Cisco 200-301

Cisco Certified Network Associate

Version: 39.0
 Cisco 200-301 Exam
Topic 1, Network Fundamentals

QUESTION NO: 1

Refer to the exhibit. Which prefix does Router1 use for traffic to Host A?

A.
10.10.10.0/28

B.
10.10.13.0/25

C.
10.10.13.144/28

D.
10.10.13.208/29
"Pass Any Exam. Any Time." - www.actualtests.com 2
 Cisco 200-301 Exam
Answer: D
Explanation:

The prefix with “longest prefix? will be matched first, in this case is “/29?.

QUESTION NO: 2

Which 802.11 frame type is Association Response?

A.
management

B.
protected frame

C.
action

D.
control

Answer: A
Explanation:

There are three main types of 802.11 frames: the Data Frame, the Management Frame and the
Control Frame. Association Response belongs to Management Frame. Association response is
sent in response to an association request.

Reference: https://en.wikipedia.org/wiki/802.11_Frame_Types

QUESTION NO: 3

What are two reasons that cause late collisions to increment on an Ethernet interface? (Choose
two.)

A.
when Carrier Sense Multiple Access/Collision Detection is used

"Pass Any Exam. Any Time." - www.actualtests.com 3

 Cisco 200-301 Exam
B.
when one side of the connection is configured for half-duplex

C.
when the sending device waits 15 seconds before sending the frame again

D.
when a collision occurs after the 32nd byte of a frame has been transmitted

E.
when the cable length limits are exceeded

Answer: B,E
Explanation:

A late collision is defined as any collision that occurs after the first 512 bits (or 64th byte) of the
frame have been transmitted. The usual possible causes are full-duplex/half-duplex mismatch,
exceeded Ethernet cable length limits, or defective hardware such as incorrect cabling, non-
compliant number of hubs in the network, or a bad NIC.

Late collisions should never occur in a properly designed Ethernet network. They usually occur
when Ethernet cables are too long or when there are too many repeaters in the network.

Reference: https://www.cisco.com/en/US/docs/internetworking/troubleshooting/guide/tr1904.html

QUESTION NO: 4

Which action is taken by switch port enabled for PoE power classification override?

A.
Should a monitored port exceed the maximum administrative value for power, the port is shut
down and err-disabled.

B.
When a powered device begins drawing power from a PoE switch port, a syslog message is
generated.

C.
As power usage on a PoE switch port is checked, data flow to the connected device is temporarily
paused.

D.
If a switch determines that a device is using less than the minimum configured power, it assumes
"Pass Any Exam. Any Time." - www.actualtests.com 4
 Cisco 200-301 Exam
the device has failed and disconnects it.

Answer: A
Explanation:

PoE monitoring and policing compares the power consumption on ports with the administrative
maximum value (either a configured maximum value or the port’s default value). If the power
consumption on a monitored port exceeds the administrative maximum value, the following actions
occur:

- A syslog message is issued.

- The monitored port is shut down and error-disabled.

- The allocated power is freed.

Reference: https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst6500/ios/12-
2SX/configuration/guide/book/power_over_ethernet.pdf

QUESTION NO: 5

Which action must be taken to assign a global unicast IPv6 address on an interface that is derived
from the MAC address of that interface?

A.
explicitly assign a link-local address

B.
disable the EUI-64 bit process

C.
enable SLAAC on an interface

D.
configure a stateful DHCPv6 server on the network

Answer: C
Explanation:

How does SLAAC work?

To fully understand how the IPv6 auto-addressing work, let's follow the steps an IPv6 node takes
from the moment it gets connect to the network to the moment it has a unique global unicast

"Pass Any Exam. Any Time." - www.actualtests.com 5

 Cisco 200-301 Exam
address.

Step 1: The node configures itself with a link-local address

When an IPv6 node is connected to an IPv6 enabled network, the first thing it typically does is to
auto-configure itself with a link-local address. The purpose of this local address is to enable the
node to communicate at Layer 3 with other IPv6 devices in the local segment. The most widely
adopted way of auto-configuring a link-local address is by combining the link-local prefix FE80::/64
and the EUI-64 interface identifier, generated from the interface's MAC address.

QUESTION NO: 6

What are two differences between optical-fiber cabling and copper cabling? (Choose two.)

A.
A BNC connector is used for fiber connections

B.
The glass core component is encased in a cladding

C.
The data can pass through the cladding

D.
Light is transmitted through the core of the fiber

E.
Fiber connects to physical interfaces using RJ-45 connections

Answer: B,D
Reference:
https://www.ciscopress.com/articles/article.asp?p=170740&seqNum=4#:~:text=PCS%20fiber%2D
optic%20cable%20has,with%20a%20lower%20refractive%20index.

QUESTION NO: 7

Which IPv6 address block forwards packets to a multicast address rather than a unicast address?

"Pass Any Exam. Any Time." - www.actualtests.com 6

 Cisco 200-301 Exam
A.
2000::/3

B.
FC00::/7

C.
FE80::/10

D.
FF00::/12

Answer: D
Explanation:

An IPv6 multicast address defines a group of devices known as a multicast group. IPv6 multicast
addresses use the prefix ff00::/8, which is equivalent to the IPv4 multicast address 224.0.0.0/4. A
packet sent to a multicast group always has a unicast source address.

Reference:
https://www.ciscopress.com/articles/article.asp?p=2803866&seqNum=5#:~:text=An%20IPv6%20
multicast%20address%20defines,has%20a%20unicast%20source%20address.

QUESTION NO: 8

Which type of IPv6 address is publicly routable in the same way as IPv4 public addresses?

A.
multicast

B.
unique local

C.
link-local

D.
global unicast

Answer: D
Explanation:

The following is a quick preview of each type of unicast address discussed in this section:
"Pass Any Exam. Any Time." - www.actualtests.com 7
 Cisco 200-301 Exam
Global unicast: A routable address in the IPv6 Internet, similar to a public IPv4 address

Link-local: Used only to communicate with devices on the same local link (covered in more detail
in Chapter 6).

Loopback: An address not assigned to any physical interface that can be used for a host to send
an IPv6 packet to itself.

Unspecified address: Used only as a source address and indicates the absence of an IPv6
address.

Unique local: Similar to a private address in IPv4 (RFC 1918) and not intended to be routable in
the IPv6 Internet. However, unlike RFC 1918 addresses, these addresses are not intended to be
statefully translated to a global unicast address.

IPv4 embedded: An IPv6 address that carries an IPv4 address in the low-order 32 bits of the
address.

Reference: https://www.ciscopress.com/articles/article.asp?p=2803866&seqNum=4

QUESTION NO: 9

A corporate office uses four floors in a building.

Floor 1 has 24 users.

Floor 2 has 29 users.

Floor 3 has 28 users.

Floor 4 has 22 users.

Which subnet summarizes and gives the most efficient distribution of IP addresses for the router
configuration?

A.
192.168.0.0/24 as summary and 192.168.0.0/28 for each floor

B.
192.168.0.0/23 as summary and 192.168.0.0/25 for each floor

C.
192.168.0.0/25 as summary and 192.168.0.0/27 for each floor

D.
"Pass Any Exam. Any Time." - www.actualtests.com 8
 Cisco 200-301 Exam
192.168.0.0/26 as summary and 192.168.0.0/29 for each floor

Answer: C
Explanation:

A /27 supports up to 30 usable IP addresses per subnet, and a /25 will aggregate 4 /27’s.

QUESTION NO: 10

Refer to the exhibit. An engineer must add a subnet for a new office that will add 20 users to the
network. Which IPv4 network and subnet mask combination does the engineer assign to minimize
wasting addresses?

A.
10.10.225.48 255.255.255.240

B.
10.10.225.32 255.255.255.240

C.
10.10.225.48 255.255.255.224

D.
10.10.225.32 255.255.255.224

Answer: D

QUESTION NO: 11

"Pass Any Exam. Any Time." - www.actualtests.com 9

 Cisco 200-301 Exam
An office has 8 floors with approximately 30-40 users per floor. One subnet must be used. Which
command must be configured on the router Switched Virtual Interface to use address space
efficiently?

A.
ip address 192.168.0.0 255.255.0.0

B.
ip address 192.168.0.0 255.255.254.0

C.
ip address 192.168.0.0 255.255.255.128

D.
ip address 192.168.0.0 255.255.255.224

Answer: B
Explanation:

If we assume the maximum of 40 users per floor x 8 floors that we will need 320 IP addresses. A
subnet mask of 255.255.254.0 supports up to 510 usable IP addresses. All of the other choices
support only 254 usable hosts or less, with the exception of choice A, which would support over
64,000 IP’s and would be wasteful.

QUESTION NO: 12

A device detects two stations transmitting frames at the same time. This condition occurs after the
first 64 bytes of the frame is received. Which interface counter increments?

A.
runt

B.
collision

C.
late collision

D.
CRC

Answer: C

"Pass Any Exam. Any Time." - www.actualtests.com 10

 Cisco 200-301 Exam
Explanation:

LateCollisions (Rare event)

Official definition: The number of times that a collision is detected on a particular interface later
than 512 bit-times (64 bytes) into the transmission of a packet. Five hundred and twelve bit-times
corresponds to 51.2 microseconds on a 10 Mbit/s system. A (late) collision included in a count
represented by an instance of this object is also considered as a (generic) collision for purposes of
other collision-related statistics.

QUESTION NO: 13

A wireless administrator has configured a WLAN; however, the clients need access to a less
congested 5-GHz network for their voice quality. Which action must be taken to meet the
requirement?

A.
enable Band Select

B.
enable DTIM

C.
enable RX-SOP

D.
enable AAA override

Answer: A
Explanation:

Band Select is the terminology for Band Steering. When enabled it encourages stations onto the 5
GHz band. This is achieved by suppressing 2.4 GHz probe response frames to station probe
requests and by responding with 5 GHz probe response frames first.

QUESTION NO: 14

Which WAN access technology is preferred for a small office / home office architecture?

"Pass Any Exam. Any Time." - www.actualtests.com 11

 Cisco 200-301 Exam
A.
broadband cable access

B.
frame-relay packet switching

C.
dedicated point-to-point leased line

D.
Integrated Services Digital Network switching

Answer: A
Explanation:

Service providers provide Internet access using broadband services such as DSL, cable, and
satellite access. Broadband connections are typically used to connect small offices and
telecommuting employees to a corporate site over the Internet. Data traveling between corporate
sites over the public WAN infrastructure should be protected using VPNs.

QUESTION NO: 15

What are two functions of a server on a network? (Choose two.)

A.
handles requests from multiple workstations at the same time

B.
achieves redundancy by exclusively using virtual server clustering

C.
housed solely in a data center that is dedicated to a single client

D.
runs the same operating system in order to communicate with other servers

E.
runs applications that send and retrieve data for workstations that make requests

Answer: A,E
Explanation:

A server is a computer program or device that provides a service to another computer program
"Pass Any Exam. Any Time." - www.actualtests.com 12
 Cisco 200-301 Exam
and its user, also known as the client. In a data center, the physical computer that a server
program runs on is also frequently referred to as a server. That machine might be a dedicated
server or it might be used for other purposes.

In the client/server programming model, a server program awaits and fulfills requests from client
programs, which might be running in the same, or other computers. A given application in a
computer might function as a client with requests for services from other programs and as a server
of requests from other programs.

QUESTION NO: 16

A manager asks a network engineer to advise which cloud service models are used so employees
do not have to waste their time installing, managing, and updating software that is only used
occasionally. Which cloud service model does the engineer recommend?

A.
infrastructure-as-a-service

B.
platform-as-a-service

C.
business process as service to support different types of service

D.
software-as-a-service

Answer: D
Explanation:

Software as a service (or SaaS) is a way of delivering applications over the Internet—as a service.
Instead of installing and maintaining software, you simply access it via the Internet, freeing
yourself from complex software and hardware management. SaaS applications are sometimes
called Web-based software, on-demand software, or hosted software.

QUESTION NO: 17

What are two functions of a Layer 2 switch? (Choose two.)

"Pass Any Exam. Any Time." - www.actualtests.com 13

 Cisco 200-301 Exam
A.
acts as a central point for association and authentication servers

B.
selects the best route between networks on a WAN

C.
moves packets within a VLAN

D.
moves packets between different VLANs

E.
makes forwarding decisions based on the MAC address of a packet

Answer: C,E
Explanation:

A layer 2 switch is primarily responsible for transporting data on a physical layer and in performing
error checking on each transmitted and received frame. A layer 2 switch requires MAC address of
NIC on each network node to transmit data. They learn MAC addresses automatically by copying
MAC address of each frame received, or listening to devices on the network and maintaining their
MAC address in a forwarding table. This also enables a layer 2 switch to send frames quickly to
destination nodes. However, like other layer switches (3,4 onwards), a layer 2 switch cannot
transmit packet on IP addresses and don’t have any mechanism to prioritize packets based on
sending/receiving application.

QUESTION NO: 18

An engineer observes high usage on the 2.4GHz channels and lower usage on the 5GHz
channels. What must be configured to allow clients to preferentially use 5GHz access points?

A.
Client Band Select

B.
Re-Anchor Roamed Clients

C.
OEAP Split Tunnel

D.
11ac MU-MIMO

"Pass Any Exam. Any Time." - www.actualtests.com 14

 Cisco 200-301 Exam
Answer: A
Explanation:

Band Select is the terminology for Band Steering. When enabled it encourages stations onto the 5
GHz band. This is achieved by suppressing 2.4 GHz probe response frames to station probe
requests and by responding with 5 GHz probe response frames first.

QUESTION NO: 19

Which networking function occurs on the data plane?

A.
processing inbound SSH management traffic

B.
sending and receiving OSPF Hello packets

C.
facilitates spanning-tree elections

D.
forwarding remote client/server traffic

Answer: D
Explanation:

Data plane — Handles all the data traffic. The basic functionality of a Cisco device is to forward

packets from one interface to another. The packets that are not meant for the switch itself are
called the transit packets. These packets are handled by the data plane.

QUESTION NO: 20

Under which condition is TCP preferred over UDP?

A.
UDP is used when low latency is optimal, and TCP is used when latency is tolerable.

B.
"Pass Any Exam. Any Time." - www.actualtests.com 15
 Cisco 200-301 Exam
TCP is used when dropped data is more acceptable, and UDP is used when data is accepted out-
of-order.

C.
TCP is used when data reliability is critical, and UDP is used when missing packets are
acceptable.

D.
UDP is used when data is highly interactive, and TCP is used when data is time-sensitive.

Answer: C
Reference: https://www.diffen.com/difference/TCP_vs_UDP

QUESTION NO: 21

A network engineer must configure the router R1 GigabitEthernet1/1 interface to connect to the
router R2 GigabitEthernet1/1 interface. For the configuration to be applied, the engineer must
compress the address 2001:0db8:0000:0000:0500:000a:400F:583B. Which command must be
issued on the interface?

A.
ipv6 address 2001::db8:0000::500:a:400F:583B

B.
ipv6 address 2001:db8:0::500:a:4F:583B

C.
ipv6 address 2001:db8::500:a:400F:583B

D.
ipv6 address 2001:0db8::5:a:4F:583B

Answer: C
Reference: https://www.omnisecu.com/tcpip/ipv6/how-to-simplify-ipv6-addresses.php

QUESTION NO: 22 DRAG DROP

Drag and drop the characteristics of network architectures from the left onto the type of
architecture on the right.
"Pass Any Exam. Any Time." - www.actualtests.com 16
 Cisco 200-301 Exam

Answer:

"Pass Any Exam. Any Time." - www.actualtests.com 17

 Cisco 200-301 Exam
Explanation:

Collapsed Core

Single device handles the core and the distribution layer

More cost-effective than other options

Most appropriate for small network designs

Three-Tier

Enhances network availability

Separate devices handle the core and distribution layer

QUESTION NO: 23

Which 802.11 frame type is indicated by a probe response after a client sends a probe request?

A.
data

B.
management

C.
control

D.
action

Answer: B
Reference: https://mrncciew.com/2014/10/27/cwap-802-11-probe-requestresponse/

QUESTION NO: 24

What is the maximum bandwidth of a T1 point-to-point connection?

"Pass Any Exam. Any Time." - www.actualtests.com 18

 Cisco 200-301 Exam
A.
1.544 Mbps

B.
2.048 Mbps

C.
34.368 Mbps

D.
43.7 Mbps

Answer: A
Explanation:

A T1 line is a communications transmission service that uses 2 twisted pair copper wires to
transmit and receive data or voice traffic. This early form of data connectivity was developed by
the Bell System to bring data connectivity to the vast majority of businesses. A T1 line can transmit
data at a speed of 1.544 Mbps.

QUESTION NO: 25

Refer to the exhibit. The link between PC1 and the switch is up, but it is performing poorly. Which
interface condition is causing the performance problem?

"Pass Any Exam. Any Time." - www.actualtests.com 19

 Cisco 200-301 Exam
A.
There is an issue with the fiber on the switch interface.

B.
There is a duplex mismatch on the interface.

C.
There is an interface type mismatch.

D.
There is a speed mismatch on the interface.

Answer: B
Explanation:

The PC's port runs in full duplex, while the Fa0/1 port on the switch is in auto-negotiate mode.

This results in a duplex mismatch that causes the switchport to operate as half-duplex, which
culminates in poor performance on the link.

QUESTION NO: 26 DRAG DROP

Drag and drop the IPv6 addresses from the left onto the corresponding address types on the right.

"Pass Any Exam. Any Time." - www.actualtests.com 20

 Cisco 200-301 Exam
Answer:

Explanation:

Global Unicast

2001:db8:600d:cafe::123

3ffe:e54d:620:a87a::f00d

Unique Local

Fcba:926a:e8e:7a25:c6d2:1a76:8fdc

Fd6d:c83b:5cef:b6b2::1

Reference: https://learningnetwork.cisco.com/s/question/0D53i00000Kt6kl/ipv6-unique-local-
addresses

QUESTION NO: 27

A network administrator is setting up a new IPv6 network using the 64-bit address
2001:0EB8:00C1:2200:0001:0000:0000:0331/64. To simplify the configuration, the administrator
has decided to compress the address. Which IP address must the administrator configure?

A.
ipv6 address 2001:EB8:C1:22:1::331/64

"Pass Any Exam. Any Time." - www.actualtests.com 21

 Cisco 200-301 Exam
B.
ipv6 address 21:EB8:C1:2200:1::331/64

C.
ipv6 address 2001:EB8:C1:2200:1:0000:331/64

D.
ipv6 address 2001:EB8:C1:2200:1::331/64

Answer: D
Reference: https://www.geeksforgeeks.org/compression-of-ipv6-address/

QUESTION NO: 28

What is an appropriate use for private IPv4 addressing?

A.
to allow hosts inside to communicate in both directions with hosts outside the organization

B.
on internal hosts that stream data solely to external resources

C.
on the public-facing interface of a firewall

D.
on hosts that communicate only with other internal hosts

Answer: D
Explanation:

In Internet networking, a private network is a computer network that uses a private address space
of IP addresses. These addresses are commonly used for local area networks (LANs) in
residential, office, and enterprise environments.

Private network addresses are not allocated to any specific organization. Anyone may use these
addresses without approval from regional or local Internet registries. Private IP address spaces
were originally defined to assist in delaying IPv4 address exhaustion. IP packets originating from
or addressed to a private IP address cannot be routed through the public Internet but can be used
for all internal communication.

"Pass Any Exam. Any Time." - www.actualtests.com 22

 Cisco 200-301 Exam

QUESTION NO: 29

Refer to the exhibit. An engineer is configuring the HO router. Which IPv6 address configuration
must be applied to the router fa0/1 interface for the router to assign a unique 64-bit IPv6 address
"Pass Any Exam. Any Time." - www.actualtests.com 23
 Cisco 200-301 Exam
to itself?

A.
ipv6 address 2001:DB8:0:1:FFFF:C601:420F:7/64

B.
ipv6 address 2001:DB8:0:1:FE80:C601:420F:7/64

C.
ipv6 address 2001:DB8:0:1:C601:42FF:FE0F:7/64

D.
ipv6 address 2001:DB8:0:1:C601:42FE:800F:7/64

Answer: B
Explanation:

By default, IPv6 configures link-local IP addresses for each interface corresponding to installed
Ethernet network adapters. Link-local addresses have the prefix fe80::/64. The last 64 bits of the
IPv6 address is known as the interface identifier and is derived from the 48-bit MAC address of the
network adapter.

QUESTION NO: 30

"Pass Any Exam. Any Time." - www.actualtests.com 24

 Cisco 200-301 Exam

Refer to the exhibit. The given Windows PC is requesting the IP address of the host at
www.cisco.com. To which IP address is the request sent?

A.
192.168.1.253

B.
192.168.1.100

C.
192.168.1.226

D.
192.168.1.254

"Pass Any Exam. Any Time." - www.actualtests.com 25

 Cisco 200-301 Exam
Answer: A
Explanation:

Mapping IP addresses to domain names is a function of the DNS server, which is 102.168.1.253.

QUESTION NO: 31

What is the function of a controller in controller-based networking?

A.
It serves as the centralized management point of an SDN architecture

B.
It is a pair of core routers that maintain all routing decisions for a campus

C.
It centralizes the data plane for the network

D.
It is the card on a core router that maintains all routing decisions for a campus

Answer: A
Explanation:

An SDN controller is an application in a software-defined networking (SDN) architecture that

manages flow control for improved network management and application performance. The SDN
controller platform typically runs on a server and uses protocols to tell switches where to send
packets.

SDN controllers direct traffic according to forwarding policies that a network operator puts in place,
thereby minimizing manual configurations for individual network devices. By taking the control
plane off of the network hardware and running it instead as software, the centralized controller
facilitates automated network management and makes it easier to integrate and administer
business applications. In effect, the SDN controller serves as a sort of operating system (OS) for
the network.

The controller is the core of a software-defined network. It resides between network devices at one
end of the network and applications at the other end. Any communication between applications
and network devices must go through the controller.

"Pass Any Exam. Any Time." - www.actualtests.com 26

 Cisco 200-301 Exam

QUESTION NO: 32

How do TCP and UDP fit into a query-response model?

A.
TCP avoids using sequencing and UDP avoids using acknowledgments.

B.
TCP establishes a connection prior to sending data, and UDP sends immediately.

C.
TCP encourages out-of-order packet delivery, and UDP prevents re-ordering.

D.
TCP uses error detection for packets, and UDP uses error recovery.

Answer: B

QUESTION NO: 33

What is a requirement for nonoverlapping Wi-Fi channels?

A.
different security settings

B.
discontinuous frequency ranges

C.
unique SSIDs

D.
different transmission speeds

Answer: B
Explanation:

Wireless communication usually involves a data exchange between two devices. A wireless LAN
goes even further, many devices can participate in sharing the medium for data exchanges.
Wireless LANs must transmit a signal over radio frequencies (RF) to move data from one device to
another. Transmitters and receivers can be fixed in consistent locations, or they can be mobile and
free to move around. A WiFi channel is the medium through which our wireless networks can send
"Pass Any Exam. Any Time." - www.actualtests.com 27
 Cisco 200-301 Exam
and receive data. The 2.4 GHz band has 11 channels and the 5 GHz band has 45 channels.
Selecting the proper WiFi channel can significantly improve your WiFi coverage and performance.
In the 2.4 GHz band, 1, 6, and 11 are the only non-overlapping channels. Selecting one or more of
these channels is an important part of setting up your network correctly.

QUESTION NO: 34

When a switch receives a frame for a known destination MAC address, how is the frame handled?

A.
flooded to all ports except the one from which it originated

B.
forwarded to the first available port

C.
sent to the port identified for the known MAC address

D.
broadcast to all ports

Answer: C
Explanation:

A switch builds its MAC address table by recording the MAC address of each device connected to
each of its ports. The switch uses the information in the MAC address table to send frames
destined for a specific device out the port, which has been assigned to that device.

Reference: https://www.ciscopress.com/articles/article.asp?p=2181835&seqNum=5

QUESTION NO: 35

What is the collapsed layer in collapsed core architectures?

A.
core and distribution

"Pass Any Exam. Any Time." - www.actualtests.com 28

 Cisco 200-301 Exam
B.
access and WAN

C.
distribution and access

D.
core and WAN

Answer: A
Explanation:

A collapsed core architecture takes the normal three-tier hierarchical network and collapses it into
a two-tier network. In a two-tier network, the function of the switches in the core layer and
distribution layer are “collapsed? into a combined core and distribution layer on a single switch.

QUESTION NO: 36

What is a characteristic of a SOHO network?

A.
includes at least three tiers of devices to provide load balancing and redundancy

B.
connects each switch to every other switch in the network

C.
enables multiple users to share a single broadband connection

D.
provides high throughput access for 1000 or more users

Answer: C
Explanation:

The SOHO network allows computers in a home office or a remote office to connect to a corporate
network, or access centralized, shared resources over a single inexpensive broadband
connection.

"Pass Any Exam. Any Time." - www.actualtests.com 29

 Cisco 200-301 Exam
QUESTION NO: 37

What is a function performed by a web server?

A.
send and retrieve email from client devices

B.
securely store files for FTP access

C.
authenticate and authorize a user’s identity

D.
provide an application that is transmitted over HTTP

Answer: D
Explanation:

A web server is software and hardware that uses HTTP (Hypertext Transfer Protocol) and other
protocols to respond to client requests made over the World Wide Web. The main job of a web
server is to display website content through storing, processing and delivering webpages to users.

QUESTION NO: 38

"Pass Any Exam. Any Time." - www.actualtests.com 30

 Cisco 200-301 Exam

Refer to the exhibit. Site A was recently connected to site B over a new single-mode fiber path.
Users at site A report intermittent connectivity issues with applications hosted at site B. What is the
reason for the problem?

A.
Physical network errors are being transmitted between the two sites.

B.
Heavy usage is causing high latency.

C.
The wrong cable type was used to make the connection.

D.
An incorrect type of transceiver has been inserted into a device on the link.

"Pass Any Exam. Any Time." - www.actualtests.com 31

 Cisco 200-301 Exam
Answer: D
Explanation:

Here we see that Site A is using an SR SFP, while Site B is using an LR SFP. At a distance of 7
KM, both locations should be using an LR SFP. As a side note, using incompatible SFP’s like in
this example should cause the link to remain down.

QUESTION NO: 39

Which protocol uses the SSL?

A.
SSH

B.
HTTPS

C.
HTTP

D.
Telnet

Answer: B
Explanation:

HTTPS uses an encryption protocol to encrypt communications. The protocol is called Transport
Layer Security (TLS), although formerly it was known as Secure Sockets Layer (SSL). This
protocol secures communications by using what's known as an asymmetric public key
infrastructure.

QUESTION NO: 40

"Pass Any Exam. Any Time." - www.actualtests.com 32

 Cisco 200-301 Exam

Refer to the exhibit. The router has been configured with a super net to accommodate the
requirements for 380 users on a Subnet. The requirement already considers 30% future growth.
Which configuration verifies the IP subnet on router R4?

A.
Subnet: 10.7.54.0

Subnet mask: 255.255.128.0

Broadcast address: 10.7.55.255

Usable IP address range: 10.7.54.1 – 10.7.55.254

B.
Subnet: 10.7.54.0

Subnet mask: 255.255.255.0

Broadcast address: 10.7.54.255

Usable IP address range: 10.7.54.1 – 10.7.55.254

C.
Subnet: 10.7.54.0

Subnet mask: 255.255.254.0

Broadcast address: 10.7.54.255

Usable IP address range: 10.7.54.1 – 10.7.55.254

D.
Subnet: 10.7.54.0

Subnet mask: 255.255.254.0

Broadcast address: 10.7.55.255

Usable IP address range: 10.7.54.1 – 10.7.55.254

Answer: D

"Pass Any Exam. Any Time." - www.actualtests.com 33

 Cisco 200-301 Exam
Explanation:

A subnet mask of 255.255.254.0 will accommodate up to 510 usable IP addresses which will meet
the needs in this scenario. In this case, the usable range will be 10.7.54.1 – 10.7.55.254, with
10.7.55.255 being the broadcast address.

QUESTION NO: 41

Refer to the exhibit. What is a reason for poor performance on the network interface?

A.
"Pass Any Exam. Any Time." - www.actualtests.com 34
 Cisco 200-301 Exam
The interface is receiving excessive broadcast traffic.

B.
The bandwidth setting of the interface is misconfigured.

C.
The cable connection between the two devices is faulty.

D.
The interface is operating at a different speed than the connected device.

Answer: C
Explanation:

Here we see a large number of input errors and CRC errors.

QUESTION NO: 42

What causes a port to be placed in the err-disabled state?

A.
nothing plugged into the port

B.
link flapping

C.
latency

D.
shutdown command issued on the port

Answer: B

"Pass Any Exam. Any Time." - www.actualtests.com 35

 Cisco 200-301 Exam
Explanation:

The Errdisable error disable feature was designed to inform the administrator when there is a port
problem or error. The reasons a catalyst switch can go into Errdisable mode and shutdown a port
are many and include:

Duplex Mismatch

Loopback Error

Link Flapping (up/down)

Port Security Violation

Unicast Flodding

UDLD Failure

Broadcast Storms

BPDU Guard

QUESTION NO: 43

A network engineer must configure an interface with IP address 10.10.10.145 and a subnet mask
equivalent to 11111111.11111111.11111111.11111000. Which subnet mask must the engineer
use?

A.
/29

B.
/30

C.
/27

D.
/28

Answer: A

QUESTION NO: 44
"Pass Any Exam. Any Time." - www.actualtests.com 36
 Cisco 200-301 Exam

Refer to the exhibit. The switches are connected via a Cat5 Ethernet cable that is tested
successfully. The interfaces are configured as access ports and are both in a down status. What is
the cause of the issue?

A.
The speed settings on the switches are mismatched

B.
The distance between the two switches is not supported by Cat5

C.
The switches are configured with incompatible duplex settings

D.
The portfast command is missing from the configuration

Answer: A
Explanation:

Why does the mismatch speed between directly connected devices makes two interfaces to
be down?

Simply put, it is due to electrical differences between 10, 100 and 1000 Mbit. When you use
autonegotiation of speed, the ethernet controller can look at the characteristics of the incoming
electrical signal to determine the speed of the link. When you manually specify the link-speed, you
disable the auto-negotiation mechanism and lock the interface to the specified speed. If the other
end don't match the speed and thus having different electrical characteristics of the signal, the link
won't come up. The most obvious difference is between 10M/100M and 1000M, which require all
of the four available pairs in the patch cable, whereas 10M and 100M only uses two of the pairs.

Reference: https://learningnetwork.cisco.com/s/question/0D53i00000Kt28YCAR/speed-mismatch

QUESTION NO: 45
"Pass Any Exam. Any Time." - www.actualtests.com 37
 Cisco 200-301 Exam
The address block 192.168.32.0/24 must be subnetted into smaller networks. The engineer must
meet these requirements:

Create 8 new subnets.

Each subnet must accommodate 30 hosts.

Interface VLAN 10 must use the last usable IP in the first new subnet.

A Layer 3 interface is used.

Which configuration must be applied to the interface?

A.
no switchport mode trunk

ip address 192.168.32.97 255.255.255.224

B.
switchport

ip address 192.168.32.65 255.255.255.240

C.
no switchport

ip address 192.168.32.30 255.255.255.224

D.
no switchport mode access

ip address 192.168.32.62 255.255.255.240

Answer: C
Explanation:

A subnet mask of 255.255.255.224 will allow for exactly 30 hosts per subnet and only
192.168.32.30 will be the last usable IP address in that subnet. The other answer choice with a
subnet mask of 255.255.255.224 is using the first usable IP address in that subnet.

QUESTION NO: 46 DRAG DROP

Drag and drop the TCP or UDP details from the left onto their corresponding protocols on the right.

"Pass Any Exam. Any Time." - www.actualtests.com 38

 Cisco 200-301 Exam

Answer:

Explanation:

TCP:

"Pass Any Exam. Any Time." - www.actualtests.com 39

 Cisco 200-301 Exam
used to reliably share files between devices

supports reliable data transmission

UDP:

appropriate for streaming operations with minimal latency

provides best-effort service

QUESTION NO: 47

What is the role of a firewall in an enterprise network?

A.
determines which packets are allowed to cross from unsecured to secured networks

B.
processes unauthorized packets and allows passage to less secure segments of the network

C.
forwards packets based on stateless packet inspection

D.
explicitly denies all packets from entering an administrative domain

Answer: A
Explanation:

A firewall is a network security device that monitors incoming and outgoing network traffic and
permits or blocks data packets based on a set of security rules. Its purpose is to establish a barrier
between your internal network and incoming traffic from external sources (such as the internet) in
order to block malicious traffic like viruses and hackers.

Firewalls carefully analyze incoming traffic based on pre-established rules and filter traffic coming
from unsecured or suspicious sources to secured networks to prevent attacks.

QUESTION NO: 48 DRAG DROP

Refer to the exhibit.

"Pass Any Exam. Any Time." - www.actualtests.com 40

 Cisco 200-301 Exam

An engineer is tasked with verifying network configuration parameters on a client workstation to

report back to the team lead. Drag and drop the node identifiers from the left onto the network
parameters on the right.

"Pass Any Exam. Any Time." - www.actualtests.com 41

 Cisco 200-301 Exam
Answer:

Explanation:

QUESTION NO: 49

What is a benefit for external users who consume public cloud resources?

A.
Implemented over a dedicated WAN

B.
All hosted on physical servers

C.
Accessed over the Internet

D.
Located in the same data center as the users

Answer: C
Explanation:

The public cloud represents services offered by an external party that can be accessed over the
Internet. The services are not limited and can be purchased as you consume the service. This is a
"Pass Any Exam. Any Time." - www.actualtests.com 42
 Cisco 200-301 Exam
key difference from an on-premises infrastructure. With the public cloud, you only pay for the
amount of service you consume when you use it.

QUESTION NO: 50

An engineer must update the configuration on two PCs in two different subnets to communicate
locally with each other. One PC is configured with IP address 192.168.25.128/25 and the other
with 192.168.25.100/25. Which network mask must the engineer configure on both PCs to enable
the communication?

A.
255.255.255.248

B.
255.255.255.224

C.
255.255.255.0

D.
255.255.255.252

Answer: C
Explanation:

255.255.255.0 will contain all of the IP addresses in the range of 192.168.25.0-192.168.25.255.

QUESTION NO: 51

A client experiences slow throughput from a server that is directly connected to the core switch in
a data center. A network engineer finds minimal latency on connections to the server, but data
transfers are unreliable, and the output of the show interfaces counters errors command shows a
high FCS-Err count on the interface that is connected to the server. What is the cause of the
throughput issue?

A.
a physical cable fault

B.
"Pass Any Exam. Any Time." - www.actualtests.com 43
 Cisco 200-301 Exam
a speed mismatch

C.
high bandwidth usage

D.
a cable that is too long

Answer: A
Explanation:

An FCS error is a legal sized frame with a bad frame check sequence (CRC error). An FCS error
can be caused by a duplex mismatch, faulty NIC or driver, cabling, hub, or induced noise.
Sometimes FCS errors will increment when there is induced noise on the physical cable. Perform
a cable test. Check the environment for electrical changes (industrial electrical motor turning on,
EMI radiation, etc.). Make sure your physical wiring is safe from Electro-magnetic interference.

QUESTION NO: 52

What is the difference between IPv6 unicast and anycast addressing?

A.
An individual IPv6 unicast address is supported on a single interface on one node, but an IPv6
anycast address is assigned to a group of interfaces on multiple nodes.

B.
IPv6 anycast nodes must be explicitly configured to recognize the anycast address, but IPv6
unicast nodes require no special configuration.

C.
IPv6 unicast nodes must be explicitly configured to recognize the unicast address, but IPv6
anycast nodes require no special configuration.

D.
Unlike an IPv6 anycast address, an IPv6 unicast address is assigned to a group of interfaces on
multiple nodes.

Answer: A
Explanation:

An IPv6 unicast address is an identifier for a single interface, on a single node. A packet that is
sent to a unicast address is delivered to the interface identified by that address.

"Pass Any Exam. Any Time." - www.actualtests.com 44

 Cisco 200-301 Exam
An IPv6 anycast address is an address that is assigned to a set of interfaces that typically belong
to different nodes. Anycast addresses are syntactically indistinguishable from unicast addresses,
because anycast addresses are allocated from the unicast address space.

Reference: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipv6_basic/configuration/15-mt/ip6b-
15-mt-book/ip6-uni-routing.html

QUESTION NO: 53

Which network plane is centralized and manages routing decisions?

A.
management plane

B.
data plane

C.
policy plane

D.
control plane

Answer: D
Explanation:

In network routing, the control plane is the part of the router architecture that is concerned with
drawing the network topology, or the information in a routing table that defines what to do with
incoming packets. Control plane functions, such as participating in routing protocols, run in the
architectural control element. In most cases, the routing table contains a list of destination
addresses and the outgoing interface(s) associated with each. Control plane logic also can identify
certain packets to be discarded, as well as preferential treatment of certain packets for which a
high quality of service is defined by such mechanisms as differentiated services.

QUESTION NO: 54

What is a benefit of using private IPv4 addressing?

"Pass Any Exam. Any Time." - www.actualtests.com 45

 Cisco 200-301 Exam
A.
Multiple companies can use the same addresses without conflicts.

B.
Direct connectivity is provided to internal hosts from outside an enterprise network.

C.
Communication to the internet is reachable without the use of NAT.

D.
All external hosts are provided with secure communication to the internet.

Answer: A
Explanation:

Private IP addresses can be either static or dynamic, but in each case, the available addresses
are limited to a pool set aside specifically for being private. These addresses are different from
public IP addresses in that they don’t have to be unique — other devices can use the same
address provided they aren’t on the same network. This is because devices on the private network
can’t communicate with outside devices, which eliminates the risk of an address conflict.

QUESTION NO: 55

What are two characteristics of a small office / home office connection environment? (Choose
two.)

A.
It requires 10Gb ports on all uplinks.

B.
It supports between 1 and 50 users.

C.
It supports between 50 and 100 users.

D.
A router port connects to a broadband connection.

E.
It requires a core, distribution, and access layer architecture.

Answer: B,D

"Pass Any Exam. Any Time." - www.actualtests.com 46

 Cisco 200-301 Exam
Explanation:

A small office/home office is typically defined as supported from 1-50 users. Service providers
provide Internet access using broadband services such as DSL, cable, and satellite access.
Broadband connections are typically used to connect small offices and telecommuting employees
to a corporate site over the Internet. Data traveling between corporate sites over the public WAN
infrastructure should be protected using VPNs.

QUESTION NO: 56

Which group of channels in the 802.11b/g/n/ac/ax 2.4 GHz frequency bands are nonoverlapping
channels?

A.
channels 1, 5, and 10

B.
channels 1, 6, and 11

C.
channels 1, 5, and 11

D.
channels 1, 6, and 10

Answer: B
Explanation:

In the United States, while channels 1-13 can be used for 2.4 GHz WiFi, only three channels are
considered non-overlapping (channels 12 and 13 are allowed under low powered conditions, but
for most cases are not used). For best results, it is highly recommended to keep the 2.4 GHz
channels to 1, 6, and 11, as these channel settings will allow for virtually no overlap in the WiFi
signal.

QUESTION NO: 57

What is a function of Layer 3 switches?

A.
"Pass Any Exam. Any Time." - www.actualtests.com 47
 Cisco 200-301 Exam
They route traffic between devices in different VLANs.

B.
They transmit broadcast traffic when operating in Layer 3 mode exclusively.

C.
They move frames between endpoints limited to IP addresses.

D.
They forward Ethernet frames between VLANs using only MAC addresses.

Answer: A
Explanation:

Layer 3 switches perform the same functions as routers and route the traffic between VLANs.

QUESTION NO: 58

Which cable type must be used to interconnect one switch using 1000 BASE-SX GBIC modules
and another switch using 1000 BASE-SX SFP modules?

A.
LC to SC

B.
SC to SC

C.
LC to LC

D.
SC to ST

Answer: A
Explanation:

SFP is LC:

All SFP and SFP+ optics require LC connectors so the question becomes when you need single
mode fiber or multi mode fiber but the connector type is clear. SC square connectors are too big to
fit in a SFP or SFP+.

GBIC is SC:

"Pass Any Exam. Any Time." - www.actualtests.com 48

 Cisco 200-301 Exam
GBIC is commonly used with Gigabit Ethernet and Fibre Channel. But its applications are not
limited to these two types. There is also Fast Ethernet (FE) GBIC, BIDI GBIC, CWDM GBIC,
DWDM GBIC, etc.

QUESTION NO: 59

Which component controls and distributes physical resources for each virtual machine?

A.
hypervisor

B.
OS

C.
CPU

D.
physical enclosure

Answer: A
Explanation:

A hypervisor is a software that you can use to run multiple virtual machines on a single physical
machine. Every virtual machine has its own operating system and applications. The hypervisor
allocates the underlying physical computing resources such as CPU and memory to individual
virtual machines as required.

QUESTION NO: 60

What are two advantages of implementing a controller-based architecture instead of traditional

network architecture? (Choose two.)

A.
It allows for seamless connectivity to virtual machines.

B.

"Pass Any Exam. Any Time." - www.actualtests.com 49

 Cisco 200-301 Exam
It increases security against denial-of-service attacks.

C.
It supports complex and high-scale IP addressing schemes.

D.
It enables configuration task automation.

E.
It provides increased scalability and management options.

Answer: D,E
Explanation:

With traditional networking, the network engineer configured the various devices and changes
requiring a long timeframe to plan and implement changes. With controller-based networking and
SDN, network engineers and operators can implement changes more quickly, with better
consistency, and often with better operational practices through the use of automation.

QUESTION NO: 61

How do UTP and STP cables compare?

A.
UTP cables provide faster and more reliable data transfer rates and STP cables are slower and
less reliable.

B.
STP cables are shielded and protect against electromagnetic interference and UTP lacks the
same protection against electromagnetic interference.

C.
STP cables are cheaper to procure and easier to install and UTP cables are more expensive and
harder to install.

D.
UTP cables are less prone to crosstalk and interference and STP cables are more prone to
crosstalk and interference.

Answer: B
Reference: https://www.testandmeasurementtips.com/difference-between-cat-5e-and-cat-6a-
cable-faq/

"Pass Any Exam. Any Time." - www.actualtests.com 50

 Cisco 200-301 Exam

QUESTION NO: 62

Which technology allows for multiple operating systems to be run on a single host computer?

A.
virtual routing and forwarding

B.
virtual device contexts

C.
network port ID virtualization

D.
server virtualization

Answer: D
Explanation:

The technology that allows for multiple operating systems to be run on a single host computer is
called virtualization. Virtualization software creates virtual machines (VMs) that can mimic the
behavior of physical computers, allowing multiple operating systems to run simultaneously on a
single hardware platform.

QUESTION NO: 63

What must be considered before deploying virtual machines?

A.
resource limitations, such as the number of CPU cores and the amount of memory

B.
support for physical peripherals, such as monitors, keyboards, and mice

C.
whether to leverage VSM to map multiple virtual processors to two or more virtual machines

D.
location of the virtual machines within the data center environment

"Pass Any Exam. Any Time." - www.actualtests.com 51

 Cisco 200-301 Exam
Answer: A
Explanation:

When deploying the product on VMs, be aware that additional overhead exists because resources
are shared across VMs. The same performance that is possible running applications on a physical
computer is not possible on VMs. However, VMs offer more flexibility and ease of administration
for some aspects, such as high availability and backups.

QUESTION NO: 64

What are two facts that differentiate optical-fiber cabling from copper cabling? (Choose two.)

A.
It is less expensive when purchasing patch cables.

B.
It carries electrical current further distances for PoE devices.

C.
It provides greater throughput options.

D.
It has a greater sensitivity to changes in temperature and moisture.

E.
It carries signals for longer distances.

Answer: C,E
Reference:
https://www.ciscopress.com/articles/article.asp?p=170740&seqNum=4#:~:text=PCS%20fiber%2D
optic%20cable%20has,with%20a%20lower%20refractive%20index

QUESTION NO: 65

Which is a reason to implement IPv4 private addressing?

A.
Comply with PCI regulations.

"Pass Any Exam. Any Time." - www.actualtests.com 52

 Cisco 200-301 Exam
B.
Reduce the size of the forwarding table on network routers.

C.
Reduce the risk of a network security breach.

D.
Comply with local law.

Answer: C
Explanation:

Corporate networks use private IP addresses for security, since they make it difficult for an
external host to connect to a system. Organizations also use private IP addresses to restrict
internet access to internal users, which helps increase security.

QUESTION NO: 66

Which device segregates a network into separate zones that have their own security policies?

A.
IPS

B.
switch

C.
access point

D.
firewall

Answer: D
Explanation:

A firewall acts as a barrier between different network segments, such as the Internet and an
internal network, or between different sections of an internal network. It enforces security policies
by examining and controlling the incoming and outgoing network traffic based on predetermined
rules.

"Pass Any Exam. Any Time." - www.actualtests.com 53

 Cisco 200-301 Exam
QUESTION NO: 67

What is the primary purpose of private address space?

A.
limit the number of nodes reachable via the Internet

B.
simplify the addressing in the network

C.
conserve globally unique address space

D.
reduce network complexity

Answer: C
Explanation:

Private IPv4 addresses weren't created to be a form of protection. It's primary purpose was to
enable internal networks to communicate while conserving public IPv4 addresses.

QUESTION NO: 68

What is a characteristic of a collapsed-core network topology?

A.
It enables all workstations in a SOHO environment to connect on a single switch with internet
access.

B.
It enables the core and access layers to connect to one logical distribution device over an
EtherChannel.

C.
It allows wireless devices to connect directly to the core layer, which enables faster data
transmission.

D.
It allows the core and distribution layers to run as a single combined layer.

Answer: D

"Pass Any Exam. Any Time." - www.actualtests.com 54

 Cisco 200-301 Exam
Explanation:

A collapsed core architecture takes the normal three-tier hierarchical network and collapses it into
a two-tier network. In a two-tier network, the function of the switches in the core layer and
distribution layer are “collapsed? into a combined core and distribution layer on a single switch.

QUESTION NO: 69

What occurs when overlapping Wi-Fi channels are implemented?

A.
Users experience poor wireless network performance.

B.
Wireless devices are unable to distinguish between different SSIDs.

C.
The wireless network becomes vulnerable to unauthorized access.

D.
Network communications are open to eavesdropping.

Answer: A
Explanation:

The goal of using different non-overlapping channels is to avoid the effects caused by channel
utilization and interference which can lead to degraded performance.

QUESTION NO: 70

"Pass Any Exam. Any Time." - www.actualtests.com 55

 Cisco 200-301 Exam

Refer to the exhibit. An administrator received a call from a branch office regarding poor
application performance hosted at the headquarters. Ethernet 1 is connected between Router1
and the LAN switch. What identifies the issue?

A.
The MTU is not set to the default value.

B.
There is a duplex mismatch.

C.
The QoS policy is dropping traffic.

D.
The link is over utilized.

Answer: B
Explanation:

The output shows that there are 15000 collisions on the interface, indicating a duplex mismatch
issue between Router1 and the switch.

"Pass Any Exam. Any Time." - www.actualtests.com 56

 Cisco 200-301 Exam

QUESTION NO: 71

What is the functionality of the Cisco DNA Center?

A.
IP address pool distribution scheduler

B.
data center network policy controller

C.
console server that permits secure access to all network devices

D.
software-defined controller for automation of devices and services

Answer: D
Explanation:

Cisco DNA is a controller-based architecture. Having Cisco DNA Center at its core, Cisco DNA
provides the policy, automation, and analytics required to adapt to change, simplify and scale
operations, and protect against degradation and threats.

QUESTION NO: 72

"Pass Any Exam. Any Time." - www.actualtests.com 57

 Cisco 200-301 Exam

Refer to the exhibit. IPv6 must be implemented on R1 to the ISP. The uplink between R1 and the
ISP must be configured with a manual assignment, and the LAN interface must be self-
provisioned. Both connections must use the applicable IPv6 networks. Which two configurations
must be applied to R1? (Choose two.)

A.
interface Gi0/0

ipv6 address 2001:db8:0F1B:FCCB:ACCE:FCED:ABCD:FA03:/127

B.
interface Gi0/0

ipv6 address 2001:db8:0:AFFF::/64 eui-64

C.
interface Gi0/1

ipv6 address 2001:db8:0F1B:FCCB:ACCE:FCED:ABCD:FA02:/127

D.
interface Gi0/0

ipv6 address 2001:db8:1:AFFF::/64 eui-64

E.
interface Gi0/1

"Pass Any Exam. Any Time." - www.actualtests.com 58

 Cisco 200-301 Exam
ipv6 address 2001:db8:0F1B:FCCB:ACCE:FCED:ABCD:FA00:/127

Answer: A,D

QUESTION NO: 73

What is a functionality of the control plane in the network?

A.
It looks up an egress interface in the forwarding information base.

B.
It forwards traffic to the next hop.

C.
It exchanges topology information with other routers.

D.
It provides CLI access to the network device.

Answer: C
Explanation:

The Control Plane is the part of the router/Layer 3 Switch architecture that is concerned with
drawing the network map, or the information in a routing table that defines what to do with
incoming packets.

In a routed network, this planning and learning can be done through static routes, where we train
the Layer 3 device about remote networks, and how to get there. We can also use dynamic routing
protocols, like RIP, OSPF and EIGRP to allow the routers to train each other regarding how to
reach remote networks. This is all the control plane. Another way of calling control plane is “The
process of learning what we will do before we send the packet or frame.?

QUESTION NO: 74

Which cable type must be used when connecting a router and switch together using these criteria?

Pins 1 and 2 are receivers and pins 3 and 6 are transmitters.

Auto detection MDI-X is unavailable.

"Pass Any Exam. Any Time." - www.actualtests.com 59
 Cisco 200-301 Exam
A.
crossover

B.
rollover

C.
console

D.
straight-through

Answer: A

QUESTION NO: 75

Which cable type must be used when connecting two like devices together using these criteria?

Pins 1 to 3 and 2 to 6 are required.

Auto detection MDI-X is unavailable.

A.
straight-through

B.
console

C.
crossover

D.
rollover

Answer: C

Topic 2, Network Access

QUESTION NO: 76

Refer to the exhibit. Which action is expected from SW1 when the untagged frame is received on
the GigabitEthernet0/1 interface?
"Pass Any Exam. Any Time." - www.actualtests.com 60
 Cisco 200-301 Exam

A.
The frame is processed in VLAN 1

B.
The frame is processed in VLAN 11

C.
The frame is processed in VLAN 5

D.
The frame is dropped

Answer: C

QUESTION NO: 77

How do AAA operations compare regarding user identification, user services, and access control?

A.
Authorization provides access control, and authentication tracks user services

B.
Authentication identifies users, and accounting tracks user services

C.
Accounting tracks user services, and authentication provides access control

"Pass Any Exam. Any Time." - www.actualtests.com 61

 Cisco 200-301 Exam
D.
Authorization identifies users, and authentication provides access control

Answer: B
Explanation:

Authentication, authorization, and accounting (AAA) is a term for a framework for intelligently
controlling access to computer resources, enforcing policies, auditing usage, and providing the
information necessary to bill for services. These combined processes are considered important for
effective network management and security.

As the first process, authentication provides a way of identifying a user, typically by having the
user enter a valid user name and valid password before access is granted. The process of
authentication is based on each user having a unique set of criteria for gaining access. The AAA
server compares a user's authentication credentials with other user credentials stored in a
database. If the credentials match, the user is granted access to the network. If the credentials are
at variance, authentication fails and network access is denied.

Following authentication, a user must gain authorization for doing certain tasks. After logging into
a system, for instance, the user may try to issue commands. The authorization process
determines whether the user has the authority to issue such commands. Simply put, authorization
is the process of enforcing policies: determining what types or qualities of activities, resources, or
services a user is permitted. Usually, authorization occurs within the context of authentication.
Once you have authenticated a user, they may be authorized for different types of access or
activity.

The final plank in the AAA framework is accounting, which measures the resources a user
consumes during access. This can include the amount of system time or the amount of data a
user has sent and/or received during a session. Accounting is carried out by logging of session
statistics and usage information and is used for authorization control, billing, trend analysis,
resource utilization, and capacity planning activities.

QUESTION NO: 78

What is a difference between RADIUS and TACACS+?

A.
RADIUS logs all commands that are entered by the administrator, but TACACS+ logs only start,
stop, and interim commands.

B.

"Pass Any Exam. Any Time." - www.actualtests.com 62

 Cisco 200-301 Exam
TACACS+ separates authentication and authorization, and RADIUS merges them.

C.
TACACS+ encrypts only password information, and RADIUS encrypts the entire payload.

D.
RADIUS is most appropriate for dial authentication, but TACACS+ is also used for multiple types
of authentication.

Answer: B

QUESTION NO: 79

What is a difference between local AP mode and FlexConnect AP mode?

A.
Local AP mode creates two CAPWAP tunnels per AP to the WLC

B.
Local AP mode causes the AP to behave as if it were an autonomous AP

C.
FlexConnect AP mode fails to function if the AP loses connectivity with the WLC

D.
FlexConnect AP mode bridges the traffic from the AP to the WLC when local switching is
configured

Answer: A

QUESTION NO: 80

Which two conditions must be met before SSH operates normally on a Cisco IOS switch? (Choose
two.)

A.
IP routing must be enabled on the switch.

B.
A console password must be configured on the switch.

C.
Telnet must be disabled on the switch.

"Pass Any Exam. Any Time." - www.actualtests.com 63

 Cisco 200-301 Exam
D.
The switch must be running a k9 (crypto) IOS image.

E.
The ip domain-name command must be configured on the switch.

Answer: D,E
Reference: https://www.cisco.com/c/en/us/support/docs/security-vpn/secure-shell-ssh/4145-
ssh.html

QUESTION NO: 81

Refer to the exhibit. An engineer must configure GigabitEthernet1/1 to accommodate voice and
data traffic. Which configuration accomplishes this task?

A.
interface gigabitethernet1/1

switchport mode access

switchport access vlan 300

"Pass Any Exam. Any Time." - www.actualtests.com 64

 Cisco 200-301 Exam
switchport voice vlan 400

B.
interface gigabitethernet1/1

switchport mode trunk

switchport trunk vlan 300

switchport trunk vlan 400

C.
interface gigabitethernet1/1

switchport mode access

switchport voice vlan 300

switchport access vlan 400

D.
interface gigabitethernet1/1

switchport mode trunk

switchport trunk vlan 300

switchport voice vlan 400

Answer: A
Reference: https://study-ccna.com/configuring-voice-vlans/

QUESTION NO: 82

An administrator must secure the WLC from receiving spoofed association requests. Which steps
must be taken to configure the WLC to restrict the requests and force the user to wait 10 ms to
retry an association request?

A.
Enable MAC filtering and set the SA Query timeout to 10.

B.
Enable 802.1x Layer 2 security and set the Comeback timer to 10.

C.
"Pass Any Exam. Any Time." - www.actualtests.com 65
 Cisco 200-301 Exam
Enable Security Association Teardown Protection and set the SA Query timeout to 10.

D.
Enable the Protected Management Frame service and set the Comeback timer to 10.

Answer: C
Explanation:

Comeback timer specifies the time which an associated client must wait before the association
can be tried again when first denied with a status code 30 (can only be set 1-20 ms). SA query
timeout specifies the amount of time the WLC waits for a response from the client for the query
process. If there is no response from the client, its association is deleted from the controller.

QUESTION NO: 83

What is the benefit of configuring PortFast on an interface?

A.
The frames entering the interface are marked with the higher priority and then processed faster by
a switch.

B.
After the cable is connected, the interface is available faster to send and receive user data.

C.
Real-time voice and video frames entering the interface are processed faster.

D.
After the cable is connected, the interface uses the fastest speed setting available for that cable
type.

Answer: B
Explanation:

Portfast causes a switch or trunk port to enter the spanning tree forwarding state immediately,
bypassing the listening and learning states.

QUESTION NO: 84
"Pass Any Exam. Any Time." - www.actualtests.com 66
 Cisco 200-301 Exam
Which access point mode relies on a centralized controller for management, roaming, and SSID
configuration?

A.
lightweight mode

B.
autonomous mode

C.
bridge mode

D.
repeater mode

Answer: A
Explanation:

The term ‘lightweight’ refers to the fact that these devices cannot work independently. A Cisco
lightweight AP (LAP) has to join a Wireless LAN Controller (WLC) to function. LAP and WLC
communicate with each other via a logical pair of CAPWAP tunnels.

QUESTION NO: 85

"Pass Any Exam. Any Time." - www.actualtests.com 67

 Cisco 200-301 Exam

Refer to the exhibit. A network engineer must configure communication between PC A and the file
server. Which command must be configured on switch A to prevent interruption of other
communications?

A.
switchport truck allowed vlan 12

B.
switchport truck allowed vlan none

C.
switchport truck allowed vlan add 13

D.
switchport truck allowed vlan remove 10-11

Answer: C
Explanation:

To add a VLAN to the trunk, issue the switchport trunk allowed vlan add vlan-list command.

This example shows how to remove VLANs 5 through 10 and 12.

"Pass Any Exam. Any Time." - www.actualtests.com 68

 Cisco 200-301 Exam
Add VLAN 7 back and verify the allowed VLANs on the trunk link.

Reference: https://community.cisco.com/t5/networking-documents/how-to-define-the-vlans-
allowed-on-a-trunk-link/ta-p/3131083

QUESTION NO: 86

"Pass Any Exam. Any Time." - www.actualtests.com 69

 Cisco 200-301 Exam

Refer to the exhibit. What is the result if Gig1/11 receives an STP BPDU?

A.
The port transitions to STP blocking.

B.
The port immediately transitions to STP forwarding.

C.
The port goes into error-disable state.

D.
The port transitions to the root port.

Answer: C
Explanation:

BPDU Guard feature protects the port from receiving STP BPDUs, however the port can transmit
STP BPDUs. When a STP BPDU is received on a BPDU Guard enabled port, the port is shutdown
and the state of the port changes to ErrDis (Error-Disable) state.

QUESTION NO: 87

"Pass Any Exam. Any Time." - www.actualtests.com 70

 Cisco 200-301 Exam

Refer to the exhibit. An administrator must configure interfaces Gi1/1 and Gi1/3 on switch SW11.
PC-1 and PC-2 must be placed in the Data VLAN, and Phone-1 must be placed in the Voice
VLAN. Which configuration meets these requirements?

A.
interface gigabitethernet1/1

switchport mode access

switchport access vlan 8

interface gigabitethernet1/3

switchport mode access

switchport access vlan 8

switchport voice vlan 9

B.
interface gigabitethernet1/1
"Pass Any Exam. Any Time." - www.actualtests.com 71
 Cisco 200-301 Exam
switchport mode access

switchport access vlan 8

interface gigabitethernet1/3

switchport mode trunk

switchport trunk vlan 8

switchport voice vlan 9

C.
interface gigabitethernet1/1

switchport mode access

switchport access vlan 9

interface gigabitethernet1/3

switchport mode trunk

switchport trunk vlan 8

switchport trunk vlan 9

D.
interface gigabitethernet1/1

switchport mode access

switchport access vlan 8

interface gigabitethernet1/3

switchport mode access

switchport voice vlan 8

switchport access vlan 9

Answer: A

QUESTION NO: 88
"Pass Any Exam. Any Time." - www.actualtests.com 72
 Cisco 200-301 Exam

Refer to the exhibit. Users need to connect to the wireless network with IEEE 802.11r-compatible
devices. The connection must be maintained as users travel between floors or to other areas in
the building. What must be the configuration of the connection?

A.
Disable AES encryption.

B.
Enable Fast Transition and select the FT 802.1x option.

C.
Enable Fast Transition and select the FT PSK option.

D.
Select the WPA Policy option with the CCKM option.

Answer: C
Reference: https://www.cisco.com/c/dam/en/us/td/docs/wireless/controller/technotes/80211r-ft/b-
80211r-dg.html

"Pass Any Exam. Any Time." - www.actualtests.com 73

 Cisco 200-301 Exam

QUESTION NO: 89

Aside from discarding, which two states does the switch port transition through while using RSTP
(802.1w)? (Choose two.)

A.
blocking

B.
speaking

C.
listening

D.
learning

E.
forwarding

Answer: D,E
Reference: https://www.cisco.com/c/en/us/support/docs/lan-switching/spanning-tree-
protocol/24062-146.html

QUESTION NO: 90

"Pass Any Exam. Any Time." - www.actualtests.com 74

 Cisco 200-301 Exam

Refer to the exhibit. An engineer has started to configure replacement switch SW1. To verify part
of the configuration, the engineer issued the commands as shown and noticed that the entry for
PC2 is missing. Which change must be applied to SW1 so that PC1 and PC2 communicate
normally?

A.
SW1(config)#interface fa0/2

SW1(config-if)#no switchport access vlan 2

SW1(config-if)#no switchport trunk allowed vlan 3

SW1(config-if)#switchport trunk allowed vlan 2

B.
SW1(config)#interface fa0/1

SW1(config-if)#no switchport access vlan 2

SW1(config-if)#switchport trunk native vlan 2

SW1(config-if)#switchport trunk allowed vlan 3

C.
SW1(config)#interface fa0/2

SW1(config-if)#no switchport mode trunk

SW1(config-if)#no switchport trunk allowed vlan 3

SW1(config-if)#switchport mode access

D.
"Pass Any Exam. Any Time." - www.actualtests.com 75
 Cisco 200-301 Exam
SW1(config)#interface fa0/1

SW1(config-if)#no switchport access vlan 2

SW1(config-if)#switchport access vlan 3

SW1(config-if)#switchport trunk allowed vlan 2

Answer: C
Explanation:

SW incorrectly is configured as a trunk link on interface fa0/2, allowing only VLAN 3 across the
trunk. In this example we need hosts on VLAN 2 to communicate, not VLAN 3. Removing the
interface as a trunk will enable the communication.

QUESTION NO: 91

Refer to the exhibit. Which configuration establishes a Layer 2 LACP EtherChannel when applied
to both switches?

A.
Interface range G1/1 – 1/3

switchport mode trunk

channel-group 1 mode active

no shutdown

B.
Interface range G1/1 – 1/3

switchport mode access

channel-group 1 mode passive

"Pass Any Exam. Any Time." - www.actualtests.com 76

 Cisco 200-301 Exam
no shutdown

C.
Interface range G1/1 – 1/3

switchport mode trunk

channel-group 1 mode desirable

no shutdown

D.
Interface range G1/1 – 1/3

switchport mode access

channel-group 1 mode on

no shutdown

Answer: A
Explanation:

Reference:
https://www.cisco.com/en/US/docs/switches/metro/me3600x_3800x/trash/swethchl.html

QUESTION NO: 92

"Pass Any Exam. Any Time." - www.actualtests.com 77

 Cisco 200-301 Exam

Refer to the exhibit. Which action must be taken so that neighboring devices rapidly discover
switch Cat9300?

A.
Enable portfast on the ports that connect to neighboring devices.

B.
Configure the cdp timer 10 command on switch Cat9300.

C.
Configure the cdp holdtime 10 command on switch Cat9300.

D.
Configure the cdp timer 10 command on the neighbors of switch Cat9300.

Answer: B
Explanation:

The default CDP timer is 60 seconds. To make the neighbors discover this device sooner, lower
the timer to a smaller value, like 10 seconds, using the cdp timer 10 command.

QUESTION NO: 93

Which type of port is used to connect to the wired network when an autonomous AP maps two
VLANs to its WLANs?

A.
access

B.
LAG

C.
trunk

D.
EtherChannel

Answer: C

"Pass Any Exam. Any Time." - www.actualtests.com 78

 Cisco 200-301 Exam
Explanation:

A trunk link is required to carry multiple VLANs over the same link.

QUESTION NO: 94

A network administrator needs to aggregate 4 ports into a single logical link which must negotiate
layer 2 connectivity to ports on another switch. What must be configured when using active mode
on both sides of the connection?

A.
LLDP

B.
LACP

C.
Cisco vPC

D.
802.1q trunks

Answer: B
Explanation:

Link Aggregation Control Protocol (LACP) is part of the IEEE specification (802.3az) that enables
you to bundle several physical ports together to form a single logical channel (LAG). LAGs multiply
the bandwidth, increase port flexibility, and provide link redundancy between two devices.

Reference:
https://www.cisco.com/assets/sol/sb/Switches_Emulators_v2_3_5_xx/help/250/index.html#page/te
sla_250_olh/aggregating_ports.html

QUESTION NO: 95

"Pass Any Exam. Any Time." - www.actualtests.com 79

 Cisco 200-301 Exam

Refer to the exhibit. For security reasons, automatic neighbor discovery must be disabled on the
R5 Gi0/1 interface. These tasks must be completed:

Disable all neighbor discovery methods on R5 interface Gi0/1

Permit neighbor discovery on R5 interface Gi0/2.

Verify there are no dynamically learned neighbors on R5 interface Gi0/1.

Display the IP address of R6’s interface Gi0/2

Which configuration must be used?

A.
R5(config)#int Gi0/1

R5(config-if)#no cdp enable

R5(config-if)#exit

R5(config)#lldp run

R5(config)#no cdp run

R5#sh cdp neighbor detail

R5#sh lldp neighbor

B.
R5(config)#int Gi0/1

R5(config-if)#no cdp enable

R5(config-if)#exit

R5(config)#no lldp run

R5(config)#cdp run

R5#sh cdp neighbor

R5#sh lldp neighbor

"Pass Any Exam. Any Time." - www.actualtests.com 80

 Cisco 200-301 Exam
C.
R5(config)#int Gi0/1

R5(config-if)#no cdp run

R5(config-if)#exit

R5(config)#lldp run

R5(config)#cdp enable

R5#sh cdp neighbor

R5#sh lldp neighbor

D.
R5(config)#int Gi0/1

R5(config-if)#no cdp enable

R5(config-if)#exit

R5(config)#no lldp run

R5(config)#cdp run

R5#sh cdp neighbor detail

R5#sh lldp neighbor

Answer: D

QUESTION NO: 96

Which two spanning-tree states are bypassed on an interface running PortFast? (Choose two.)

A.
disabled

B.
listening

C.
learning

D.
blocking

E.
"Pass Any Exam. Any Time." - www.actualtests.com 81
 Cisco 200-301 Exam
forwarding

Answer: B,C
Explanation:

When a switch port is configured with PortFast that port transitions from blocking to forwarding
state immediately, bypassing the usual 802.1D STP transition states (the listening and learning
states).

QUESTION NO: 97 DRAG DROP

Drag and drop the management connection types from the left onto the definitions on the right.

Answer:

"Pass Any Exam. Any Time." - www.actualtests.com 82

 Cisco 200-301 Exam

Explanation:

Supports clear-text connections to the controller CLI – Telnet

Supports encrypted access to CLI and a secure channel for data transfer – SSH

Supports physical connections over a serial cable – console

Supports secure web access for management of the device – HTTPS

QUESTION NO: 98

"Pass Any Exam. Any Time." - www.actualtests.com 83

 Cisco 200-301 Exam

Refer to the exhibit. Which change to the configuration on Switch2 allows the two switches to
establish an EtherChannel?

A.
Change the LACP mode to desirable

B.
Change the protocol to PAgP and use auto mode

C.
Change the LACP mode to active

D.
Change the protocol to EtherChannel mode on

Answer: C
Explanation:

LACP has two states or modes, i.e., Active Mode and Passive Mode.

Active Mode –In this mode, ports are placed in an active negotiating state that is negotiation
with other ports is initiated by exchanging LACP packets.

Passive Mode –In this mode, the ports are placed in passive negotiating states, i.e., ports reply
"Pass Any Exam. Any Time." - www.actualtests.com 84
 Cisco 200-301 Exam
to the received LACP packets but it doesn’t initiate LACP.

At least one of the devices must be configured as active, if all ports are passive then the channel
will not form.

QUESTION NO: 99

Refer to the exhibit. An engineer must configure the interface that connects to PC1 and secure it in
a way that only PC1 is allowed to use the port. No VLAN tagging can be used except for a voice
VLAN. Which command sequence must be entered to configure the switch?

A.
SW1(config-if)#switchport mode dynamic auto

SW1(config-if)#switchport port-security

SW1(config-if)#switchport port-security violation restrict

B.
SW1(config-if)#switchport mode nonegotiate

SW1(config-if)#switchport port-security

SW1(config-if)#switchport port-security maximum 1

"Pass Any Exam. Any Time." - www.actualtests.com 85
 Cisco 200-301 Exam
C.
SW1(config-if)#switchport mode access

SW1(config-if)#switchport port-security

SW1(config-if)#switchport port-security mac-address 0050.7966.6800

D.
SW1(config-if)#switchport mode dynamic desirable

SW1(config-if)#switchport port-security mac-address 0050.7966.6800

SW1(config-if)#switchport port-security mac-address sticky

Answer: C
Explanation:

Use the port-security mac-address command to specify that only the device with the configured
mac address is allowed to connect. In this case, we also need to configure the port as an access
port.

QUESTION NO: 100

Refer to the exhibit. What are two conclusions about this configuration? (Choose two.)
"Pass Any Exam. Any Time." - www.actualtests.com 86
 Cisco 200-301 Exam
A.
The spanning-tree mode is Rapid PVST+.

B.
This is a root bridge.

C.
The spanning-tree mode is PVST+.

D.
The designated port is FastEthernet 2/1.

E.
The root port is FastEthernet 2/1.

Answer: A,E
Explanation:

Tt is pvst (per vlan spanning tree) because the show command indicates that there is a STP per
vlan (in this case, showing the STP of VLAN 30). And it is rapid because it says that "Spanning
tree enabled protocol rstp".

QUESTION NO: 101

What does a switch use to build its MAC address table?

A.
VTP

B.
DTP

C.
ingress traffic

D.
egress traffic

Answer: C
Explanation:

LAN switches determine how to handle incoming data frames by maintaining the MAC address
table. A switch builds its MAC address table by recording the MAC address of each device
connected to each of its ports. The switch uses the information in the MAC address table to send
"Pass Any Exam. Any Time." - www.actualtests.com 87
 Cisco 200-301 Exam
frames destined for a specific device out the port, which has been assigned to that device.

An easy way to remember how a switch operates is the following saying: A switch learns on
“source? and forwards based on “destination.? This means that a switch populates the MAC
address table based on source MAC addresses. As frames enter the switch, the switch “learns?
the source MAC address of the received frame and adds the MAC address to the MAC address
table or refreshes the age timer of an existing MAC address table entry.

Reference:
https://www.ciscopress.com/articles/article.asp?p=2181835&seqNum=5#:~:text=A%20switch%20
builds%20its%20MAC,been%20assigned%20to%20that%20device

QUESTION NO: 102

What must a network administrator consider when deciding whether to configure a new wireless
network with APs in autonomous mode or APs running in cloud-based mode?

A.
Autonomous mode APs are less dependent on an underlay but more complex to maintain than
APs in cloud-based mode.

B.
Cloud-based mode APs relay on underlays and are more complex to maintain than APs in
autonomous mode.

C.
Cloud-based mode APs are easy to deploy but harder to automate than APs in autonomous
mode.

D.
Autonomous mode APs are easy to deploy and automate than APs in cloud-based mode.

Answer: A
Explanation:

An autonomous AP is a self-contained device with both wired and wireless hardware so that it can
bridge to the wired VLAN infrastructure wireless clients that belong to SSIDs. Each autonomous
AP must be configured with a management IP address so that it can be remotely accessed using
Telnet, SSH, or a web interface. Each AP must be individually managed and maintained

Cloud-based AP management is an alternative to purchasing a management platform. The AP

management function is pushed into the Internet cloud. For example, Cisco Meraki is a cloud-
"Pass Any Exam. Any Time." - www.actualtests.com 88
 Cisco 200-301 Exam
based AP management service that allows you to automatically deploy Cisco Meraki APs. These
APs can then be managed from the Meraki cloud web interface.

Reference: https://www.ciscopress.com/articles/article.asp?p=2999384&seqNum=5

QUESTION NO: 103

When a switch receives a frame for an unknown destination MAC address, how is the frame
handled?

A.
flooded to all ports except the origination port

B.
forwarded to the first available port

C.
broadcast to all ports on the switch

D.
inspected and dropped by the switch

Answer: A
Explanation:

Causes of Flooding

The very cause of flooding is that destination MAC address of the packet is not in the L2
forwarding table of the switch. In this case the packet will be flooded out of all forwarding ports in
its VLAN (except the port it was received on).

Reference: https://www.cisco.com/c/en/us/support/docs/switches/catalyst-6000-series-
switches/23563-143.html

QUESTION NO: 104

"Pass Any Exam. Any Time." - www.actualtests.com 89

 Cisco 200-301 Exam

Refer to the exhibit. Switch AccSw1 has just been added to the network along with PC2. All
VLANs have been implemented on AccSw2. How must the ports on AccSw2 be configured to
establish Layer 2 connectivity between PC1 and PC2?

A.
interface GigabitEthernet1/2

switchport mode access

"Pass Any Exam. Any Time." - www.actualtests.com 90

 Cisco 200-301 Exam
switchport access vlan 2

interface GigabitEthernet1/24

switchport mode trunk

B.
interface GigabitEthernet1/1

switchport mode access

switchport access vlan 11

interface GigabitEthernet1/24

switchport mode trunk

C.
interface GigabitEthernet1/24

switchport mode trunk

switchport trunk allowed vlan 11, 12

interface GigabitEthernet1/1

switchport access vlan 11

D.
interface GigabitEthernet1/2

switchport mode access

switchport access vlan 12

interface GigabitEthernet1/24

switchport mode trunk

switchport trunk allowed vlan 11, 12

Answer: B

"Pass Any Exam. Any Time." - www.actualtests.com 91

 Cisco 200-301 Exam
QUESTION NO: 105

Refer to the exhibit. A network engineer must update the configuration on Switch2 so that it sends
LLDP packets every minute and the information sent via LLDP is refreshed every 3 minutes.
Which configuration must the engineer apply?

A.
Switch2(config)#lldp timer 60

Switch2(config)#lldp tlv-select 180

B.
Switch2(config)#lldp timer 60

Switch2(config)#lldp holdtime 180

C.
Switch2(config)#lldp timer 1

Switch2(config)#lldp holdtime 3

D.
Switch2(config)#lldp timer 1

Switch2(config)#lldp tlv-select 3

Answer: B
Explanation:

"Pass Any Exam. Any Time." - www.actualtests.com 92

 Cisco 200-301 Exam

Reference: https://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus9000/sw/6-
x/system_management/configuration/guide/b_Cisco_Nexus_9000_Series_NX-
OS_System_Management_Configuration_Guide/sm_lldp.pdf

QUESTION NO: 106

"Pass Any Exam. Any Time." - www.actualtests.com 93

 Cisco 200-301 Exam
Refer to the exhibit. Switch A is newly configured. All VLANs are present in the VLAN database.
The IP phone and PC A on Gi0/1 must be configured for the appropriate VLANs to establish
connectivity between the PCs. Which command set fulfills the requirement?

A.
SwitchA(config-if)#switchport mode access

SwitchA(config-if)#switchport access vlan 50

SwitchA(config-if)#switchport voice vlan 51

B.
SwitchA(config-if)#switchport mode trunk

SwitchA(config-if)#switchport trunk allowed vlan add 50, 51

SwitchA(config-if)#switchport voice vlan dot1p

C.
SwitchA(config-if)#switchport mode trunk

SwitchA(config-if)#switchport trunk allowed vlan 50, 51

SwitchA(config-if)#mis qos trust cos

D.
SwitchA(config-if)#switchport mode access

SwitchA(config-if)#switchport access vlan 50

SwitchA(config-if)#switchport voice vlan untagged

Answer: A
Explanation:

Here is an example:

he computer will be in a data VLAN, the IP phone will be in the voice VLAN. It will look like this:

SW1(config)#interface GigabitEthernet 0/1

"Pass Any Exam. Any Time." - www.actualtests.com 94
 Cisco 200-301 Exam
SW1(config-if)#switchport mode access

SW1(config-if)#switchport access vlan 100

SW1(config-if)#switchport voice vlan 101

SW1(config-if)#exit

Reference: https://networklessons.com/cisco/ccna-routing-switching-icnd1-100-105/voice-vlan

QUESTION NO: 107

Which WLC interface provides out-of-band management in the Cisco Unified Wireless Network
Architecture?

A.
AP-Manager

B.
service port

C.
dynamic

D.
virtual

Answer: B
Explanation:

The service port can be used management purposes, primarily for out-of-band management.
However, AP management traffic is not possible across the service port. In most cases, the
service port is used as a "last resort" means of accessing the controller GUI for management
purposes. For example, in the case where the system distribution ports on the controller are down
or their communication to the wired network is otherwise degraded.

The service port is controlled by the service-port interface and is reserved for out-of-band
management of the controller and system recovery and maintenance in the event of a network
failure. It is also the only port that is active when the controller is in boot mode. The service port is
not capable of carrying 802.1Q tags, so it must be connected to an access port on the neighbor
switch. Use of the service port is optional.

"Pass Any Exam. Any Time." - www.actualtests.com 95

 Cisco 200-301 Exam
Service ports are not intended for high volume of traffic. We recommend that you use the
management interface through the system distribution ports (dedicated or LAG).

Service ports can be used for SNMP polling.

Reference: https://www.cisco.com/c/en/us/td/docs/wireless/controller/8-5/config-
guide/b_cg85/ports_and_interfaces.html

QUESTION NO: 108

"Pass Any Exam. Any Time." - www.actualtests.com 96

 Cisco 200-301 Exam

Refer to the exhibit. The network engineer is configuring a new WLAN and is told to use a setup
password for authentication instead of the RADIUS servers. Which additional set of tasks must the
engineer perform to complete the configuration?

A.
Disable PMF

Enable PSK
"Pass Any Exam. Any Time." - www.actualtests.com 97
 Cisco 200-301 Exam
Enable 802.1x

B.
Select WPA Policy

Enable CCKM

Enable PSK

C.
Select WPA Policy

Select WPA2 Policy

Enable FT PSK

D.
Select WPA2 Policy

Disable PMF

Enable PSK

Answer: D

QUESTION NO: 109

Which mode must be set for APs to communicate to a Wireless LAN Controller using the Control
and Provisioning of Wireless Access Points (CAPWAP) protocol?

A.
route

B.
bridge

C.
lightweight

D.
autonomous

Answer: C
Explanation:

APs are “lightweight,? which means that they cannot act independently of a wireless LAN
controller (WLC). The WLC manages the AP configurations and firmware. The APs are “zero
"Pass Any Exam. Any Time." - www.actualtests.com 98
 Cisco 200-301 Exam
touch? deployed, and individual configuration of APs is not necessary. The APs are also
lightweight in the sense that they handle only real-time MAC functionality. The APs leave all the
non-real-time MAC functionality to be processed by the WLC. Cisco lightweight access points use
the IETF standard Control and Provisioning of Wireless Access Points protocol (CAPWAP) in
order to communicate between the controller and other lightweight access points on the network.

Reference: https://www.cisco.com/c/en/us/support/docs/wireless/aironet-1200-series/70278-lap-
faq.html

QUESTION NO: 110

Refer to the exhibit. An engineer is configuring an EtherChannel using LACP between Switches 1
and 2.

Which configuration must be applied so that only Switch 1 sends LACP initiation packets?

A.

"Pass Any Exam. Any Time." - www.actualtests.com 99

 Cisco 200-301 Exam
B.

C.

D.

Answer: B
Explanation:

Active mode — the interface is in an active negotiating state. LACP runs on any link that is
configured to be in the active state. The port in an active mode also automatically initiates
negotiations with other ports by initiating LACP packets.

Passive mode — the interface is not in an active negotiating state. LACP runs on any link that is
configured in a passive mode. The port in a passive mode responds to negotiations requests from
other ports that are in an active mode. Ports in passive mode respond to LACP packets.

QUESTION NO: 111

"Pass Any Exam. Any Time." - www.actualtests.com 100

 Cisco 200-301 Exam

"Pass Any Exam. Any Time." - www.actualtests.com 101

 Cisco 200-301 Exam
Refer to the exhibit. All VLANs are present in the VLAN database. Which command sequence
must be applied to complete the configuration?

A.

B.

C.

D.

Answer: A
Explanation:

Here is an example:

"Pass Any Exam. Any Time." - www.actualtests.com 102

 Cisco 200-301 Exam
he computer will be in a data VLAN, the IP phone will be in the voice VLAN. It will look like this:

SW1(config)#interface GigabitEthernet 0/1

SW1(config-if)#switchport mode access

SW1(config-if)#switchport access vlan 100

SW1(config-if)#switchport voice vlan 101

SW1(config-if)#exit

Reference: https://networklessons.com/cisco/ccna-routing-switching-icnd1-100-105/voice-vlan

QUESTION NO: 112

Which Layer 2 switch function encapsulates packets for different VLANs so that the packets
traverse the same port and maintain traffic separation between the VLANs?

A.
VLAN marking

B.
VLAN numbering

C.
VLAN DSCP

D.
VLAN tagging

Answer: D

"Pass Any Exam. Any Time." - www.actualtests.com 103

 Cisco 200-301 Exam
Explanation:

To correctly deliver the traffic on a trunk port with several VLANs, the device uses the IEEE
802.1Q encapsulation (tagging) method. This tag carries information about the specific VLAN to
which the frame and packet belong. This method allows packets that are encapsulated for several
different VLANs to traverse the same port and maintain traffic separation between the VLANs.

Reference:
https://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus3000/sw/layer2/7x/b_Cisco_Nex
us_3000_Layer_2_Switching_Config_7x/b_Cisco_Nexus_3000_Layer_2_Switching_Config_7x_c
hapter_0100.html

QUESTION NO: 113

Which value is the unique identifier that an access point uses to establish and maintain wireless
connectivity to wireless network devices?

A.
VLAN ID

B.
SSID

C.
RFID

D.
WLAN ID

Answer: B
Explanation:

An SSID is a unique identifier used by a client to establish a connection to a particular wireless

network. When devices within a network need to communicate with each other, they need to
identify the WLAN. Identification is handled through a unique value given to that WLAN, known as
the SSID.

QUESTION NO: 114

"Pass Any Exam. Any Time." - www.actualtests.com 104

 Cisco 200-301 Exam
What does a switch do when it receives a frame whose destination MAC address is missing from
the MAC address table?

A.
It changes the checksum of the frame to a value that indicates an invalid frame.

B.
It updates the CAM table with the destination MAC address of the frame.

C.
It appends the table with a static entry for the MAC and shuts down the port.

D.
It floods the frame unchanged across all remaining ports in the incoming VLAN.

Answer: D
Explanation:

When a switch floods a frame it checks for forwarding ports ONLY on the VLAN on which the
frame arrived.

QUESTION NO: 115

What is a reason to implement LAG on a Cisco WLC?

A.
Enable connected switch ports to fail over and use different VLANs

B.
Increase security and encrypt management frames

C.
Allow for stateful and link-state failover

D.
Provide link redundancy and load balancing

Answer: D
Explanation:

Cisco Wireless Controllers (WLC) support the configuration of Link Aggregation (IEEE 802.3ad -
LAG) which bundles the controller ports into a single port channel. This helps simplify the

"Pass Any Exam. Any Time." - www.actualtests.com 105

 Cisco 200-301 Exam
configuration of the WLC interface ports, increase available bandwidth between the wireless and
wired network, provide load-balancing capabilities between physical WLC ports and increase port
redundancy.

QUESTION NO: 116

Which functionality is provided by the console connection on a Cisco WLC?

A.
HTTP-based GUI connectivity

B.
secure in-band connectivity for device administration

C.
out-of-band management

D.
unencrypted in-band connectivity for file transfers

Answer: C
Explanation:

The console port on a Cisco Wireless LAN Controller (WLC) is used for out-of-band management
via an asynchronous transport. The console port provides a direct, physical connection to the WLC
and can be used for initial configuration, troubleshooting, and recovery in case of network
connectivity issues.

In contrast, in-band management refers to the management of the WLC using the same network
infrastructure that is used for user traffic. This is typically done via an IP transport, such as SSH or
HTTPS, and allows administrators to manage the WLC remotely.

QUESTION NO: 117

How does Rapid PVST+ create a fast loop-free network topology?

A.
It uses multiple active paths between end stations.
"Pass Any Exam. Any Time." - www.actualtests.com 106
 Cisco 200-301 Exam
B.
It requires multiple links between core switches.

C.
It maps multiple VLANs into the same spanning-tree instance.

D.
It generates one spanning-tree instance for each VLAN.

Answer: D
Explanation:

Rapid PVST+ creates a fast loop-free network topology by generating one spanning-tree instance
for each VLAN.

QUESTION NO: 118

Refer to the exhibit. Routers R1, R2, and R3 use a protocol to identify the neighbors’ IP
addresses, hardware platforms, and software versions. A network engineer must configure R2 to
avoid sharing any neighbor information with R3, and maintain its relationship with R1. What action
meets this requirement?

A.
Configure the no lldp receive command on g0/1.

B.
Configure the no cdp run command globally.

C.
Configure the no cdp enable command on g0/2.

D.
Configure the no lldp run command globally.

"Pass Any Exam. Any Time." - www.actualtests.com 107

 Cisco 200-301 Exam
Answer: C
Explanation:

We need to disable CDP only on the interface to R3, while still allowing it globally.

QUESTION NO: 119

Which command enables HTTP access to the Cisco WLC?

A.
config network telnet enable

B.
config network secureweb enable

C.
config certificate generate webadmin

D.
config network webmode enable

Answer: D
Explanation:

To enable HTTP access to a Cisco Wireless LAN Controller (WLC), you can use the following
command in the WLC's command-line interface (CLI):

config network webmode enable

This command enables the HTTP service on the WLC, allowing administrators to access the
WLC's web-based management interface using a web browser.

QUESTION NO: 120

A switch is forwarding a frame out of all interfaces except the interface that received the frame.
What is the technical term for this process?

"Pass Any Exam. Any Time." - www.actualtests.com 108

 Cisco 200-301 Exam
A.
ARP

B.
CDP

C.
flooding

D.
multicast

Answer: C
Explanation:

The technical term for the process where a switch forwards a frame out of all interfaces except the
interface that received the frame is called "flooding" or "broadcast flooding."

When a switch receives a frame with an unknown destination MAC address, it needs to determine
which port to forward the frame to. If the switch does not have an entry for the destination MAC
address in its MAC address table (also known as the CAM table or MAC forwarding table), it
cannot make a forwarding decision based on the destination MAC address.

In such cases, the switch performs flooding by forwarding the frame out of all active interfaces,
except the interface from which the frame was received. This ensures that the frame reaches all
other devices connected to the switch. By flooding the frame, the switch maximizes the chances of
the frame reaching the correct destination and prevents the possibility of dropping the frame due
to insufficient information about the destination.

QUESTION NO: 121

"Pass Any Exam. Any Time." - www.actualtests.com 109

 Cisco 200-301 Exam

Refer to the exhibit. An architect is managing a wireless network with APs from several branch
offices connecting to the WLC in the data center. There is a new requirement for a single WLAN to
process the client data traffic without sending it to the WLC. Which action must be taken to
complete the request?

A.
Enable local HTTP profiling.

B.
Enable FlexConnect Local Switching.

C.
Enable local DHCP Profiling.

D.
Enable Disassociation Imminent.

Answer: B
Reference: https://www.cisco.com/c/en/us/td/docs/wireless/controller/8-5/config-
guide/b_cg85/flexconnect.html

QUESTION NO: 122

A Cisco engineer at a new branch office is configuring a wireless network with access points that
connect to a controller that is based at corporate headquarters. Wireless client traffic must
terminate at the branch office and access-point survivability is required in the event of a WAN
outage. Which access point mode must be selected?
"Pass Any Exam. Any Time." - www.actualtests.com 110
 Cisco 200-301 Exam
A.
Lightweight with local switching disabled

B.
FlexConnect with local switching enabled

C.
OfficeExtend with high availability disabled

D.
Local with AP fallback enabled

Answer: B
Reference: https://www.cisco.com/c/en/us/td/docs/wireless/controller/8-5/config-
guide/b_cg85/flexconnect.html

QUESTION NO: 123

What is a reason to configure a trunk port that connects to a WLC distribution port?

A.
Provide redundancy if there is a link failure for out-of-band management.

B.
Allow multiple VLANs to be used in the data path.

C.
Permit multiple VLANs to provide out-of-band management.

D.
Eliminate redundancy with a link failure in the data path.

Answer: B
Explanation:

One of the main reasons to configure a trunk port that connects to a Wireless LAN Controller
(WLC) distribution port is to carry multiple VLANs over a single physical link.

When a WLC is connected to a switch, it needs to handle traffic from multiple VLANs
corresponding to different wireless networks. Each VLAN typically represents a separate
broadcast domain or a specific set of devices. To accommodate this requirement, a trunk port is
used.

"Pass Any Exam. Any Time." - www.actualtests.com 111

 Cisco 200-301 Exam

QUESTION NO: 124

Refer to the exhibit. A network engineer configures the CCNA WLAN so that clients must
reauthenticate hourly and to limit the number of simultaneous connections to the WLAN to 10.
Which two actions complete this configuration? (Choose two.)

A.
Enable the Wi-Fi Direct Clients Policy option.

B.
Enable the Enable Session Timeout option and set the value to 3600.

C.
Enable the Client Exclusion option and set the value to 3600.

D.
Set the Maximum Allowed Clients value to 10.

E.
Set the Maximum Allowed Clients Per AP Radio value to 10.

Answer: B,D

QUESTION NO: 125

"Pass Any Exam. Any Time." - www.actualtests.com 112
 Cisco 200-301 Exam
What are two port types used by a Cisco WLC for out-of-band management? (Choose two.)

A.
service

B.
console

C.
management

D.
distribution system

E.
redundant

Answer: A,B
Reference: https://www.cisco.com/c/en/us/td/docs/wireless/controller/technotes/8-1/5520-WLC-
DG/b_Cisco-5520-WLC-deployment-guide.html

QUESTION NO: 126

A wireless access point is needed and must meet these requirements:

“zero-touch? deployed and managed by a WLC

process only real-time MAC functionality

used in a split-MAC architecture

Which access point type must be used?

A.
mesh

B.
autonomous

C.
lightweight

D.
"Pass Any Exam. Any Time." - www.actualtests.com 113
 Cisco 200-301 Exam
cloud-based

Answer: C
Reference: https://www.cisco.com/c/en/us/support/docs/wireless/aironet-1200-series/70278-lap-
faq.html

QUESTION NO: 127

After installing a new Cisco ISE server, which task must the engineer perform on the Cisco WLC
to connect wireless clients on a specific VLAN based on their credentials?

A.
Disable the LAG Mode on Next Reboot.

B.
Enable the Event Driven RRM.

C.
Enable the Allow AAA Override.

D.
Enable the Authorize MIC APs against auth-list or AAA.

Answer: C
Explanation:

In order to support centralized access control through a centralized AAA server such as the Cisco
Identity Services Engine (ISE) or ACS, the IPv6 ACL can be provisioned on a per-client basis
using AAA Override attributes. In order to use this feature, the IPv6 ACL must be configured on
the controller and the WLAN must be configured with the AAA Override feature enabled.

Reference:

https://www.cisco.com/c/en/us/td/docs/wireless/controller/7-6/configuration-
guide/b_cg76/b_cg76_chapter_0111001.pdf

QUESTION NO: 128

"Pass Any Exam. Any Time." - www.actualtests.com 114

 Cisco 200-301 Exam
What occurs when PortFast is enabled on an interface that is connected to another switch?

A.
Root port choice and spanning-tree recalculation are accelerated when a switch link goes down.

B.
After spanning-tree converges, PortFast shuts down any port that receives BPDUs.

C.
VTP is allowed to propagate VLAN configuration information from switch to switch automatically.

D.
Spanning-tree fails to detect a switching loop increasing the likelihood of broadcast storms.

Answer: D
Explanation:

Enabling the PortFast feature causes a switch or a trunk port to enter the STP forwarding-state
immediately or upon a linkup event, thus bypassing the listening and learning states.

Note: To enable portfast on a trunk port you need the trunk keyword “spanning-tree portfast trunk?

QUESTION NO: 129

Which unified access point mode continues to serve wireless clients after losing connectivity to the
Cisco Wireless LAN Controller?

A.
local

B.
mesh

C.
flexconnect

D.
sniffer

Answer: C

"Pass Any Exam. Any Time." - www.actualtests.com 115

 Cisco 200-301 Exam
Explanation:

In previous releases, whenever a FlexConnect access point disassociates from a controller, it

moves to the standalone mode. The clients that are centrally switched are disassociated.
However, the FlexConnect access point continues to serve locally switched clients. When the
FlexConnect access point rejoins the controller (or a standby controller), all clients are
disconnected and are authenticated again. This functionality has been enhanced and the
connection between the clients and the FlexConnect access points are maintained intact and the
clients experience seamless connectivity. When both the access point and the controller have the
same configuration, the connection between the clients and APs is maintained.

Reference: https://www.cisco.com/c/en/us/td/docs/wireless/controller/7-
4/configuration/guides/consolidated/b_cg74_CONSOLIDATED/b_cg74_CONSOLIDATED_chapter
_010001101.html

QUESTION NO: 130

Which two values or settings must be entered when configuring a new WLAN in the Cisco
Wireless LAN Controller GUI? (Choose two.)

A.
QoS settings

B.
IP address of one or more access points

C.
SSID

D.
profile name

E.
management interface settings

Answer: C,D
Explanation:

Ref: WLAN Configuration Guide, Cisco IOS XE Release 3SE (Cisco WLC 5700 Series)

“Using the Web Graphical User Interface

"Pass Any Exam. Any Time." - www.actualtests.com 116

 Cisco 200-301 Exam
Configuring the Controller Web GUI

Step 11

In the WLANs page, enter the following WLAN configuration parameters, and click Next.

• WLAN identifier in the WLAN ID text box.

• SSID of the WLAN that the client is associated with in the SSID text box.

• Name of the WLAN used by the client in the Profile Name text box.

QUESTION NO: 131

Refer to the exhibit. A network engineer is configuring a WLAN to connect with the 172.16.10.0/24
network on VLAN 20. The engineer wants to limit the number of devices that connect to the WLAN
on the USERWL SSID to 125. Which configuration must the engineer perform on the WLC?

A.
In the Controller IPv6 configuration, set the Throttle value to 125.

B.
In the WLAN configuration, set the Maximum Allowed Clients value to 125.

C.
In the Management Software activation configuration, set the Clients value to 125.

D.
In the Advanced configuration, set the DTIM value to 125.

Answer: A
"Pass Any Exam. Any Time." - www.actualtests.com 117
 Cisco 200-301 Exam

QUESTION NO: 132

What is the role of the root port in a switched network?

A.
It replaces the designated port when the designated port fails.

B.
It replaces the designated port when the root port fails.

C.
It is the best path to the root from a nonroot switch.

D.
It is administratively disabled until a failover occurs.

Answer: B

QUESTION NO: 133 CORRECT TEXT

Guidelines

This is a lab item in which tasks will be performed on virtual devices.

Refer to the Tasks tab to view the tasks for this lab item.

Refer to the Topology tab to access the device console(s) and perform the tasks.

Console access is available for all required devices by clicking the device icon or using the
tab(s) above the console window.

All necessary preconfigurations have been applied.

Do not change the enable password or hostname for any device.

Save your configurations to NVRAM before moving to the next item.

Click Next at the bottom of the screen to submit this lab and move to the next question.

When Next is clicked, the lab closes and cannot be reopened.

Topology

"Pass Any Exam. Any Time." - www.actualtests.com 118

 Cisco 200-301 Exam

Tasks

SW-3 and SW-4 are preconfigured with all necessary commands. All physical cabling is in place
and verified. All connectivity must be operational.

1. Configure both SW-1 and SW-2 switch ports e0/0 and e0/1 for 802.1q trunking with only VLANS
1, 12, and 22 permitted.

2. Configure SW-1 port e0/2 for 802.1q trunking and include only VLANS 12 and 22.

3. Configure both SW-1 and SW-2 switch ports e0/0 and e0/1 for link aggregation using the
industry standard protocol. All ports must be configured so that they immediately negotiate the
"Pass Any Exam. Any Time." - www.actualtests.com 119
 Cisco 200-301 Exam
link.

Answer:
See explanation below.

Explanation:

Step 1:

SW-1:

interface e0/0

switchport mode trunk

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 1,12,22

interface e0/1

switchport mode trunk

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 1,12,22

SW-2:

interface e0/0

switchport mode trunk

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 1,12,22

interface e0/1

switchport mode trunk

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 1,12,22

Step 2:

SW-1:

"Pass Any Exam. Any Time." - www.actualtests.com 120

 Cisco 200-301 Exam
interface e0/2

switchport mode trunk

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 12,22

Step 3:

SW-1:

interface range e0/0 - e0/1

channel-group 1 mode active

SW-2:

interface range e0/0 - e0/1

channel-group 1 mode active

QUESTION NO: 134 CORRECT TEXT

Guidelines

This is a lab item in which tasks will be performed on virtual devices.

Refer to the Tasks tab to view the tasks for this lab item.

Refer to the Topology tab to access the device console(s) and perform the tasks.

Console access is available for all required devices by clicking the device icon or using the
tab(s) above the console window.

All necessary preconfigurations have been applied.

Do not change the enable password or hostname for any device.

Save your configurations to NVRAM before moving to the next item.

Click Next at the bottom of the screen to submit this lab and move to the next question.

When Next is clicked, the lab closes and cannot be reopened.

"Pass Any Exam. Any Time." - www.actualtests.com 121

 Cisco 200-301 Exam
Topology

Tasks

All physical cabling is in place and verified. Connectivity for PC1, PC2 and PC3 must be
established to the switches. Each port connecting to the PCs must be configured as an end-user
port and only allow the designated VLAN.

Configure VLAN 99 on all three switches and label it exactly as FINANCIAL

Configure the switch ports connecting to PC1, PC2 and PC3

Cisco's neighbor discovery protocol has been disabled on SW-1 and must be re-enabled

PC1 must not be able to discover SW-1 via the Cisco neighbor discovery protocol

"Pass Any Exam. Any Time." - www.actualtests.com 122

 Cisco 200-301 Exam
Answer:
See explanation below.

Explanation:

Task 1:

SW-1(config)# vlan 99

SW-1(config-vlan)# name FINANCIAL

SW-1(config-vlan)# exit

SW-2(config)# vlan 99

SW-2(config-vlan)# name FINANCIAL

SW-2(config-vlan)# exit

SW-3(config)# vlan 99

SW-3(config-vlan)# name FINANCIAL

SW-3(config-vlan)# exit

Task 2:

SW-1(config)# interface e0/2

SW-1(config-if)# switchport mode access

SW-1(config-if)# switchport access vlan 99

SW-1(config-if)# exit

SW-2(config)# interface e0/2

SW-2(config-if)# switchport mode access

SW-2(config-if)# switchport access vlan 99

SW-2(config-if)# exit

SW-3(config)# interface e0/2

SW-3(config-if)# switchport mode access

SW-3(config-if)# switchport access vlan 99

"Pass Any Exam. Any Time." - www.actualtests.com 123

 Cisco 200-301 Exam
SW-3(config-if)# exit

Task 3:

SW-1(config)# cdp run

Task 4:

SW-1(config)# interface e0/2

SW-1(config-if)# no cdp enable

QUESTION NO: 135

Refer to the exhibit. Network services must be enabled on interface Gi1/0/34. Which configuration
"Pass Any Exam. Any Time." - www.actualtests.com 124
 Cisco 200-301 Exam
meets the needs for this implementation?

A.
interface Gi1/0/34

switchport mode trunk

switchport

trunk allowed native vlan 400

switchport

voice vlan 4041

B.
interface Gi1/0/34

switchport mode trunk

switchport

trunk allowed vlan 400, 4041

switchport voice vlan 4041

C.
interface Gi1/0/34

switchport mode access

switchport

access vlan 400

switchport voice vlan 4041

D.
interface Gi1/0/34

switchport mode access

switchport

access vlan 4041

switchport voice vlan 400

Answer: C

"Pass Any Exam. Any Time." - www.actualtests.com 125

 Cisco 200-301 Exam
QUESTION NO: 136

Refer to the exhibit. Which switch in this configuration will be elected as the root bridge?

SW1: 0C:E4:82:33:62:23

SW2: 0C:0E:16:11:05:97

SW3: 0C:E0:16:1A:3C:9D

SW4: 0C:00:18:A1:B3:19

"Pass Any Exam. Any Time." - www.actualtests.com 126

 Cisco 200-301 Exam
A.
SW1

B.
SW2

C.
SW3

D.
SW4

Answer: B

QUESTION NO: 137

Two switches have been implemented and all interfaces are at the default configuration level. A
trunk link must be implemented between two switches with these requirements:

using an industry-standard trunking protocol

permitting VLANs 1-10 and denying other VLANs

How must the interconnecting ports be configured?

A.
switchport mode dynamic

channel-protocol lacp

switchport trunk allowed vlans 1-10

B.
switchport mode trunk

switchport trunk allowed vlans 1-10

switchport trunk native vlan 11

C.
switchport mode trunk

switchport trunk encapsulation dot1q

switchport trunk allowed vlans 1-10

D.
"Pass Any Exam. Any Time." - www.actualtests.com 127
 Cisco 200-301 Exam
switchport mode dynamic desirable

channel-group 1 mode desirable

switchport trunk encapsulation isl

switchport trunk allowed vlan except 11-4094

Answer: C

QUESTION NO: 138

Refer to the exhibit. A network engineer updates the existing configuration on interface
fastethernet1/1 switch SW1. It must establish an EtherChannel by using the same group
designation with another vendor switch. Which configuration must be performed to complete the
process?

A.
interface port-channel 2

channel-group 2 mode desirable

B.
interface fastethernet 1/1

channel-group 2 mode on

C.
"Pass Any Exam. Any Time." - www.actualtests.com 128
 Cisco 200-301 Exam
interface fastethernet 1/1

channel-group 2 mode active

D.
interface port-channel 2

channel-group 2 mode auto

Answer: A
Explanation:

Port Aggregation Protocol (PAgP) is a Cisco proprietary protocol which is used for the automated,
logical aggregation of Ethernet switch ports, known as an Ether Channel. There are two modes of
PAgP:

Auto mode: it passively negotiates PAgP aggregation. If the remote end of the link is also
configured with Auto mode, a PAgP EtherChannel will not form. Auto side is waiting for
negotiation to start from the other end.

Desirable mode, that actively negotiates PAgP. The remote end must be configured in Auto or
Desirable mode for a PAgP EtherChannel to form.

QUESTION NO: 139

"Pass Any Exam. Any Time." - www.actualtests.com 129

 Cisco 200-301 Exam

Refer to the exhibit. An engineer configures interface fa0/1 on SW1 and SW2 to pass traffic from
two different VLANs. For security reasons, company policy requires the native VLAN to be set to a
nondefault value. Which configuration meets this requirement?

A.
Switch(config-if)#switchport mode trunk

Switch(config-if)#switchport trunk encapsulation dot1q

Switch(config-if)#switchport trunk allowed vlan 100,105

Switch(config-if)#switchport trunk native vlan 3

B.
Switch(config-if)#switchport mode trunk

Switch(config-if)#switchport trunk encapsulation isl

"Pass Any Exam. Any Time." - www.actualtests.com 130

 Cisco 200-301 Exam
Switch(config-if)#switchport trunk allowed vlan 100,105

Switch(config-if)#switchport trunk native vlan 1

C.
Switch(config-if)#switchport mode dynamic

Switch(config-if)#switchport access vlan 100,105

Switch(config-if)#switchport trunk native vlan 1

D.
Switch(config-if)#switchport mode access

Switch(config-if)#switchport trunk encapsulation dot1q

Switch(config-if)#switchport access vlan 100,105

Switch(config-if)#switchport trunk native vlan 3

Answer: A

QUESTION NO: 140

What provides connection redundancy, increased bandwidth, and load sharing between a wireless
LAN controller and a Layer 2 switch?

A.
first hop redundancy

B.
VLAN trunking

C.
tunneling

D.
link aggregation

Answer: D
Explanation:

Link aggregation is the combining (aggregating) of multiple network connections in parallel by any
of several methods. Link aggregation increases total throughput beyond what a single connection
could sustain, and provides redundancy where all but one of the physical links may fail without
losing connectivity. A link aggregation group (LAG) is the combined collection of physical ports.

"Pass Any Exam. Any Time." - www.actualtests.com 131

 Cisco 200-301 Exam

QUESTION NO: 141

Which port type supports the spanning-tree portfast command without additional configuration?

A.
Layer 3 main interfaces

B.
Layer 3 subinterfaces

C.
trunk ports

D.
access ports

Answer: D
Explanation:

A port with the Port Fast feature enabled is moved directly to the spanning-tree forwarding state
without waiting for the standard forward-time delay.

Use Port Fast only when connecting a single end station to an access or trunk port. Enabling this
feature on a port connected to a switch or hub could prevent spanning tree from detecting and
disabling loops in your network, which could cause broadcast storms and address-learning
problems.

QUESTION NO: 142

How is a configuration change made to a wireless AP in lightweight mode?

A.
SSH connection to the management IP of the AP

B.
CAPWAP/LWAPP connection via the parent WLC

C.
EoIP connection via the parent WLC

"Pass Any Exam. Any Time." - www.actualtests.com 132

 Cisco 200-301 Exam
D.
HTTPS connection directly to the out-of-band address of the AP

Answer: B

QUESTION NO: 143

Refer to the exhibit. Which IP route command created the best path for a packet destined for
10.10.10.3?

A.
ip route 10.10.0.0 255.255.252.0 g0/0

B.
ip route 10.10.10.0 255.255.255.240 g0/0

C.
ip route 10.0.0.0 255.0.0.0 g0/0

D.
ip route 10.10.10.1 255.255.255.255 g0/0

Answer: B

QUESTION NO: 144 CORRECT TEXT

Guidelines

This is a lab item in which tasks will be performed on virtual devices.

"Pass Any Exam. Any Time." - www.actualtests.com 133

 Cisco 200-301 Exam
Refer to the Tasks tab to view the tasks for this lab item.

Refer to the Topology tab to access the device console(s) and perform the tasks.

Console access is available for all required devices by clicking the device icon or using the
tab(s) above the console window.

All necessary preconfigurations have been applied.

Do not change the enable password or hostname for any device.

Save your configurations to NVRAM before moving to the next item.

Click Next at the bottom of the screen to submit this lab and move to the next question.

When Next is clicked, the lab closes and cannot be reopened.

Topology

"Pass Any Exam. Any Time." - www.actualtests.com 134

 Cisco 200-301 Exam

Tasks

R1 and R2 are pre-configured with all the necessary commands. All physical cabling is in place
and verified. Connectivity for PC1 and PC2 must be established to the switches; each port must
only allow one VLAN and be operational.
"Pass Any Exam. Any Time." - www.actualtests.com 135
 Cisco 200-301 Exam
1. Configure SW-1 with VLAN 15 and label it exactly as OPS

2. Configure SW-2 with VLAN 66 and label it exactly as ENGINEERING

3. Configure the switch port connecting to PC1

4. Configure the switch port connecting to PC2

5. Configure the E0/2 connections on SW-1 and SW-2 for neighbor discovery using the vendor-
neutral standard protocol and ensure that E0/0 on both switches uses the Cisco proprietary
protocol

Answer:
See explanation below.

Explanation:

Task 1. Configure SW-1 with VLAN 15 and label it exactly as OPS

SW-1(config)#vlan 15

SW-1(config-vlan)#name OPS

SW-1(config-vlan)#exit //To apply the VLAN configured

Task 2. Configure SW-2 with VLAN 66 and label it exactly as ENGINEERING

SW-2(config)#vlan 66

SW-2(config-vlan)#name ENGINEERING

SW-2(config-vlan)#exit //To apply the VLAN configured

Task 3. Configure the switch port connecting to PC1

SW-1(config)#int e0/1

SW-1(config-if)#switchport mode access

SW-1(config-if)#switchport access vlan 15

SW-1(config-if)#no shut

Task 4. Configure the switch port connecting to PC2

"Pass Any Exam. Any Time." - www.actualtests.com 136

 Cisco 200-301 Exam
SW-2(config)#int e0/1

SW-2(config-if)#switchport mode access

SW-2(config-if)#switchport access vlan 66

SW-2(config-if)#no shut

Task 5. Configure the E0/2 connections on SW-1 and SW-2 for neighbor discovery using the
vendor-neutral standard protocol and ensure that e0/0 on both switches uses the Cisco proprietary
protocol

“neighbor discovery using the vendor-neutral standard protocol? means LLDP while “Cisco
proprietary protocol? means CDP.

On both SW-1 and SW-2

SW-1(config)#lldp run

SW-2(config)#lldp run

SW-1(config)#int e0/0

SW-1(config-if) no lldp transmit

SW-1(config-if) no lldp recieve

SW-1(config-if) cdp enable

SW-2(config)#int e0/0

SW-2(config-if) no lldp transmit

SW-2(config-if) no lldp recieve

SW-2(config-if) cdp enable

QUESTION NO: 145 CORRECT TEXT

Guidelines

This is a lab item in which tasks will be performed on virtual devices.

"Pass Any Exam. Any Time." - www.actualtests.com 137
 Cisco 200-301 Exam
Refer to the Tasks tab to view the tasks for this lab item.

Refer to the Topology tab to access the device console(s) and perform the tasks.

Console access is available for all required devices by clicking the device icon or using the
tab(s) above the console window.

All necessary preconfigurations have been applied.

Do not change the enable password or hostname for any device.

Save your configurations to NVRAM before moving to the next item.

Click Next at the bottom of the screen to submit this lab and move to the next question.

When Next is clicked, the lab closes and cannot be reopened.

Topology

"Pass Any Exam. Any Time." - www.actualtests.com 138

 Cisco 200-301 Exam

Tasks

R1 has been pre-configured with all the necessary commands. All physical cabling is in place and
verified. Connectivity for PC1 and PC2 must be established to the switches, and each port must
only allow one VLAN.

1. Configure SW-1 with VLAN 35 and label it exactly as SALES

"Pass Any Exam. Any Time." - www.actualtests.com 139

 Cisco 200-301 Exam
2. Configure SW-2 with VLAN 39 and label it exactly as MARKETING

3. Configure the switch port connecting to PC1

4. Configure the switch port connecting to PC2

5. Configure SW-1 and SW-2 for universal neighbor discovery using the industry standard protocol
and disable it on the interface connecting to PC1

Answer:
See explanation below.

Explanation:

Task 1. Configure SW-1 with VLAN 15 and label it exactly as OPS

SW-1(config)#vlan 35

SW-1(config-vlan)#name SALES

SW-1(config-vlan)#exit //To apply the VLAN configured

Task 2. Configure SW-2 with VLAN 66 and label it exactly as ENGINEERING

SW-2(config)#vlan 39

SW-2(config-vlan)#name MARKETING

SW-2(config-vlan)#exit //To apply the VLAN configured

Task 3. Configure the switch port connecting to PC1

SW-1(config)#int e0/2

SW-1(config-if)#switchport mode access

SW-1(config-if)#switchport access vlan 35

SW-1(config-if)#no shut

Task 4. Configure the switch port connecting to PC2

SW-2(config)#int e0/2

SW-2(config-if)#switchport mode access

"Pass Any Exam. Any Time." - www.actualtests.com 140

 Cisco 200-301 Exam
SW-2(config-if)#switchport access vlan 39

SW-2(config-if)#no shut

Task 5. Configure SW-1 and SW-2 for universal neighbor discovery using the industry standard
protocol and disable it on the interface connecting to PC1

“neighbor discovery using the vendor-neutral standard protocol? means LLDP while “Cisco
proprietary protocol? means CDP.

On both SW-1 and SW-2

SW-1(config)#lldp run

SW-2(config)#lldp run

On SW-1

SW-1(config)#int e0/2

SW-1(config-if) no lldp transmit

SW-1(config-if) no lldp recieve

QUESTION NO: 146 CORRECT TEXT

Guidelines

This is a lab item in which tasks will be performed on virtual devices.

Refer to the Tasks tab to view the tasks for this lab item.

Refer to the Topology tab to access the device console(s) and perform the tasks.

Console access is available for all required devices by clicking the device icon or using the
tab(s) above the console window.

All necessary preconfigurations have been applied.

Do not change the enable password or hostname for any device.

Save your configurations to NVRAM before moving to the next item.

"Pass Any Exam. Any Time." - www.actualtests.com 141
 Cisco 200-301 Exam
Click Next at the bottom of the screen to submit this lab and move to the next question.

When Next is clicked, the lab closes and cannot be reopened.

Topology

Tasks

VLANS 35 and 45 have been configured in all three switches. All physical connectivity has been
installed and verified. All inter-switch links must be operational.

1. Configure SW-1 and SW-2 switch ports e0/0 and e0/1 for 802.1q trunking allowing all VLANS

"Pass Any Exam. Any Time." - www.actualtests.com 142

 Cisco 200-301 Exam
2. Configure the inter-switch links on SW-1 e0/2, SW-2 e0/2, and SW-3 e0/0 and e0/1 to use
native VLAN 35

3. Configure SW-1 and SW-2 switch ports e0/0 and e0/1 for link aggregation SW-1 should
immediately negotiate LACP and SW-2 must only respond to LACP requests

Answer:
See explanation below.

Explanation:

SW-1

Interface e0/0

Channel-group 12 mode active

Interface e0/1

Channel-group 12 mode active

Interface port-channel 12

Switchport trunk encapsulation dot1q

Switchport mode trunk

Switchport trunk native vlan 35

Interface e0/2

Switchport trunk native vlan 35

SW-2

Interface e0/0

Channel-group 12 mode passive

Interface e0/1

Channel-group 12 mode passive

Interface port-channel 12

Switchport trunk encapsulation dot1q

Switchport mode trunk

Switchport trunk native vlan 35

"Pass Any Exam. Any Time." - www.actualtests.com 143

 Cisco 200-301 Exam
Interface e0/2

Switchport trunk native vlan 35

SW-3

Interface e0/0

Switchport trunk native vlan 35

Interface e0/1

Switchport trunk native vlan 35

QUESTION NO: 147 CORRECT TEXT

Guidelines

This is a lab item in which tasks will be performed on virtual devices.

• Refer to the Tasks tab to view the tasks for this lab item.

• Refer to the Topology tab to access the device console(s) and perform the tasks.

• Console access is available for all required devices by clicking the device icon or using the tab(s)
above the console window.

• All necessary preconfigurations have been applied.

• Do not change the enable password or hostname for any device.

• Save your configurations to NVRAM before moving to the next item.

• Click Next at the bottom of the screen to submit this lab and move to the next question.

• When Next is clicked the lab closes and cannot be reopened.

Topology

"Pass Any Exam. Any Time." - www.actualtests.com 144

 Cisco 200-301 Exam

Tasks

All physical cabling is in place and verified. Connectivity between all four switches must be

"Pass Any Exam. Any Time." - www.actualtests.com 145

 Cisco 200-301 Exam
established and operational. All ports are pre-configured as 802.1q trunks.

1. Configure both SW-1 and SW-2 ports e0/1 and e0/2 to permit only the allowed VLANs

2. Configure both SW-3 and SW-4 ports e0/2 to permit only the allowed VLANs

3. Configure both SW-1 and SW-2 e0/1 ports to send and receive untagged traffic over VLAN 99

4. Configure both SW-3 and SW-4 ports e0/0 and e0/1 for link aggregation using the industry
standard protocol. All ports must immediately negotiate the link aggregation

5. Permit only the allowed VLANs on the new link

Answer:
See explanation below.

Explanation:

SW-1:

SW-1>en

SW-1# Config t

SW-1(config)# int e0/1

SW-1(config-if) # switchport trunk allowed vlan 56,77,99

SW-1(config)# int e0/2

SW-1(config-if) # switchport trunk allowed vlan 56,77,99

SW-1(config-if) #exit

SW-1(config)# int e0/1

SW-1(config-if) # switchport trunk native vlan 99

SW-1(config-if) # end

SW-1# wr

SW-2:

SW-2>en

SW-2# Config t

SW-2(config)# int e0/1

"Pass Any Exam. Any Time." - www.actualtests.com 146

 Cisco 200-301 Exam
SW-2(config-if) # switchport trunk allowed vlan 56,77,99

SW-2(config)# int e0/2

SW-2(config-if) # switchport trunk allowed vlan 56,77,99

SW-2(config-if) #exit

SW-2(config)# int e0/1

SW-2(config-if) # switchport trunk native vlan 99

SW-2(config-if) # end

SW-2# wr

SW-3:

SW-3>en

SW-3# Config t

SW-3(config)# int range e0-1

SW-3(config-if) # channel-group 34 mode active

SW-3(config-if) #exit

SW-4(config)# int po34

SW-4(config-if) # switchport trunk allowed vlan 56,77,99

SW-4(config)# int e0/2

SW-4(config-if) # switchport trunk allowed vlan 56,77,99

SW-3(config-if) # end

SW-3# wr

SW-4:

SW-4>en

SW-4# Config t

SW-4(config)# int range e0-1

SW-4(config-if) # channel-group 34 mode active

SW-4(config-if) #exit

SW-4(config)# int po34

"Pass Any Exam. Any Time." - www.actualtests.com 147
 Cisco 200-301 Exam
SW-4(config-if) # switchport trunk allowed vlan 56,77,99

SW-4(config)# int e0/2

SW-4(config-if) # switchport trunk allowed vlan 56,77,99

SW-4(config-if) # end

SW-4# wr

QUESTION NO: 148

What causes a port to be placed in the err-disabled state?

A.
shutdown command issued on the port

B.
port security violation

C.
nothing plugged into the port

D.
latency

Answer: B

QUESTION NO: 149

Which Rapid PVST+ feature should be configured on a switch port to immediately send traffic to a
connected server as soon as it is active?

A.
portfast

B.
uplinkfast

C.
BPDU guard

"Pass Any Exam. Any Time." - www.actualtests.com 148

 Cisco 200-301 Exam
D.
loop guard

Answer: A

QUESTION NO: 150

Refer to the exhibit. PC1 tries to ping PC3 for the first time and sends out an ARP to S1. Which
action is taken by S1?

A.
It is flooded out every port except G0/0.

B.
It drops the frame.

C.
It forwards it out G0/3 only.

D.
It forwards it out interface G0/2 only.

Answer: A

"Pass Any Exam. Any Time." - www.actualtests.com 149

 Cisco 200-301 Exam

QUESTION NO: 151 CORRECT TEXT

Guidelines

This is a lab item in which tasks will be performed on virtual devices.

• Refer to the Tasks tab to view the tasks for this lab item.

• Refer to the Topology tab to access the device console(s) and perform the tasks.

• Console access is available for all required devices by clicking the device icon or using the tab(s)
above the console window.

• All necessary preconfigurations have been applied.

• Do not change the enable password or hostname for any device.

• Save your configurations to NVRAM before moving to the next item.

• Click Next at the bottom of the screen to submit this lab and move to the next question.

• When Next is clicked the lab closes and cannot be reopened.

Topology

Tasks
"Pass Any Exam. Any Time." - www.actualtests.com 150
 Cisco 200-301 Exam
All physical cabling is in place and verified. Connectivity for the Switches on ports E0/1, E0/2, and
E0/3 must be configured and available for voice and data capabilities.

1. Configure Sw1 and Sw2 with both VLANS, naming them according to the VLAN Name provided
in the topology.

2. Configure the E0/1, E0/2, and E0/3 ports on both switches for both VLANS and ensure that
Cisco IP phones and PCs pass traffic.

3. Configure Sw1 and Sw2 to allow neighbor discovery via the vendor-neutral protocol on e0/0.

Answer:
See explanation below.

Explanation:

Task 1. Configure Sw1 and Sw2 with both VLANS, naming them according to the VLAN Name
provided in the topology

SW-1(config)#vlan 77

SW-1(config-vlan)#name User_VLAN

SW-1(config-vlan)#exit

SW-1(config)#vlan 177

SW-1(config-vlan)#name Voice_VLAN

SW-1(config-vlan)#exit

SW-2(config)#vlan 77

SW-2(config-vlan)#name User_VLAN

SW-2(config-vlan)#exit

SW-2(config)#vlan 177

SW-2(config-vlan)#name Voice_VLAN

SW-2(config-vlan)#exit

Task 2. Configure the E0/1, E0/2, and E0/3 ports on both switches for both VLANS and ensure
that Cisco IP phones and PCs pass traffic.

SW-1(config)#interface range E0/1-3

"Pass Any Exam. Any Time." - www.actualtests.com 151

 Cisco 200-301 Exam
SW-1(config-if)#switchport mode access

SW-1(config-if)#switchport access vlan 77

SW-1(config-if)#switchport voice vlan 177

SW-2(config)#interface range E0/1-3

SW-2(config-if)#switchport mode access

SW-2(config-if)#switchport access vlan 77

SW-2(config-if)#switchport voice vlan 177

Task 3. Configure Sw1 and Sw2 to allow neighbor discovery via the vendor-neutral protocol on
e0/0.

SW-1(config)#lldp run

SW-2(config)#lldp run

QUESTION NO: 152 CORRECT TEXT

Guidelines

This is a lab item in which tasks will be performed on virtual devices.

Refer to the Tasks tab to view the tasks for this lab item.

Refer to the Topology tab to access the device console(s) and perform the tasks.

Console access is available for all required devices by clicking the device icon or using the
tab(s) above the console window.

All necessary preconfigurations have been applied.

Do not change the enable password or hostname for any device.

Save your configurations to NVRAM before moving to the next item.

Click Next at the bottom of the screen to submit this lab and move to the next question.

When Next is clicked, the lab closes and cannot be reopened.

"Pass Any Exam. Any Time." - www.actualtests.com 152

 Cisco 200-301 Exam
Topology

Tasks

All physical cabling is in place and verified. Connectivity for the Switches on ports E0/1, E0/2, and
E0/3 must be configured and available for voice and data capabilities.

1. Configure Sw1 and Sw2 with the VLAN naming as indicated.

2. Assign the VLANs to the appropriate interfaces and set a non-trunking, non-tagged, single-
VLAN for each interface according to the topology.

3. Configure both switches to use the L2 vendor-neutral discovery protocol to broadcast device
information, including the native VLAN across the e0/0 interfaces.

Answer:
See explanation below.

Explanation:

Task 1. Configure Sw1 and Sw2 with the VLAN naming as indicated.

SW-1(config)#vlan 77

SW-1(config-vlan)#name IT_User_VLAN
"Pass Any Exam. Any Time." - www.actualtests.com 153
 Cisco 200-301 Exam
SW-1(config-vlan)#exit

SW-1(config)#vlan 88

SW-1(config-vlan)#name HR_User_VLAN

SW-1(config-vlan)#exit

SW-1(config)#vlan 177

SW-1(config-vlan)#name IT+Voice_VLAN

SW-1(config-vlan)#exit

SW-1(config)#vlan 188

SW-1(config-vlan)#name HR_User_VLAN

SW-1(config-vlan)#exit

SW-2(config)#vlan 77

SW-2(config-vlan)#name IT_User_VLAN

SW-2(config-vlan)#exit

SW-2(config)#vlan 88

SW-2(config-vlan)#name HR_User_VLAN

SW-2(config-vlan)#exit

SW-2(config)#vlan 177

SW-2(config-vlan)#name IT+Voice_VLAN

SW-2(config-vlan)#exit

SW-2(config)#vlan 188

SW-2(config-vlan)#name HR_User_VLAN

SW-2(config-vlan)#exit

Task 2. Assign the VLANs to the appropriate interfaces and set a non-trunking, non-tagged,
single-VLAN for each interface according to the topology.

SW-1(config)#interface range E0/1-2

SW-1(config-if)#switchport mode access

"Pass Any Exam. Any Time." - www.actualtests.com 154
 Cisco 200-301 Exam
SW-1(config-if)#switchport access vlan 77

SW-1(config)#interface range E0/3

SW-1(config-if)#switchport mode access

SW-1(config-if)#switchport access vlan 88

SW-1(config)#interface range E0/1

SW-1(config-if)#switchport mode access

SW-1(config-if)#switchport access vlan 177

SW-1(config)#interface range E0/3

SW-1(config-if)#switchport mode access

SW-1(config-if)#switchport access vlan 188

SW-2(config)#interface range E0/3

SW-2(config-if)#switchport mode access

SW-2(config-if)#switchport access vlan 77

SW-2(config)#interface range E0/1

SW-2(config-if)#switchport mode access

SW-2(config-if)#switchport access vlan 88

SW-2(config)#interface range E0/2

SW-2(config-if)#switchport mode access

SW-2(config-if)#switchport access vlan 177

SW-2(config)#interface range E0/1

SW-2(config-if)#switchport mode access

SW-2(config-if)#switchport access vlan178

Task 3. Configure Sw1 and Sw2 to allow neighbor discovery via the vendor-neutral protocol on
e0/0.

"Pass Any Exam. Any Time." - www.actualtests.com 155

 Cisco 200-301 Exam
SW-1(config)#lldp run

SW-2(config)#lldp run

QUESTION NO: 153

Which Rapid PVST+ port state does a port operate in without receiving BPDUs from neighbors or
updating the address database?

A.
listening

B.
forwarding

C.
disabled

D.
blocking

Answer: C
Reference:
https://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus5000/sw/layer2/521_n1_1/b_Nex
us_5000_Layer2_Config_521N1.html

QUESTION NO: 154

"Pass Any Exam. Any Time." - www.actualtests.com 156

 Cisco 200-301 Exam

Refer to the exhibit. Which switch in this configuration will be elected as the root bridge?

SW1: 0:0?:05:22:05:97

SW2: 0C:0A:A8:1A:3C:9D

SW3: 0:0?:18:81::19

SW4: 0:4?:82:56:35:78

A.
SW1

B.
SW2

"Pass Any Exam. Any Time." - www.actualtests.com 157

 Cisco 200-301 Exam
C.
SW3

D.
SW4

Answer: A

QUESTION NO: 155

Refer to the exhibit. Which switch in this configuration will be elected as the root bridge?

"Pass Any Exam. Any Time." - www.actualtests.com 158

 Cisco 200-301 Exam
SW1 0:E4:85:71:03:80

SW2 0:0E:1A:22:05:97

SW3 0C:E0:A1:1A:3C:9D

SW4 0:00:18:A1:B3:19

A.
SW1

B.
SW2

C.
SW3

D.
SW4

Answer: C

QUESTION NO: 156

"Pass Any Exam. Any Time." - www.actualtests.com 159

 Cisco 200-301 Exam

Refer to the exhibit. Which switch in this configuration will be elected as the root bridge?

SW1 0:B4:86:22:42:37

SW2 0:0B:15:22:05:97

SW3 0C:0B:15:1A:3C:9D

SW4 0:B0:18:A1:B3:19

A.
SW1

"Pass Any Exam. Any Time." - www.actualtests.com 160

 Cisco 200-301 Exam
B.
SW2

C.
SW3

D.
SW4

Answer: C

QUESTION NO: 157

What is the default interface for in-band wireless network management on a WLC?

A.
out-of-band

B.
redundant port

C.
service port

D.
wireless management

Answer: D

QUESTION NO: 158 DRAG DROP

Drag and drop the common functions from the left onto the corresponding network topology
architecture layer on the right. Not all common functions are used.

"Pass Any Exam. Any Time." - www.actualtests.com 161

 Cisco 200-301 Exam

Answer:

Explanation:

"Pass Any Exam. Any Time." - www.actualtests.com 162

 Cisco 200-301 Exam

QUESTION NO: 159

"Pass Any Exam. Any Time." - www.actualtests.com 163

 Cisco 200-301 Exam

Refer to the exhibit. Which switch in this configuration will be elected as the root bridge?

SW1:0c:d4:86:82:87:37

SW2: 0c:d0:14:2c:05:97

SW3: 0c:0d:a2:1a:3c:9d

SW4: 0c:0d:12:a1:b3:19

A.

"Pass Any Exam. Any Time." - www.actualtests.com 164

 Cisco 200-301 Exam
SW1

B.
SW2

C.
SW3

D.
SW4

Answer: C

QUESTION NO: 160

A network architect planning a new Wi-Fi network must decide between autonomous, cloud-
based, and split MAC architectures. Which two facts should the architect consider? (Choose two.)

A.
Cloud-based architectures uniquely use the CAPWAP protocol to communicate between access
points and clients.

B.
Autonomous architectures exclusively use tunneling protocols to manage access points remotely.

C.
All three architectures use access points to manage the wireless devices connected to the wired
infrastructure.

D.
Lightweight access points are solely used by split MAC architectures.

E.
Each of the three architectures must use WLCs to manage their access points.

Answer: C,D
Explanation:

All three architectures use access points to manage the wireless devices connected to the
wired infrastructure:

Regardless of the architecture (autonomous, cloud-based, or split MAC), access points (APs) are
responsible for connecting wireless devices to the network and managing the wireless-to-wired
infrastructure integration.

Lightweight access points are solely used by split MAC architectures:

"Pass Any Exam. Any Time." - www.actualtests.com 165

 Cisco 200-301 Exam
In split MAC architectures, lightweight access points rely on a central controller, such as a
Wireless LAN Controller (WLC), to handle control functions while the APs manage real-time data
forwarding. This architecture splits the MAC layer functions between the AP and the WLC.

QUESTION NO: 161

Refer to the exhibit. Which switch in this configuration will be elected as the root bridge?

"Pass Any Exam. Any Time." - www.actualtests.com 166

 Cisco 200-301 Exam
SW1: 0:4:87:19:37:17

SW2: 0:0:15:22:05:97

SW3: 0:0:15:1?::9D

SW4: 0:0:18:?1::19

A.
SW2

B.
SW3

C.
SW4

Answer: C
Explanation:

In a Spanning Tree Protocol (STP) network, the election of the root bridge is based on the Bridge
ID, which consists of two components:

1. Priority (lower is better).

2. MAC address (lower is better if priorities are the same).

Breakdown of the exhibit:

SW1 Priority: 8192

SW2 Priority: 4096

SW3 Priority: 4096

SW4 Priority: 12288

The election process works as follows:

First, STP compares the priority values of all switches. The switch with the lowest priority value
becomes the root bridge.

If two switches have the same priority, the switch with the lowest MAC address wins the election.

Step-by-Step Process:

SW2 and SW3 have the same priority (4096), which is the lowest among the four switches.

"Pass Any Exam. Any Time." - www.actualtests.com 167

 Cisco 200-301 Exam
Since the priorities are the same, the next step is to compare the MAC addresses.

Given MAC addresses:

SW2: 0C:0E:15:22:05:97

SW3: 0C:0E:15:1A:3C:9D

SW3 has a lower MAC address compared to SW2 because the third byte (1A in SW3) is lower
than the corresponding byte (22 in SW2).

Conclusion:

SW3 will be elected as the root bridge because it has the lowest priority and lowest MAC address
among the switches with the same priority.

QUESTION NO: 162 CORRECT TEXT

Guidelines

This is a lab item in which tasks will be performed on virtual devices.

Refer to the Tasks tab to view the tasks for this lab item.

Refer to the Topology tab to access the device console(s) and perform the tasks.

Console access is available for all required devices by clicking the device icon or using the
tab(s) above the console window.

All necessary pre-configurations have been applied.

Do not remove any existing configurations from the devices, only those necessary to make the
appropriate changes required to fulfill the listed tasks.

Do not change the enable password or hostname for any device.

Save your configurations to NVRAM before moving to the next item.

Click Next at the bottom of the screen to submit this lab and move to the next question.

When Next is clicked, the lab closes and cannot be reopened.

Topology

"Pass Any Exam. Any Time." - www.actualtests.com 168

 Cisco 200-301 Exam

Tasks

Task 1

Configure the trunks between Sw1 and Sw2 on ports E0/0 and E0/1 using the IEEE standard
frame tagging method.

Only the VLANs for the PCs should be permitted across the trunks.

Routers are simulated as PCs and are preconfigured with IP Addresses.

PC configurations must remain unchanged.

Task 2

"Pass Any Exam. Any Time." - www.actualtests.com 169

 Cisco 200-301 Exam
On Sw1 and Sw2, use IEEE 802.3ad link aggregation.

Assign number 10 to the link.

Combine E0/0 and E0/1 into a single logical link.

Both links must negotiate aggregation.

Answer:
See explanation below.

Explanation:

Task 1: Configure the trunks between Sw1 and Sw2 using IEEE standard frame tagging
(802.1Q)

Configuration for Sw1:

Switch1(config)# interface range Ethernet0/0 - 1

Switch1(config-if-range)# switchport mode trunk

Switch1(config-if-range)# switchport trunk allowed vlan 10,30

Switch1(config-if-range)# switchport trunk encapsulation dot1q

Configuration for Sw2:

Switch2(config)# interface range Ethernet0/0 - 1

Switch2(config-if-range)# switchport mode trunk

Switch2(config-if-range)# switchport trunk allowed vlan 10,30

Switch2(config-if-range)# switchport trunk encapsulation dot1q

Switchport mode trunk: Configures the interfaces as trunks.

Switchport trunk allowed vlan 10,30: Only VLANs 10 and 30 are allowed to pass over the trunk
link.

Switchport trunk encapsulation dot1q: This uses IEEE 802.1Q for VLAN tagging, which is the
standard for VLAN tagging.

Task 2: Configure IEEE 802.3ad Link Aggregation (LACP) on Sw1 and Sw2

Configuration for Sw1:

"Pass Any Exam. Any Time." - www.actualtests.com 170
 Cisco 200-301 Exam
Switch1(config)# interface range Ethernet0/0 - 1

Switch1(config-if-range)# channel-group 10 mode active

Switch1(config-if-range)# exit

Switch1(config)# interface port-channel 10

Switch1(config-if)# switchport mode trunk

Switch1(config-if)# switchport trunk allowed vlan 10,30

Switch1(config-if)# switchport trunk encapsulation dot1q

Configuration for Sw2:

Switch2(config)# interface range Ethernet0/0 - 1

Switch2(config-if-range)# channel-group 10 mode active

Switch2(config-if-range)# exit

Switch2(config)# interface port-channel 10

Switch2(config-if)# switchport mode trunk

Switch2(config-if)# switchport trunk allowed vlan 10,30

Switch2(config-if)# switchport trunk encapsulation dot1q

Channel-group 10 mode active: Configures interfaces for LACP (IEEE 802.3ad) in active mode,
allowing both links to negotiate aggregation.

Interface port-channel 10: This creates a logical interface to combine both physical links
(Ethernet0/0 and Ethernet0/1) into a single logical link.

Switchport mode trunk: Ensures the port channel (logical interface) functions as a trunk.

Switchport trunk allowed vlan 10,30: Allows only VLANs 10 and 30 to pass through the trunk.

Switchport trunk encapsulation dot1q: Specifies IEEE 802.1Q as the tagging method.

Both trunks and link aggregation (LACP) are configured on the same ports.

LACP allows both switches to negotiate link aggregation dynamically.

The VLANs for the PCs are explicitly allowed over the trunk links.

"Pass Any Exam. Any Time." - www.actualtests.com 171

 Cisco 200-301 Exam
QUESTION NO: 163

What does the term "split MAC" refer to in a wireless architecture?

A.
leverages two APs to handle control and data traffic

B.
uses different MAC addresses for 2.4 GHz and 5 GHz bands on the same AP

C.
divides data link layer functions between the AP and WLC

D.
combines the management and control functions from the data-forwarding functions

Answer: C
Explanation:

In a split MAC architecture, the functions of the MAC layer (Media Access Control layer, part of
the data link layer) are divided between the Access Point (AP) and the Wireless LAN Controller
(WLC).

The AP handles real-time functions like beaconing, responding to probe requests, and packet
encryption.

The WLC manages higher-level control functions like authentication, association, and mobility
management.

This division allows for more efficient management of wireless networks, where the WLC can
centralize control and the AP focuses on fast, real-time operations.

QUESTION NO: 164

Which AP mode serves as the primary hub in a point-to-multipoint network topology?

A.
Flex Connect

B.
bridge

C.

"Pass Any Exam. Any Time." - www.actualtests.com 172

 Cisco 200-301 Exam
SE-Connect

D.
local

Answer: B
Explanation:

In bridge mode, an Access Point (AP) acts as a hub or central node in a wireless bridge topology.
In a point-to-multipoint setup, one AP serves as the central bridge (the primary hub) connecting
multiple remote locations (client bridges). This mode is often used in scenarios where a wireless
connection is needed between different buildings or distant locations without requiring a wired
connection.

QUESTION NO: 165

"Pass Any Exam. Any Time." - www.actualtests.com 173

 Cisco 200-301 Exam
Refer to the exhibit. The My_WLAN wireless LAN was configured with WPA2 Layer 2 PSK
security. Which additional configuration must the administrator perform to allow users to connect
to this WLAN on a different subnet called Data?

A.
Enable Status and set the NAS-ID to data

B.
Enable Status and enable Broadcast SSID

C.
Enable Status and select data from the Interface/Interface Group drop-down list

D.
Enable Broadcast SSID and select data from the Interface/Interface Group drop-down list

Answer: C
Explanation:

Enable Status: This option must be checked to activate the WLAN.

Interface/Interface Group drop-down list: The drop-down currently shows the "guest" interface.
To connect users to the "Data" subnet, you need to change this to "data" from the drop-down
menu, ensuring that the traffic is routed through the correct interface/subnet.

Broadcast SSID: This setting controls whether the SSID is advertised or hidden. While this is
useful for users to see the network, it is not related to subnet routing.

QUESTION NO: 166 CORRECT TEXT

Guidelines

This is a lab item in which tasks will be performed on virtual devices.

Refer to the Tasks tab to view the tasks for this lab item.

Refer to the Topology tab to access the device console(s) and perform the tasks.

Console access is available for all required devices by clicking the device icon or using the
tab(s) above the console window.

All necessary preconfigurations have been applied.

Do not change the enable password or hostname for any device.

"Pass Any Exam. Any Time." - www.actualtests.com 174
 Cisco 200-301 Exam
Save your configurations to NVRAM before moving to the next item.

Click Next at the bottom of the screen to submit this lab and move to the next question.

When Next is clicked, the lab closes and cannot be reopened.

Topology

Tasks

All physical cabling is in place and verified. Connectivity for the Switches on ports E0/1, E0/2, and
E0/3 must be configured and available for voice and data capabilities.

1. Configure Sw1 and Sw2 with both VLANS naming them according to the topology.

2. Configure the E0/1, E0/2, and E0/3 ports on both switches for both VLANS and ensure that
Cisco IP phones and PCs pass traffic.

3. Configure Sw1 and Sw2 to allow neighbor discovery via the vendor-neutral protocol on e0/0.

Answer:
See explanation below.

Explanation:

Task 1: Configure VLANs on Sw1 and Sw2

Configuration on Sw1:

Sw1(config)# vlan 201

"Pass Any Exam. Any Time." - www.actualtests.com 175
 Cisco 200-301 Exam
Sw1(config-vlan)# name Sales

Sw1(config-vlan)# exit

Sw1(config)# vlan 202

Sw1(config-vlan)# name Sales_Voice

Sw1(config-vlan)# exit

Configuration on Sw2:

Sw2(config)# vlan 201

Sw2(config-vlan)# name Sales

Sw2(config-vlan)# exit

Sw2(config)# vlan 202

Sw2(config-vlan)# name Sales_Voice

Sw2(config-vlan)# exit

Task 2: Configure Ports E0/1, E0/2, and E0/3 for Both VLANs

Configuration for Sw1 Ports:

# For ports E0/1, E0/2, and E0/3 on Sw1

Sw1(config)# interface range Ethernet0/1 - 3

Sw1(config-if-range)# switchport mode access

Sw1(config-if-range)# switchport access vlan 201

Sw1(config-if-range)# switchport voice vlan 202

Sw1(config-if-range)# exit

Configuration for Sw2 Ports:

# For ports E0/1, E0/2, and E0/3 on Sw2

Sw2(config)# interface range Ethernet0/1 - 3

Sw2(config-if-range)# switchport mode access

Sw2(config-if-range)# switchport access vlan 201

Sw2(config-if-range)# switchport voice vlan 202

"Pass Any Exam. Any Time." - www.actualtests.com 176

 Cisco 200-301 Exam
Sw2(config-if-range)# exit

Task 3: Enable Neighbor Discovery via a Vendor-Neutral Protocol on E0/0

The Link Layer Discovery Protocol (LLDP) is a vendor-neutral protocol that allows devices to
discover each other.

Configuration for Sw1 and Sw2 E0/0 Ports:

On Sw1:

Sw1(config)# interface Ethernet0/0

Sw1(config-if)# lldp transmit

Sw1(config-if)# lldp receive

Sw1(config-if)# exit

On Sw2:

Sw2(config)# interface Ethernet0/0

Sw2(config-if)# lldp transmit

Sw2(config-if)# lldp receive

Sw2(config-if)# exit

Summary of Steps:

VLAN Creation: Both switches have VLAN 201 (Sales) and VLAN 202 (Sales_Voice).

Interface Configuration: E0/1, E0/2, and E0/3 are configured as access ports for VLAN 201 and
also allow traffic for the voice VLAN 202.

Neighbor Discovery: LLDP is enabled on the E0/0 ports for both switches to allow for vendor-
neutral discovery.

QUESTION NO: 167

"Pass Any Exam. Any Time." - www.actualtests.com 177

 Cisco 200-301 Exam

Refer to the exhibit. An administrator must turn off the Cisco Discovery Protocol on the port
configured with address last usable address in the 10.0.0.252/30 subnet. Which command set
meets the requirement?

A.
interface gi0/1

no cdp enable

B.
interface gi0/0

no cdp run

C.
interface gi0/0

no cdp advertise-v2

D.
interface gi0/1

"Pass Any Exam. Any Time." - www.actualtests.com 178

 Cisco 200-301 Exam
clear cdp table

Answer: A
Explanation:

To determine the correct command, let's first identify which interface is using the last usable
address in the subnet 10.0.0.252/30.

Subnet Calculation:

10.0.0.252/30 provides a subnet range from 10.0.0.252 to 10.0.0.255.

The first usable IP address is 10.0.0.253, and the last usable IP address is 10.0.0.254.

In the exhibit:

R1 is assigned 10.0.0.253 on interface Gi0/0.

ISP is assigned 10.0.0.254 on interface Gi0/1.

Since the last usable address in the subnet is 10.0.0.254, the correct interface to turn off Cisco
Discovery Protocol (CDP) is Gi0/1.

no cdp enable: This command turns off CDP on a specific interface (in this case, Gi0/1) where
the last usable address is configured.

gi0/1: Refers to the interface where 10.0.0.254 is configured, which is the last usable address in
this subnet.

QUESTION NO: 168

"Pass Any Exam. Any Time." - www.actualtests.com 179

 Cisco 200-301 Exam

Refer to the exhibit. Which switch in this configuration will be elected as the root bridge?

SW1: 0:0:15:22:05:97

SW2: 0:4:85:94:66:46

SW3: 0C:0E:18:1A:3C:9D

SW4: 0C:E0:15:?1::19

A.
SW2

"Pass Any Exam. Any Time." - www.actualtests.com 180

 Cisco 200-301 Exam
B.
SW3

C.
SW4

Answer: A

QUESTION NO: 169

Which AP mode is used in a wireless mesh deployment?

A.
Local

B.
Monitor

C.
FlexConnect

D.
Bridge

Answer: D
Explanation:

In a wireless mesh deployment, Bridge mode is commonly used for Access Points (APs) that
connect wirelessly to form a mesh network. In this mode, APs can communicate with each other to
extend the network without requiring a wired backhaul. This allows for flexible placement of APs in
areas where wiring is impractical, enabling a larger coverage area by allowing the APs to relay
signals to each other.

QUESTION NO: 170

Which AP feature provides a captive portal for users to authenticate, register, and accept terms
before accessing the internet?

A.
One-Click

"Pass Any Exam. Any Time." - www.actualtests.com 181

 Cisco 200-301 Exam
B.
Hotspot

C.
Enhanced Bluetooth

D.
Whole Home

Answer: B
Explanation:

The Hotspot feature provides a captive portal that prompts users to authenticate, register, or
accept terms and conditions before accessing the internet. This is commonly seen in public Wi-Fi
networks, such as those in cafes, hotels, and airports, where users must interact with a portal
page. Captive portals are often used for guest access, allowing network administrators to control
and monitor internet access while providing a seamless onboarding experience for users.

QUESTION NO: 171 CORRECT TEXT

Guidelines

This is a lab item in which tasks will be performed on virtual devices.

Refer to the Tasks tab to view the tasks for this lab item.

Refer to the Topology tab to access the device console(s) and perform the tasks.

Console access is available for all required devices by clicking the device icon or using the
tab(s) above the console window.

All necessary pre-configurations have been applied.

Do not remove any existing configurations from the devices, only those necessary to make the
appropriate changes required to fulfill the listed tasks.

Do not change the enable password or hostname for any device.

Save your configurations to NVRAM before moving to the next item.

Click Next at the bottom of the screen to submit this lab and move to the next question.

When Next is clicked, the lab closes and cannot be reopened.

"Pass Any Exam. Any Time." - www.actualtests.com 182

 Cisco 200-301 Exam
Topology

Tasks

All physical cabling is in place and verified. Connectivity for the Switches on ports E0/1, E0/2, and
E0/3 must be configured and available for voice and data capabilities.

1. Configure Sw1 and Sw2 with the VLAN naming as indicated.

2. Assign the VLANs to the appropriate interfaces and set a non-trunking, non-tagged, single-
VLAN for each interface according to the topology.

3. Configure interfaces E0/1, E0/2, and E0/3 so the interfaces do not pass the configured neighbor
discovery protocol.

Answer:
See explanation below.

Explanation:

Step 1: Configure VLANs on Sw1 and Sw2 with Names

1. Connect to Sw1 and Sw2 consoles to configure the VLANs with their names as specified in the

"Pass Any Exam. Any Time." - www.actualtests.com 183

 Cisco 200-301 Exam
table.

Commands for Sw1:

Sw1(config)# vlan 100

Sw1(config-vlan)# name IT_Data

Sw1(config-vlan)# exit

Sw1(config)# vlan 101

Sw1(config-vlan)# name HR_Data

Sw1(config-vlan)# exit

Sw1(config)# vlan 200

Sw1(config-vlan)# name IT_Voice

Sw1(config-vlan)# exit

Sw1(config)# vlan 201

Sw1(config-vlan)# name HR_Voice

Sw1(config-vlan)# exit

Commands for Sw2:

Sw2(config)# vlan 100

Sw2(config-vlan)# name IT_Data

Sw2(config-vlan)# exit

Sw2(config)# vlan 101

Sw2(config-vlan)# name HR_Data

Sw2(config-vlan)# exit

Sw2(config)# vlan 200

Sw2(config-vlan)# name IT_Voice

Sw2(config-vlan)# exit
"Pass Any Exam. Any Time." - www.actualtests.com 184
 Cisco 200-301 Exam
Sw2(config)# vlan 201

Sw2(config-vlan)# name HR_Voice

Sw2(config-vlan)# exit

Step 2: Assign VLANs to Interfaces

Each interface on Sw1 and Sw2 should be configured as access mode (non-trunking, non-tagged)
and assigned to the appropriate VLAN.

Commands for Sw1:

Sw1(config)# interface e0/1

Sw1(config-if)# switchport mode access

Sw1(config-if)# switchport access vlan 100

Sw1(config-if)# exit

Sw1(config)# interface e0/2

Sw1(config-if)# switchport mode access

Sw1(config-if)# switchport access vlan 200

Sw1(config-if)# exit

Sw1(config)# interface e0/3

Sw1(config-if)# switchport mode access

Sw1(config-if)# switchport access vlan 101

Sw1(config-if)# exit

Commands for Sw2:

Sw2(config)# interface e0/1

Sw2(config-if)# switchport mode access

Sw2(config-if)# switchport access vlan 200

Sw2(config-if)# exit

"Pass Any Exam. Any Time." - www.actualtests.com 185

 Cisco 200-301 Exam
Sw2(config)# interface e0/2

Sw2(config-if)# switchport mode access

Sw2(config-if)# switchport access vlan 201

Sw2(config-if)# exit

Sw2(config)# interface e0/3

Sw2(config-if)# switchport mode access

Sw2(config-if)# switchport access vlan 100

Sw2(config-if)# exit

Step 3: Configure Interfaces to Disable Neighbor Discovery Protocol

To ensure that CDP (Cisco Discovery Protocol) or LLDP (Link Layer Discovery Protocol) does not
advertise on the configured interfaces:

Commands for Sw1:

Sw1(config)# interface e0/1

Sw1(config-if)# no cdp enable

Sw1(config-if)# exit

Sw1(config)# interface e0/2

Sw1(config-if)# no cdp enable

Sw1(config-if)# exit

Sw1(config)# interface e0/3

Sw1(config-if)# no cdp enable

Sw1(config-if)# exit

Commands for Sw2:

Sw2(config)# interface e0/1

Sw2(config-if)# no cdp enable

"Pass Any Exam. Any Time." - www.actualtests.com 186

 Cisco 200-301 Exam
Sw2(config-if)# exit

Sw2(config)# interface e0/2

Sw2(config-if)# no cdp enable

Sw2(config-if)# exit

Sw2(config)# interface e0/3

Sw2(config-if)# no cdp enable

Sw2(config-if)# exit

This completes the configuration, with each interface assigned to a single VLAN in access mode
and CDP disabled on the necessary interfaces.

Topic 3, IP Connectivity

QUESTION NO: 172

"Pass Any Exam. Any Time." - www.actualtests.com 187

 Cisco 200-301 Exam

Refer to the exhibit. Which path is used by the router for Internet traffic?

A.
209.165.200.0/27

B.
0.0.0.0/0

C.
10.10.13.0/24

D.
10.10.10.0/28

Answer: B
Explanation:

A default route is the route that takes effect when no other route is available for an IP destination
address.

"Pass Any Exam. Any Time." - www.actualtests.com 188

 Cisco 200-301 Exam
QUESTION NO: 173

When OSPF learns multiple paths to a network, how does it select a route?

A.
For each existing interface, it adds the metric from the source router to the destination to calculate
the route with the lowest bandwidth.

B.
It counts the number of hops between the source router and the destination to determine the route
with the lowest metric.

C.
It divides a reference bandwidth of 100 Mbps by the actual bandwidth of the exiting interface to
calculate the route with the lowest cost.

D.
It multiplies the active K values by 256 to calculate the route with the lowest metric.

Answer: C
Explanation:

Open Shortest Path First (OSPF) uses "Cost" as the value of metric and uses a Reference
Bandwidth of 100 Mbps for cost calculation.

The formula to calculate the cost is Reference Bandwidth divided by interface bandwidth. For
example, in the case of 10 Mbps Ethernet, OSPF Metric Cost value is 100 Mbps / 10 Mbps = 10.

The default Reference Bandwidth of OSPF is 100 Mbps and the default OSPF cost formula
doesn’t differentiate between interfaces with bandwidth faster than 100 Mbps. These days, 1 Gbps
and 10 Gbps links are also common.

The according to the default OSPF metric Cost value calculation, the default OSPF Cost for Fast
Ethernet interface (100 Mbps) and a Gigabit Ethernet interface (1 Gbps) are same.

If you want to change the default behavior, the cost formula can be adjusted using the "auto-cost"
command under the OSPF routing process. If you are changing the default OSPF Reference
Bandwidth, make sure that you have changed the OSPF Reference Bandwidth in all your OSPF
Routers.

QUESTION NO: 174

"Pass Any Exam. Any Time." - www.actualtests.com 189

 Cisco 200-301 Exam

Refer to the exhibit. The show ip ospf interface command has been executed on R1. How is
OSPF configured?

A.
A point-to-point network type is configured.

B.
The interface is not participating in OSPF.

C.
The default Hello and Dead timers are in use.

D.
There are six OSPF neighbors on this interface.

Answer: C
Explanation:

From the output we can see there are Designated Router & Backup Designated Router for this
OSPF domain so this is a broadcast network (point-to-point and point-to-multipoint networks do
not elect DR & BDR).

"Pass Any Exam. Any Time." - www.actualtests.com 190

 Cisco 200-301 Exam
By default, the timers on a broadcast network (Ethernet, point-to-point and point-to-multipoint) are
10 seconds hello and 40 seconds dead. The timers on a non-broadcast network are 30 seconds
hello 120 seconds dead.

From the line “Neighbor Count is 3?, we learn there are four OSPF routers in this OSPF domain.

Reference: https://www.cisco.com/c/en/us/support/docs/ip/open-shortest-path-first-ospf/13689-
17.html

QUESTION NO: 175

A user configured OSPF and advertised the Gigabit Ethernet interface in OSPF. By default, to
which type of OSPF network does this interface belong?

A.
point-to-multipoint

B.
point-to-point

C.
broadcast

D.
nonbroadcast

Answer: C
Explanation:

The Broadcast network type is the default for an OSPF enabled ethernet interface (while Point-to-
Point is the default OSPF network type for Serial interface with HDLC and PPP encapsulation).

Reference: https://www.oreilly.com/library/view/cisco-ios-cookbook/0596527225/ch08s15.html

QUESTION NO: 176

Which two outcomes are predictable behaviors for HSRP? (Choose two.)
"Pass Any Exam. Any Time." - www.actualtests.com 191
 Cisco 200-301 Exam
A.
The two routers negotiate one router as the active router and the other as the standby router.

B.
The two routers share the same interface IP address, and default gateway traffic is load-balanced
between them.

C.
The two routers synchronize configurations to provide consistent packet forwarding.

D.
Each router has a different IP address, both routers act as the default gateway on the LAN, and
traffic is load-balanced between them.

E.
The two routers share a virtual IP address that is used as the default gateway for devices on the
LAN.

Answer: A,E
Explanation:

Hot Standby Router Protocol (HSRP) A Cisco proprietary protocol that allows two (or more)
routers to share the duties of being the default router on a subnet, with an active/standby model,
with one router acting as the default router and the other sitting by waiting to take over that role if
the first router fails.

QUESTION NO: 177

How does HSRP provide first hop redundancy?

A.
It load-balances Layer 2 traffic along the path by flooding traffic out all interfaces configured with
the same VLAN.

B.
It uses a shared virtual MAC and a virtual IP address to a group of routers that serve as the default
gateway for hosts on a LAN.

C.
It forwards multiple packets to the same destination over different routed links in the data path.

D.
It load-balances traffic by assigning the same metric value to more than one route to the same
destination in the IP routing table.

"Pass Any Exam. Any Time." - www.actualtests.com 192

 Cisco 200-301 Exam
Answer: B
Reference: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipapp_fhrp/configuration/xe-16/fhp-
xe-16-book/fhp-hsrp-mgo.html

QUESTION NO: 178

Refer to the exhibit. Which action establishes the OSPF neighbor relationship without forming an
adjacency?

A.
modify hello interval

B.
modify process ID

C.
modify priority

D.
modify network type

"Pass Any Exam. Any Time." - www.actualtests.com 193

 Cisco 200-301 Exam
Answer: A
Explanation:

For OSPF to establish a neighbor relationship, the OSPF hello timers must match. Here we see
R1 using 10 seconds as the timer and R2 using 20 seconds.

QUESTION NO: 179

Refer to the exhibit. Which two statements about the network environment of router R1 must be
true? (Choose two.)

Refer to the exhibit. Router R1 must be configured to reach the 10.0.3.0/24 network from the
10.0.1.0/24 segment. Which command must be used to configure the route?

A.
route add 10.0.3.0 0.255.255.255 10.0.4.2

"Pass Any Exam. Any Time." - www.actualtests.com 194

 Cisco 200-301 Exam
B.
ip route 10.0.3.0 0.255.255.255 10.0.4.2

C.
route add 10.0.3.0 mask 255.255.255.0 10.0.4.3

D.
ip route 10.0.3.0 255.255.255.0 10.0.4.3

Answer: D
Reference:
https://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus3000/sw/unicast/503_u1_2/nexu
s3000_unicast_config_gd_503_u1_2/l3_route.html

QUESTION NO: 180

Refer to the exhibit. If R1 receives a packet destined to 172.16.1.1, to which IP address does it
send the packet?

"Pass Any Exam. Any Time." - www.actualtests.com 195

 Cisco 200-301 Exam
A.
192.168.14.4

B.
192.168.12.2

C.
192.168.13.3

D.
192.168.15.5

Answer: A
Explanation:

No route to that destination exists, so it will choose the default route which is sent to 192.168.14.4.

QUESTION NO: 181

Refer to the exhibit. A packet is being sent across router R1 to host 172.16.3.14. To which
destination does the router send the packet?

A.
207.165.200.246 via Serial0/1/0

B.
207.165.200.254 via Serial0/0/0

"Pass Any Exam. Any Time." - www.actualtests.com 196

 Cisco 200-301 Exam
C.
207.165.200.250 via Serial0/0/0

D.
207.165.200.254 via Serial0/0/1

Answer: D
Explanation:

The longest matching route to 172.16.3.14 is the 182.16.3.0/28 route, using Serial 0/0/1 with a
next hop of 207.165.200.254.

QUESTION NO: 182

R1 has learned route 192.168.12.0/24 via IS-IS, OSPF, RIP, and Internal EIGRP. Under normal
operating conditions, which routing protocol is installed in the routing table?

A.
IS-IS

B.
Internal EIGRP

C.
RIP

D.
OSPF

Answer: B
Explanation:

With the same route (prefix), the router will choose the routing protocol with lowest Administrative
Distance (AD) to install into the routing table. The AD of Internal EIGRP (90) is lowest so it would
be chosen. The table below lists the ADs of popular routing protocols.

"Pass Any Exam. Any Time." - www.actualtests.com 197

 Cisco 200-301 Exam

Note: The AD of IS-IS is 115. The “EIGRP? in the table above is “Internal EIGRP?. The AD of
“External EIGRP? is 170. An EIGRP external route is a route that was redistributed into EIGRP.

QUESTION NO: 183

Refer to the exhibit. The default-information originate command is configured under the R1
OSPF configuration. After testing, workstations on VLAN 20 at Site B cannot reach a DNS server
on the Internet.

Which action corrects the configuration issue?

"Pass Any Exam. Any Time." - www.actualtests.com 198

 Cisco 200-301 Exam
A.
Add the default-information originate command on R2.

B.
Add the always keyword to the default-information originate command on R1.

C.
Configure the ip route 0.0.0.0 0.0.0.0 10.10.10.18 command on R1.

D.
Configure the ip route 0.0.0.0 0.0.0.0 10.10.10.2 command on R2.

Answer: C
Explanation:

The “default-information originate? command will generate a default route and advertise it to its
peers, but only if the router itself has a default route within its routing table. We need to configure a
default route on R1, and then that default route will get advertised to R2.

QUESTION NO: 184

Refer to the exhibit. With which metric was the route to host 172.16.0.202 learned?

A.
0

B.
110

C.
"Pass Any Exam. Any Time." - www.actualtests.com 199
 Cisco 200-301 Exam
38443

D.
3184439

Answer: C
Explanation:

Both the line “O 172.16.0.128/25? and “S 172.16.0.0/24? cover the host 172.16.0.202 but with the
“longest (prefix) match? rule the router will choose the first route.

QUESTION NO: 185

An engineer configured an OSPF neighbor as a designated router. Which state verifies the
designated router is in the proper mode?

A.
Init

B.
2-way

C.
Exchange

D.
Full

Answer: D
Explanation:

Full

In this state, routers are fully adjacent with each other. All the router and network LSAs are
exchanged and the routers' databases are fully synchronized.

Full is the normal state for an OSPF router. If a router is stuck in another state, it is an indication
that there are problems in forming adjacencies. The only exception to this is the 2-way state,
which is normal in a broadcast network. Routers achieve the FULL state with their DR and BDR in
NBMA/broadcast media and FULL state with every neighbor in the remaining media such as point-
to-point and point-to-multipoint.

"Pass Any Exam. Any Time." - www.actualtests.com 200

 Cisco 200-301 Exam
Reference: https://www.cisco.com/c/en/us/support/docs/ip/open-shortest-path-first-ospf/13685-
13.html

QUESTION NO: 186

Refer to the exhibit. Which route does R1 select for traffic that is destined to 192.168.16.2?

A.
192.168.16.0/21

B.
192.168.16.0/24

C.
192.168.16.0/26

D.
192.168.16.0/27

Answer: D
Explanation:

The destination IP addresses match all four entries in the routing table but the 192.168.16.0/27
has the longest prefix so it will be chosen. This is called the “longest prefix match? rule.

QUESTION NO: 187

"Pass Any Exam. Any Time." - www.actualtests.com 201

 Cisco 200-301 Exam
What is the effect when loopback interfaces and the configured router ID are absent during the
OSPF Process configuration?

A.
The lowest IP address is incremented by 1 and selected as the router ID.

B.
The router ID 0.0.0.0 is selected and placed in the OSPF process.

C.
No router ID is set, and the OSPF protocol does not run.

D.
The highest up/up physical interface IP address is selected as the router ID.

Answer: D
Explanation:

A router ID is determined in the following order:

1. using the router-id command under the OSPF process to statically configure the router ID.

2. using the highest IP address of the router’s loopback interfaces.

3. using the highest IP address of the router’s active (up) physical interfaces.

QUESTION NO: 188

Refer to the exhibit. Which configuration issue is preventing the OSPF neighbor relationship from
being established between the two routers?

"Pass Any Exam. Any Time." - www.actualtests.com 202

 Cisco 200-301 Exam

A.
R1 has an incorrect network command for interface Gi1/0.

B.
"Pass Any Exam. Any Time." - www.actualtests.com 203
 Cisco 200-301 Exam
R2 should have its network command in area 1.

C.
R1 interface Gi1/0 has a larger MTU size.

D.
R2 is using the passive-interface default command.

Answer: C
Explanation:

If the Interface MTU field in the Database Description packet indicates an IP datagram size that is
larger than the router can accept on the receiving interface without fragmentation, the

Database Description packet is rejected. The default MTU on an interface is 1500.

QUESTION NO: 189

Refer to the exhibit. Load-balanced traffic is coming in from the WAN destined to a host at
172.16.1.190. Which next-hop is used by the router to forward the request?

A.
192.168.7.4

B.
192.168.7.7

C.
192.168.7.35
"Pass Any Exam. Any Time." - www.actualtests.com 204
 Cisco 200-301 Exam
D.
192.168.7.40

Answer: C
Explanation:

The longest match route that matches the 172.16.1.90 IP address is the OSPF route
172.16.1.184/29, which has a nest hop of 192.168.7.35.

QUESTION NO: 190

Refer to the exhibit. Routers R1 and R3 have the default configuration. The router R2 priority is set
to 99. Which commands on R3 configure it as the DR in the 10.0.4.0/24 network?

A.
R3(config)#interface Gig0/0

R3(config-if)#ip ospf priority 100

B.
R3(config)#interface Gig0/0

"Pass Any Exam. Any Time." - www.actualtests.com 205

 Cisco 200-301 Exam
R3(config-if)#ip ospf priority 1

C.
R3(config)#interface Gig0/1

R3(config-if)#ip ospf priority 0

D.
R3(config)#interface Gig0/1

R3(config-if)#ip ospf priority 100

Answer: D
Explanation:

In the case of OSPF, 0 means you will never be elected as DR or BDR. Default priority is 1.
Highest priority will be elected as the DR.

QUESTION NO: 191

Refer to the exhibit. All traffic enters the CPE router from interface Serial0/3 with an IP address of
192.168.50.1. Web traffic from the WAN is destined for a LAN network where servers are load-
balanced. An IP packet with a destination address of the HTTP virtual IP of 192.168.1.250 must be
forwarded. Which routing table entry does the router use?

A.
192.168.1.0/24 via 192.168.12.2

B.
192.168.1.128/25 via 192.168.13.3

C.
192.168.1.192/26 via 192.168.14.4

D.

"Pass Any Exam. Any Time." - www.actualtests.com 206

 Cisco 200-301 Exam
192.168.1.224/27 via 192.168.15.5

Answer: D
Explanation:

The longest prefix route inclusive of the IP Address. /27 = 32, which is inclusive in this case.

QUESTION NO: 192

Refer to the exhibit. Which two configurations must the engineer apply on this network so that R1
becomes the DR? (Choose two.)

A.
R3(config)#interface fastethernet 0/0

R3(config-if)#ip ospf priority 0

B.
R1(config)#router ospf 1

R1(config-router)#router-id 192.168.100.1

C.

"Pass Any Exam. Any Time." - www.actualtests.com 207

 Cisco 200-301 Exam
R1(config)#interface fastethernet 0/0

R1(config-if)#ip ospf priority 200

D.
R1(config)#interface fastethernet 0/0

R1(config-if)#ip ospf priority 0

E.
R3(config)#interface fastethernet 0/0

R3(config-if)#ip ospf priority 200

Answer: A,C
Explanation:

In the case of OSPF, 0 means you will never be elected as DR or BDR. Default priority is 1.
Highest priority will be elected as the DR.

QUESTION NO: 193

Refer to the exhibit. A network engineer is in the process of establishing IP connectivity between
"Pass Any Exam. Any Time." - www.actualtests.com 208
 Cisco 200-301 Exam
two sites. Routers R1 and R2 are partially configured with IP addressing. Both routers have the
ability to access devices on their respective LANs. Which command set configures the IP
connectivity between devices located on both LANs in each site?

A.
R1

ip route 192.168.1.1 255.255.255.0 GigabitEthernet0/1

R2

ip route 10.1.1.1 255.255.255.0 GigabitEthernet0/1

B.
R1

ip route 192.168.1.0 255.255.255.0 GigabitEthernet0/0

R2

ip route 10.1.1.1 255.255.255.0 GigabitEthernet0/0

C.
R1

ip route 0.0.0.0 0.0.0.0 209.165.200.225

R2

ip route 0.0.0.0 0.0.0.0 209.165.200.226

D.
R1

ip route 0.0.0.0 0.0.0.0 209.165.200.226

R2

ip route 0.0.0.0 0.0.0.0 209.165.200.225

Answer: D
Explanation:

Answer D is correct as it states any route goes through next hop of 2019.165.200.226(for R1)
while any route next hops to 209.165.200.225(On R2).

QUESTION NO: 194

"Pass Any Exam. Any Time." - www.actualtests.com 209
 Cisco 200-301 Exam

Refer to the exhibit. Which next-hop IP address does Router1 use for packets destined to host
10.10.13.158?

A.
10.10.10.9

B.
10.10.10.5

C.
10.10.11.2

D.
10.10.12.2

Answer: A
Explanation:

The longest matching route inclusive of 10.10.13.158 is the 10.10.13.144/28 route, which uses a
next hop IP address of 10.10.10.9.

"Pass Any Exam. Any Time." - www.actualtests.com 210

 Cisco 200-301 Exam

QUESTION NO: 195

Refer to the exhibit. Packets received by the router from BGP enter via a serial interface at
209.165.201.1. Each route is present within the routing table. Which interface is used to forward
traffic with a destination IP of 10.1.1.19?

A.
F0/0

B.
F0/1

C.
F0/4

D.
F0/3

Answer: A
Explanation:

The router will choose the route with the longest matching prefix, which is 19.1.1.16/28. This is the
RIP route, using interface F0/0.

QUESTION NO: 196

"Pass Any Exam. Any Time." - www.actualtests.com 211

 Cisco 200-301 Exam

Refer to the exhibit. Which prefix did router R1 learn from internal EIGRP?

A.
192.168.3.0/24

B.
192.168.1.0/24

C.
172.16.1.10/24

D.
192.168.2.0/24

Answer: D
Explanation:

D routes designate internal EIGRP routes. Here is a summary of the routing codes:

Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP

i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area

* - candidate default, U - per-user static route, o - ODR

P - periodic downloaded static route

"Pass Any Exam. Any Time." - www.actualtests.com 212

 Cisco 200-301 Exam
QUESTION NO: 197

Refer to the exhibit. R5 is the current DR on the network, and R4 is the BDR. Their interfaces are
flapping, so a network engineer wants the OSPF network to elect a different DR and BDR. Which
set of configurations must the engineer implement?

A.
R4(config)#interface gi0/0

R4(config-if)#ip ospf priority 20

R5(config)#interface gi0/0

R5(config-if)#ip ospf priority 10

B.
R5(config)#interface gi0/0

R5(config-if)#ip ospf priority 120

R4(config)#interface gi0/0

R4(config-if)#ip ospf priority 110

C.
R3(config)#interface gi0/0

"Pass Any Exam. Any Time." - www.actualtests.com 213

 Cisco 200-301 Exam
R3(config-if)#ip ospf priority 255

R2(config)#interface gi0/0

R2(config-if)#ip ospf priority 240

D.
R2(config)#interface gi0/0

R2(config-if)#ip ospf priority 259

R3(config)#interface gi0/0

R3(config-if)#ip ospf priority 256

Answer: C
Explanation:

In multi-access networks the router with the highest priority value is chosen as the DR which acts
as the central point of LSAs exchange. The priority command is assigned on an interface. Default
priority for an OSPF interface is 1. The range is from 0 to 255. 0 means that the interface does not
involve in the DR election.

QUESTION NO: 198

Refer to the exhibit. Web traffic is coming in from the WAN interface. Which route takes
precedence when the router is processing traffic destined for the LAN network at 10.0.10.0/24?

"Pass Any Exam. Any Time." - www.actualtests.com 214

 Cisco 200-301 Exam
A.
via next-hop 10.0.1.5

B.
via next-hop 10.0.1.4

C.
via next-hop 10.0.1.50

D.
via next-hop 10.0.1.100

Answer: A
Explanation:

First of all, this would never happen. The routing table would not contain two identical routes with
the same subnet mask. The best answer is the route with the lowest AD value, which is the EIGRP
route with a next hop of 10.0.1.5.

QUESTION NO: 199

Refer to the exhibit. A packet sourced from 10.10.10.1 is destined for 10.10.8.14. What is the
subnet mask of the destination route?

A.
255.255.254.0

B.

"Pass Any Exam. Any Time." - www.actualtests.com 215

 Cisco 200-301 Exam
255.255.255.240

C.
255.255.255.248

D.
255.255.255.252

Answer: B
Explanation:

The longest match prefix for 10.10.8.14 is the 10.10.8.0/28 route.

QUESTION NO: 200

Refer to the exhibit. An engineer must configure router R2 so it is elected as the DR on the WAN
subnet. Which command sequence must be configured?

"Pass Any Exam. Any Time." - www.actualtests.com 216

 Cisco 200-301 Exam
A.
interface gigabitethernet0/0

ip address 10.0.0.34 255.255.255.248

ip ospf priority 0

B.
interface gigabitethernet0/0

ip address 10.0.0.34 255.255.255.224

ip ospf priority 100

C.
interface gigabitethernet0/0

ip address 10.0.1.1 255.255.255.0

ip ospf priority 255

D.
interface gigabitethernet0/0

ip address 10.0.1.1 255.255.255.224

ip ospf priority 98

Answer: B
Explanation:

Priority in OSPF is mainly used to influence/determine a designated router/backup designated

router for a network. By default, the priority is 1 on all routers. A router with a high priority will
always win the DR/BDR election process. However, you can make a router not participate in the
election at all if you configure the priority to 0. This is mainly useful on frame relay networks where
you would want the hub to be the DR always. To set the router priority, use the ip ospf priority
<value> command in interface configuration mode.

QUESTION NO: 201

"Pass Any Exam. Any Time." - www.actualtests.com 217

 Cisco 200-301 Exam

Refer to the exhibit. Which IPv6 configuration is required for R17 to successfully ping the WAN
interface on R18?

A.
R17#

no ip domain lookup

ip cef

ipv6 cef

interface FastEthernet0/0

no ip address

duplex auto

speed auto

ipv6 address 2001:DB8:2::201/64

Interface FastEthernet1/0
"Pass Any Exam. Any Time." - www.actualtests.com 218
 Cisco 200-301 Exam
no ip address

duplex auto

speed auto

ipv6 address 2001:DB8:3::201/64

no cdp log mismatch duplex

ipv6 route 2001:DB8:4::/64 2001:DB8:4::302

B.
R17#

no ip domain lookup

ip cef

ipv6 unicast-routing

interface FastEthernet0/0

no ip address

duplex auto

speed auto

ipv6 address 2001:DB8:2::201/64

Interface FastEthernet1/0

no ip address

duplex auto

speed auto

ipv6 address 2001:DB8:3::201/64

no cdp log mismatch duplex

ipv6 route 2001:DB8:4::/64 2001:DB8:3::301

"Pass Any Exam. Any Time." - www.actualtests.com 219

 Cisco 200-301 Exam
C.
R17#

no ip domain lookup

ip cef

interface FastEthernet0/0

no ip address

duplex auto

speed auto

ipv6 address 2001:DB8:3::201/64

Interface FastEthernet1/0

no ip address

duplex auto

speed auto

ipv6 address 2001:DB8:2::201/64

no cdp log mismatch duplex

ipv6 route 2001:DB8:4::/64 2001:DB8:5::101

D.
R17#

no ip domain lookup

ip cef

ipv6 unicast-routing

interface FastEthernet0/0

"Pass Any Exam. Any Time." - www.actualtests.com 220

 Cisco 200-301 Exam
no ip address

duplex auto

speed auto

ipv6 address 2001:DB8:2::201/64

Interface FastEthernet1/0

no ip address

duplex auto

speed auto

ipv6 address 2001:DB8:3::201/64

no cdp log mismatch duplex

ipv6 route 2001:DB8:4::/64 2001:DB8:2::201

Answer: B

QUESTION NO: 202

OSPF must be configured between routers R1 and R2. Which OSPF configuration must be
applied to router R1 to avoid a DR/BDR election?

A.
router ospf 1

network 192.168.1.1 0.0.0.0 area 0

interface e1/1

ip address 192.168.1.1 255.255.255.252

ip ospf cost 0

B.
router ospf 1

network 192.168.1.1 0.0.0.0 area 0

"Pass Any Exam. Any Time." - www.actualtests.com 221

 Cisco 200-301 Exam
hello interval 15

interface e1/1

ip address 192.168.1.1 255.255.255.252

C.
router ospf 1

network 192.168.1.1 0.0.0.0 area 0

interface e1/1

ip address 192.168.1.1 255.255.255.252

ip ospf network broadcast

D.
router ospf 1

network 192.168.1.1 0.0.0.0 area 0

interface e1/1

ip address 192.168.1.1 255.255.255.252

ip ospf network point-to-point

Answer: D
Explanation:

OSPF uses a DR (Designated Router) and BDR (Backup Designated Router) on each multi-
access network. A multi-access network is a segment where we have more than two routers.
OSPF figures this out by looking at the interface type. For example, an Ethernet interface is
considered a multi-access network, and a serial interface is considered a point-to-point interface.
On point-to-point links, a DR and BDR are not elected since only two routers are directly
connected.

QUESTION NO: 203

"Pass Any Exam. Any Time." - www.actualtests.com 222

 Cisco 200-301 Exam

Refer to the exhibit. Router R1 currently is configured to use R3 as the primary route to the
internet, and the route uses the default administrative distance settings. A network engineer must
configure R1 so that it uses R2 as a backup, but only if R3 goes down. Which command must the
engineer configure on R1 so that it correctly uses R2 as a backup route, without changing the
administrative distance configuration on the link to R3?

A.
ip route 0.0.0.0 0.0.0.0 209.165.201.5.10

B.
ip route 0.0.0.0 0.0.0.0 g0/1 1

C.
ip route 0.0.0.0 0.0.0.0 209.165.200.226 1

D.
ip route 0.0.0.0 0.0.0.0 g0/1 6

"Pass Any Exam. Any Time." - www.actualtests.com 223

 Cisco 200-301 Exam
Answer: D
Explanation:

The default administrative distance for a static route is 1, so we need to specify a backup route
with a higher AD, in this case the value of 6.

QUESTION NO: 204

Refer to the exhibit. Which action must be taken to ensure that router A is elected as the DR for
OSPF area 0?

A.
Configure the router A interfaces with the highest OSPF priority value within the area

B.
Configure router B and router C as OSPF neighbors of router A
"Pass Any Exam. Any Time." - www.actualtests.com 224
 Cisco 200-301 Exam
C.
Configure the OSPF priority on router A with the lowest value between the three routers

D.
Configure router A with a fixed OSPF router ID

Answer: A

QUESTION NO: 205

Refer to the exhibit. Which network prefix was learned via EIGRP?

A.
172.16.0.0/16

B.
207.165.200.0/24

C.
192.168.1.0/24

D.
192.168.2.0/24

Answer: D
Explanation:

D routes designate internal EIGRP routes. Here is a summary of the routing codes:

"Pass Any Exam. Any Time." - www.actualtests.com 225

 Cisco 200-301 Exam
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP

i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area

* - candidate default, U - per-user static route, o - ODR

P - periodic downloaded static route

QUESTION NO: 206

Refer to the exhibit. Which command must be issued to enable a floating static default route on
router A?

"Pass Any Exam. Any Time." - www.actualtests.com 226

 Cisco 200-301 Exam
A.
ip route 0.0.0.0 0.0.0.0 192.168.1.2 10

B.
ip route 0.0.0.0 0.0.0.0 192.168.1.2

C.
ip default-gateway 192.168.2.1

D.
ip route 0.0.0.0 0.0.0.0 192.168.2.1 10

Answer: A
Explanation:

A floating static route requires an Administrative Distance greater than the default value of 1. For
Router A, the primary route was already defined as the link to Router B, so the backup link needs
to be configured using the IP address of 192.168.1.2.

QUESTION NO: 207

Refer to the exhibit. R1 learns all routes via OSPF. Which command configures a backup static
route on R1 to reach the 192.168.20.0/24 network via R3?

A.

"Pass Any Exam. Any Time." - www.actualtests.com 227

 Cisco 200-301 Exam
R1(config)#ip route 192.168.20.0 255.255.255.0 192.168.30.2 111

B.
R1(config)#ip route 192.168.20.0 255.255.255.0 192.168.30.2 90

C.
R1(config)#ip route 192.168.20.0 255.255.0.0 192.168.30.2

D.
R1(config)#ip route 192.168.20.0 255.255.255.0 192.168.30.2

Answer: A
Explanation:

For this to be a backup route, we need to specify the AD of the static route to a value higher than
the AD for OSPF routes, which is 110.

QUESTION NO: 208

Refer to the exhibit. R1 has taken the DROTHER role in the OSPF DR/BDR election process.
Which configuration must an engineer implement so that R1 is elected as the DR?

"Pass Any Exam. Any Time." - www.actualtests.com 228

 Cisco 200-301 Exam
A.
R1(config)#interface FastEthernet 0/0

R1(config-if)#ip ospf priority 1

R1#clear ip ospf process

B.
R3(config)#interface FastEthernet 0/1

R3(config-if)#ip ospf priority 200

R3#clear ip ospf process

C.
R2(config)#interface FastEthernet 0/2

R2(config-if)#ip ospf priority 1

R2#clear ip ospf process

D.
R1(config)#interface FastEthernet 0/0

R1(config-if)#ip ospf priority 200

R1#clear ip ospf process

Answer: D
Explanation:

The default OSPF priority for an interface is 1, so we need to make it higher (such as 200 in this
case) and apply it to the correct on router R1.

QUESTION NO: 209

Which SDN plane forwards user-generated traffic?

A.
Management plane

B.
Control plane

C.
Policy plane
"Pass Any Exam. Any Time." - www.actualtests.com 229
 Cisco 200-301 Exam
D.
Data plane

Answer: D
Explanation:

In conventional networks, routers, switches, firewalls and other devices tightly couple the control
plane and the data plane on a single device. Software Defined Networking (SDN) introduces the
concept of separating the control plane and data plane. The data plane remains on each device
(physical and virtual) for quick, efficient forwarding of data. The control plane provides layer-2
MAC reachability and layer-3 routing information to network devices so they can make packet
forwarding decisions.

The data planes' job is to forward user-generated data traffic within the network infrastructure.
How that happens is device dependent.

In SDN, the data plane and control plane are separated. The functionality of a devices' data plane
is dependent on instructions coming from the centralized controller's control plane.

QUESTION NO: 210

"Pass Any Exam. Any Time." - www.actualtests.com 230

 Cisco 200-301 Exam

Refer to the exhibit. Router OldR is replacing another router on the network with the intention of
having OldR and R2 exchange routes. After the engineer applied the initial OSPF configuration,
the routes were still missing on both devices. Which command sequence must be issued before
the clear IP ospf process command is entered to enable the neighbor relationship?

A.
OldR(config)#interface g0/0/0

OldR(config-if)#ip ospf hello-interval 15

B.
OldR(config)#router ospf 1

OldR(config-router)#network 192.168.1.0 255.255.255.0 area 2

C.
OldR(config)#interface g0/0/0

OldR(config-if)#ip ospf dead-interval 15

D.
OldR(config)#router ospf 1

OldR(config-router)#no router-id 192.168.1.1

Answer: D
Explanation:

With OSPF each router must have a unique router ID. Here we see that both routers have a router
ID of 192.168.1.1. Removing the router-id command on the OldR will force it to use one of its
actual interface IP addresses as the router ID.

QUESTION NO: 211

"Pass Any Exam. Any Time." - www.actualtests.com 231

 Cisco 200-301 Exam

Refer to the exhibit. What is the subnet mask for route 172.16.4.0?

A.
255.255.255.192

B.
255.255.254.0

C.
255.255.248.0

D.
255.255.240.0

Answer: C
Explanation:

"Pass Any Exam. Any Time." - www.actualtests.com 232

 Cisco 200-301 Exam

QUESTION NO: 212

"Pass Any Exam. Any Time." - www.actualtests.com 233

 Cisco 200-301 Exam
Refer to the exhibit. A static route must be configured on R14 to forward traffic for the
172.21.34.0/25 network that resides on R86. Which command must be used to fulfill the request?

A.
ip route 172.21.34.0 255.255.255.192 10.73.65.65

B.
ip route 172.21.34.0 255.255.255.128 10.73.65.66

C.
ip route 172.21.34.0 255.255.255.0 10.73.65.65

D.
ip route 172.21.34.0 255.255.128.0 10.73.65.64

Answer: B
Explanation:

A /25 subnet destination means a mask of 255.255.255.128, so only choice B is correct. We also
need to make sure we specify the next hop of the other router’s connected interface, which is
10.73.65.66.

QUESTION NO: 213

"Pass Any Exam. Any Time." - www.actualtests.com 234

 Cisco 200-301 Exam

Refer to the exhibit. The network engineer is configuring router R2 as a replacement router on the
network. After the initial configuration is applied, it is determined that R2 failed to show R1 as a
neighbor. Which configuration must be applied to R2 to complete the OSPF configuration and
enable it to establish the neighbor relationship with R1?

A.
R2(config)#router ospf 1

R2(config-router)#network 192.168.1.0 255.255.255.0 area 2

B.
R2(config)#interface g0/0/0

R2(config-if)#ip ospf hello-interval 10

C.
R2(config)#interface g0/0/0

R2(config-if)#ip ospf dead-interval 40

D.
R2(config)#router ospf 1

R2(config-router)#router-id 192.168.1.2

"Pass Any Exam. Any Time." - www.actualtests.com 235

 Cisco 200-301 Exam
Answer: C
Explanation:

For OSPF the hello and dead timers must match to become neighbors. R1 is configured with a
dead time of 40 seconds, while R2 is set to 45 seconds.

QUESTION NO: 214

Refer to the exhibit. All interfaces are configured with duplex auto and ip ospf network broadcast.
Which configuration allows routers R14 and R86 to form an OSPFv2 adjacency and act as a
central point for exchanging OSPF information between routers?

A.
R14#

interface FastEthernet0/0

ip address 10.73.65.65 255.255.255.252

ip ospf priority 255

ip mtu 1500

router ospf 10

router-id 10.10.1.14

network 10.10.1.14 0.0.0.0 area 0

network 10.73.65.64 0.0.0.3 area 0

R86#

interface FastEthernet0/0

ip address 10.73.65.66 255.255.255.252

"Pass Any Exam. Any Time." - www.actualtests.com 236

 Cisco 200-301 Exam
ip mtu 1400

router ospf 10

router-id 10.10.1.86

network 10.10.1.86 0.0.0.0 area 0

network 10.73.65.64 0.0.0.3 area 0

B.
R14#

interface Loopback0

ip ospf 10 area 0

interface FastEthernet0/0

ip address 10.73.65.65 255.255.255.252

ip ospf 10 area 0

ip mtu 1500

router ospf 10

ip ospf priority 255

router-id 10.10.1.14

R86#

interface Loopback0

ip ospf 10 area 0

interface FastEthernet0/0

ip address 10.73.65.66 255.255.255.252

ip ospf 10 area 0

ip mtu 1500

router ospf 10

router-id 10.10.1.86

C.
R14#

interface FastEthernet0/0

"Pass Any Exam. Any Time." - www.actualtests.com 237

 Cisco 200-301 Exam
ip address 10.73.65.65 255.255.255.252

ip ospf priority 0

ip mtu 1500

router ospf 10

router-id 10.10.1.14

network 10.10.1.14 0.0.0.0 area 0

network 10.73.65.64 0.0.0.3 area 0

R86#

interface FastEthernet0/0

ip address 10.73.65.66 255.255.255.252

ip mtu 1500

router ospf 10

router-id 10.10.1.86

network 10.10.1.86 0.0.0.0 area 0

network 10.73.65.64 0.0.0.3 area 0

D.
R14#

interface Loopback0

ip ospf 10 area 0

interface FastEthernet0/0

ip address 10.73.65.65 255.255.255.252

ip ospf priority 255

ip ospf 10 area 0

ip mtu 1500

router ospf 10

router-id 10.10.1.14

R86#

interface Loopback0

"Pass Any Exam. Any Time." - www.actualtests.com 238

 Cisco 200-301 Exam
ip ospf 10 area 0

interface FastEthernet0/0

ip address 10.73.65.66 255.255.255.252

ip ospf 10 area 0

ip mtu 1500

router ospf 10

router-id 10.10.1.86

Answer: A

QUESTION NO: 215

A packet from a company’s branch office is destined to host 172.31.0.1 at headquarters. The
sending router has three possible matches in its routing table for the packet: prefixes
172.31.0.0/16, 172.31.0.0/24, and 172.31.0.0/25. How does the router handle the packet?

A.
It sends the traffic via prefix 172.31.0.0/24.

B.
It sends the traffic via prefix 172.31.0.0/16.

C.
It sends the traffic via prefix 172.31.0.0/25.

D.
It sends the traffic via the default gateway 0.0.0.0/0.

Answer: C
Explanation:

Longest prefix match routing is an algorithm where the router prefers the longest prefix in the
routing table. In other words, the most specific prefix. When a router receives the IP packet, it
compares the destination IP address bit-by-bit with prefixes in the routing table. The prefix with the
most matching bits is the prefix that the router will use.

Reference: https://networklessons.com/cisco/ccna-200-301/longest-prefix-match-routing

"Pass Any Exam. Any Time." - www.actualtests.com 239

 Cisco 200-301 Exam

QUESTION NO: 216

Refer to the exhibit. An engineer is asked to configure router R1 so that it forms an OSPF single-
area neighbor relationship with R2. Which command sequence must be implemented to configure
the router?

A.
router ospf 100

network 10.0.0.0 0.0.0.252 area0

network 10.0.1.0 0.0.0.255 area0

B.
router ospf 100

network 10.0.0.0 0.0.0.3 area0

network 10.0.2.0 255.255.255.0 area0

"Pass Any Exam. Any Time." - www.actualtests.com 240
 Cisco 200-301 Exam
C.
router ospf 10

network 10.0.0.0 0.0.0.3 area0

network 10.0.1.0 0.0.0.255 area0

D.
router ospf 10

network 10.0.0.0 0.0.0.3 area0

network 10.0.2.0 0.0.0.255 area0

Answer: C
Explanation:

Wildcard masks are used to specify a range of network addresses. They are commonly used with
routing protocols (like OSPF) and access lists.

Just like a subnet mask, a wildcard mask is 32 bits long. It acts as an inverted subnet masks, but
with wildcard mask, the zero bits indicate that the corresponding bit position must match the same
bit position in the IP address. The one bits indicate that the corresponding bit position doesn’t have
to match the bit position in the IP address.

Reference: https://study-ccna.com/wildcard-masks/

QUESTION NO: 217

"Pass Any Exam. Any Time." - www.actualtests.com 241

 Cisco 200-301 Exam

Refer to the exhibit. All routers in the network are configured. R2 must be the DR. After the
engineer connected the devices, R1 was elected as the DR. Which command sequence must be
configured on R2 to be elected as the DR in the network?

A.
R2(config)#interface gi0/0

R2(config-if)#ip ospf priority 100

B.
R2(config)#router ospf 1

R2(config-router)#router-id 192.168.2.7

C.
R2(config)#router ospf 1

R2(config-router)#router-id 10.100.100.100

D.
R2(config)#interface gi0/0

R2(config-if)#ip ospf priority 1

"Pass Any Exam. Any Time." - www.actualtests.com 242

 Cisco 200-301 Exam
Answer: A
Explanation:

The default OSPF priority for an interface is 1. A higher priority will cause the router to become the
DR. The range is from 0-255.

QUESTION NO: 218

Refer to the exhibit. What is the subnet mask of the route to the 10.10.13.160 prefix?

A.
255.255.255.240

B.
"Pass Any Exam. Any Time." - www.actualtests.com 243
 Cisco 200-301 Exam
255.255.255.128

C.
255.255.248.0

D.
255.255.255.248

Answer: D
Explanation:

To reach the host 10.10.13.165 the router chooses the route OSPF 10.10.13.160/29 (from
10.10.13.160 to 10.10.13.167) because it includes the destination address. A /29 translates to
255.255.255.248.

QUESTION NO: 219

Refer to the exhibit. Traffic from R1 to the 10.10.2.0/24 subnet uses 192.168.1.2 as its next hop. A
network engineer wants to update the R1 configuration so that traffic with destination 10.10.2.1
passes through router R3, and all other traffic to the 10.10.2.0/24 subnet passes through R2.

"Pass Any Exam. Any Time." - www.actualtests.com 244

 Cisco 200-301 Exam
Which command must be used?

A.
ip route 10.10.2.1 255.255.255.255 192.168.1.4 115

B.
ip route 10.10.2.0 255.255.255.0 192.168.1.4 115

C.
ip route 10.10.2.0 255.255.255.0 192.168.1.4 100

D.
ip route 10.10.2.1 255.255.255.255192.168.1.4 100

Answer: D
Explanation:

Here we need to add a host route for the specific 10.10.2.1 host, which means using a subnet
mask of 255.255.255.255. We also need to configure an Administrative Distance that is less than
the default OSPF AD of 115.

QUESTION NO: 220

"Pass Any Exam. Any Time." - www.actualtests.com 245

 Cisco 200-301 Exam

Refer to the exhibit. The image server and client A are running an application that transfers an
extremely high volume of data between the two. An engineer is configuring a dedicated circuit
between R1 and R2. Which set of commands must the engineer apply to the routers so that only
traffic between the image server and client A is forces to use the new circuit?

A.
R1(config)#ip route 10.10.13.10 255.255.255.255 10.10.10.6

R2(config)#ip route 192.168.0.100 255.255.255.255 10.10.10.5

B.
R1(config)#ip route 10.10.13.10 255.255.255.128 10.10.10.6

R2(config)#lp route 192.168.0.100 255.255.255.0 10.10.10.5

C.
R1(config)#ip route 10.10.13.10 255.255.255.252 10.10.10.6

R2(config)#tp route 192.168.0.100 255.255.255.252 10.10.10.5

D.
R1(config)#ip route 10.10.13.10 255.255.255.255 10.10.10.2

R2(config)#ip route 192.168.0.100 255.255.255.255 10.10.10.1

Answer: D
Explanation:

Here we need to create static routes for the end hosts only, not the subnet they belong to. This is
done by specifying a subnet mask on the static route of 255.255.255.255.

QUESTION NO: 221

"Pass Any Exam. Any Time." - www.actualtests.com 246

 Cisco 200-301 Exam

Refer to the exhibit. An engineer is checking the routing table in the main router to identify the path
to a server on the network. Which route does the router use to reach the server at 192.168.2.2?

A.
S 192.168.0.0/20 [1/0] via 10.1.1.1

B.
S 192.168.2.0/29 [1/0] via 10.1.1.1

C.
S 192.168.2.0/28 [1/0] via 10.1.1.1

D.
S 192.168.1.0/30 [1/0] via 10.1.1.1

Answer: B
Explanation:

The route selected will use the longest match rule. IE, the longest matching subnet will be routed
first so the 192.168.2.0/29 will be used over the 192.168.2.0/28 route.

QUESTION NO: 222

"Pass Any Exam. Any Time." - www.actualtests.com 247

 Cisco 200-301 Exam

Refer to the exhibit. What is the prefix length for the route that router1 will use to reach host A?

A.
/25

B.
/27

C.
/28

D.
/29

Answer: D
Explanation:

The longest matching prefix that matches 10.10.13.214 is the last OPSF route listed in the routing
table, which is 10.10.13.208/29.

"Pass Any Exam. Any Time." - www.actualtests.com 248

 Cisco 200-301 Exam

QUESTION NO: 223

Refer to the exhibit. After applying this configuration to router R1, a network engineer is verifying
the implementation. If all links are operating normally, and the engineer sends a series of packets
from PC1 to PC3, how are the packets routed?

A.
They are distributed sent round robin to interfaces S0/0/0 and S0/0/1

B.
They are routed to 10.0.0.2

C.
They are routed to 192.168.100.2

D.
They are routed to 172.16.20.2

Answer: D
"Pass Any Exam. Any Time." - www.actualtests.com 249
 Cisco 200-301 Exam
Explanation:

The lowest Administrative Distance will be used to select the route. In this cast, the route using
172.16.20.2 is using the default value for a static route, which is 1. The other default route has a
configured AD of 20.

QUESTION NO: 224

Refer to the exhibit. When router R1 receives a packet with destination IP address 10.56.0.62,
through which interface does it route the packet?

A.
Vlan58

B.
Null0

C.
Vlan59

D.
Vlan60

Answer: A
Explanation:

The longest matching route for 10.56.0.62 is the 10.56.0.0/26 route, which uses VLAN 58.

"Pass Any Exam. Any Time." - www.actualtests.com 250

 Cisco 200-301 Exam

QUESTION NO: 225

Refer to the exhibit. How must OSPF be configured on the GigabitEthernet0/0 interface of the
neighbor device to achieve the desired neighbor relationship?

A.
Router(config)#interface GigabitEthernet 0/0

Router(config-if)#ip ospf cost 5

B.
Router(config)#interface GigabitEthernet 0/0

Router(config-if)#ip ospf priority 1

C.
Router(config)#interface GigabitEthernet 0/0

Router(config-if)#ip ospf 1 area 2

D.
Router(config)#interface GigabitEthernet 0/0

Router(config-if)#ip ospf network point-to-point

Answer: D
Explanation:

On OSPF point to point links, a DR/BDR election is not made. Neighbor relationships will form, but
there will be no DR/BDR designations on that link since only two routers are on pt-pt links.

"Pass Any Exam. Any Time." - www.actualtests.com 251

 Cisco 200-301 Exam

QUESTION NO: 226

An engineer just installed network 10.120.10.0/24. Which configuration must be applied to the R14
router to add the new network to its OSPF routing table?

A.
Router ospf 100

Network 10.120.10.0 0.0.0.255 area 0

B.
Router ospf 120

Network 10.120.10.0 255.255.255.0 area 0

Ip route 10.120.10.0 255.255.255.0 fa0/1

C.
Router ospf 100 area 0

Network 10.120.10.0 0.0.0.255

D.
Router ospf 100

Network 10.120.10.0 255.255.255.0 area 0

"Pass Any Exam. Any Time." - www.actualtests.com 252

 Cisco 200-301 Exam
Answer: A
Reference: https://networklessons.com/ospf/basic-ospf-configuration

QUESTION NO: 227

What are two benefits of FHRPs? (Choose two.)

A.
They allow encrypted traffic

B.
They prevent loops in the Layer 2 network.

C.
They are able to bundle multiple ports to increase bandwidth

D.
They enable automatic failover of the default gateway

E.
They allow multiple devices to serve as a single virtual gateway for clients in the network

Answer: D,E
Explanation:

First Hop Redundancy Protocol (FHRP)

IP routing redundancy is designed to allow for transparent fail-over at the first-hop IP router.

Both HSRP and VRRP enable two or more devices to work together in a group, sharing a single IP
address, the virtual IP address. The virtual IP address is configured in each end user's workstation
as a default gateway address and is cached in the host's Address Resolution Protocol (ARP)
cache.

In an HSRP or VRRP group, one router is elected to handle all requests sent to the virtual IP
address. With HSRP, this is the active router. An HSRP group has one active router, at least one
standby router, and perhaps many listening routers. A VRRP group has one active router and one
or more backup routers.

Reference: https://www.cisco.com/c/en/us/products/ios-nx-os-software/first-hop-redundancy-
protocol-fhrp/index.html

"Pass Any Exam. Any Time." - www.actualtests.com 253

 Cisco 200-301 Exam

QUESTION NO: 228

Which type of address is shared by routers in a HSRP implementation and used by hosts on the
subnet as their default gateway address?

A.
multicast address

B.
virtual IP address

C.
loopback IP address

D.
broadcast address

Answer: B
Explanation:

The general idea behind HSRP is rather simple: Configure multiple devices that all exist on the
same subnet and are able to act as gateways to the hosts on the subnet. Basic redundancy can
be configured by configuring some of the hosts to use one gateway and the other hosts to use
another. However, in this situation, if either one of the gateways was to fail, then there are still a
large number of hosts that would lose outside network access.

HSRP provides a solution to this problem by allowing two of the connected gateways to be
configured to provide redundancy. HSRP does this by providing a virtual MAC and IP address that
is shared between these two devices; the active device between the two of them will be
responsible for the handling of traffic to the virtual IP address, while the standby device will
monitor the active device for signs of failure.

Reference:
https://www.pearsonitcertification.com/articles/article.aspx?p=2141270#:~:text=HSRP%20does%2
0this%20by%20providing,device%20for%20signs%20of%20failure

QUESTION NO: 229

"Pass Any Exam. Any Time." - www.actualtests.com 254

 Cisco 200-301 Exam

Refer to the exhibit. Router R1 is added to the network and configured with the 10.0.0.64/26 and
10.0.20.0/24 subnets. However, traffic destined for the LAN on R3 is not accessible. Which
command when executed on R1 defines a static route to reach the R3 LAN?

A.
ip route 10.0.0.64 255.255.255.192 10.0.20.3

B.
ip route 10.0.15.0 255.255.255.0 10.0.20.1

C.
ip route 10.0.15.0 255.255.255.192 10.0.20.1

D.
ip route 10.0.15.0 255.255.255.0 10.0.20.3

"Pass Any Exam. Any Time." - www.actualtests.com 255

 Cisco 200-301 Exam
Answer: D
Explanation:

We need to specify the destination network (10.0.15.0/24) and the next hop IP of the router to get
to that network (10.0.20.3).

QUESTION NO: 230

A router has two static routes to the same destination network under the same OSPF process.
How does the router forward packets to the destination if the next-hop devices are different?

A.
The router chooses the route with the oldest age.

B.
The router chooses the next hop with the lowest IP address.

C.
The router chooses the next hop with the lowest MAC address.

D.
The router load-balances traffic over all routes to the destination.

Answer: D
Explanation:

Load balancing is a standard functionality of Cisco IOS Software that is available across all router
platforms. It is inherent to the forwarding process in the router, and it enables a router to use
multiple paths to a destination when it forwards packets. The number of paths used is limited by
the number of entries that the routing protocol puts in the routing table. Four entries are the default
in Cisco IOS Software for IP routing protocols except for BGP. BGP has a default of one entry.

QUESTION NO: 231

"Pass Any Exam. Any Time." - www.actualtests.com 256

 Cisco 200-301 Exam

Refer to the exhibit. What does route 10.0.1.3/32 represent in the routing table?

A.
all hosts in the 10.0.1.0 subnet

B.
a single destination address

C.
the source 10.0.1.100

D.
the 10.0.0.0 network

Answer: B
Explanation:

A route with a mask of /32 includes only the single IP address.

QUESTION NO: 232

"Pass Any Exam. Any Time." - www.actualtests.com 257

 Cisco 200-301 Exam

Refer to the exhibit. Router R14 is in the process of being configured. Which configuration must be
used to establish a host route to a PC 10?

A.
ip route 10.80.65.10 255.255.255.254 10.80.65.1

B.
ip route 10.80.65.10 255.255.255.255 10.73.65.66

C.
ip route 10.73.65.66 0.0.0.255 10.80.65.10

D.
ip route 10.73.65.65 255.0.0.0 10.80.65.10

Answer: B

QUESTION NO: 233

"Pass Any Exam. Any Time." - www.actualtests.com 258

 Cisco 200-301 Exam

Refer to the exhibit. The primary route across Gi0/0 is configured on both routers. A secondary
route must be configured to establish connectivity between the workstation networks. Which
command set must be configured to complete this task?

A.
R1

ip route 172.16.2.0 255.255.255.248 172.16.0.5 110

R2

ip route 172.16.1.0 255.255.255.0 172.16.0.6 110

B.
R1

ip route 172.16.2.0 255.255.255.240 172.16.0.2 113

R2

ip route 172.16.1.0 255.255.255.0 172.16.0.1 114

C.
R1

"Pass Any Exam. Any Time." - www.actualtests.com 259

 Cisco 200-301 Exam
ip route 172.16.2.0 255.255.255.224 172.16.0.6 111

R2

ip route 172.16.1.0 255.255.255.0 172.16.0.5 112

D.
R1

ip route 172.16.2.0 255.255.255.240 172.16.0.5 89

R2

ip route 172.16.1.0 255.255.255.0 172.16.0.6 89

Answer: C

QUESTION NO: 234 DRAG DROP

Refer to the exhibit. Drag and drop the subnet masks from the left onto the corresponding subnets
on the right. Not all subnet masks are used.

"Pass Any Exam. Any Time." - www.actualtests.com 260

 Cisco 200-301 Exam

Answer:

"Pass Any Exam. Any Time." - www.actualtests.com 261

 Cisco 200-301 Exam
Explanation:

10.10.13.0 – 255.255.255.252

10.10.13.128 – 255.255.255.224

10.10.13.160 – 255.255.255.248

10.10.13.252 – 255.255.255.128

QUESTION NO: 235

Refer to the exhibit. IPv6 is being implemented within the enterprise. The command ipv6 unicast-
routing is configured. Interface Gig0/0 on R1 must be configured to provide a dynamic
assignment using the assigned IPv6 block. Which command accomplishes this task?

A.
ipv6 address 2001:DB8:FFFF:FCF3::/64 link-local

B.
"Pass Any Exam. Any Time." - www.actualtests.com 262
 Cisco 200-301 Exam
ipv6 address 2001:DB8:FFFF:FCF3::1/64

C.
ipv6 address 2001:DB8:FFFF:FCF3::/64 eui-64

D.
ipv6 address autoconfig 2001:DB8:FFFF:FCF2::/64

Answer: C
Explanation:

There appears to be a type in this choice, but it is still the best answer option. It should be ipv6
address 2001:DB8:FFFF:FCF3::/64 eui-64.

QUESTION NO: 236 DRAG DROP

Drag and drop the IPv6 address type characteristics from the left to the right.

Answer:

"Pass Any Exam. Any Time." - www.actualtests.com 263

 Cisco 200-301 Exam

Explanation:

Global Unicast Address:

equivalent to publich IPv4 addresses

addressing for exclusive use internally without Internet routing

Unique Local Address:

routable and reachable via the Internet

addresses with prefix FC00::/7

QUESTION NO: 237

A Cisco engineer notices that two OSPF neighbors are connected using a crossover Ethernet
cable. The neighbors are taking too long to become fully adjacent. Which command must be
issued under the interface configuration on each router to reduce the time required for the
adjacency to reach the FULL state?

A.
ip ospf dead-interval 40

B.
ip ospf network broadcast

C.
"Pass Any Exam. Any Time." - www.actualtests.com 264
 Cisco 200-301 Exam
ip ospf priority 0

D.
ip ospf network point-to-point

Answer: D

QUESTION NO: 238

Refer to the exhibit. A packet sourced from 10.10.10.32 is destined for the Internet. What is the
administrative distance for the destination route?

A.
0

B.
1

C.
2

D.
32

Answer: B
Explanation:

Internet traffic will take the default route of 0.0.0.0/0, which has an administrative distance of 1.

"Pass Any Exam. Any Time." - www.actualtests.com 265

 Cisco 200-301 Exam

QUESTION NO: 239

What is the benefit of using FHRP?

A.
reduced ARP traffic on the network

B.
balancing traffic across multiple gateways in proportion to their loads

C.
higher degree of availability

D.
reduced management overhead on network routers

Answer: C
Explanation:

FHRP, or First Hop Redundancy Protocol, refers to a set of protocols used in computer networks
to provide redundancy and high availability for the default gateway or first hop of the network. The
primary benefit of using FHRP is to ensure continuous network connectivity and minimize network
downtime in the event of a failure.

QUESTION NO: 240

Why is a first-hop redundancy protocol implemented?

A.
to enable multiple switches to operate as a single unit

B.
to provide load-sharing for a multilink segment

C.
to prevent loops in a network

D.
to protect against default gateway failures

"Pass Any Exam. Any Time." - www.actualtests.com 266

 Cisco 200-301 Exam
Answer: D
Explanation:

FHRP, or First Hop Redundancy Protocol, refers to a set of protocols used in computer networks
to provide redundancy and high availability for the default gateway or first hop of the network. The
primary benefit of using FHRP is to ensure continuous network connectivity and minimize network
downtime in the event of a failure.

QUESTION NO: 241

Which type of IPv4 address type helps to conserve the globally unique address classes?

A.
loopback

B.
multicast

C.
private

D.
public

Answer: C
Explanation:

The term "private" in the context of IPv4 addresses refers to address ranges that are reserved for
use within private networks and are not globally routable on the internet. Private IPv4 addresses
help conserve the globally unique address classes by allowing organizations to use these
addresses internally, without requiring unique public IP addresses for every device on their
network.

QUESTION NO: 242

What are two purposes of HSRP? (Choose two.)

A.
It provides a mechanism for diskless clients to autoconfigure their IP parameters during boot.

"Pass Any Exam. Any Time." - www.actualtests.com 267

 Cisco 200-301 Exam
B.
It improves network availability by providing redundant gateways.

C.
It groups two or more routers to operate as one virtual router.

D.
It passes configuration information to hosts in a TCP/IP network.

E.
It helps hosts on the network to reach remote subnets without a default gateway.

Answer: B,C
Explanation:

HSRP, which stands for Hot Standby Router Protocol, is a First Hop Redundancy Protocol (FHRP)
used in computer networks. Its primary purpose is to provide redundancy and high availability for
the default gateway or first hop router in a network where multiple routers operate as a single
virtual router.

QUESTION NO: 243

What are two benefits for using private IPv4 addressing? (Choose two.)

A.
They allow for Internet access from IoT devices.

B.
They alleviate the shortage of public IPv4 addresses.

C.
They provide a layer of security from internet threats.

D.
They supply redundancy in the case of failure.

E.
They offer Internet connectivity to endpoints on private networks.

Answer: B,C
Explanation:

Address Space Conservation: Private IP addresses allow organizations to conserve the limited
supply of globally unique public IP addresses. By using private addresses internally, organizations
"Pass Any Exam. Any Time." - www.actualtests.com 268
 Cisco 200-301 Exam
can have numerous devices on their network without requiring a unique public IP address for each
device.

Enhanced Security: Private IP addresses provide an additional layer of security by keeping

internal network devices hidden from direct exposure to the internet. This helps protect devices
from unauthorized access and reduces the potential attack surface.

QUESTION NO: 244

Refer to the exhibit. Routers R1 and R2 are configured with RIP as the dynamic routing protocol. A
network engineer must configure R1 with a floating static route to serve as a backup route to
network 192.168.23. Which command must the engineer configure on R1?

A.
ip route 192.168.23.0 255.255.255.0 192.168,13.3 100

B.
ip route 192.168.23.0 255.255.255.255 192.168.13.3 121

C.
"Pass Any Exam. Any Time." - www.actualtests.com 269
 Cisco 200-301 Exam
ip route 192.168.23.0 255.255.255.0 192.168.13.3 121

D.
ip route 192.168.23.0 255.255.255.0 192.168.13.3

Answer: C

QUESTION NO: 245

Which Cisco proprietary protocol ensures traffic recovers immediately, transparently, and
automatically when edge devices or access circuits fail?

A.
FHRP

B.
VRRP

C.
HSRP

D.
SLB

Answer: C
Explanation:

HSRP is a First Hop Redundancy Protocol (FHRP) developed by Cisco that provides high
availability for the default gateway or first hop router in a network. It allows multiple routers to work
together as a virtual router, sharing the same IP address as the default gateway. When the
primary router or interface fails, HSRP quickly detects the failure and automatically transitions to a
backup router, ensuring uninterrupted traffic flow.

QUESTION NO: 246

"Pass Any Exam. Any Time." - www.actualtests.com 270

 Cisco 200-301 Exam

Refer to the exhibit. How does router R1 handle traffic to 172.16.1.4 /30 subnet?

A.
It sends all traffic over the path via 172.16.9.5 using 172.16.4.4 as a backup.

B.
It sends all traffic over the path via 10.0.1.100.

C.
It sends all traffic over the path via 172.16.4.4.

D.
It load-balances traffic over 172.16.9.5 and 172.16.4.4

Answer: D
Explanation:

Here we see that the route to 172.16.1.4/30 contains two equal cost paths to the destination, so
both will be used and traffic will be load balanced across both of them.

QUESTION NO: 247 DRAG DROP

"Pass Any Exam. Any Time." - www.actualtests.com 271

 Cisco 200-301 Exam

Refer to the exhibit. Drag and drop the learned prefixes from the left onto the subnet masks on the
right.

Answer:

Explanation:

"Pass Any Exam. Any Time." - www.actualtests.com 272

 Cisco 200-301 Exam
172.16.3.128 – 255.255.255.240

172.16.3.64 – 255.255.255.224

172.16.2.128 – 255.255.255.128

172.16.3.192 – 255.255.255.248

172.16.4.0 – 255.255.254.0

QUESTION NO: 248

Refer to the exhibit. Which action is taken by the router when a packet is sourced from 10.10.10.2
and destined for 10.10.10.16?

A.
It floods packets to all learned next hops.

B.
It uses a route that is similar to the destination address.

C.
It queues the packets waiting for the route to be learned.

D.
It discards the packets.

Answer: D
Explanation:

"Pass Any Exam. Any Time." - www.actualtests.com 273

 Cisco 200-301 Exam
10.10.10.16 is not in the defined subnet range I.e. 10.10.10.0/28 and since default gateway is not
set, packets to the undefined destination address will be dropped.

QUESTION NO: 249

An engineer must configure a core router with a floating static default route to the backup router at
10.200.0.2. Which command meets the requirements?

A.
ip route 0.0.0.0 0.0.0.0 10.200.0.2 1

B.
ip route 0.0.0.0 0.0.0.0 10.200.0.2 10

C.
ip route 0.0.0.0 0.0.0.0 10.200.0.2

D.
ip route 0.0.0.0 0.0.0.0 10.200.0.2 floating

Answer: B
Explanation:

Floating static default route must have a higher AD so B is the only correct answers.

QUESTION NO: 250

"Pass Any Exam. Any Time." - www.actualtests.com 274

 Cisco 200-301 Exam

Refer to the exhibit. The network engineer is configuring router R2 as a replacement router on the
network. After the initial configuration is applied, it is determined that R2 failed to show R1 as a
neighbor. Which configuration must be applied to R2 to complete the OSPF configuration and
enable it to establish the neighbor relationship with R1?

A.
R2(config)#router ospf 1

R2(config-router)#network 192.168.1.0 255.255.255.0 area 2

R2(config-router)#network 10.1.1.0 255.255.255.255 area 2

B.
R2(config)#interface g0/0/0

R2(config-if)#ip ospf hello-interval 15

R2(config-if)#ip ospf dead-interval 20

C.
R2(config)#interface g0/0/0

R2(config-if)#ip ospf dead-interval 20

D.

"Pass Any Exam. Any Time." - www.actualtests.com 275

 Cisco 200-301 Exam
R2(config)#router ospf 1

R2(config-router)#router-id 192.168.1.2

Answer: B
Explanation:

For OSPF neighbors to become adjacent, the hello and dead timers must match.

QUESTION NO: 251

Refer to the exhibit. Packets are flowing from 192.168.10.1 to the destination at IP address
192.168.20.75. Which next hop will the router select for the packet?

A.
10.10.10.1

B.
10.10.10.11

C.
10.10.10.12

D.
10.10.10.14

Answer: B

"Pass Any Exam. Any Time." - www.actualtests.com 276

 Cisco 200-301 Exam
QUESTION NO: 252

A router received three destination prefixes: 10.0.0.0/8, 10.0.0.0/16, and 10.0.0.0/24. When the
show ip route command is executed, which output does it return?

A.
Gateway of last resort is 172.16.1.1 to network 0.0.0.0

o E2 10.0.0.0/8 [110/5] via 192.168.1.1, 0:01:00, Ethernet0

o E2 10.0.0.0/16[110/5] via 192.168.2.1, 0:01:00, Ethernet1

o E2 10.0.0.0/24[110/5] via 192.168.3.1, 0:01:00, Ethernet2

B.
Gateway of last resort is 172.16.1.1 to network 0.0.0.0

o E2 10.0.0.0/8 [110/5] via 192.168.1.1, 0:01:00, Ethernet0

C.
Gateway of last resort is 172.16.1.1 to network 0.0.0.0

o E2 10.0.0.0/24[110/5] via 192.168.3.1, 0:01:00, Ethernet2

D.
Gateway of last resort is 172.16.1.1 to network 0.0.0.0

o E2 10.0.0.0/16[110/5] via 192.168.2.1, 0:01:00, Ethernet1

o E2 10.0.0.0/24[110/5] via 192.168.3.1, 0:01:00, Ethernet2

Answer: A

QUESTION NO: 253

"Pass Any Exam. Any Time." - www.actualtests.com 277

 Cisco 200-301 Exam

Refer to the exhibit. Which two values does router R1 use to identify valid routes for the R3
loopback address 1.1.1.3/32? (Choose two.)

A.
lowest cost to reach the next hop

B.
highest administrative distance

C.
lowest metric

D.
highest metric

E.
lowest administrative distance
"Pass Any Exam. Any Time." - www.actualtests.com 278
 Cisco 200-301 Exam
Answer: C,E
Explanation:

A route with the longest prefix match will always be chosen regardless of metric. If two identical
routes with the same prefix match exists, then the route with the lowest administrative distance will
be used. If the routes are learned by the same protocol with the same administrative distance, the
route with the lowest metric will be chosen.

QUESTION NO: 254

What does the implementation of a first-hop redundancy protocol protect against on a network?

A.
default gateway failure

B.
BGP neighbor flapping

C.
spanning-tree loops

D.
root-bridge loss

Answer: A
Explanation:

The primary purpose of FHRP is to provide redundancy for the default gateway. If the primary
router that serves as the default gateway fails, FHRP ensures that another router in the FHRP
group automatically takes over its duties. This protection against default gateway failures ensures
uninterrupted network connectivity for end devices.

QUESTION NO: 255

Refer to the exhibit. Router R1 is running three different routing protocols. Which route
characteristic is used by the router to forward the packet that it receives for destination IP
172.16.32.1?

"Pass Any Exam. Any Time." - www.actualtests.com 279

 Cisco 200-301 Exam

A.
longest prefix

B.
administrative distance

C.
cost

D.
metric

Answer: A
Explanation:

Routing preference is done by looking at the following, in order:

Longest Prefix

AD

Metric

QUESTION NO: 256

Router R1 must send all traffic without a matching routing-table entry to 192.168.1.1. Which
configuration accomplishes this task?

A.
R1#config t

"Pass Any Exam. Any Time." - www.actualtests.com 280

 Cisco 200-301 Exam
R1(config)#ip routing

R1(config)#ip route default-route 192.168.1.1

B.
R1#config t

R1(config)#ip routing

R1(config)#ip route 192.168.1.1 0.0.0.0 0.0.0.0

C.
R1#config t

R1(config)#ip routing

R1(config)#ip route 0.0.0.0 0.0.0.0 192.168.1.1

D.
R1#config t

R1(config)#ip routing

R1(config)#ip default-gateway 192.168.1.1

Answer: C
Explanation:

In order to send all traffic without a matching routing-table entry to 192.168.1.1, we need to
configure a default route on R1 that forwards all packets with no matching destination to
192.168.1.1.

Option A is incorrect because it uses the command "default-route" which is not a valid command in
IOS.

Option B is incorrect because it specifies the destination as 192.168.1.1, which means that only
packets with a destination of 192.168.1.1 will be forwarded to that address.

Option D is incorrect because the "ip default-gateway" command is used to set the default
gateway for a device that is not performing routing, such as a host or switch. It is not used on a
router that is performing routing.

Therefore, the correct answer is Option C, which uses the correct syntax for configuring a default
route on a router. The command "ip route 0.0.0.0 0.0.0.0 192.168.1.1" specifies that all packets
with no matching destination should be forwarded to the next-hop address of 192.168.1.1.

"Pass Any Exam. Any Time." - www.actualtests.com 281

 Cisco 200-301 Exam

QUESTION NO: 257

Refer to the exhibit. How does router R1 handle traffic to 192.168.10.16?

A.
It selects the IS-IS route because it has the shortest prefix inclusive of the destination address

B.
It selects the RIP route because it has the longest prefix inclusive of the destination address

C.
It selects the OSPF route because it has the lowest cost

D.
It selects the EIGRP route because it has the lowest administrative distance

Answer: B
Explanation:

Routing preference is done by looking at the following, in order:

Longest Prefix

AD

Metric

QUESTION NO: 258

"Pass Any Exam. Any Time." - www.actualtests.com 282
 Cisco 200-301 Exam

Refer to the exhibit. To which device does Router1 send packets that are destined to host
10.10.13.165?

A.
Router2

B.
Router3

C.
Router4

D.
Router5

Answer: B
Explanation:

Routing preference is done by looking at the following, in order:

"Pass Any Exam. Any Time." - www.actualtests.com 283
 Cisco 200-301 Exam
Longest Prefix

AD

Metric

QUESTION NO: 259

R1 has learned route 10.10.10.0/24 via numerous routing protocols. Which route is installed?

A.
route with the next hop that has the highest IP

B.
route with the lowest cost

C.
route with the lowest administrative distance

D.
route with the shortest prefix length

Answer: C
Explanation:

Routing preference is done by looking at the following, in order:

Longest Prefix

AD

Metric

QUESTION NO: 260

"Pass Any Exam. Any Time." - www.actualtests.com 284

 Cisco 200-301 Exam

Refer to the exhibit. What does router R1 use as its OSPF router-ID?

A.
10.10.1.10

B.
10.10.10.20

C.
172.16.15.10

D.
192.168.0.1

Answer: C
Explanation:

OSPF uses the following criteria to select the router ID:

1. Manual configuration of the router ID (via the “router-id x.x.x.x? command under OSPF router
configuration mode).

2. Highest IP address on a loopback interface.

3. Highest IP address on a non-loopback and active (no shutdown) interface.

QUESTION NO: 261

"Pass Any Exam. Any Time." - www.actualtests.com 285

 Cisco 200-301 Exam

Refer to the exhibit. After the configuration is applied, the two routers fail to establish an OSPF
neighbor relationship. What is the reason for the problem?

A.
The OSPF process IDs are mismatched

B.
The network statement on Router1 is misconfigured

C.
Router2 is using the default hello timer

D.
The OSPF router IDs are mismatched

Answer: C
Explanation:

The OSPF processes can differ on each router and neighborship will form

OSPF area must be the same to form adjacency

"Pass Any Exam. Any Time." - www.actualtests.com 286

 Cisco 200-301 Exam
Hello and dead timers must match to form adjacency

OSPF Default hello timer is 10 and dead timer is 40

Here the R1 hello timer was modified to 5 seconds

Timers were not changed on R2 hence using the default timers.

QUESTION NO: 262

Refer to the exhibit. Which route type is configured to reach the Internet?

A.
floating static route

B.
host route

C.
"Pass Any Exam. Any Time." - www.actualtests.com 287
 Cisco 200-301 Exam
network route

D.
default route

Answer: D
Explanation:

It can reach the internet with the directly connected route but only if it's specified to go directly to
10.10.10.18. The internet itself is filled with unknown addresses, so any other unknown address
will need to use the default route.

QUESTION NO: 263

Refer to the exhibit. What is the metric for the route to the 192.168.10.33 host?

A.
84

B.
110

C.
"Pass Any Exam. Any Time." - www.actualtests.com 288
 Cisco 200-301 Exam
192

D.
193

Answer: D

QUESTION NO: 264

Refer to the exhibit. A secondary route is required on router R1 to pass traffic to the LAN network
on R2 if the primary link fails. Which command must be entered to configure the router?

A.
ip route 10.0.2.0 255.255.255.240 10.0.0.7 92

B.
ip route 10.0.2.0 255.255.255.240 10.0.0.6 91

C.
ip route 10.0.2.0 255.255.255.248 null0 93

"Pass Any Exam. Any Time." - www.actualtests.com 289

 Cisco 200-301 Exam
D.
ip route 10.0.2.0 255.255.255.248 10.0.0.6 91

Answer: D

QUESTION NO: 265

Refer to the exhibit. How will the device handle a packet destined to IP address 100.100.100.100?

A.
It will always prefer the static route over dynamic routes and choose the route

S 100.100.0.0/16 [1/0] via 192.168.4.1.

B.
It will choose the route with the lowest metric,

R 100.0.0.0/8 [120/2] via 192.168.3.1, 00:00:13, Ethernet0/3.

C.
It will choose the route with the highest metric,

D 100.100.100.0/24 [90/435200] via 192.168.2.1, 00:00:13, Ethernet0/2.

D.
It will choose the route with the longest match,

O 100.100.100.100/32 [110/21] via 192.168.1.1, 00:05:57, Ethernet0/1.

Answer: D

QUESTION NO: 266 CORRECT TEXT

Guidelines

"Pass Any Exam. Any Time." - www.actualtests.com 290

 Cisco 200-301 Exam
This is a lab item in which tasks will be performed on virtual devices.

Refer to the Tasks tab to view the tasks for this lab item.

Refer to the Topology tab to access the device console(s) and perform the tasks.

Console access is available for all required devices by clicking the device icon or using the
tab(s) above the console window.

All necessary pre-configurations have been applied.

Do not remove any existing configurations from the devices, only those necessary to make the
appropriate changes required to fulfill the listed tasks.

Do not change the enable password or hostname for any device.

Save your configurations to NVRAM before moving to the next item.

Click Next at the bottom of the screen to submit this lab and move to the next question.

When Next is clicked, the lab closes and cannot be reopened.

Topology

"Pass Any Exam. Any Time." - www.actualtests.com 291

 Cisco 200-301 Exam

Tasks

Task 1

"Pass Any Exam. Any Time." - www.actualtests.com 292

 Cisco 200-301 Exam
Configure a host route on R5 for the destination of 10.200.220.6.

Configure a static default route on R1, preferring the path through R3 towards R6.

From R5, use traceroute and ping to verify the path towards and reachability of R6.

Task 2

Configure a floating static default route on R1, preferring the path through R2 towards R6 if the
link to R3 should fail.

Configure the administrative distance for 225.

Configure a static route on R2 to forward the return traffic towards 10.100.110.0/25.

After shutting interface e0/1 on R1, use traceroute and ping from R5 to verify path towards and
reachability of R6.

Answer:
See explanation below.

Explanation:

Task 1:

R5(config)# ip route 10.200.220.6 255.255.255.255 10.100.110.1

R1(config)# ip route 0.0.0.0 0.0.0.0 10.133.13.2

R5# traceroute 10.200.220.6

R5# ping 10.200.220.6

Task 2:

R1(config)# ip route 0.0.0.0 0.0.0.0 10.122.12.2 225

R2(config)# ip route 10.100.110.0 255.255.255.128 10.122.12.1

R1(config)# interface e0/1

R1(config-if)# shutdown

R5# traceroute 10.200.220.6

R5# ping 10.200.220.6

"Pass Any Exam. Any Time." - www.actualtests.com 293

 Cisco 200-301 Exam

QUESTION NO: 267

Refer to the exhibit. All routers in the network are configured correctly, and the expected routes
are being exchanged among the routers. Which set of routes are learned from neighbors and
installed on router 2?

A.
10.129.9.0/23

10.139.2.0/30

10.2.191.0/30

10.129.9.0/25

B.
10.129.9.0/23

10.40.1.0/30

10.2.191.0/30

10.129.9.0/25
"Pass Any Exam. Any Time." - www.actualtests.com 294
 Cisco 200-301 Exam
C.
10.40.1.0/30

10.139.2.0/30

10.2.191.0/30

10.129.9.0/25

D.
10.129.9.0/23

10.139.2.0/30

10.129.9.0/25

10.22.1.0/24

Answer: A

QUESTION NO: 268

"Pass Any Exam. Any Time." - www.actualtests.com 295

 Cisco 200-301 Exam
Refer to the exhibit. Traffic that is flowing over interface TenGigabitEthemet0/0/0 experiences slow
transfer speeds. What is the cause of this issue?

A.
speed conflict

B.
queuing drops

C.
duplex incompatibility

D.
heavy traffic congestion

Answer: C
Explanation:

In this example we see the presence of collisions, which only happens in a half duplex setting and
is typically found when one device is configured for half duplex and others are full duplex.

QUESTION NO: 269

"Pass Any Exam. Any Time." - www.actualtests.com 296

 Cisco 200-301 Exam

Refer to the exhibit. An engineer is configuring a new router on the network and applied this
configuration. Which additional configuration allows the PC to obtain its IP address from a DHCP
server?

A.
Configure the ip helper-address 172.16.2.2 command under interface Gi0/0.

B.
Configure the ip dhcp relay information command under interface Gi0/1

C.
Configure the ip address dhcp command under interface Gi0/0

D.
Configure the ip dhcp smart-relay command globally on the router.

Answer: A

QUESTION NO: 270

Refer to the exhibit. A packet sourced from 172.16.32.254 is destined for 172.16.32.8. What is the
subnet mask of the preferred destination route?

A.
255.255.224.0

B.
255.255.255.0
"Pass Any Exam. Any Time." - www.actualtests.com 297
 Cisco 200-301 Exam
C.
255.255.255.192

D.
255.255.255.252

Answer: C

QUESTION NO: 271

Refer to the exhibit. Users at a branch office are experiencing application performance issues,
poor VoIP audio quality, and slow downloads. What is the cause of the issues?

A.
QoS queuing

"Pass Any Exam. Any Time." - www.actualtests.com 298

 Cisco 200-301 Exam
B.
interface configuration

C.
broadcast storm

D.
overutilization

Answer: B

QUESTION NO: 272

In which circumstance would a network architect decide to implement a global unicast subnet
instead of a unique local unicast subnet?

A.
when the subnet must be available only within an organization

B.
when the subnet does not need to be routable

C.
when the addresses on the subnet must be equivalent to private IPv4 addresses

D.
when the subnet must be routable over the internet

Answer: D

QUESTION NO: 273

"Pass Any Exam. Any Time." - www.actualtests.com 299

 Cisco 200-301 Exam

Refer to the exhibit. The router R1 is in the process of being configured. Routers R2 and R3 are
configured correctly for the new environment. Which two commands must be configured on R1 for
PC1 to communicate to all PCs on the 10.10.10.0/24 network? (Choose two.)

A.
ip route 10.10.10.0 255.255.255.0 192.168.2.3

ip route 10.10.10.10 255.255.255.255 192.168.2.2

B.
ip route 10.10.10.0 255.255.255.0 192.168.2.2

ip route 10.10.2.2 255.255.255.255 10.10.10.10

C.
ip route 10.10.10.0 255.255.255.0 192.168.2.3

ip route 10.10.10.8 255.255.255.252 g0/0

D.
ip route 10.10.10.0 255.255.255.248 192.168.2.2

ip route 10.10.2.8 255.255.255.252 g0/1

Answer: A

QUESTION NO: 274

"Pass Any Exam. Any Time." - www.actualtests.com 300

 Cisco 200-301 Exam

Refer to the exhibit. A packet sourced from 172.18.33.2 is destined for 172.18.32.38. Where does
the router forward the packet?

A.
10.1.1.1

B.
10.1.1.3

C.
Loopback0

D.
GigabitEthernet0/0

Answer: D

QUESTION NO: 275 DRAG DROP

"Pass Any Exam. Any Time." - www.actualtests.com 301

 Cisco 200-301 Exam

Refer to the exhibit. Drag and drop the learned prefixes from the left onto the preferred route
methods from which they were learned on the right. Not all prefixes are used.

Answer:

"Pass Any Exam. Any Time." - www.actualtests.com 302

 Cisco 200-301 Exam

Explanation:

Static – 207.164.200.244/30

EIGRP – 192.168.2.0/24

OSPF – 192.168.1.0/24

RIP – 172.16.2.0/24

QUESTION NO: 276

"Pass Any Exam. Any Time." - www.actualtests.com 303

 Cisco 200-301 Exam

Refer to the exhibit. The network engineer is confining router R2 as a replacement router on the
network. After the initial configuration is applied, it is determined that R2 failed to show R1 as a
neighbor. Which configuration must be applied to R2 to complete the OSPF configuration and
enable it to establish the neighbor relationship with R1?

A.
R2(config)#interface g0/0/0

R2(config-if)#ip ospf hello-interval 10

B.
R2(config)#router ospf 1

R2(config-router)#router-id 192.168.1.1

C.
R2(config)#router ospf 1

R2(config-router)#network 192.168.1.0 255.255.255.0 area 2

D.
R2(config)#interface g0/0/0

R2(config-if)#ip ospf dead-interval 45

"Pass Any Exam. Any Time." - www.actualtests.com 304

 Cisco 200-301 Exam
Answer: A

QUESTION NO: 277

Refer to the exhibit. Which configuration parameter is preventing host C from reaching the
internet?

A.
IP address assignment

B.
IP network mask

C.
default gateway

D.
"Pass Any Exam. Any Time." - www.actualtests.com 305
 Cisco 200-301 Exam
automatic DNS

Answer: C

QUESTION NO: 278 CORRECT TEXT

Guidelines

This is a lab item in which tasks will be performed on virtual devices.

Refer to the Tasks tab to view the tasks for this lab item.

Refer to the Topology tab to access the device console(s) and perform the tasks.

Console access is available for all required devices by clicking the device icon or using the
tab(s) above the console window.

All necessary preconfigurations have been applied.

Do not change the enable password or hostname for any device.

Save your configurations to NVRAM before moving to the next item.

Click Next at the bottom of the screen to submit this lab and move to the next question.

When Next is clicked, the lab closes and cannot be reopened.

Topology

"Pass Any Exam. Any Time." - www.actualtests.com 306

 Cisco 200-301 Exam

Tasks

Refer to the topology. All physical cabling is in place. Routers 2 and 3 are inaccessible. Configure
OSPF routing for the network and ensure R1 has joined Area 0 without using network statements.

Task 1

Configure OSPF on R1 with a process ID and router- ID only as follows:

use process ID 33

use E0/1 IP as the router ID

Task 2

Configure R1 to establish neighbor adjacencies with R2 and R3. The network statement under
"Pass Any Exam. Any Time." - www.actualtests.com 307
 Cisco 200-301 Exam
the OSPF process must not be used.

Configure R1 to always become the DR for Area 0

Answer:
See explanation below.

Explanation:

R1# configure terminal

R1(config)# interface e0/1

R1(config-if)# ip address 10.0.22.1 255.255.255.252

R1(config-if)# exit

R1(config)# interface e0/2

R1(config-if)# ip address 10.0.33.1 255.255.255.252

R1(config-if)# exit

R1(config)# interface e0/0

R1(config-if)# ip address 10.0.233.1 255.255.255.240

R1(config-if)# exit

R1(config)# router ospf 33

R1(config-router)# router-id 10.0.22.1

R1(config-router)# interface e0/0

R1(config-if)# ip ospf 33 area 0

R1(config-if)# ip ospf priority 255

R1(config-if)# exit

R1(config-router)# interface e0/1

R1(config-if)# ip ospf 33 area 0

R1(config-if)# ip ospf priority 255

R1(config-if)# exit

R1(config-router)# interface e0/2

"Pass Any Exam. Any Time." - www.actualtests.com 308

 Cisco 200-301 Exam
R1(config-if)# ip ospf 33 area 0

R1(config-if)# ip ospf priority 255

R1(config-if)# exit

QUESTION NO: 279

"Pass Any Exam. Any Time." - www.actualtests.com 309

 Cisco 200-301 Exam

Refer to the exhibit. What is the cause of poor performance on router R19?

A.

"Pass Any Exam. Any Time." - www.actualtests.com 310

 Cisco 200-301 Exam
excessive collisions

B.
excessive CRC errors

C.
port oversubscription

D.
speed and duplex mismatch

Answer: C

QUESTION NO: 280

Refer to the exhibit Considering default routing protocol configurations were used, which routing
protocol is used to learn the 10.255.2.2/32 route?

A.
OSPF

B.
BGP

C.
RIP

"Pass Any Exam. Any Time." - www.actualtests.com 311

 Cisco 200-301 Exam
D.
EIGRP

Answer: A

QUESTION NO: 281

Refer to the exhibit. What is the value of the administrative distance for the default gateway?

A.
110

B.
10

C.
1

D.
0

Answer: C

QUESTION NO: 282 DRAG DROP

"Pass Any Exam. Any Time." - www.actualtests.com 312

 Cisco 200-301 Exam

Refer to the exhibit. A packet is destined for 192.168.20.108. Drag and drop the parameters of the
destination route from the left onto the routing table components they represent on the right. Not
all parameters are used.

"Pass Any Exam. Any Time." - www.actualtests.com 313

 Cisco 200-301 Exam
Answer:

Explanation:

QUESTION NO: 283

"Pass Any Exam. Any Time." - www.actualtests.com 314

 Cisco 200-301 Exam

Refer to the exhibit. Which routes are configured with their default administrative distances?

A.
Local

B.
OSPF

C.
EIGRP

D.
RIP

Answer: C

QUESTION NO: 284

"Pass Any Exam. Any Time." - www.actualtests.com 315

 Cisco 200-301 Exam

Refer to the exhibit. Which interface does a packet take to reach the destination address of
10.10.10.14?

A.
FastEthernet 0/0

B.
Serial 0/0

C.
FastEthernet 0/1

D.
FastEthernet 0/2

Answer: A

QUESTION NO: 285

What is the difference between the TCP and UDP protocols?

"Pass Any Exam. Any Time." - www.actualtests.com 316

 Cisco 200-301 Exam
A.
TCP ensures ordered, reliable data delivery, and UDP offers low latency and high throughput.

B.
TCP is used for transmitting data over the internet, and UDP is used for transmitting data over a
local network.

C.
TCP manages multicast and broadcast data transfers, and UDP only handles unicast
communications.

D.
TCP is used to ensure data integrity in a file transfer, and UDP is used to broadcast a message to
multiple recipients.

Answer: A
Explanation:

TCP provides ordered, reliable data delivery by using error checking, acknowledgment, and
retransmission of lost packets. In contrast, UDP does not guarantee delivery or order, but it has
lower latency and higher throughput because it avoids the overhead of connection setup and error
correction mechanisms.

QUESTION NO: 286 DRAG DROP

Drag and drop the TCP and UDP characteristics from the left onto the supporting protocols on the
right. Not all options are used.

"Pass Any Exam. Any Time." - www.actualtests.com 317

 Cisco 200-301 Exam

Answer:

Explanation:

"Pass Any Exam. Any Time." - www.actualtests.com 318

 Cisco 200-301 Exam

TCP:

Uses sequence numbers

Relies on acknowledgment packets

Ensures data integrity

UDP:

Supports real-time applications

Connectionless at transport layer

Minimal error checking

QUESTION NO: 287

"Pass Any Exam. Any Time." - www.actualtests.com 319

 Cisco 200-301 Exam

Refer to the exhibit. The user has connectivity to devices on network 192.168.3.0/24 but cannot
reach users on the network 10.10.1.0/24. What is the first step to verify connectivity?

A.
Is the internet reachable?
"Pass Any Exam. Any Time." - www.actualtests.com 320
 Cisco 200-301 Exam
B.
Is the default gateway reachable?

C.
Is the DNS server reachable?

D.
Is the IPv4 address reachable?

Answer: B
Explanation:

Based on the provided configuration, the user is on the network 192.168.3.0/24 and can
communicate with other devices on that network but is unable to reach users on the 10.10.1.0/24
network.

The first step in troubleshooting this connectivity issue would be to check if the default gateway is
reachable. The default gateway serves as the path to other networks, and without this
communication, the user would be unable to access devices on different subnets such as
10.10.1.0/24.

QUESTION NO: 288

Refer to the exhibit. What is the administrative distance for the advertised prefix that includes the
host IP address 192.168.20.1?

A.
"Pass Any Exam. Any Time." - www.actualtests.com 321
 Cisco 200-301 Exam
192.168.10.2

B.
24

C.
1

D.
0

Answer: C
Explanation:

Looking at the routing table, we can see that:

The network 192.168.20.0/24 is listed as a static route (indicated by the "S").

The route is learned via 192.168.10.2.

A static route, by default, has an administrative distance (AD) of 1, unless it is manually changed.

Administrative distance is the value used by routers to select the best path when there are multiple
routes to the same destination. Lower values are preferred.

Static routes have an AD of 1 by default, meaning they are typically more trusted than dynamic
routing protocols like OSPF (AD of 110) or EIGRP (AD of 90).

QUESTION NO: 289 CORRECT TEXT

Guidelines

This is a lab item in which tasks will be performed on virtual devices.

Refer to the Tasks tab to view the tasks for this lab item.

Refer to the Topology tab to access the device console(s) and perform the tasks.

Console access is available for all required devices by clicking the device icon or using the
tab(s) above the console window.

All necessary pre-configurations have been applied.

Do not remove any existing configurations from the devices, only those necessary to make the

"Pass Any Exam. Any Time." - www.actualtests.com 322

 Cisco 200-301 Exam
appropriate changes required to fulfill the listed tasks.

Do not change the enable password or hostname for any device.

Save your configurations to NVRAM before moving to the next item.

Click Next at the bottom of the screen to submit this lab and move to the next question.

When Next is clicked, the lab closes and cannot be reopened.

Topology

Tasks

Task 1

"Pass Any Exam. Any Time." - www.actualtests.com 323

 Cisco 200-301 Exam
Configure OSPF Area 0 with Process ID 110 on all devices under their respective interfaces
connected to VLAN101.

To accomplish this, do not use the network command under the OSPF process.

Task 2

Configure R1 to always be the DR and Sw101 always to be the BDR.

R2 and R3 should be configured not to participate in the DR/BDR election.

Answer:
See explanation below.

Explanation:

Task 1: Configure OSPF Area 0 on all devices under their respective interfaces connected
to VLAN101 without using the network command.

Configuration on R1:

R1(config)# router ospf 110

R1(config-router)# interface Ethernet0/2

R1(config-if)# ip ospf 110 area 0

Configuration on R2:

R2(config)# router ospf 110

R2(config-router)# interface Ethernet0/1

R2(config-if)# ip ospf 110 area 0

Configuration on R3:

R3(config)# router ospf 110

R3(config-router)# interface Ethernet0/0

R3(config-if)# ip ospf 110 area 0

Configuration on Sw101:

Sw101(config)# router ospf 110

"Pass Any Exam. Any Time." - www.actualtests.com 324
 Cisco 200-301 Exam
Sw101(config-router)# interface Vlan101

Sw101(config-if)# ip ospf 110 area 0

Task 2: Configure DR/BDR Election Preferences

R1 should always be the DR.

Sw101 should always be the BDR.

R2 and R3 should be configured not to participate in the election.

Configuration for R1 (to be the DR):

R1(config)# interface Ethernet0/2

R1(config-if)# ip ospf priority 255

Configuration for Sw101 (to be the BDR):

Sw101(config)# interface Vlan101

Sw101(config-if)# ip ospf priority 200

Configuration for R2 and R3 (to not participate in the DR/BDR election):

R2:

R2(config)# interface Ethernet0/1

R2(config-if)# ip ospf priority 0

R3:

R3(config)# interface Ethernet0/0

R3(config-if)# ip ospf priority 0

ip ospf 110 area 0: This command assigns OSPF area 0 to the specific interface, eliminating the
need for the network command.

ip ospf priority: Controls the election of the DR and BDR. A priority of 255 ensures the router will
be elected as the DR, while a priority of 200 ensures that the switch will be the BDR. Setting the
priority to 0 prevents the router from participating in the DR/BDR election.

"Pass Any Exam. Any Time." - www.actualtests.com 325

 Cisco 200-301 Exam
QUESTION NO: 290 CORRECT TEXT

Guidelines

This is a lab item in which tasks will be performed on virtual devices.

Refer to the Tasks tab to view the tasks for this lab item.

Refer to the Topology tab to access the device console(s) and perform the tasks.

Console access is available for all required devices by clicking the device icon or using the
tab(s) above the console window.

All necessary preconfigurations have been applied.

Do not change the enable password or hostname for any device.

Save your configurations to NVRAM before moving to the next item.

Click Next at the bottom of the screen to submit this lab and move to the next question.

When Next is clicked, the lab closes and cannot be reopened.

Topology

"Pass Any Exam. Any Time." - www.actualtests.com 326

 Cisco 200-301 Exam

Tasks

Refer to the topology. All physical cabling is in place. Routers 2 and 3 are inaccessible. Configure
OSPF routing for the network and ensure R1 has joined Area 0 without using network statements.

Task 1

Configure OSPF on R1 with a process ID and router-ID only as follows:

use process ID 30

use E0/0 IP as the router ID

Task 2

"Pass Any Exam. Any Time." - www.actualtests.com 327

 Cisco 200-301 Exam
Configure R1 to establish neighbor adjacencies with R2 and R3. The network statement under
the OSPF process must not be used.

Configure R1 to always become the DR for Area 0

Answer:
See explanation below.

Explanation:

Task 1: Configure OSPF on R1 with Process ID and Router-ID

You need to configure R1 with an OSPF process ID of 30 and use the IP address of the E0/0
interface as the router ID.

R1 Configuration:

R1(config)# router ospf 30

R1(config-router)# router-id 10.0.12.1 # Assuming this is the IP on E0/0

Task 2: Establish Neighbor Adjacencies and Set R1 as the DR

To establish adjacencies between R1 and R2/R3 without using network statements, you need to
configure OSPF directly on the relevant interfaces and make sure that R1 becomes the
Designated Router (DR) by setting its OSPF priority to the highest possible value.

R1 Interface Configurations:

# Configure OSPF on the E0/0 interface

R1(config)# interface Ethernet0/0

R1(config-if)# ip ospf 30 area 0

R1(config-if)# ip ospf priority 255 # Ensure R1 is the DR on this interface

# Configure OSPF on the E0/1 interface

R1(config)# interface Ethernet0/1

R1(config-if)# ip ospf 30 area 0

R1(config-if)# ip ospf priority 255 # Ensure R1 is the DR on this interface

router ospf 30: Starts OSPF with process ID 30.

router-id 10.0.12.1: Sets the router ID to the IP address of E0/0.

"Pass Any Exam. Any Time." - www.actualtests.com 328

 Cisco 200-301 Exam
ip ospf 30 area 0: Configures OSPF on the interfaces without using network statements.

ip ospf priority 255: Ensures that R1 becomes the DR by assigning the highest possible priority
(255) on both interfaces, making it the most preferred DR candidate in the election process.

By configuring R1 in this way, it will establish OSPF adjacencies with R2 and R3, and it will always
be elected as the DR for Area 0.

QUESTION NO: 291 CORRECT TEXT

Guidelines

This is a lab item in which tasks will be performed on virtual devices.

Refer to the Tasks tab to view the tasks for this lab item.

Refer to the Topology tab to access the device console(s) and perform the tasks.

Console access is available for all required devices by clicking the device icon or using the
tab(s) above the console window.

All necessary pre-configurations have been applied.

Do not remove any existing configurations from the devices, only those necessary to make the
appropriate changes required to fulfill the listed tasks.

Do not change the enable password or hostname for any device.

Save your configurations to NVRAM before moving to the next item.

Click Next at the bottom of the screen to submit this lab and move to the next question.

When Next is clicked, the lab closes and cannot be reopened.

Topology

"Pass Any Exam. Any Time." - www.actualtests.com 329

 Cisco 200-301 Exam

Configure IPv4 and IPv6 between the two routers.

Task 1:

Configure R1 with the first usable host IP address in the IPv4 network.

Configure R2 with the last usable host IP address in the IPv4 network.

Verify connectivity using ping.

Task 2:

Do not assign the subnet router anycast address to either router.

Configure R1 with the first usable host IP address in the IPv6 network.

Configure R2 with the last usable host IP address in the IPv6 network.

Verify connectivity using ping.

Answer:
See explanation below.

Explanation:

Task 1: Configure IPv4 between R1 and R2

"Pass Any Exam. Any Time." - www.actualtests.com 330

 Cisco 200-301 Exam
From the table, the IPv4 subnet is 192.168.168.192/28. This gives us 16 total IP addresses, with
14 usable host IPs in the range 192.168.168.193 to 192.168.168.206. The first usable address is
192.168.168.193, and the last usable address is 192.168.168.206.

R1 Configuration (First Usable IPv4 Address):

R1(config)# interface Ethernet0/1

R1(config-if)# ip address 192.168.168.193 255.255.255.240

R1(config-if)# no shutdown

R2 Configuration (Last Usable IPv4 Address):

R2(config)# interface Ethernet0/1

R2(config-if)# ip address 192.168.168.206 255.255.255.240

R2(config-if)# no shutdown

Verify IPv4 Connectivity:

From R1, ping R2's IP address to ensure connectivity:

R1# ping 192.168.168.206

Task 2: Configure IPv6 between R1 and R2

From the table, the IPv6 subnet is 2001:db8:12::/125. This provides 8 addresses, with the range
2001:db8:12::1 to 2001:db8:12::6 as usable addresses. The first usable address is
2001:db8:12::1, and the last usable address is 2001:db8:12::6.

R1 Configuration (First Usable IPv6 Address):

R1(config)# interface Ethernet0/1

R1(config-if)# ipv6 address 2001:db8:12::1/125

R1(config-if)# no shutdown

R2 Configuration (Last Usable IPv6 Address):

R2(config)# interface Ethernet0/1

R2(config-if)# ipv6 address 2001:db8:12::6/125

R2(config-if)# no shutdown

"Pass Any Exam. Any Time." - www.actualtests.com 331

 Cisco 200-301 Exam
Verify IPv6 Connectivity:

From R1, ping R2's IPv6 address to ensure connectivity:

R1# ping ipv6 2001:db8:12::6

IPv4 Addressing: The subnet 192.168.168.192/28 provides 16 IP addresses, with the first usable
being 192.168.168.193 (assigned to R1) and the last usable being 192.168.168.206 (assigned to
R2).

IPv6 Addressing: The subnet 2001:db8:12::/125 provides 8 addresses, and the first usable is
2001:db8:12::1 (assigned to R1) and the last usable is 2001:db8:12::6 (assigned to R2).

Both IPv4 and IPv6 configurations are done without using the subnet router anycast address.

QUESTION NO: 292

Refer to the exhibit. Which routing protocol has the best administrative distance?

A.
Connected

"Pass Any Exam. Any Time." - www.actualtests.com 332

 Cisco 200-301 Exam
B.
EIGRP

C.
RIP

D.
OSPF

Answer: A
Explanation:

The Connected routes have the best (lowest) administrative distance of 0, which means they are
the most trusted routes by the router. Administrative distance is used to determine which routing
protocol's route should be chosen when multiple protocols provide a path to the same destination.
The lower the AD, the more trusted the source of the route.

QUESTION NO: 293

What differentiates the TCP and UDP protocols?

A.
TCP sends data at a constant rate with error checking on upper protocol layers, and UDP provides
error-checking and sequencing.

B.
TCP establishes a connection with the device on the other end before transferring, and UDP
transfers without establishing a connection.

C.
TCP immediately transmits data without waiting for a handshake, and UDP awaits a response
from the receiver before sending additional data.

D.
TCP tracks segments being transmitted or received by assigning segment numbers, and UDP
adjusts data flow according to network conditions.

Answer: B
Explanation:

TCP (Transmission Control Protocol) is a connection-oriented protocol, meaning it

establishes a connection (a three-way handshake) before data transmission begins. TCP provides
reliability through error checking, sequencing, and acknowledgment of segments, ensuring that

"Pass Any Exam. Any Time." - www.actualtests.com 333

 Cisco 200-301 Exam
data is delivered in the correct order and without loss.

UDP (User Datagram Protocol) is a connectionless protocol, meaning it does not establish a
connection before sending data. UDP sends data without error-checking mechanisms or
sequencing, making it faster but less reliable compared to TCP. UDP is commonly used for real-
time applications where speed is prioritized over guaranteed delivery, such as video streaming or
gaming.

QUESTION NO: 294 DRAG DROP

Drag and drop the protocol advantages from the left onto the corresponding types on the right. Not
all options are used.

Answer:

"Pass Any Exam. Any Time." - www.actualtests.com 334

 Cisco 200-301 Exam

Explanation:

TCP:

Optimizes transmission rates to receiver – TCP dynamically adjusts its transmission rate based
on network conditions to prevent congestion.

Controls connections between sender and receiver – TCP is connection-oriented, meaning it

establishes a reliable connection using a three-way handshake before data is sent.
"Pass Any Exam. Any Time." - www.actualtests.com 335
 Cisco 200-301 Exam
Guarantees packet delivery – TCP ensures that all data is delivered and received in the correct
order through acknowledgment and retransmission mechanisms.

UDP:

Capable of sending multicast transmissions - UDP supports multicast transmissions, which are
useful for applications like streaming and gaming.

Transmits live and real-time data - UDP is used for real-time data transmission because it has
low latency and doesn't wait for acknowledgments.

Reduces end-to-end delays using smaller packets - UDP does not have the overhead of
connection setup and acknowledgments, making it faster and reducing delays.

QUESTION NO: 295

Refer to the exhibit. With a reference bandwidth of 100 Gb on all routers, which path does router Y
use to get to network 192.168.1.0/247

A.
router C > D > A > F

B.
router E > F

C.
router E > B > F

D.
router C > D > A > B > F

"Pass Any Exam. Any Time." - www.actualtests.com 336

 Cisco 200-301 Exam
Answer: C
Explanation:

OSPF calculates the cost of a route based on the formula:

With a reference bandwidth of 100 Gb, the costs for the links are calculated as follows:

100 Gb link: Cost =

=1

10 Gb link: Cost =

= 10

Now, let's evaluate the possible paths from Router Y to 192.168.1.0/24:

1. Path A (Router C > Router D > Router A > Router F):

Router Y to Router C: 10 Gb (Cost = 10)

Router C to Router D: 100 Gb (Cost = 1)

Router D to Router A: 100 Gb (Cost = 1)

Router A to Router F: 10 Gb (Cost = 10)

Total cost:

10+1+1+10=22

2. Path B (Router E > Router F):

Router Y to Router E: 10 Gb (Cost = 10)

Router E to Router F: 10 Gb (Cost = 10)

Total cost: 10+10=20

3. Path C (Router E > Router B > Router F):

"Pass
Router Y to Router E: 10 Any Exam.
Gb (Cost = 10) Any Time." - www.actualtests.com 337
 Cisco 200-301 Exam
Router E to Router B: 100 Gb (Cost = 1)

Router B to Router F: 100 Gb (Cost = 1)

Total cost: 10+1+1=12

4. Path D (Router C > Router D > Router A > Router B > Router F):

Router Y to Router C: 10 Gb (Cost = 10)

Router C to Router D: 100 Gb (Cost = 1)

Router D to Router A: 100 Gb (Cost = 1)

Router A to Router B: 100 Gb (Cost = 1)

Router B to Router F: 100 Gb (Cost = 1)

Total cost: 10+1+1+1+1=14

The path with the lowest cost is Path C (Router E > Router B > Router F) with a total cost of 12.

QUESTION NO: 296

"Pass Any Exam. Any Time." - www.actualtests.com 338

 Cisco 200-301 Exam

Refer to the exhibit. Four load-balancing servers are reachable through this router; however, the
company is removing all static and default routes on the router.

Server 1- 10.12.14.14

Server 2- 192.168.4.4

Server 3- 209.165.200.5

Server 4- 209.165.201.26

Which server will handle all traffic after the policy changes take effect?

A.
Server 1- 10.12.14.14

B.
Server 2- 192.168.4.4

"Pass Any Exam. Any Time." - www.actualtests.com 339

 Cisco 200-301 Exam
C.
Server 3- 209.165.200.5

D.
Server 4- 209.165.201.26

Answer: A
Explanation:

To determine which server will handle all traffic after removing the static and default routes, we
need to examine the routing table and analyze which routes will remain valid when static and
default routes are removed.

Server 1 (10.12.14.14) is reachable via the O (OSPF) route for the network 10.14.14.0/24 through
GigabitEthernet0/2. This is a dynamic route.

Server 2 (192.168.4.4) is reachable via the O (OSPF) route for the network 192.168.5.5/32, which
also uses GigabitEthernet0/2. This is also a dynamic route.

Server 3 (209.165.200.5) is reachable via the D (EIGRP) route for the 209.165.200.0/27 subnet,
using GigabitEthernet0/0. This is a dynamic route as well.

Server 4 (209.165.201.26) is reachable via the O (OSPF) route for 209.165.201.30/32 through
GigabitEthernet0/0. This is a dynamic route.

Given that the question states all static and default routes will be removed, any traffic that
relied on the static or default routes will now follow dynamic routing protocols like OSPF and
EIGRP.

Traffic will be routed to all servers that are reachable through OSPF or EIGRP protocols, but the
server with the lowest-cost route will typically handle most traffic. Since Server 1 (10.12.14.14)
has a direct OSPF route with a lower cost, it will likely handle most of the traffic.

Thus, Server 1 (10.12.14.14) is the server that will handle all traffic after the policy changes.

QUESTION NO: 297

"Pass Any Exam. Any Time." - www.actualtests.com 340

 Cisco 200-301 Exam

Refer to the exhibit. The route for 10.227.150.160/27 has been very unstable. The same route has
four backups to routers A, B, C, and D via the respective methods. The routing protocol defaults
for router Y have not been changed. When the current route for 10.227.150.160/27 becomes
unavailable, which router will router Y use to route traffic to 10.227.150.160/27?

A.
router B

B.
router D

C.
router C

D.
router A

Answer: A
Explanation:

To determine which router Router Y will use as a backup to route traffic to 10.227.150.160/27, we
need to compare the administrative distances (AD) of the various routing methods that connect to
routers A, B, C, and D.

Routing Protocol Administrative Distances:

OSPF (Router A): Default AD is 110.

Static Route with an AD of 105 (Router B): The AD has been set to 105, making it lower than
OSPF.
"Pass Any Exam. Any Time." - www.actualtests.com 341
 Cisco 200-301 Exam
External EIGRP (Router C): Default AD for external EIGRP is 170.

iBGP (Router D): Default AD is 200.

Current Route:

The current route to 10.227.150.160/27 is through BGP (as shown by the 'B' in the routing table)
via 10.224.1.3 with an AD of 20. This means that when this BGP route becomes unavailable,
Router Y will select the next route based on the lowest AD.

Backup Route Selection:

Router B (Static Route): AD is 105.

Router A (OSPF): AD is 110.

Router C (External EIGRP): AD is 170.

Router D (iBGP): AD is 200.

The static route via Router B has the lowest administrative distance (AD of 105) among the
available backups. Therefore, when the BGP route becomes unavailable, Router Y will use the
static route via Router B to reach 10.227.150.160/27.

QUESTION NO: 298

"Pass Any Exam. Any Time." - www.actualtests.com 342

 Cisco 200-301 Exam

Refer to the exhibit. What is the metric associated with the route used to forward a packet received
by the router destined for the IP address 172.20.0.222?

A.
100

B.
101

C.
20

D.
110

"Pass Any Exam. Any Time." - www.actualtests.com 343

 Cisco 200-301 Exam
Answer: B
Explanation:

The IP address 172.20.0.222 belongs to the network 172.20.0.0/22, as indicated by the O

172.20.0.0/22 entry in the routing table. This is an OSPF route, and it provides several paths to
forward the traffic.

The route for 172.20.0.0/22 has multiple entries in the table:

O 172.20.0.0/22 [110/101] via 172.20.4.201, 4w0d, Tunnel1

[110/101] via 172.20.4.199, 2d03h, Tunnel1

[110/101] via 172.20.4.136, 5d12h, Tunnel1

[110/101] via 172.20.4.10, 6d01h, Tunnel1

O: Indicates this route was learned via OSPF.

[110/101]:

110 is the administrative distance for OSPF.

101 is the metric (OSPF cost) associated with the route.

The correct metric associated with the route to 172.20.0.222 is 101.

QUESTION NO: 299

What is the primary purpose of the first hop redundancy protocols?

A.
to ensure high availability of the network by providing a secondary route on the RIB at the active
gateway

B.
to ensure high availability of the network by providing a redundant path via ARP in case of a failure
of path failure

C.
to ensure high availability of the network by providing a backup route on the CEF in case of a
gateway failure

D.
"Pass Any Exam. Any Time." - www.actualtests.com 344
 Cisco 200-301 Exam
to ensure high availability of the network by providing a transparent fail-over at the active gateway

Answer: D
Explanation:

First hop redundancy protocols (like HSRP, VRRP, and GLBP) are designed to provide high
availability for the default gateway in a network. They allow multiple routers to work together to
present a single virtual router (or default gateway) to the hosts on a local network. If the active
gateway fails, the FHRP will automatically failover to a backup router without requiring any
changes on the client side. This transparency is crucial for maintaining uninterrupted network
service.

QUESTION NO: 300

Refer to the exhibit. Which interface does a packet take to reach the host address of
192.168.18.16?

"Pass Any Exam. Any Time." - www.actualtests.com 345

 Cisco 200-301 Exam
A.
null 0

B.
GigabitEthemet2/0

C.
GigabitEthernet1/0

D.
GigabitEthernet0/0

Answer: D
Explanation:

To determine which interface a packet takes to reach the host address 192.168.18.16, we need to
analyze the routing table provided in the exhibit.

Routing Table Analysis:

The relevant entries from the routing table are:

D 192.168.18.0/24 [90/3072] via 10.10.10.18, 00:13:10, GigabitEthernet0/0

R 192.168.18.0/24 [120/1] via 10.10.10.18, 00:00:15, GigabitEthernet1/0

O 192.168.18.0/28 [110/2] via 10.10.30.18, 00:28:56, GigabitEthernet2/0

Breakdown of the Entries:

D: Indicates that the route is learned via EIGRP.

R: Indicates that the route is learned via RIP.

O: Indicates that the route is learned via OSPF.

Relevant Subnets:

192.168.18.0/24: This subnet encompasses addresses 192.168.18.0 to 192.168.18.255.

192.168.18.0/28: This subnet encompasses addresses 192.168.18.0 to 192.168.18.15.

The target address 192.168.18.16 does not fall within the /28 range (it exceeds 192.168.18.15) but
falls within the /24 range.

Interface Determination:

"Pass Any Exam. Any Time." - www.actualtests.com 346

 Cisco 200-301 Exam
The packet for 192.168.18.16 will be routed using the entry for 192.168.18.0/24.

The next hop for the /24 subnet is via 10.10.10.18 and it is routed out of GigabitEthernet0/0.

QUESTION NO: 301

Refer to the exhibit. Which settings must be verified on workstation 1 to establish IP connectivity to
server 1 using the server's fully qualified domain name?

A.
IP address: 10.0.63.80
"Pass Any Exam. Any Time." - www.actualtests.com 347
 Cisco 200-301 Exam
Subnet mask: 255.255.255.0

Default gateway: 10.0.71.1

DNS server: 10.0.63.5

B.
IP address: 10.0.71.16

Subnet mask: 255.255.255.0

Default gateway: 10.0.71.0

DHCP server: 10.0.63.8

C.
IP address: 10.0.63.80

Subnet mask: 255.255.255.224

Default gateway: 10.0.71.0

DHCP server: 10.0.63.8

D.
IP address: 10.0.71.16

Subnet mask: 255.255.255.224

Default gateway: 10.0.71.1

DNS server: 10.0.63.5

Answer: D
Explanation:

To establish IP connectivity from Workstation1.lab (VLAN 71) to Server1.lab (10.0.63.80) using the
server's fully qualified domain name (FQDN), the workstation's IP configuration must be
appropriate for VLAN 71 and able to reach the DNS server for domain name resolution.

Key points from the diagram:

VLAN 71: Workstation1.lab is on VLAN 71 with the subnet 10.0.71.0/27 (which has a range of
10.0.71.1 to 10.0.71.30).

VLAN 63: Server1.lab is in VLAN 63 with the subnet 10.0.63.0/24. The DNS server is also in
VLAN 63 with the IP address 10.0.63.5.

Requirements:

"Pass Any Exam. Any Time." - www.actualtests.com 348

 Cisco 200-301 Exam
IP address: The IP address of Workstation1 must be in the 10.0.71.0/27 subnet to communicate
properly in VLAN 71.

Subnet mask: For VLAN 71, the subnet mask is 255.255.255.224 (/27).

Default gateway: The default gateway for Workstation1 should be 10.0.71.1, which is in VLAN 71
and connects to Router R1.

DNS server: The DNS server should be 10.0.63.5 (from VLAN 63) to resolve the FQDN of
Server1.

QUESTION NO: 302

Refer to the exhibit. OSPF neighbors routers A, B, C, and D are sending a route for
10.227.150.160/27. When the current route for 10.227.150.160/27 becomes unavailable, which
cost will router Y use to route traffic to 10.227.150.160/27?
"Pass Any Exam. Any Time." - www.actualtests.com 349
 Cisco 200-301 Exam
A.
cost 20

B.
cost 30

C.
cost 40

D.
cost 50

Answer: A
Explanation:

When the current route for 10.227.150.160/27 becomes unavailable, Router Y will use the next
best route based on the OSPF cost to route traffic.

In the exhibit, the costs for OSPF routes from Router Y to its neighbors are:

Router A: Cost 20

Router B: Cost 40

Router C: Cost 50

Router D: Cost 30

The current OSPF route for 10.227.150.160/27 shows a cost of 10 through a specific neighbor (not
shown here, but it's likely this route will become unavailable as per the question). Once this route
is unavailable, OSPF will choose the next available route with the lowest cost.

The route with the lowest cost is through Router A with a cost of 20.

QUESTION NO: 303

"Pass Any Exam. Any Time." - www.actualtests.com 350

 Cisco 200-301 Exam

Refer to the exhibit. PC Y is communicating with another device at IP address 10.227.150.193.

Which router does router Y use to route traffic?

A.
router A

B.
router B

C.
router C

D.
router D

Answer: B
Explanation:

To determine which router Router Y uses to route traffic to the IP address 10.227.150.193, we
need to analyze the routing table shown in the exhibit.

Steps:

1. The destination IP 10.227.150.193 falls within the network 10.227.150.160/27.

"Pass Any Exam. Any Time." - www.actualtests.com 351

 Cisco 200-301 Exam
2. From the routing table, we see the following route for 10.227.150.160/27:

O 10.227.150.160/27 [110/10] via 10.224.1.3, 1w6d

O: Indicates the route is learned via OSPF.

[110/10]: This indicates an administrative distance of 110 and a cost of 10.

The next hop for this route is 10.224.1.3.

3. 10.224.1.3 is the IP address of Router B.

QUESTION NO: 304

Refer to the exhibit. An engineer must configure a floating static route on an external EIGRP
network. The destination subnet is the /29 on the LAN interface of R86. Which command must be
executed on R14?

A.
ip route 10.80.65.0 255.255.248.0 10.73.65.66 1

B.
ip route 10.80.65.0 255.255.255.240 fa0/1 89

C.
ip route 10.80.65.0 255.255.255.248 10.73.65.66 171

D.

"Pass Any Exam. Any Time." - www.actualtests.com 352

 Cisco 200-301 Exam
ip route 10.73.65.66 0.0.0.224 10.80.65.0 255

Answer: C

QUESTION NO: 305

Refer to the exhibit. What is the next-hop IP address for R2 so that PC2 reaches the application
server via EIGRP?

A.
192.168.30.1

B.
10.10.10.6

C.
10.10.10.5

D.
192.168.20.1

"Pass Any Exam. Any Time." - www.actualtests.com 353

 Cisco 200-301 Exam
Answer: B

QUESTION NO: 306 CORRECT TEXT

Guidelines

This is a lab item in which tasks will be performed on virtual devices.

Refer to the Tasks tab to view the tasks for this lab item.

Refer to the Topology tab to access the device console(s) and perform the tasks.

Console access is available for all required devices by clicking the device icon or using the
tab(s) above the console window.

All necessary pre-configurations have been applied.

Do not remove any existing configurations from the devices, only those necessary to make the
appropriate changes required to fulfill the listed tasks.

Do not change the enable password or hostname for any device.

Save your configurations to NVRAM before moving to the next item.

Click Next at the bottom of the screen to submit this lab and move to the next question.

When Next is clicked, the lab closes and cannot be reopened.

Topology

"Pass Any Exam. Any Time." - www.actualtests.com 354

 Cisco 200-301 Exam

Tasks

Task 1

Configure a static default route on R5 per the topology.

Configure a static default route on R1, preferring the path through R2 towards R6.

From R5, use traceroute and ping to verify the path towards and reachability of R6.

"Pass Any Exam. Any Time." - www.actualtests.com 355

 Cisco 200-301 Exam
Task 2

Configure a floating static default route on R1, preferring the path through R3 towards R6 if the
link to R2 should fail.

Configure the administrative distance for 200.

Configure a static route on R3 to forward the return traffic towards 10.100.110.0/25.

After shutting interface e0/0 on R1, use traceroute and ping from R5 to verify path towards and
reachability of R6.

Answer:
See explanation below.

Explanation:

Task 1: Static Routes and Verification

1. Configure a static default route on R5:

Connect to R5 console.

Enter the following command: R5(config)# ip route 0.0.0.0 0.0.0.0 10.100.110.1

This sets a default route, sending all traffic from R5 to R1 (assuming 10.100.110.1 is R1’s IP on
the e0/2 interface).

2. Configure a static default route on R1 preferring the path through R2:

Connect to R1 console.

Enter the following command: R1(config)# ip route 0.0.0.0 0.0.0.0 10.122.12.2

This sets a default route from R1 to R2, which in turn connects to R6.

3. Verification on R5:

On R5, use ping and traceroute to verify the path to R6:

R5# ping 10.200.200.6

R5# traceroute 10.200.200.6

Ensure that the traffic follows the path from R5 to R1, then to R2, and finally to R6.

Task 2: Floating Static Route, Administrative Distance, and Static Route on R3

"Pass Any Exam. Any Time." - www.actualtests.com 356

 Cisco 200-301 Exam
1. Configure a floating static default route on R1 (via R3) with an AD of 200:

Connect to R1 console.

Enter the following command: R1(config)# ip route 0.0.0.0 0.0.0.0 10.34.34.3 200

This configures a secondary route through R3 with a higher administrative distance (200),
making it a backup route if the primary route through R2 fails.

2. Configure a static route on R3 for return traffic:

Connect to R3 console.

Enter the following command to route traffic back to 10.100.110.0/25 network via R2:
R3(config)# ip route 10.100.110.0 255.255.255.128 10.33.13.2

3. Verification after interface shutdown:

On R1, shut down interface e0/0 to simulate a failure.

R1(config)# interface e0/0

R1(config-if)# shutdown

Go back to R5 and use ping and traceroute again to verify that the path to R6 now goes through
R3.

R5# ping 10.200.200.6

R5# traceroute 10.200.200.6

Following these configurations should allow R5 to reach R6 via the primary path and, in case of
failure on R1’s e0/0 interface, switch over to the secondary path through R3.

Topic 4, IP Services

QUESTION NO: 307

What is a purpose of traffic shaping?

A.
It enables policy-based routing.

"Pass Any Exam. Any Time." - www.actualtests.com 357

 Cisco 200-301 Exam
B.
It enables dynamic flow identification.

C.
It provides best-effort service.

D.
It limits bandwidth usage.

Answer: D
Explanation:

The primary reasons you would use traffic shaping are to control access to available bandwidth, to
ensure that traffic conforms to the policies established for it, and to regulate the flow of traffic in
order to avoid congestion that can occur when the sent traffic exceeds the access speed of its
remote, target interface.

QUESTION NO: 308

Refer to the exhibit. Users on existing VLAN 100 can reach sites on the Internet. Which action
"Pass Any Exam. Any Time." - www.actualtests.com 358
 Cisco 200-301 Exam
must the administrator take to establish connectivity to the Internet for users in VLAN 200?

A.
Define a NAT pool on the router.

B.
Configure the ip nat outside command on another interface for VLAN 200.

C.
Configure static NAT translations for VLAN 200.

D.
Update the NAT_INSIDE_RANGES ACL.

Answer: D
Explanation:

Here we see that an inside range of 10.10.10.0/24 was specified as an inside range, which will
allow the users on VLAN 100 to be translated to provide Internet access, but no range was defined
for the VLAN 200 users, which is using the 10.10.20.0/24 subnet.

QUESTION NO: 309

Which function does an SNMP agent perform?

A.
It sends information about MIB variables in response to requests from the NMS

B.
It manages routing between Layer 3 devices in a network

C.
It coordinates user authentication between a network device and a TACACS+ or RADIUS server

D.
It requests information from remote network nodes about catastrophic system events

Answer: A
Explanation:

SNMP Agent

The Simple Network Management Protocol (SNMP) agent is the software component within a

"Pass Any Exam. Any Time." - www.actualtests.com 359

 Cisco 200-301 Exam
managed device that maintains the data for the device and reports this data, as needed, to
managing systems. The agent resides on the routing device (router, access server, or switch). To
enable an SNMP agent on a Cisco routing device, you must define the relationship between the
manager and the agent.

SNMP MIB

An SNMP agent contains MIB variables, whose values the SNMP manager can request or change
through Get or Set operations. A manager can get a value from an agent or store a value in that
agent. The agent gathers data from the SNMP MIB, the repository for information about device
parameters and network data. The agent can also respond to manager requests to get or set data.

Reference: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/snmp/configuration/xe-16/snmp-xe-
16-book/nm-snmp-cfg-snmp-support.html

QUESTION NO: 310

What event has occurred if a router sends a notice level message to a syslog server?

A.
A certificate has expired

B.
An interface line has changed status

C.
A TCP connection has been torn down

D.
An ICMP connection has been built

Answer: B
Explanation:

0 Emergencies - System shutting down due to missing fan tray

1 Alerts - Temperature limit exceeded

2 Critical - Memory allocation failures

3 Errors - Interface Up/Down messages

4 Warnings - Configuration file written to server, via SNMP request

"Pass Any Exam. Any Time." - www.actualtests.com 360

 Cisco 200-301 Exam
5 Notifications - Line protocol Up/Down

6 Information - Access-list violation logging

7 Debugging - Debug messages

QUESTION NO: 311

Which two actions are performed by the Weighted Random Early Detection mechanism? (Choose
two.)

A.
It supports protocol discovery.

B.
It guarantees the delivery of high-priority packets.

C.
It identifies different flows with a high level of granularity.

D.
It mitigates congestion by preventing the queue from filling up.

E.
It drops lower-priority packets before it drops higher-priority packets.

Answer: D,E
Explanation:

Weighted Random Early Detection (WRED) is just a congestion avoidance mechanism. WRED
drops packets selectively based on IP precedence. Edge routers assign IP precedences to
packets as they enter the network. When a packet arrives, the following events occur:

1. The average queue size is calculated.

2. If the average is less than the minimum queue threshold, the arriving packet is queued.

3. If the average is between the minimum queue threshold for that type of traffic and the maximum
threshold for the interface, the packet is either dropped or queued, depending on the packet drop
probability for that type of traffic.

4. If the average queue size is greater than the maximum threshold, the packet is dropped.

WRED reduces the chances of tail drop (when the queue is full, the packet is dropped) by
"Pass Any Exam. Any Time." - www.actualtests.com 361
 Cisco 200-301 Exam
selectively dropping packets when the output interface begins to show signs of congestion (thus it
can mitigate congestion by preventing the queue from filling up). By dropping some packets early
rather than waiting until the queue is full, WRED avoids dropping large numbers of packets at
once and minimizes the chances of global synchronization. Thus, WRED allows the transmission
line to be used fully at all times.

WRED generally drops packets selectively based on IP precedence. Packets with a higher IP
precedence are less likely to be dropped than packets with a lower precedence. Thus, the higher
the priority of a packet, the higher the probability that the packet will be delivered.

Reference: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/qos_conavd/configuration/15-
mt/qos-conavd-15-mt-book/qos-conavd-cfg-wred.html

QUESTION NO: 312

An engineer is configuring NAT to translate the source subnet of 10.10.0.0/24 to any one of three
addresses: 192.168.3.1, 192.168.3.2, or 192.168.3.3. Which configuration should be used?

A.
enable

configure terminal

ip nat pool mypool 192.168.3.1 192.168.3.3 prefix-length 30

access-list 1 permit 10.10.0.0 0.0.0.255

ip nat outside destination list 1 pool mypool

interface g1/1

ip nat inside

interface g1/2

ip nat outside

B.
enable

configure terminal

ip nat pool mypool 192.168.3.1 192.168.3.3 prefix-length 30

access-list 1 permit 10.10.0.0 0.0.0.254

"Pass Any Exam. Any Time." - www.actualtests.com 362
 Cisco 200-301 Exam
ip nat inside source list 1 pool mypool

interface g1/1

ip nat inside

interface g1/2

ip nat outside

C.
enable

configure terminal

ip nat pool mypool 192.168.3.1 192.168.3.3 prefix-length 30

route map permit 10.10.0.0 255.255.255.0

ip nat outside destination list 1 pool mypool

interface g1/1

ip nat inside

interface g1/2

ip nat outside

D.
enable

configure terminal

ip nat pool mypool 192.168.3.1 192.168.3.3 prefix-length 30

access-list 1 permit 10.10.0.0 0.0.0.255

ip nat inside source list 1 pool mypool

interface g1/1

ip nat inside

interface g1/2

ip nat outside

Answer: D

QUESTION NO: 313

"Pass Any Exam. Any Time." - www.actualtests.com 363
 Cisco 200-301 Exam
When the active router in an HSRP group fails, which router assumes the role and forwards
packets?

A.
forwarding

B.
listening

C.
standby

D.
backup

Answer: C
Explanation:

When the active router fails, the other HSRP routers stop seeing hello messages from the active
router. The standby router then assumes the role of the active router. There is one standby router
in an HSRP group.

QUESTION NO: 314

In QoS, which prioritization method is appropriate for interactive voice and video?

A.
traffic policing

B.
round-robin scheduling

C.
low-latency queuing

D.
expedited forwarding

Answer: C
Explanation:

Low Latency Queuing (LLQ) is the preferred queuing policy for VoIP audio. Given the stringent
delay/jitter sensitive requirements of voice and video and the need to synchronize audio and video
"Pass Any Exam. Any Time." - www.actualtests.com 364
 Cisco 200-301 Exam
for CUVA, priority (LLQ) queuing is the recommended for all video traffic as well. Note that, for
video, priority bandwidth is generally fudged up by 20% to account for the overhead.

QUESTION NO: 315

What is a function of TFTP in network operations?

A.
transfers IOS images from a server to a router for firmware upgrades

B.
transfers a backup configuration file from a server to a switch using a username and password

C.
transfers configuration files from a server to a router on a congested link

D.
transfers files between file systems on a router

Answer: A
Explanation:

Trivial File Transfer Protocol (TFTP) is a network protocol used to transfer files between hosts in
a TCP/IP network. It is a simpler version of FTP and it doesn’t have all of its functions; for
example, you can not list, delete, or rename files or directories on a remote server. In fact, TFTP
can only be used to send and receive files between the two computers. TFTP doesn’t support user
authentication and all data is sent in clear text.

The only real advantage that TFTP has over FTP is that it uses less resources. It is not widely
used today, but Cisco does still use it on its devices, for example to backup a router’s IOS image.

Consider the following example:

"Pass Any Exam. Any Time." - www.actualtests.com 365

 Cisco 200-301 Exam

A user wants to transfer files from Host A to the router R1. R1 is a Cisco device and it has a TFTP
server installed. The user will start an TFTP client program and initiate the data transfer.

Reference: https://geek-university.com/trivial-file-transfer-protocol-
tftp/#:~:text=Trivial%20File%20Transfer%20Protocol%20(TFTP)%20is%20a%20network%20proto
col%20used,directories%20on%20a%20remote%20server

QUESTION NO: 316

What is a DHCP client?

A.
a workstation that requests a domain name associated with its IP address.

B.
a host that is configured to request an IP address automatically.

C.
a server that dynamically assigns IP addresses to hosts.

D.
a router that statically assigns IP addresses to hosts.

Answer: B
Explanation:

"Pass Any Exam. Any Time." - www.actualtests.com 366

 Cisco 200-301 Exam

Reference: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipaddr_dhcp/configuration/15-
sy/dhcp-15-sy-book/config-dhcp-client.pdf

QUESTION NO: 317

What facilitates a Telnet connection between devices by entering the device name?

A.
SNMP

B.
DNS lookup

C.
syslog

D.
NTP

Answer: B

"Pass Any Exam. Any Time." - www.actualtests.com 367

 Cisco 200-301 Exam
Explanation:

Doing anything by using names instead of IP addresses requires the use of DNS to resolve the
name into an IP address.

QUESTION NO: 318

When deploying syslog, which severity level logs informational messages?

A.
0

B.
2

C.
4

D.
6

Answer: D
Reference: https://en.wikipedia.org/wiki/Syslog

QUESTION NO: 319

Which two QoS tools provide congestion management? (Choose two.)

A.
CBWFQ

B.
FRTS

C.
CAR

D.
PBR

"Pass Any Exam. Any Time." - www.actualtests.com 368

 Cisco 200-301 Exam
E.
PQ

Answer: A,E
Explanation:

Common Cisco IOS-based congestion management tools include CBWFQ and LLQ algorithms.
LLQ brings strict priority queuing (PQ) to CBWFQ. CBWFQ extends the standard WFQ
functionality to provide support for user-defined traffic classes. For CBWFQ, you define traffic
classes based on match criteria including protocols, access control lists (ACLs), and input
interfaces. Packets satisfying the match criteria for a class constitute the traffic for that class.

Priority queueing (PQ). With PQ, packets belonging to one priority class of traffic are sent before
all lower priority traffic to ensure timely delivery of those packets.

Reference: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/qos_conmgt/configuration/xe-
3s/qos-conmgt-xe-3s-book/qos-conmgt-oview.html

QUESTION NO: 320

Refer to the exhibit. The ntp server 192.168.0.3 command has been configured on router 1 to
make it an NTP client of router 2. Which command must be configured on router 2 so that it
operates in server-only mode and relies only on its internal clock?

A.
Router2(config)#ntp server 172.17.0.1

B.
Router2(config)#ntp server 192.168.0.2
"Pass Any Exam. Any Time." - www.actualtests.com 369
 Cisco 200-301 Exam
C.
Router2(config)#ntp passive

D.
Router2(config)#ntp master 4

Answer: D
Explanation:

- ntp master {stratum-level}: NTP server mode — the device acts only as an NTP server, and not
as an NTP client. The device gets its time information from the internal clock on the device.

- ntp server {address | hostname}: NTP client/server mode — the device acts as both client and
server. First, it acts as an NTP client, to synchronize time with a server. Once synchronized, the
device can then act as an NTP server, to supply time to other NTP clients.

QUESTION NO: 321

Which protocol requires authentication to transfer a backup configuration file from a router to a
remote server?

A.
FTP

B.
SMTP

C.
TFTP

D.
DTP

Answer: A
Explanation:

Both FTP and TFTP are protocols used by Cisco routers to transfer files, but only FTP requires
authentication, TFTP does not.

"Pass Any Exam. Any Time." - www.actualtests.com 370

 Cisco 200-301 Exam
QUESTION NO: 322

Which condition must be met before an NMS handles an SNMP trap from an agent?

A.
The NMS must receive the same trap from two different SNMP agents to verify that it is reliable.

B.
The NMS must receive a trap and an inform message from the SNMP agent within a configured
interval.

C.
The NMS software must be loaded with the MIB associated with the trap.

D.
The NMS must be configured on the same router as the SNMP agent.

Answer: C
Explanation:

To manage and monitor devices, the characteristics of the devices must be represented using a
format known to both the agent and the NMS. These characteristics can represent physical
properties such as fan speeds, or services such as routing tables. The data structure defining
these characteristics is known as a Management Information Base (MIB). This data model is
typically organized into tables, but can also include simple values. An example of the former is
routing tables, and an example of the latter is a timestamp indicating the time at which the agent
was started.

A MIB is a text file, written in abstract syntax notation one (ASN.1) notation, which describes the
variables containing the information that SNMP can access. The variables described in a MIB,
which are also called MIB objects, are the items that can be monitored using SNMP. There is one
MIB object for each element being monitored. All MIBs are, in fact, part of one large hierarchical
structure, with leaf nodes containing unique identifiers, data types, and access rights for each
variable and the paths providing classifications. A standard path structure includes branches for
private subtrees.

For reference, the structure of the MIBs for SNMPv2 is defined by its Structure of Management
Information (SMI) defined in the RFC2578 document. This SMI defines the syntax and basic data
types available to MIBs. The Textual Conventions (type definitions) defined in the RFC2579
document define additional data types and enumerations.

Before an NMS can manage a device through its agent, the MIB corresponding to the data
presented by the agent must be loaded into the NMS. The mechanism for doing this varies
depending on the implementation of the network management software. This gives the NMS the
information required to address and correctly interpret the data model presented by the agent.

"Pass Any Exam. Any Time." - www.actualtests.com 371

 Cisco 200-301 Exam
Note that MIBs can reference definitions in other MIBs, so to use a given MIB, it might be
necessary to load others.

QUESTION NO: 323

An engineer is configuring switch SW1 to act as an NTP server when all upstream NTP server
connectivity fails. Which configuration must be used?

A.
SW1# config t

SW1(config)#ntp peer 192.168.1.1

SW1(config)#ntp access-group peer accesslist1

B.
SW1# config t

SW1(config)#ntp master

SW1(config)#ntp server192.168.1.1

C.
SW1# config t

SW1(config)#ntp backup

SW1(config)#ntp server192.168.1.1

D.
SW1# config t

SW1(config)#ntp server192.168.1.1

SW1(config)#ntp access-group peer accesslist1

Answer: B
Explanation:

ntp server192.168.1.1 makes the SW1 a client to the primary server reachable with an IP address
of 192.168.1.1

NTP server makes SW1 a server and uses its own internal clock to provide the time when the
connectivity to the primary server 192.168.1.1 fails.

"Pass Any Exam. Any Time." - www.actualtests.com 372

 Cisco 200-301 Exam

QUESTION NO: 324

A network administrator must enable DHCP services between two sites. What must be configured
for the router to pass DHCPDISCOVER messages on to the server?

A.
DHCP Binding

B.
a DHCP Relay Agent

C.
DHCP Snooping

D.
a DHCP Pool

Answer: B
Explanation:

A DHCP relay agent is any host that forwards DHCP packets between clients and servers. Relay
agents are used to forward requests and replies between clients and servers when they are not on
the same physical subnet. Relay agent forwarding is distinct from the normal forwarding of an IP
router, where IP datagrams are switched between networks somewhat transparently. By contrast,
relay agents receive DHCP messages and then generate a new DHCP message to send out on
another interface. The relay agent sets the gateway address (giaddr field of the DHCP packet)
and, if configured, adds the relay agent information option (option82) in the packet and forwards it
to the DHCP server. The reply from the server is forwarded back to the client after removing option
82

Reference: https://www.cisco.com/en/US/docs/ios/12_4t/ip_addr/configuration/guide/htdhcpre.html

QUESTION NO: 325

Which level of severity must be set to get informational syslogs?

A.
alert

"Pass Any Exam. Any Time." - www.actualtests.com 373

 Cisco 200-301 Exam
B.
critical

C.
notice

D.
debug

Answer: D

QUESTION NO: 326

Refer to the exhibit. Which configuration must be applied to the router that configures PAT to
translate all addresses in VLAN 200 while allowing devices on VLAN 100 to use their own IP
"Pass Any Exam. Any Time." - www.actualtests.com 374
 Cisco 200-301 Exam
addresses?

A.
Router1(config)#access-list 99 permit 192.168.100.32 0.0.0.31

Router1(config)#ip nat inside source list 99 interface gi1/0/0 overload

Router1(config)#interface gi2/0/1.200

Router1(config)#ip nat inside

Router1(config)#interface gi1/0/0

Router1(config)#ip nat outside

B.
Router1(config)#access-list 99 permit 192.168.100.0 0.0.0.255

Router1(config)#ip nat inside source list 99 interface gi1/0/0 overload

Router1(config)#interface gi2/0/1.200

Router1(config)#ip nat inside

Router1(config)#interface gi1/0/0

Router1(config)#ip nat outside

C.
Router1(config)#access-list 99 permit 209.165.201.2 255.255.255.255

Router1(config)#ip nat inside source list 99 interface gi1/0/0 overload

Router1(config)#interface gi2/0/1.200

Router1(config)#ip nat inside

Router1(config)#interface gi1/0/0

Router1(config)#ip nat outside

D.
Router1(config)#access- list 99 permit 209.165.201.2 0.0.0.0

Router1(config)#ip nat inside source list 99 interface gi1/0/0 overload

Router1(config)#interface gi2/0/1.200

Router1(config)#ip nat inside

Router1(config)#interface gi1/0/0

Router1(config)#ip nat outside

"Pass Any Exam. Any Time." - www.actualtests.com 375
 Cisco 200-301 Exam
Answer: A
Explanation:

The subnet mask used in this network is a /27. When we define the access list used for traffic to
be NAT’ed we configure a wildcard mask. The correct wildcard mask for a /27 is 0.0.0.31.

QUESTION NO: 327

What is a capability of FTP in network management operations?

A.
offers proprietary support at the session layer when transferring data

B.
uses separate control and data connections to move files between server and client

C.
encrypts data before sending between data resources

D.
devices are directly connected and use UDP to pass file information

Answer: B
Reference:
https://en.wikipedia.org/wiki/File_Transfer_Protocol#:~:text=The%20File%20Transfer%20Protocol
%20(FTP,the%20client%20and%20the%20server

QUESTION NO: 328

A network engineer is configuring a switch so that it is remotely reachable via SSH. The engineer
has already configured the host name on the router. Which additional command must the engineer
configure before entering the command to generate the RSA key?

A.
password password

B.
ip ssh authentication-retries 2

"Pass Any Exam. Any Time." - www.actualtests.com 376

 Cisco 200-301 Exam
C.
ip domain-name domain

D.
crypto key generate rsa modulus 1024

Answer: C
Reference: https://www.letsconfig.com/how-to-configure-ssh-on-cisco-ios-devices/

QUESTION NO: 329

Which QoS traffic handling technique retains excess packets in a queue and reschedules these
packets for later transmission when the configured maximum bandwidth has been surpassed?

A.
traffic policing

B.
weighted random early detection

C.
traffic prioritization

D.
traffic shaping

Answer: D
Reference: https://www.cisco.com/c/en/us/support/docs/quality-of-service-qos/qos-policing/19645-
policevsshape.html

QUESTION NO: 330

Which command must be entered to configure a DHCP relay?

A.
ip dhcp relay

B.

"Pass Any Exam. Any Time." - www.actualtests.com 377

 Cisco 200-301 Exam
ip dhcp pool

C.
ip address dhcp

D.
ip helper-address

Answer: D
Reference:
https://www.cisco.com/en/US/docs/ios/12_4t/ip_addr/configuration/guide/htdhcpre.html#:~:text=ip
%20helper%2Daddress%20address,-
Example%3A&text=Forwards%20UPD%20broadcasts%2C%20including%20BOOTP%20and%20
DHCP.&text=The%20address%20argument%20can%20be,to%20respond%20to%20DHCP%20re
quests

QUESTION NO: 331

A network analyst is tasked with configuring the date and time on a router using EXEC mode. The
date must be set to January 1, 2020 and the time must be set to 12:00 am. Which command
should be used?

A.
clock timezone

B.
clock summer-time date

C.
clock summer-time recurring

D.
clock set

Answer: D

QUESTION NO: 332

Which command creates a static NAT binding for a PC address of 10.1.1.1 to the public routable
address 209.165.200.225 assigned to the PC?

"Pass Any Exam. Any Time." - www.actualtests.com 378

 Cisco 200-301 Exam
A.
R1(config)#ip nat inside source static 10.1.1.1 209.165.200.225

B.
R1(config)#ip nat outside source static 209.165.200.225 10.1.1.1

C.
R1(config)#ip nat inside source static 209.165.200.225 10.1.1.1

D.
R1(config)#ip nat outside source static 10.1.1.1 209.165.200.225

Answer: A
Reference: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipaddr_nat/configuration/15-sy/nat-
15-sy-book/iadnat-addr-consv.html

QUESTION NO: 333

"Pass Any Exam. Any Time." - www.actualtests.com 379

 Cisco 200-301 Exam

Refer to the exhibit. How should the configuration be updated to allow PC1 and PC2 access to the
Internet?

A.
Modify the configured number of the second access list

B.
Change the ip nat inside source command to use interface GigabitEthernet0/0

C.
Remove the overload keyword from the ip nat inside source command

D.
Add either the ip nat {inside|outside} command under both interfaces

Answer: D
Reference: https://www.networkstraining.com/configuring-nat-on-cisco-routers/

QUESTION NO: 334

What is the purpose of the ip address dhcp command?

A.
to configure an interface as a DHCP relay

B.
to configure an interface as a DHCP client

C.
to configure an interface as a DHCP helper

D.
to configure an interface as a DHCP server

Answer: B

QUESTION NO: 335

"Pass Any Exam. Any Time." - www.actualtests.com 380

 Cisco 200-301 Exam

Refer to the exhibit. A newly configured PC fails to connect to the internet by using TCP port 80 to
www.cisco.com. Which setting must be modified for the connection to work?

A.
Subnet Mask

B.
DNS Servers

C.
Default Gateway

D.
DHCP Servers

Answer: B

QUESTION NO: 336

Which syslog severity level is considered the most severe and results in the system being
considered unusable?

A.
"Pass Any Exam. Any Time." - www.actualtests.com 381
 Cisco 200-301 Exam
Error

B.
Emergency

C.
Alert

D.
Critical

Answer: B
Explanation:

In the syslog severity levels, the most severe level that can result in the system being considered
unusable is level 0, which is known as "Emergency." The Emergency level signifies the highest
level of severity and indicates that the system is in an unusable state or experiencing a
catastrophic failure.

Syslog severity levels are defined as follows, from most severe to least severe:

0 - Emergency

1 - Alert

2 - Critical

3 - Error

4 - Warning

5 - Notice

6 - Informational

7 - Debug

QUESTION NO: 337

The clients and DHCP server reside on different subnets. Which command must be used to
forward requests and replies between clients on the 10.10.0.1/24 subnet and the DHCP server at
192.168.10.1?

A.
ip route 192.168.10.1
"Pass Any Exam. Any Time." - www.actualtests.com 382
 Cisco 200-301 Exam
B.
ip dhcp address 192.168.10.1

C.
ip default-gateway 192.168.10.1

D.
ip helper-address 192.168.10.1

Answer: D
Explanation:

To forward DHCP requests and replies between clients on the 10.10.0.1/24 subnet and the DHCP
server at 192.168.10.X, you would need to configure IP Helper Address on the router or layer 3
switch that is acting as the gateway for the 10.10.0.1/24 subnet.

QUESTION NO: 338

A DHCP pool has been created with the name CONTROL. The pool uses the next to last usable
IP address as the default gateway for the DHCP clients. The server is located at 172.16.32.15.
What is the next step in the process for clients on the 192.168.52.0/24 subnet to reach the DHCP
server?

A.
ip helper-address 172.16.32.15

B.
ip default-gateway 192.168.52.253

C.
ip forward-protocol udp 137

D.
ip detault-network 192.168.52.253

Answer: A
Explanation:

The question states that the pool has been created and that it uses the next to last usable IP
address as the default gateway for the DHCP clients. So that already implies that B is not the
answer. But just to confirm once and for all, 192.168.52.253 is NOT the last usable address, that
would be 192.168.52.254. The answer is A because we need to configure a helper address since
the DHCP server is on a different subnet.

"Pass Any Exam. Any Time." - www.actualtests.com 383

 Cisco 200-301 Exam

QUESTION NO: 339

Which two transport layer protocols carry syslog messages? (Choose two.)

A.
IP

B.
RTP

C.
TCP

D.
UDP

E.
ARP

Answer: C,D
Explanation:

The two transport layer protocols commonly used to carry syslog messages are:

User Datagram Protocol (UDP): UDP is a connectionless and lightweight transport layer protocol.
It is widely used for syslog due to its simplicity and efficiency. Syslog messages transmitted over
UDP are typically sent from the source to the destination without the need for acknowledgments or
establishing a connection. However, UDP does not guarantee reliable delivery, and messages
may be lost or arrive out of order in case of network congestion or errors.

Transmission Control Protocol (TCP): TCP is a connection-oriented and reliable transport layer
protocol. While less commonly used for syslog compared to UDP, TCP can be used when reliable
delivery of syslog messages is required. TCP establishes a connection between the source and
destination and ensures the ordered delivery of messages. It provides acknowledgment
mechanisms and retransmission of lost packets, making it suitable for scenarios where message
integrity and completeness are critical.

QUESTION NO: 340

"Pass Any Exam. Any Time." - www.actualtests.com 384

 Cisco 200-301 Exam
What is the purpose of classifying network traffic in QoS?

A.
configures traffic-matching rules on network devices

B.
services traffic according to its class

C.
identifies the type of traffic that will receive a particular treatment

D.
writes the class identifier of a packet to a dedicated field in the packet header

Answer: C
Explanation:

The purpose of classifying network traffic in Quality of Service (QoS) is to categorize and prioritize
different types of network traffic based on their characteristics or requirements. By classifying
traffic, QoS allows network administrators to apply differentiated treatment to various types of data
flows to ensure that critical or sensitive traffic receives the necessary resources and quality of
service.

QUESTION NO: 341

"Pass Any Exam. Any Time." - www.actualtests.com 385

 Cisco 200-301 Exam

Refer to the exhibit. The DHCP server is configured with a DHCP pool for each of the subnets
represented. Which command must be configured on switch SW1 to allow DHCP clients on VLAN
10 to receive dynamic IP addresses from the DHCP server?

A.
SW1(config-if)#ip helper-address 192.168.10.1

B.
SW1(config-if)#ip helper-address 192.168.20.1

C.
SW1(config-if)#ip helper-address 192.168.20.2

D.
SW1(config-if)#ip helper-address 192.168.10.2

Answer: C
Explanation:

The IP address of the DHCP server must be specified in the ip helper-address command.

QUESTION NO: 342

"Pass Any Exam. Any Time." - www.actualtests.com 386

 Cisco 200-301 Exam

Refer to the exhibit. Which minimum configuration items are needed to enable Secure Shell
version 2 access to R15?

"Pass Any Exam. Any Time." - www.actualtests.com 387

 Cisco 200-301 Exam
A.
Router(config)#hostname R15

R15(config)#ip domain-name cisco.com

R15(config)#crypto key generate rsa general-keys modulus 1024

R15(config)#ip ssh version 2

R15(config-line)#line vty 0 15

R15(config-line)# transport input ssh

B.
Router(config)#crypto key generate rsa general-keys modulus 1024

Router(config)#ip ssh version 2

Router(config-line)#line vty 015

Router(config-line)# transport input ssh

Router(contig)#ip ssh logging events

R15(config)#ip ssh stricthostkeycheck

C.
Router(config)#hostname R15

R15(config)#crypto key generate rsa general-keys modulus 1024

R15(config-line)#line vty 0 15

R15(config-line)# transport input ssh

R15(config)#ip ssh source-interface Fa0/0

R15(config)#ip ssh stricthostkeycheck

D.
Router(config)#ip domain-name cisco.com

Router(config)#crypto key generate rsa general-keys modulus 1024

Router(contig)#ip ssh version 2

Router(config-line)#line vty 0 15

Router(config-line)# transport input all

Router(config)#ip ssh logging events

Answer: A
"Pass Any Exam. Any Time." - www.actualtests.com 388
 Cisco 200-301 Exam

QUESTION NO: 343

hostname CPE

service password-encryption

ip domain name ccna.cisco.com

ip name-server 198.51.100.210

crypto key generate rsa modulus 1024

username admin privilege 15 secret s0m3s3cr3t

line vty 0 4

transport input ssh

login local

Refer to the exhibit. An engineer executed the script and added commands that were not
necessary for SSH and now must remove the commands. Which two commands must be
executed to correct the configuration? (Choose two.)

A.
no ip name-server 198.51.100.210

B.
no login local

C.
no service password-encryption

D.
no ip domain name ccna.cisco.com

E.
no hostname CPE

Answer: A,B
Explanation:

The following is an example for the requirements for an SSH configuration:

"Pass Any Exam. Any Time." - www.actualtests.com 389

 Cisco 200-301 Exam
hostname CPE

ip domain name ccna.cisco.com

crypto key generate rsa modulus 1024

username admin privilege 15 secret s0m3s3cr3t

line vty 0 4

transport input ssh

login local

QUESTION NO: 344

A network engineer is configuring a new router at a branch office. The router is connected to an
upstream WAN network that allows the branch to communicate with the head office. The central
time server with IP address 172.24.54.8 is located behind a firewall at the head office. Which
command must the engineer configure so that the software clock of the new router synchronizes
with the time server?

A.
ntp server 172.24.54.8

B.
ntp master 172.24.54.8

C.
ntp peer 172.24.54.8

D.
ntp client 172.24.54.8

Answer: A

QUESTION NO: 345

Which two protocols are supported on service-port interfaces? (Choose two.)

A.
Telnet
"Pass Any Exam. Any Time." - www.actualtests.com 390
 Cisco 200-301 Exam
B.
SCP

C.
TACACS+

D.
SSH

E.
RADIUS

Answer: A,D
Explanation:

The service-port interface supports the following protocols:

SSH and Telnet

HTTP and HTTPS

SNMP

FTP, TFTP, and SFTP

Syslog

ICMP (ping)

NTP

Reference:
https://content.cisco.com/chapter.sjs?uri=/searchable/chapter/content/en/us/td/docs/wireless/contr
oller/7-5/configuration-
guide/b_cg75/b_cg75_chapter_011110.html.xml#:~:text=The%20service%2Dport%20interface%2
0supports,HTTP%20and%20HTTPS

QUESTION NO: 346

A network administrator wants the syslog server to filter incoming messages into different files
based on their importance. Which filtering criteria must be used?

A.
message body
"Pass Any Exam. Any Time." - www.actualtests.com 391
 Cisco 200-301 Exam
B.
level

C.
facility

D.
process ID

Answer: B
Explanation:

Syslog levels are used to determine the importance of the messages. There are a total of 8 levels
(0-7).

QUESTION NO: 347

Refer to the exhibit. A network administrator configures the CPE to provide internet access to the

"Pass Any Exam. Any Time." - www.actualtests.com 392

 Cisco 200-301 Exam
company headquarters. Traffic must be load-balanced via ISP1 and ISP2 to ensure redundancy.

Which two command sets must be configured on the CPE router? (Choose two.)

A.
ip route 0.0.0.0 0.0.0.0 198.51.100.1 255

ip route 0.0.0.0 0.0.0.0 203.0.113.1 255

ip route 128.0.0.0 128.0.0.0 203.0.113.1

B.
ip route 0.0.0.0 128.0.0.0 198.51.100.1

ip route 128.0.0.0 128.0.0.0 203.0.113.1

ip route 0.0.0.0 0.0.0.0 198.51.100.1

ip route 0.0.0.0 0.0.0.0 203.0.113.1

C.
ip route 0.0.0.0 0.0.0.0 198.51.100.1

ip route 0.0.0.0 0.0.0.0 203.0.113.1

D.
ip route 0.0.0.0 128.0.0.0 198.51.100.1

ip route 128.0.0.0 128.0.0.0 203.0.113.1

E.
ip route 0.0.0.0 0.0.0.0 198.51.100.1

ip route 0.0.0.0 0.0.0.0 203.0.113.1 2

Answer: C
Explanation:

Two static default routes should be configured with an equal cost metric.

QUESTION NO: 348

What is the role of SNMP in the network?

A.

"Pass Any Exam. Any Time." - www.actualtests.com 393

 Cisco 200-301 Exam
to monitor and manage network devices using a UDP underlay that operates on the application
layer

B.
to collect data directly from network devices using an SSL underlay that operates on the transport
layer

C.
to monitor network devices and functions using a TCP underlay that operates on the presentation
layer

D.
to collect telemetry and critical information from network devices using an SSH underlay that
operates on the network layer

Answer: A

QUESTION NO: 349

Which protocol is implemented when an organization must verify network performance,

troubleshoot issues, and use an agent to communicate between monitoring tools and end
devices?

A.
FIP

B.
NIP

C.
NFS

D.
SNMP

Answer: D

QUESTION NO: 350

Which is a fact related to FTP?

A.
It uses two separate connections for control and data traffic.
"Pass Any Exam. Any Time." - www.actualtests.com 394
 Cisco 200-301 Exam
B.
It uses block numbers to identify and mitigate data-transfer errors.

C.
It always operates without user authentication.

D.
It relies on the well-known UDP port 69.

Answer: A

QUESTION NO: 351

Which protocol should be used to transfer large files on a company intranet that allows TCP 20
and 21 through the firewall?

A.
SMTP

B.
REST API

C.
TFTP

D.
FTP

Answer: D

QUESTION NO: 352

Why is UDP more suitable than TCP for applications that require low latency, such as VoIP?

A.
UDP uses sequencing data for packets to arrive in order, and TCP offers the capability to receive
packets in random order.

B.
TCP uses congestion control for efficient packet delivery, and UDP uses flow control mechanisms
for the delivery of packets

C.

"Pass Any Exam. Any Time." - www.actualtests.com 395

 Cisco 200-301 Exam
UDP reliably guarantees delivery of all packets, and TCP drops packets under heavy load.

D.
TCP sends an acknowledgment for every packet that is received, and UDP operates without
acknowledgments.

Answer: D

QUESTION NO: 353

Which type of DNS record is used to specify the mail server responsible for accepting email
messages on behalf of a recipient's domain?

A.
MX record

B.
TXT record

C.
SRV record

D.
A record

Answer: A
Explanation:

An MX record identifies the mail servers that handle email for a domain and their priority. When
an email is sent, the sending mail server queries the DNS for the MX records of the recipient's
domain to know where to deliver the email.

QUESTION NO: 354

What is the total number of users permitted to simultaneously browse the controller management
pages when using the AireOS GUI?

A.
2

B.
"Pass Any Exam. Any Time." - www.actualtests.com 396
 Cisco 200-301 Exam
5

C.
8

D.
9

Answer: B
Explanation:

In Cisco AireOS Wireless LAN Controllers (WLCs), a maximum of 5 simultaneous GUI

sessions are allowed for management. This ensures that the controller management interface
does not become overwhelmed by too many active users, preserving performance and preventing
overload.

QUESTION NO: 355

What is the difference between SNMP traps and SNMP polling?

A.
SNMP traps send periodic updates via the MIB, and SNMP polling sends data on demand.

B.
SNMP traps are initiated using a push model at the network device, and SNMP polling is initiated
at the server.

C.
SNMP traps are used for proactive monitoring, and SNMP polling is used for reactive monitoring.

D.
SNMP traps are initiated by the network management system, and network devices initiate SNMP
polling.

Answer: B
Explanation:

SNMP traps: These are notifications sent by network devices (e.g., routers, switches) to the
network management system (NMS) without a request. When certain predefined events or
thresholds are reached, the device pushes the information to the NMS. This enables proactive
notification of issues or significant events, such as link failures or threshold breaches.

SNMP traps: These are notifications sent by network devices (e.g., routers, switches) to the

"Pass Any Exam. Any Time." - www.actualtests.com 397

 Cisco 200-301 Exam
network management system (NMS) without a request. When certain predefined events or
thresholds are reached, the device pushes the information to the NMS. This enables proactive
notification of issues or significant events, such as link failures or threshold breaches.

QUESTION NO: 356

Which type of DNS record is used to map a host name to an IPv4 address?

A.
MX record

B.
CNAME record

C.
AAAA record

D.
A record

Answer: D
Explanation:

An A (Address) record is used in the Domain Name System (DNS) to associate a domain name
(hostname) with an IPv4 address. This record translates a user-friendly domain name into the
corresponding numerical IP address, allowing browsers and other applications to locate and
connect to the correct server.

QUESTION NO: 357

What is the function of a DNS zone transfer?

A.
Copy DNS database files from a primary to secondary server.

B.
Transfer domain registration from one registrar to another.

C.
"Pass Any Exam. Any Time." - www.actualtests.com 398
 Cisco 200-301 Exam
Modify DNS resource records for load balancing.

D.
Redirect traffic from one domain to another.

Answer: A
Explanation:

A DNS zone transfer is a process where the DNS records (which make up the zone file) are
copied from the primary DNS server (also called the master) to a secondary DNS server
(slave). This ensures that the DNS records are consistent across multiple DNS servers, providing
redundancy and load balancing for DNS queries.

Zone transfers can be either full (AXFR) or incremental (IXFR), where the latter only transfers
the changed records instead of the entire zone file.

QUESTION NO: 358

What is the primary purpose of a recursive query in DNS?

A.
to perform a reverse DNS lookup

B.
to update DNS records on a server

C.
to refresh the TTL of specific DNS records

D.
to resolve domain names via multiple DNS servers

Answer: D
Explanation:

In a recursive DNS query, the client (usually a user's device or application) asks a DNS resolver
(like a local DNS server) to resolve a domain name. The DNS resolver takes on the responsibility
of performing all the necessary queries to other DNS servers (including root, TLD, and
authoritative servers) until it finds the IP address for the requested domain. The recursive DNS
resolver then returns the final result (the IP address) to the client.

"Pass Any Exam. Any Time." - www.actualtests.com 399

 Cisco 200-301 Exam
QUESTION NO: 359

What is the function of SNMP?

A.
It defines access policies and enforces them at the network management server.

B.
It collects device performance data and forwards it to the management system.

C.
It differentiates configuration and state data to monitor and compare network deviations.

D.
It enables automation use cases with TCP-based transactions in the network.

Answer: B
Explanation:

SNMP is a protocol used for network management. It enables network devices such as routers,
switches, and servers to send performance data, statistics, and alerts to a network management
system (NMS). SNMP allows administrators to monitor and manage network performance, detect
faults, and sometimes configure devices remotely. The data is collected in the form of variables
that can be queried or monitored by the NMS.

Topic 5, Security Fundamentals

QUESTION NO: 360 DRAG DROP

Drag and drop the Cisco Wireless LAN Controller security settings from the left onto the correct
security mechanism categories on the right.

"Pass Any Exam. Any Time." - www.actualtests.com 400

 Cisco 200-301 Exam

Answer:

Explanation:

Layer 2 Security mechanisms

WPA+WPA2

802.1X

Layer 3 Security mechanisms (for WLAN)

"Pass Any Exam. Any Time." - www.actualtests.com 401

 Cisco 200-301 Exam
Web policy

Passthrough

Layer 2 Security Mechanism includes WPA+WPA2, 802.1X, Static WEP, CKIP while Layer 3
Security Mechanisms (for WLAN) includes IPSec, VPN Pass-Through, Web Passthrough …

Reference: https://www.cisco.com/c/en/us/support/docs/wireless/4400-series-wireless-lan-
controllers/106082-wlc-compatibility-matrix.html

QUESTION NO: 361

Which set of actions satisfy the requirement for multifactor authentication?

A.
The user enters a user name and password, and then re-enters the credentials on a second
screen.

B.
The user swipes a key fob, then clicks through an email link.

C.
The user enters a user name and password, and then clicks a notification in an authentication app
on a mobile device.

D.
The user enters a PIN into an RSA token, and then enters the displayed RSA key on a login
screen.

Answer: C
Explanation:

This is an example of how two-factor authentication (2FA) works:

1. The user logs in to the website or service with their username and password.

2. The password is validated by an authentication server and, if correct, the user becomes eligible
for the second factor.

3. The authentication server sends a unique code to the user’s second-factor method (such as a
smartphone app).

4. The user confirms their identity by providing the additional authentication for their second-factor
"Pass Any Exam. Any Time." - www.actualtests.com 402
 Cisco 200-301 Exam
method.

QUESTION NO: 362

Refer to the exhibit. An extended ACL has been configured and applied to router R2. The
configuration failed to work as intended.

Which two changes stop outbound traffic on TCP ports 25 and 80 to 10.0.20.0/26 from the
10.0.10.0/26 subnet while still allowing all other traffic? (Choose two.)

A.
"Pass Any Exam. Any Time." - www.actualtests.com 403
 Cisco 200-301 Exam
Add a “permit ip any any? statement at the end of ACL 101 for allowed traffic.

B.
Add a “permit ip any any? statement to the beginning of ACL 101 for allowed traffic.

C.
The ACL must be moved to the Gi0/1 interface outbound on R2.

D.
The source and destination IPs must be swapped in ACL 101.

E.
The ACL must be configured the Gi0/2 interface inbound on R1.

Answer: A,D
Explanation:

Access Control Lists work top down. To allow all other traffic apart from what you configured as
deny, you need to add a permit statement (permit any any) to the end of the ACL.

ACLs are configured as source-destination. This shows destination-source so it needs to be

swapped.

Create an extended ACL:

access-list [access-list-number] [dynamic dynamic-name] [timeout minutes]] {deny|permit} protocol

source source-wildcard destination destination-wildcard [precedence precedence]

QUESTION NO: 363 DRAG DROP

Drag and drop the attack-mitigation techniques from the left onto the types of attack that they
mitigate on the right.

"Pass Any Exam. Any Time." - www.actualtests.com 404

 Cisco 200-301 Exam

Answer:

Explanation:

Configure the 802.1x authentication protocol – man-in-the-middle spoofing attack

Configure the DHCP snooping feature – MAC flooding attack

Configure the native VLAN with a nondefault VLAN ID – 802.1q double-tagging VLAN-hopping
attack

Disable Dynamic Trunking Protocol – switch-spoofing VLAN-hopping attack

QUESTION NO: 364

Refer to the exhibit. Which configuration for RTR-1 denies SSH access from PC-1 to any RTR-1
interface and allows all other traffic?

"Pass Any Exam. Any Time." - www.actualtests.com 405

 Cisco 200-301 Exam

A.

B.

"Pass Any Exam. Any Time." - www.actualtests.com 406

 Cisco 200-301 Exam
C.

D.

Answer: B
Explanation:

access-group [in|out] is used to tie an access-list to an interface.

access-class [in|out] is used to tie an access-list to VTY lines.

So in case you want to prevent incoming network traffic on port 80 through Ethernet 0/0 you use

int E0/0

ip access-group 123 in

In case you want to allow only your PC from accessing the VTY via telnet/SSH use this:

line vty 0 4

ip access-class 100 in

QUESTION NO: 365

"Pass Any Exam. Any Time." - www.actualtests.com 407

 Cisco 200-301 Exam
While examining excessive traffic on the network, it is noted that all incoming packets on an
interface appear to be allowed even though an IPv4 ACL is applied to the interface. Which two
misconfigurations cause this behavior? (Choose two.)

A.
The ACL is empty

B.
A matching permit statement is too broadly defined

C.
The packets fail to match any permit statement

D.
A matching deny statement is too high in the access list

E.
A matching permit statement is too high in the access list

Answer: B,E
Explanation:

Traffic might be permitted if the permit statement is too braid, meaning that you are allowing more
traffic than what is specifically needed, or if the matching permit statement is placed ahead of the
deny traffic. Routers will look at traffic and compare it to the ACL and once a match is found, the
router acts accordingly to that rule.

QUESTION NO: 366

Refer to the exhibit. If the network environment is operating normally, which type of device must
be connected to interface fastethernet 0/1?

A.

"Pass Any Exam. Any Time." - www.actualtests.com 408

 Cisco 200-301 Exam
DHCP client

B.
access point

C.
router

D.
PC

Answer: C
Explanation:

Access ports connected to end-user devices are often untrusted by both

DHCP Snooping and DAI. Ports connected to other switches, routers, the DHCP server—

anything other than links to end-user devices — should be trusted by DAI.

QUESTION NO: 367

Refer to the exhibit. What is the effect of this configuration?

A.
The switch discards all ingress ARP traffic with invalid MAC-to-IP address bindings.

B.
All ARP packets are dropped by the switch.

C.
Egress traffic is passed only if the destination is a DHCP server.
"Pass Any Exam. Any Time." - www.actualtests.com 409
 Cisco 200-301 Exam
D.
All ingress and egress traffic is dropped because the interface is untrusted.

Answer: A
Explanation:

Dynamic ARP inspection is an ingress security feature; it does not perform any egress checking.

QUESTION NO: 368

What is used to identify spurious DHCP servers?

A.
DHCPACK

B.
DHCPREQUEST

C.
DHCPOFFER

D.
DHCPDISCOVER

Answer: C

QUESTION NO: 369

"Pass Any Exam. Any Time." - www.actualtests.com 410

 Cisco 200-301 Exam

Refer to the exhibit. A network engineer must block access for all computers on VLAN 20 to the
web server via HTTP. All other computers must be able to access the web server. Which
configuration when applied to switch A accomplishes the task?

A.

B.

C.
"Pass Any Exam. Any Time." - www.actualtests.com 411
 Cisco 200-301 Exam

D.

Answer: D
Explanation:

This ACL denies all TCP traffic from any host to 10.30.0.100 via port 80. The web server goes off
of port 80. So this statement blocks ALL traffic going to IP address 10.30.0.100 to the web sever.

But we only want vlan 20 to be blocked, and NOT anyone else. So this seems wrong. But look at
what vlan they are applying it to, in answer "D". Although the ACL is blocking all traffic going to the
web server. It is ONLY APPLIED to vlan 20 specifically. So although it blocks all traffic, it only
effects vlan 20 members, because that is the only place it is applied to. And as for answer "A", you
would think this would be right as well, because the ACL that is applied in this statement, is to the
same vlan.

However, with deny statements in ACL's, if left at the end, will end up just denying any other
traffic. you need to add permit statements AFTER deny statements to allow other traffic. If the
permit statements are added before the deny statement, when the ACL is implemented, it will just
deny all other traffic.

QUESTION NO: 370

What are two recommendations for protecting network ports from being exploited when located in
an office space outside of an IT closet? (Choose two.)

A.
enable the PortFast feature on ports

"Pass Any Exam. Any Time." - www.actualtests.com 412

 Cisco 200-301 Exam
B.
configure static ARP entries

C.
configure ports to a fixed speed

D.
implement port-based authentication

E.
shut down unused ports

Answer: D,E
Explanation:

The 802.1x standard defines a client-server-based access control and authentication protocol that
prevents unauthorized clients from connecting to a LAN through publicly accessible ports unless
they are properly authenticated. The authentication server authenticates each client connected to
a switch port before making available any services offered by the switch or the LAN.

Unused or “empty? ports within any network device pose a security risk, as someone might plug a
cable into them and connect an unauthorised device to the network. This can lead to a number of
issues, including:

Network not functioning as it should

Network information vulnerable to outsiders

Therefore, you should shut down every port that is not used on routers, switches, and other
network devices. Depending upon the device, the shutdown state might be the default, but you
should always verify this.

Reference:
https://www.cisco.com/en/US/docs/switches/lan/catalyst3850/software/release/3.2_0_se/multibook
/configuration_guide/b_consolidated_config_guide_3850_chapter_0111000.html#concept_6275D
339A9074AC0BB06F872D7A54FBB

QUESTION NO: 371

A port security violation has occurred on a switch port due to the maximum MAC address count
being exceeded. Which command must be configured to increment the security-violation count
and forward an SNMP trap?
"Pass Any Exam. Any Time." - www.actualtests.com 413
 Cisco 200-301 Exam
A.
switchport port-security violation access

B.
switchport port-security violation protect

C.
switchport port-security violation restrict

D.
switchport port-security violation shutdown

Answer: C
Reference: https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst4500/12-
2/25ew/configuration/guide/conf/port_sec.html

QUESTION NO: 372

Refer to the exhibit. A network administrator has been tasked with securing VTY access to a
router. Which access-list entry accomplishes this task?

A.
access-list 101 permit tcp 10.1.1.0 0.0.0.255 172.16.1.0 0.0.0.255 eq telnet

B.
access-list 101 permit tcp 10.1.1.0 0.0.0.255 172.16.1.0 0.0.0.255 eq scp

"Pass Any Exam. Any Time." - www.actualtests.com 414

 Cisco 200-301 Exam
C.
access-list 101 permit tcp 10.1.1.0 0.0.0.255 172.16.1.0 0.0.0.255 eq https

D.
access-list 101 permit tcp 10.1.1.0 0.0.0.255 172.16.1.0 0.0.0.255 eq ssh

Answer: D
Explanation:

Securing VTY access to a router starts with enabling ssh so the encrypted communication can
take place.

QUESTION NO: 373

What does physical access control regulate?

A.
access to networking equipment and facilities

B.
access to servers to prevent malicious activity

C.
access to specific networks based on business function

D.
access to computer networks and file systems

Answer: A
Explanation:

There are two types of access control: physical and logical. Physical access control limits access
to campuses, buildings, rooms and physical IT assets. Logical access control limits connections to
computer networks, system files and data.

Reference: https://www.techtarget.com/searchsecurity/definition/access-control

QUESTION NO: 374

"Pass Any Exam. Any Time." - www.actualtests.com 415
 Cisco 200-301 Exam
When a WPA2-PSK WLAN is configured in the Wireless LAN Controller, what is the minimum
number of characters that is required in ASCII format?

A.
6

B.
8

C.
12

D.
18

Answer: B
Explanation:

WPA preshared keys must contain 8 to 63 ASCII text characters or 64 hexadecimal characters.

Reference:

https://www.cisco.com/c/en/us/td/docs/wireless/controller/7-
4/configuration/guides/consolidated/b_cg74_CONSOLIDATED/b_cg74_CONSOLIDATED_chapter
_01010001.html

QUESTION NO: 375

Which mechanism carries multicast traffic between remote sites and supports encryption?

A.
ISATAP

B.
IPsec over ISATAP

C.
GRE

D.
GRE over IPsec

Answer: D
"Pass Any Exam. Any Time." - www.actualtests.com 416
 Cisco 200-301 Exam
Explanation:

IPsec cannot encapsulate multicast, broadcast, or non-IP packets, and GRE cannot authenticate
and encrypt packets. Based on the same principle, these applications encapsulate packets as IP
packets using GRE and then transmit the packets over IPsec tunnels.

QUESTION NO: 376

Which field within the access-request packet is encrypted by RADIUS?

A.
authorized services

B.
password

C.
authenticator

D.
username

Answer: B
Reference: https://www.cisco.com/c/en/us/support/docs/security-vpn/remote-authentication-dial-
user-service-radius/12433-32.html

QUESTION NO: 377

A Cisco engineer is configuring a factory-default router with these three passwords:

The user EXEC password for console access is p4ssw0rd1.

The user EXEC password for Telnet access is s3cr3t2.

The password for privileged EXEC mode is priv4t3p4ss.

Which command sequence must the engineer configure?

"Pass Any Exam. Any Time." - www.actualtests.com 417

 Cisco 200-301 Exam
A.
enable secret priv4t3p4ss

line con 0

password p4ssw0rd1

line vty 0 15

password s3cr3t2

B.
enable secret priv4t3p4ss

line con 0

password p4ssw0rd1

login

line vty 0 15

password s3cr3t2

login

C.
enable secret priv4t3p4ss

line con 0

password login p4ssw0rd1

line vty 0 15

password login s3cr3t2

login

D.
enable secret privilege 15 priv4t3p4ss

"Pass Any Exam. Any Time." - www.actualtests.com 418

 Cisco 200-301 Exam
!

line con 0

password p4ssw0rd1

login

line vty 0 15

password s3cr3t2

login

Answer: D

QUESTION NO: 378

Refer to the exhibit. An access list is created to deny Telnet access from host PC-1 to RTR-1 and
allow access from all other hosts. A Telnet attempt from PC-2 gives this message: "% Connection
"Pass Any Exam. Any Time." - www.actualtests.com 419
 Cisco 200-301 Exam
refused by remote host." Without allowing Telnet access from PC-1, which action must be taken to
permit the traffic?

A.
Add the access-list 10 permit any command to the configuration.

B.
Remove the access-class 10 in command from line vty 0 4

C.
Add the ip access-group 10 out command to interface g0/0.

D.
Remove the password command from line vty 0 4.

Answer: A
Explanation:

At the end of any ACL there is an Implicit DENY ALL (DENY ANY ANY) rule. So after specifying
the first ACL rule we should include and explicit PERMIT ALL (PERMT ANY ANY) to explicitly
permit other Traffic. Because of this, any ACL that does not specify at least one permit statement
will indeed not allow any traffic at all.

QUESTION NO: 379

What is a function of Opportunistic Wireless Encryption in an environment?

A.
provide authentication

B.
protect traffic on open networks

C.
offer compression

D.
increase security by using a WEP connection

Answer: B
Reference: https://www.cisco.com/c/en/us/td/docs/wireless/controller/9800/16-12/config-
guide/b_wl_16_12_cg/wpa3.html

"Pass Any Exam. Any Time." - www.actualtests.com 420

 Cisco 200-301 Exam

QUESTION NO: 380

Refer to the exhibit. Clients on the WLAN are required to use 802.11r. What action must be taken
to meet the requirement?

A.
Under Protected Management Frames, set the PMF option to Required.

B.

"Pass Any Exam. Any Time." - www.actualtests.com 421

 Cisco 200-301 Exam
Enable CCKM under Authentication Key Management.

C.
Set the Fast Transition option and the WPA gtk-randomize State to disable.

D.
Set the Fast Transition option to Enable and enable FT 802.1X under Authentication Key
Management.

Answer: D
Explanation:

Fast BSS Transition (802.11r)

Fast BSS Transition (often abbreviated to Fast Transition or FT) describes mechanisms by which
a mobile device can reestablish existing security and/or QoS parameters prior to reassociating to a
new AP. These mechanisms are referred to as “fast? because they seek to significantly reduce the
length of time that connectivity is interrupted between a mobile device and Wi-Fi infrastructure
when that mobile device is connecting to a new AP.

Reference: https://blogs.cisco.com/networking/what-is-802-11r-why-is-this-important

QUESTION NO: 381

Which type of traffic is sent with pure IPsec?

A.
multicast traffic from a server at one site to hosts at another location

B.
broadcast packets from a switch that is attempting to locate a MAC address at one of several
remote sites

C.
unicast messages from a host at a remote site to a server at headquarters

D.
spanning-tree updates between switches that are at two different sites

Answer: C
Explanation:

IPsec only supports unicast traffic. If multicast traffic needs to travel through a tunnel, a GRE
"Pass Any Exam. Any Time." - www.actualtests.com 422
 Cisco 200-301 Exam
tunnel will need to be configured between the peers.

QUESTION NO: 382 DRAG DROP

Drag and drop the descriptions of AAA services from the left onto the corresponding services on
the right.

Answer:

"Pass Any Exam. Any Time." - www.actualtests.com 423

 Cisco 200-301 Exam

Explanation:

Accounting:

log session statistics

records user commands

Authentication

validates user credentials

secures access to routers

Authorization

limits the user’s access permissions

"Pass Any Exam. Any Time." - www.actualtests.com 424

 Cisco 200-301 Exam
allows the user to change to enable mode

QUESTION NO: 383

After a recent security breach and a RADIUS failure, an engineer must secure the console port of
each enterprise router with a local username and password. Which configuration must the
engineer apply to accomplish this task?

A.
aaa new-model

line con 0

password plaintextpassword

privilege level 15

B.
aaa new-model

aaa authorization exec default local

aaa authentication login default radius

username localuser privilege 15 secret plaintextpassword

C.
username localuser secret plaintextpassword

line con 0

no login local

privilege level 15

D.
username localuser secret plaintextpassword

line con 0

login authentication default

privilege level 15

Answer: A
Reference: https://community.cisco.com/t5/switching/login-local-on-con-0/td-p/2355331
"Pass Any Exam. Any Time." - www.actualtests.com 425
 Cisco 200-301 Exam

QUESTION NO: 384

Which wireless security protocol relies on Perfect Forward Secrecy?

A.
WEP

B.
WPA2

C.
WPA

D.
WPA3

Answer: A
Explanation:

WPA3 (Wi-Fi Protected Access 3) is the newest wireless security protocol designed to encrypt
data using a frequent and automatic encryption type called Perfect Forward Secrecy.

QUESTION NO: 385

What is a zero-day exploit?

A.
It is when the network is saturated with malicious traffic that overloads resources and bandwidth.

B.
It is when an attacker inserts malicious code into a SQL server.

C.
It is when a new network vulnerability is discovered before a fix is available.

D.
It is when the perpetrator inserts itself in a conversation between two parties and captures or alters
data.

Answer: C
"Pass Any Exam. Any Time." - www.actualtests.com 426
 Cisco 200-301 Exam
Explanation:

"Zero-day" is a broad term that describes recently discovered security vulnerabilities that hackers
can use to attack systems. The term "zero-day" refers to the fact that the vendor or developer has
only just learned of the flaw – which means they have had “zero days? to fix it.

QUESTION NO: 386

A network engineer is replacing the switches that belong to a managed-services client with new
Cisco Catalyst switches. The new switches will be configured for updated security standards
including replacing. Telnet services with encrypted connections and doubling the modulus size
from 1024. Which two commands must the engineer configure on the new switches? (Choose
two.)

A.
transport input ssh

B.
transport input all

C.
crypto key generate rsa modulus 2048

D.
crypto key generate rsa general-keys modulus 1024

E.
crypto key generate rsa usage-keys

Answer: A,C
Explanation:

Replacing telnet with encrypted connections requires the use of SSH, which is done in the vty
section of the configuration using the transport input ssh command.

"Pass Any Exam. Any Time." - www.actualtests.com 427

 Cisco 200-301 Exam

Reference:
https://content.cisco.com/chapter.sjs?uri=/searchable/chapter/content/en/us/td/docs/ios-
xml/ios/security/a1/sec-a1-xe-3se-5700-cr-book/sec-a1-xe-3se-5700-cr-
book_chapter_0110.html.xml#:~:text=The%20largest%20private%20RSA%20key,or%20less%20f
or%20RSA%20encryption

QUESTION NO: 387

Which characteristic differentiates the concept of authentication from authorization and

accounting?

A.
consumption-based billing

B.
identity verification

C.
user-activity logging

D.
service limitations

Answer: B
Explanation:

Authentication, authorization, and accounting (AAA) is a term for a framework for intelligently
controlling access to computer resources, enforcing policies, auditing usage, and providing the
information necessary to bill for services. These combined processes are considered important for
effective network management and security.

"Pass Any Exam. Any Time." - www.actualtests.com 428

 Cisco 200-301 Exam
As the first process, authentication provides a way of identifying a user, typically by having the
user enter a valid user name and valid password before access is granted. The process of
authentication is based on each user having a unique set of criteria for gaining access. The AAA
server compares a user's authentication credentials with other user credentials stored in a
database. If the credentials match, the user is granted access to the network. If the credentials are
at variance, authentication fails and network access is denied.

QUESTION NO: 388

Which IPsec transport mode encrypts the IP header and the payload?

A.
pipe

B.
transport

C.
control

D.
tunnel

Answer: D
Explanation:

IPsec Tunnel vs. Transport Mode

In order to authenticate data packets and guarantee their integrity, IPsec includes two protocols.
These are the AH (Authentication Header) protocol and the ESP (Encapsulating Security Payload)
protocol. Both protocols, in turn, support two encapsulation modes — tunnel mode and transport
mode. Let’s break down their core differences.

Tunnel Mode

In tunnel mode, the entire original IP packet is encapsulated to become the payload of a new IP
packet. Additionally, a new IP header is added on top of the original IP packet. Since a new packet
is created using the original information, tunnel mode is useful for protecting traffic between
different networks.

Transport Mode

The main difference in transport mode is that it retains the original IP header. In other words,
"Pass Any Exam. Any Time." - www.actualtests.com 429
 Cisco 200-301 Exam
payload data transmitted within the original IP packet is protected, but not the IP header.

Reference: https://www.twingate.com/blog/ipsec-tunnel-mode/

QUESTION NO: 389

When a site-to-site VPN is configured which IPsec mode provides encapsulation and encryption of
the entire original IP packet?

A.
IPsec transport mode with AH

B.
IPsec tunnel mode with AH

C.
IPsec transport mode with ESP

D.
IPsec tunnel mode with ESP

Answer: D
Explanation:

In Tunnel mode, the entire original IP packet, including its IP header and payload, is encapsulated
within a new IP packet. The new IP packet has a different IP header that contains the VPN tunnel
endpoints' IP addresses and additional IPsec-related information. In the case of AH tunnel mode,
an AH header and a new IP header are added. For ESP tunnel mode, an ESP header, a new IP
header, an ESP trailer, and an ESP authentication trailer are added.

QUESTION NO: 390

An engineer is configuring remote access to a router from IP subnet 10.139.58.0/28. The domain
name, crypto keys, and SSH have been configured. Which configuration enables the traffic on the
destination router?

A.
line vty 0 15
"Pass Any Exam. Any Time." - www.actualtests.com 430
 Cisco 200-301 Exam
access-class 120 in

ip access-list extended 120

permit tcp 10.139.58.0 0.0.0.15 any eq 22

B.
interface FastEthernet0/0

ip address 10.122.49.1 255.255.255.252

ip access-group 10 in

ip access-list standard 10

permit udp 10.139.58.0 0.0.0.7 host 10.122.49.1 eq 22

C.
interface FastEthernet0/0

ip address 10.122.49.1 255.255.255.252

ip access-group 110 in

ip access-list standard 110

permit tcp 10.139.58.0 0.0.0.15 eq 22 host 10.122.49.1

D.
line vty 0 15

access-group 120 in

ip access-list extended 120

permit tcp 10.139.58.0 0.0.0.15 any eq 22

Answer: A
Explanation:

For an ACL that specifies the source, destination and port numbers, and extended ACL is
required. For VTY access filtering. The access-class command is used, as opposed to the access-
group command which is reserved for physical interfaces.

"Pass Any Exam. Any Time." - www.actualtests.com 431

 Cisco 200-301 Exam

QUESTION NO: 391

Refer to the exhibit. What are the two steps an engineer must take to provide the highest
encryption and authentication using domain credentials from LDAP? (Choose two.)

A.
Select PSK under Authentication Key Management.

B.
Select Static-WEP + 802.1X on Layer 2 Security.

C.
Select WPA+WPA2 on Layer 2 Security.

"Pass Any Exam. Any Time." - www.actualtests.com 432

 Cisco 200-301 Exam
D.
Select 802.1X from under Authentication Key Management.

E.
Select WPA Policy with TKIP Encryption.

Answer: C,D
Reference: https://www.cisco.com/c/en/us/td/docs/wireless/controller/8-10/config-
guide/b_cg810/wlan_security.html

QUESTION NO: 392

Which enhancement is implemented in WPA3?

A.
employs PKI to identify access points

B.
applies 802.1x authentication

C.
uses TKIP

D.
protects against brute force attacks

Answer: D
Explanation:

WPA3 security overcomes this limitation and does not allow TKIP and WEP. Additionally, WPA3
personal and enterprise connections requires PMF (Protected Management Frame) negotiation
mandatorily. PMF provides an additional layer of protection from de-authentication and
disassociation attacks.

For personal networks WPA3 utilizes Simultaneous Authentication Of Equals (SAE) as

described in IEEE 802.11 standard.

SAE provides following key advantages when compared to WPA2 PSK (pre-shared key): –

Creates shared secret which is different for each SAE authentication.

Protection against brute force “dictionary? attacks and passive attacks.

Provides forward secrecy

"Pass Any Exam. Any Time." - www.actualtests.com 433
 Cisco 200-301 Exam
Reference: https://blogs.cisco.com/networking/wpa3-bringing-robust-security-for-wi-fi-networks

QUESTION NO: 393

SW1 supports connectivity for a lobby conference room and must be secured. The engineer must
limit the connectivity from PC1 to the SW1 and SW2 network. The MAC addresses allowed must
be limited to two. Which configuration secures the conference room connectivity?

A.
interface gi1/0/15

switchport port-security

switchport port-security maximum 2

B.
interface gi1/0/15

switchport port-security

switchport port-security mac-address 0000.abcd.0004 vlan 100

C.

"Pass Any Exam. Any Time." - www.actualtests.com 434

 Cisco 200-301 Exam
interface gi1/0/15

switchport port-security mac-address 0000.abcd.0004 vlan 100

D.
interface gi1/0/15

switchport port-security mac-address 0000.abcd.0004 vlan 100

interface switchport secure-mac limit 2

Answer: A

QUESTION NO: 394

"Pass Any Exam. Any Time." - www.actualtests.com 435

 Cisco 200-301 Exam
Refer to the exhibit. An engineer is updating the management access configuration of switch SW1
to allow secured, encrypted remote configuration. Which two commands or command sequences
must the engineer apply to the switch? (Choose two.)

A.
SW1(config)#enable secret ccnaTest123

B.
SW1(config)#username NEW secret R3mote123

C.
SW1(config)#line vty 0 15

SW1(config-line)#transport input ssh

D.
SW1(config)# crypto key generate rsa

E.
SW1(config)# interface f0/1

SW1(config-if)# switchport mode trunk

Answer: C,D
Explanation:

Complete these steps to configure the SSH server to perform RSA-based authentication.

Specify the Host name.

Router(config)#hostname <host name>

2. Define a default domain name.

Router(config)#ip domain-name <Domain Name>

3. Generate RSA key pairs.

Router(config)#crypto key generate rsa

4. Configure SSH-RSA keys for user and server authentication.

Router(config)#ip ssh pubkey-chain

5. Configure the SSH username.

"Pass Any Exam. Any Time." - www.actualtests.com 436

 Cisco 200-301 Exam
Router(conf-ssh-pubkey)#username <user name>

6. Specify the RSA public key of the remote peer.

Router(conf-ssh-pubkey-user)#key-string

7. Specify the SSH key type and version. (This step is optional.)

Router(conf-ssh-pubkey-data)#key-hash ssh-rsa <key ID>

8. Exit the current mode and return to privileged EXEC mode.

Router(conf-ssh-pubkey-data)#end

Prevent Non-SSH Connections

If you want to prevent non-SSH connections, add the transport input ssh command under the lines
to limit the router to SSH connections only. Straight (non-ssh) Telnets are refused.

line vty 0 4

!--- Prevent non-SSH Telnets.

transport input ssh

Reference: https://www.cisco.com/c/en/us/support/docs/security-vpn/secure-shell-ssh/4145-
ssh.html

QUESTION NO: 395

Which WLC management connection type is vulnerable to man-in-the-middle attacks?

A.
console

B.
Telnet

C.
SSH

"Pass Any Exam. Any Time." - www.actualtests.com 437

 Cisco 200-301 Exam
D.
HTTPS

Answer: B
Explanation:

Telnet sends all data in plain text, allowing for a man in the middle attack to gain access to the
data sent, including login credentials.

QUESTION NO: 396

Refer to the exhibit. An engineer booted a new switch and applied this configuration via the
console port. Which additional configuration must be applied to allow administrators to
authenticate directly to global configuration mode via Telnet using a local username and
password?

A.
R1(config)#username admin

R1(config-if)#line vty 0 4

R1(config-line)#password p@ss1234

R1(config-line)#transport input telnet

B.
R1(config)#username admin privilege 15 secret p@ss1234

R1(config-if)#line vty 0 4

R1(config-line)#login local

C.
"Pass Any Exam. Any Time." - www.actualtests.com 438
 Cisco 200-301 Exam
R1(config)#username admin secret p@ss1234

R1(config-if)#line vty 0 4

R1(config-line)#login local

R1(config)#enable secret p@ss1234

D.
R1(config)#username admin

R1(config-if)#line vty 0 4

R1(config-line)#password p@ss1234

Answer: B

QUESTION NO: 397 DRAG DROP

Drag and drop the statements about AAA services from the left to the corresponding AAA services
on the right. Not all options are used.

Answer:

"Pass Any Exam. Any Time." - www.actualtests.com 439

 Cisco 200-301 Exam

Explanation:

Authentication:

It performs user validation via TACACS+.

It verifies “who you are?.

Authorization:

It grants access to network assets, such as FTP servers.

It restricts the CLI commands that a user is able to perform

QUESTION NO: 398

A network engineer must configure an access list on a new Cisco IOS router. The access list must
deny HTTP traffic to network 10.125.128.32/27 from the 192.168.240.0/20 network, but it must
allow the 192.168.240.0/20 network to reach the rest of the 10.0.0.0/8 network. Which
configuration must the engineer apply?

A.

ip access-list extended deny_outbound

10 permit ip 192.168.240.0 255.255.240.0 10.0.0.0 255.0.0.0

20 deny tcp 192.168.240.0 255.255.240.0 10.125.128.32 255.255.255.224 eq 443

30 permit ip any any

"Pass Any Exam. Any Time." - www.actualtests.com 440

 Cisco 200-301 Exam
B.

ip access-list extended deny_outbound

10 deny tcp 192.168.240.0 0.0.15.255 10.125.128.32 0.0.0.31 eq 80

20 permit ip 192.168.240.0 0.0.15.255 10.0.0.0 0.255.255.255

30 deny ip any any log

C.

ip access-list extended deny_outbound

10 deny tcp 10.125.128.32 255.255.255.224 192.168.240.0 255.255.240.0 eq 443

20 deny tcp 192.168.240.0 255.255.240.0 10.125.128.32 255.255.255.224 eq 443

30 permit ip 192.168.240.0 255.255.240.0 10.0.0.0 255.0.0.0

D.

ip access-list extended deny_outbound

10 deny tcp 192.168.240.0 0.0.15.255 any eq 80

20 deny tcp 192.168.240.0 0.0.15.255 10.125.128.32 0.0.0.31 eq 80

30 permit ip 192.168.240.0 0.0.15.255 10.0.0.0 0.255.255.255

Answer: B

QUESTION NO: 399

What is the definition of backdoor malware?

A.
malicious code that is installed onto a computer to allow access by an unauthorized user

B.
malicious program that is used to launch other malicious programs

C.
malicious code that infects a user machine and then uses that machine to send spam

D.
malicious code with the main purpose of downloading other malicious code

"Pass Any Exam. Any Time." - www.actualtests.com 441

 Cisco 200-301 Exam
Answer: A
Explanation:

Backdoor malware is a type of Trojan that allows attackers to gain remote access to a system by
negating normal authentication procedures. Backdoor attacks let attackers gain control of system
resources, perform network reconnaissance, and install different types of malwares. Backdoors
can be installed in both software and hardware. There have been many high-profile backdoor
attacks in recent years, including the SolarWinds attack in 2020, which was suspected to be
carried out by nation-state actors. Backdoor attacks can be prevented by using strong passwords,
keeping software up to date, and using security software.

QUESTION NO: 400

Refer to the exhibit. A network administrator is configuring a router for user access via SSH. The
service-password encryption command has been issued. The configuration must meet these
requirements:

Create the username as CCUser.

Create the password as NA!2$cc.

Encrypt the user password.

What must be configured to meet the requirements?

A.
username CCUser privilege 10 password NA!2$cc

B.
username CCUser privilege 15 password NA!2$cc

"Pass Any Exam. Any Time." - www.actualtests.com 442

 Cisco 200-301 Exam
enable secret 0 NA!2$cc

C.
username CCUser secret NA!2$cc

D.
username CCUser password NA!2$cc

enable password level 5 NA!2$cc

Answer: C

QUESTION NO: 401

Refer to the exhibit. A network engineer started to configure port security on a new switch. These
requirements must be met:

MAC addresses must be learned dynamically.

Log messages must be generated without disabling the interface when unwanted traffic is seen.

Which two commands must be configured to complete this task? (Choose two.)

A.
SW(config-if)#switchport port-security violation restrict

B.
SW(config-if)#switchport port-security mac-address 0010.7B84.45E6

"Pass Any Exam. Any Time." - www.actualtests.com 443

 Cisco 200-301 Exam
C.
SW(config-if)#switchport port-security maximum 2

D.
SW(config-if)#switchport port-security violation shutdown

E.
SW(config-if)#switchport port-security mac-address sticky

Answer: A,E

QUESTION NO: 402

Which type of security program is violated when a group of employees enters a building using the
ID badge of only one person?

A.
intrusion detection

B.
network authorization

C.
physical access control

D.
user awareness

Answer: C
Explanation:

Physical Access Control refers to the measures and systems put in place to restrict entry to
physical spaces, such as buildings, rooms, or areas within a facility. It aims to ensure that only
authorized individuals are granted access to specific locations based on their roles, permissions,
or clearances.

By using the ID badge of only one person to gain entry, the group of employees circumvents the
intended physical access control measures. Each employee should have their own ID badge, and
their access permissions should be associated with their individual credentials.

QUESTION NO: 403

"Pass Any Exam. Any Time." - www.actualtests.com 444
 Cisco 200-301 Exam

Refer to the exhibit. Local access for R4 must be established and these requirements must be
met:

Only Telnet access is allowed.

The enable password must be stored securely.

The enable password must be applied in plain text.

Full access to R4 must be permitted upon successful login.

Which configuration script meets the requirements?

A.
!

conf t

username test1 password testpass1

enable secret level 15 0 Test123

line vty 0 15

login local

transport input telnet

"Pass Any Exam. Any Time." - www.actualtests.com 445

 Cisco 200-301 Exam
B.
!

config t

username test1 password testpass1

enable password level 15 0 Test123

line vty 0 15

login local

transport input all

C.
!

config t

username test1 password testpass1

enable password level 1 7 Test123

line vty 0 15

accounting exec default

transport input all

D.
!

config t

username test1 password testpass1

enable secret level 1 0 Test123

line vty 0 15

login authentication
"Pass Any Exam. Any Time." - www.actualtests.com 446
 Cisco 200-301 Exam
password Test123

transport input telnet

Answer: A

QUESTION NO: 404

What is an enhancement implemented in WPA3?

A.
applies 802.1x authentication and AES-128 encryption

B.
employs PKI and RADIUS to identify access points

C.
uses TKIP and per-packet keying

D.
defends against deauthentication and disassociation attacks

Answer: D
Explanation:

WPA3 personal and enterprise connections requires PMF (Protected Management Frame)
negotiation mandatorily. PMF provides an additional layer of protection from de-authentication and
disassociation attacks.

QUESTION NO: 405

Which action must be taken when password protection is implemented?

A.
Use less than eight characters in length when passwords are complex.

B.
Include special characters and make passwords as long as allowed.

C.
Share passwords with senior IT management to ensure proper oversight.
"Pass Any Exam. Any Time." - www.actualtests.com 447
 Cisco 200-301 Exam
D.
Store passwords as contacts on a mobile device with single-factor authentication.

Answer: B
Explanation:

When password protection is implemented, several actions should be taken to ensure its
effectiveness:

Choose Strong Passwords: Encourage users to select strong passwords that are not easily
guessable. A strong password typically includes a combination of uppercase and lowercase
letters, numbers, and special characters. It should be at least eight characters long and avoid
common dictionary words or personal information.

Enforce Password Complexity: Implement password complexity requirements in your password

policy. This can include enforcing minimum length, a mix of character types, and preventing the
use of common or easily guessable passwords.

Educate Users: Provide training and awareness programs to educate users on the importance of
password security. Teach them about common password pitfalls, such as sharing passwords,
reusing passwords across different accounts, or falling for phishing scams.

QUESTION NO: 406

An engineer must configure R1 for a new user account. The account must meet these
requirements:

It must be configured in the local database.

The username is engineer2.

It must use the strongest password configurable.

Which command must the engineer configure on the router?

A.
R1(config)# username engineer2 privilege 1 password 7 test2021

B.
R1(config)# username engineer2 secret 4 $1$b1Ju$kZbBS1Pyh4QzwXyZ

C.
R1(config)# username engineer2 algorithm-type scrypt secret test2021

"Pass Any Exam. Any Time." - www.actualtests.com 448

 Cisco 200-301 Exam
D.
R1(config)# username engineer2 secret 5 password $1$b1Ju$kZbBS1Pyh4QzwXyZ

Answer: B
Explanation:

To configure a new user account with the given requirements on R1, the engineer needs to use
the following command:

R1(config)# username engineer2 secret <strongest_password>

In this command, <strongest_password> should be replaced with the desired strong password for
the engineer2 account. The username command is used to create a new user account, and the
secret keyword is used to set the password for that account.

QUESTION NO: 407

What is a characteristic of RSA?

A.
It uses preshared keys for encryption.

B.
It is a public-key cryptosystem.

C.
It is a private-key encryption algorithm.

D.
It requires both sides to have identical keys.

Answer: B
Explanation:

RSA is a public-key cryptosystem. This means that it uses a pair of keys, one of which is kept
private and the other of which is made public. The public key can be distributed to anyone who
wants to send encrypted messages to the owner of the private key, while the private key is kept
secret and is used by the owner to decrypt messages.

"Pass Any Exam. Any Time." - www.actualtests.com 449