you don’t need to send your score to them. If you pass the exam, you’ll receive confirmation from Cisco, typically within two to four weeks, sometimes a bit longer.

How to Use This Book and the Interactive Online Learning Environment and Test Bank

This book includes over 1,000 practice test questions, which will help you get ready to pass the CCNA exam. The interactive online learning environment that accompanies CCNA Certification Practice Tests: Exam 200-301, Second Edition provides a robust test bank to help you prepare for the certification exams and increase your chances of passing them the first time! By using this test bank, you can identify weak areas up front and then develop a solid studying strategy using each of these testing features.

The test bank also offers two practice exams. Take these practice exams just as if you were taking the actual exam (without any reference material). When you’ve finished the first exam, move on to the next one to solidify your test-taking skills. If you get more than 90 percent of the answers correct, you’re ready to take the certification exams.

You can access the Sybex interactive online test bank at www.wiley.com/go/sybextestprep.

Like all exams, the CCNA certification from Cisco is updated periodically and may eventually be retired or replaced. At some point after Cisco is no longer offering this exam, the old editions of our books and online tools will be retired. If you have purchased this book after the exam was retired, or are attempting to register in the Sybex online learning environment after the exam was retired, please know that we make no guarantees that this exam’s online Sybex tools will be available once the exam is no longer available.

CCNA (200-301 v1.1) Exam Objectives

Exam objectives are subject to change at any time without prior notice and at Cisco’s sole discretion. Please visit Cisco’s certification website, www.cisco.com/c/en/us/training-events.html, for the latest information on the CCNA exam. Tables 1–6 cover the CCNA (200-301 v1.1) exam objectives.

TABLE 1 1.0 Network Fundamentals (20%)

TABLE 2 2.0 Network Access (20%)

TABLE 3 3.0 IP Connectivity (25%)

TABLE 4 4.0 IP Services (10%)

TABLE 5 5.0 Security Fundamentals (15%)

TABLE 6 6.0 Automation and Programmability (10%)

CCNA (200-301 v1.1) Exam Delta Objectives

Studying to take a Cisco exam takes time, lots of time! Understandably, we can find ourselves in the middle of studying for one exam, such as the prior CCNA (200-301 v1.0) exam, only to find out it is being retired and replaced with the CCNA (200-301 v1.1). To maintain your momentum, you will find yourself frantically looking at what exactly changed from the past exam to the current exam. For this purpose, I have included the delta exam objectives in this book. These delta objectives are the new or changed objectives that were not present on the prior exam or were not emphasized in the prior exam. This section is only a guide for you to prepare for the transition to the current certification of CCNA (200-301 v1.1). This section is not the only portion you must study in addition to the prior study material.

Exam objectives are subject to change at any time without prior notice and at Cisco’s sole discretion. Please visit Cisco’s certification website (www.cisco.com/c/en/us/training-events.html) for the latest information on the CCNA (200-301 v1.1) exam. Table 7 covers the differences between the prior CCNA (200-301 v1.0) exam and the new CCNA (200-301 v1.1) exam objectives.

TABLE 7 Delta objectives

Using This Book to Practice

This book is composed of eight chapters. Each of the first six chapters covers a domain, with a variety of questions that can help test your real-world, scenario, and best practices networking knowledge. The final two chapters are complete practice exams that can serve as timed practice tests to help determine if you’re ready for the CCNA exam.

I recommend taking the first practice exam to help identify where you may need to spend more study time and then using the domain-specific chapters to test where your domain knowledge is weak. Once you’re ready, take the second practice exam to make sure you’ve covered all the material and are ready to attempt the CCNA exam.

The book is separated into eight chapters, six chapters to reflect the major objectives and two chapters with practice tests:

Chapter 1: Network Fundamentals (Domain 1)

Chapter 2: Network Access (Domain 2)

Chapter 3: IP Connectivity (Domain 3)

Chapter 4: IP Services (Domain 4)

Chapter 5: Security Fundamentals (Domain 5)

Chapter 6: Automation and Programmability (Domain 6)

Chapter 7: Practice Exam 1

Chapter 8: Practice Exam 2

How to Contact the Publisher

If you believe you have found a mistake in this book, please bring it to our attention. At John Wiley & Sons, we understand how important it is to provide our customers with accurate content, but even with our best efforts an error may occur.

In order to submit your possible errata, please email it to our Customer Service Team at [email protected] with the subject line Possible Book Errata Submission.

Chapter 1

Network Fundamentals (Domain 1)

THE CCNA EXAM TOPICS COVERED IN THIS PRACTICE TEST INCLUDE THE FOLLOWING:

1.0 Network Fundamentals

1.1 Explain the role and function of network components

1.1.a Routers

1.1.b Layer 2 and Layer 3 switches

1.1.c Next-generation firewalls and IPS

1.1.d Access points

1.1.e Controllers

1.1.f Endpoints

1.1.g Servers

1.1.h PoE

1.2 Describe the characteristics of network topology architectures

1.2.a Two-tier

1.2.b Three-tier

1.2.c Spine-leaf

1.2.d WAN

1.2.e Small office/home office (SOHO)

1.2.f On-premises and cloud

1.3 Compare physical interface and cabling types

1.3.a Single-mode fiber, multimode fiber, copper

1.3.b Connections (Ethernet shared media and point-to-point)

1.4 Identify interface and cable issues (collisions, errors, mismatch duplex, and/or speed)

1.5 Compare TCP to UDP

1.6 Configure and verify IPv4 addressing and subnetting

1.7 Describe private IPv4 addressing

1.8 Configure and verify IPv6 addressing and prefix

1.9 Compare IPv6 address types

1.9.a Unicast (global, unique local, and link local)

1.9.b Anycast

1.9.c Multicast

1.9.d Modified EUI 64

1.10 Verify IP parameters for Client OS (Windows, Mac OS, Linux)

1.11 Describe wireless principles

1.11.a Nonoverlapping Wi-Fi channels

1.11.b SSID

1.11.c RF

1.11.d Encryption

1.12 Explain virtualization fundamentals (server virtualization, containers, and VRFs)

1.13 Describe switching concepts

1.13.a MAC learning and aging

1.13.b Frame switching

1.13.c Frame flooding

1.13.d MAC address table

How many broadcast domains are present in the network in the following figure?

One broadcast domain

Two broadcast domains

Three broadcast domains

Seven broadcast domains

How many potential collision domains are present in the network in the following figure?

One collision domain

Two collision domains

Three collision domains

Seven collision domains

Which statement is true about collision domains?

All computers in the collision domain have the potential to have a frame collision.

All computers in the collision domain have the potential to receive layer 2 broadcast messages.

All computers in the collision domain have the potential to receive layer 3 broadcast messages.

All computers in the collision domain are set to 10 Mb/s full-duplex.

In the following figure, which would be true if the hub was replaced with a switch?

The number of collision domains would increase.

The number of collision domains would decrease.

The number of broadcast domains would increase.

The number of broadcast domains would decrease.

Considering the following figure, which of the following is a correct statement?

One collision domain exists with one broadcast domain.

Two collision domains exist with one broadcast domain.

Three collision domains exist with two broadcast domains.

Seven collision domains exist with two broadcast domains.

Which component acts as a distribution switch for the physical data center?

Top of Rack switch

End of Row switch

Core switch

Virtual switch

Which advantage(s) are gained using switches?

Low latency

Software switching

High cost

All of the above

Which is a correct statement when hubs are replaced with switches?

The replacement increases collision domains.

The replacement decreases collision domains.

The replacement increases broadcast domains.

The replacement decreases broadcast domains.

Which is a function of a layer 2 switch?

Forwarding the data based on logical addressing

Repeating the electrical signal to all ports

Learning the MAC address by examining the destination MAC addresses

Determining the forwarding interfaces based upon the destination MAC address and tables

What is a reason a network administrator would segment a network with a switch?

To create more broadcast domains

To create isolation of ARP messages

To create fewer collision domains

To isolate traffic between segments

What is the maximum wire speed of a single port on a 48-port Gigabit Ethernet switch?

1,000 Mb/s

2 Gb/s

48 Gb/s

96 Gb/s

Which statement describes the microsegmentation that a switch provides?

All of the ports on the switch create a single collision domain.

Each port on the switch segments broadcasts.

Each port on the switch creates its own collision domain.

Each port on the switch creates an isolation for layer 2 broadcasts.

Given the information in the following figure, which statement is true when Computer A needs to communicate with Computer F?

Switch A and Switch B will flood the frame across all ports.

Only Switch A will flood the frame across all ports.

Only Switch B will flood the frame across all ports.

Switch A will flood the frame across all ports; Switch B will forward traffic only to Computer F’s port.

When firewalls are placed in a network, which zone contains Internet-facing services?

Outside zone

Enterprise network zone

Demilitarized zone

Inside zone

According to best practices, what is the proper placement of a firewall?

Only between the internal network and the Internet

At key security boundaries

In the DMZ

Only between the DMZ and the Internet

Which is a false statement about firewalls?

Firewalls can protect a network from external attacks.

Firewalls are commonly deployed to protect a network from internal attacks.

Firewalls can provide stateful packet inspection.

Firewalls can control application traffic.

Which of the following statements does not represent the logical management of a firewall?

All physical access to the firewall should be tightly controlled.

All firewall policies should be documented.

Firewall logs should be regularly monitored.

Firewalls should allow traffic by default and deny traffic explicitly.

What is the reason firewalls are considered stateful?

Firewalls keep track of the zone states.

Firewalls keep accounting on the state of packets.

Firewalls track the state of a TCP conversation.

Firewalls transition between defense states.

You have an Adaptive Security Appliance (ASA) and two separate Internet connections via different providers. How could you apply the same policies to both connections?

Place both connections into the same zone.

Place each connection into an ISP zone.

Apply the same ACL to both of the interfaces.

Each connection must be managed separately.

Why should servers be placed in the DMZ?

To allow unrestricted access by Internet clients

To allow access to the Internet and the internal network

To allow the server to access the Internet

To restrict the server to the Internet

Which type of device will detect but not prevent unauthorized access?

Firewall

IPS

IDS

Honeypots

Which term describes what it is called when more than one wireless access point (WAP) covers the same SSID?

Broadcast domain

Basic service set

Extended service set

Wireless mesh

Which protocol allows a Lightweight AP (LWAP) to forward data to the wired LAN?

Spanning Tree Protocol (STP)

Bridge Protocol Data Units (BPDUs)

Orthogonal Frequency Division Multiplexing (OFDM)

Control and Provisioning of Wireless Access Points (CAPWAP)

Which component allows wireless clients to roam between access points and maintain authentication?

Basic service set

Extended service set

Wireless LAN controller

Service set ID

Why would you use Multiprotocol Label Switching (MPLS) as a connectivity option?

You need support for multicast packets.

You need support for both IPv4 and IPv6 packets.

You need a high amount of bandwidth.

You require encryption.

What is a service-level agreement (SLA) for network connectivity?

It is an agreement of bandwidth between the ISP and the customer.

It is a quality of service agreement between the ISP and the customer.

It is an agreement of uptime between the ISP and the customer.

All of the above.

Which is a valid reason to implement a wireless LAN controller?

Centralized authentication

The use of autonomous WAPs

Multiple SSIDs

Multiple VLANs

Which allows for seamless wireless roaming between access points?

Single SSID

Single service set

802.11ac

Wireless LAN controller

Which is one of the critical functions that a wireless LAN controller performs?

Allows autonomous WAPs

Synchronizes the WAPs with the same IOS

Triangulates users for location lookups

Allows for the use of all frequency channels

Which should be performed at the core layer?

Routing

Supporting clients

Configuring ACLs

Switching

Which network topology design has a centralized switch connecting all of the devices?

Star topology

Full-mesh topology

Partial-mesh topology

Hybrid topology

Which is a direct benefit of a full-mesh topology?

Increased bandwidth

Increased redundancy

Decreased switch count

Increased complexity

Where is the hybrid topology most commonly seen in the three-tier design model?

Core layer

Distribution layer

Access layer

Routing layer

Where is the full-mesh topology commonly seen in the three-tier design model?

Core layer

Distribution layer

Access layer

Routing layer

Where is the star topology most commonly seen in the three-tier design model?

Core layer

Distribution layer

Access layer

Routing layer

Which topology does the collapsed core layer switch use in a two-tier design model?

Star topology

Full-mesh topology

Partial-mesh topology

Hybrid topology

The two-tier design model contains which layer switches?

Core, distribution, and access

Core and distribution

Distribution and access

Internet, core, distribution, and access

You have one campus, which contains 2,000 PCs, and each edge switch will contain 25 to 40 PCs. Based on this layout, which design model should be used?

Collapsed core model

Three-tier model

DOD model

Access model

Which is an accurate statement about the collapsed core design concept?

It is best suited for large-scale networks.

It allows for better bandwidth.

It is best suited for small enterprises.

It bottlenecks bandwidth.

Access layer switches in the three-tier design model perform which task?

Connect to other switches for redundancy

Connect to users

Connect campuses

Connect to the Internet

Distribution layer switches in the three-tier design model perform which task?

Connect to other switches for redundancy

Connect to users

Connect campuses

Connect to the Internet

Core layer switches in the three-tier design model perform which task?

Connect to other switches for redundancy

Connect to users

Connect to campuses

Connect to the Internet

You have four campuses, each containing 500 PCs, and each edge switch will contain 20 to 30 PCs. Based on this layout, which design model should be used?

Collapsed core model

Three-tier model

DoD model

Access model

Which layer in the three-tier model should the redistribution of routing protocols be performed?

Core layer

Distribution layer

Access layer

Routing layer

Which layer in the three-tier model should the collision domains be created?

Core layer

Distribution layer

Access layer

Routing layer

In Cisco’s three-tier architecture, the links between the distribution layer switches indicate what kind of topology?

Full-mesh topology

Partial-mesh topology

Star topology

Ring topology

Which technology provides for a hub-and-spoke design?

E-Tree services