Series này chia sẻ bộ dump CCNA 200-301 mới nhất và liên tục cập nhật thường xuyên để hỗ trợ các bạn ôn thi và đạt được kết quả tốt.
QUESTION 1: Which statement correctly compares traditional networks and controller-based networks?
A. Only traditional networks offer a centralized control plane
B. Only traditional networks natively support centralized management
C. Traditional and controller-based networks abstract policies from device configurations
D. Only controller-based networks decouple the control plane and the data plane
Answer: D
Most traditional devices use a distributed architecture, in which each control plane is resided in a networking device. Therefore, they need to communicate with each other via messages to work correctly. In contrast to distributed architecture, centralized (or controller-based) architectures centralizes the control of networking devices into one device, called SDN controller. So Answer D is correct.
QUESTION 2: How does HSRP provide first hop redundancy?
A. It load-balances traffic by assigning the same metric value to more than one route to the same destination in the IP routing table.
B. It load-balances Layer 2 traffic along the path by flooding traffic out all interfaces configured with the same VLAN.
C. It forwards multiple packets to the same destination over different routed links in the data path
D. It uses a shared virtual MAC and a virtual IP address to a group of routers that serve as the default gateway for hosts on a LAN
Answer: D
QUESTION 3: Which two actions influence the EIGRP route selection process? (Choose two)
A. The router calculates the reported distance by multiplying the delay on the exiting Interface by 256.
B. The router calculates the best backup path to the destination route and assigns it as the feasible successor.
C. The router calculates the feasible distance of all paths to the destination route
D. The advertised distance is calculated by a downstream neighbor to inform the local router of the bandwidth on the link
E. The router must use the advertised distance as the metric for any given route
Answer: BC
QUESTION 4: Which two capacities of Cisco DNA Center make it more extensible? (Choose two)
A. adapters that support all families of Cisco IOS software
B. SDKs that support interaction with third-party network equipment
C. customized versions for small, medium, and large enterprises
D. REST APIs that allow for external applications to interact natively with Cisco DNA Center
E. modular design that is upgradable as needed
Answer: BD
Cisco DNA Center offers 360-degree extensibility through four distinct types of platform capabilities:
- Intent-based APIs leverage the controller and enable business and IT applications to deliver intent to the network and to reap network analytics and insights for IT and business innovation.
- Process adapters, built on integration APIs, allow integration with other IT and network systems to streamline IT operations and processes.
- Domain adapters, built on integration APIs, allow integration with other infrastructure domains such as data center, WAN, and security to deliver a consistent intent based infrastructure across the entire IT environment.
- SDKs allow management to be extended to third-party vendor’s network devices to offer support for diverse environments.
QUESTION 5: Refer to the exhibit. What does router R1 use as its OSPF router-ID?
A. 10.10.1.10
B. 10.10.10.20
C. 172.16.15.10
D. 192.168.0.1
Answer: C
OSPF uses the following criteria to select the router ID:
- Manual configuration of the router ID (via the “router-id x.x.x.x” command under OSPF router configuration mode).
- Highest IP address on a loopback interface.
- Highest IP address on a non-loopback and active (no shutdown) interface.
QUESTION 6: Which 802.11 frame type is association response?
A. management
B. protected frame
C. control
D. action
Answer: A
There are three main types of 802.11 frames: the Data Frame, the Management Frame and the Control Frame. Association Response belongs to Management Frame. Association response is sent in response to an association request.
QUESTION 7: Which API is used in controller-based architectures to interact with edge devices?
A. overlay
B. northbound
C. underlay
D. southbound
Answer: D
QUESTION 8: Which statement identifies the functionality of virtual machines?
A. Virtualized servers run most efficiently when they are physically connected to a switch that is
separate from the hypervisor
B. The hypervisor can virtualize physical components including CPU. memory, and storage
C. Each hypervisor can support a single virtual machine and a single software switch
D. The hypervisor communicates on Layer 3 without the need for additional resources
Answer: B
QUESTION 9: Which type of address is the public IP address of a NAT device?
A. outside global
B. outside local
C. inside global
D. inside local
E. outside public
F. inside public
Answer: C
NAT use four types of addresses:
- Inside local address – The IP address assigned to a host on the inside network. The address is usually not an IP address assigned by the Internet Network Information Center (InterNIC) or service provider. This address is likely to be an RFC 1918 private address.
- Inside global address – A legitimate IP address assigned by the InterNIC or service provider that represents one or more inside local IP addresses to the outside world.
- Outside local address – The IP address of an outside host as it is known to the hosts on the inside network.
- Outside global address – The IP address assigned to a host on the outside network. The owner of the host assigns this address.
QUESTION 10: Which option about JSON is true?
A. uses predefined tags or angle brackets () to delimit markup text
B. used to describe structured data that includes arrays
C. used for storing information
D. similar to HTML, it is more verbose than XML
Answer: B
JSON data is written as name/value pairs. A name/value pair consists of a field name (in double quotes), followed by a colon, followed by a value:
"name":"Mark"
JSON can use arrays. Array values must be of type string, number, object, array, boolean or null, … For example:
{
"name": "John",
"age": 30,
"cars": ["Ford", "BMW", "Fiat"]
}
QUESTION 11: Which attribute does a router use to select the best path when two or more different routes to the same destination exist from two different routing protocols?
A. dual algorithm
B. metric
C. administrative distance
D. hop count
Answer: C
Administrative distance is the feature used by routers to select the best path when there are two or more different routes to the same destination from different routing protocols. Administrative distance defines the reliability of a routing protocol.
QUESTION 12: Which two values or settings must be entered when configuring a new WLAN in the Cisco Wireless LAN Controller GUI? (Choose two)
A. management interface settings
B. QoS settings
C. Ip address of one or more access points
D. SSID
E. Profile name
Answer: DE
QUESTION 13: What are two benefits of network automation? (Choose two)
A. reduced operational costs
B. reduced hardware footprint
C. faster changes with more reliable results
D. fewer network failures
E. increased network security
Answer: AC
QUESTION 14: Which command prevents passwords from being stored in the configuration as plaintext on a router or switch?
A. enable secret
B. service password-encryption
C. username Cisco password encrypt
D. enable password
Answer: B
QUESTION 15. Drag drop the descriptions from the left on to the correct configuration-management technologies on the right.
Answer:
- The focus of Ansible is to be streamlined and fast, and to require no node agent installation. Thus, Ansible performs all functions over SSH. Ansible is built on Python, in contrast to the Ruby foundation of Puppet and Chef.
- TCP port 10002 is the command port. It may be configured in the Chef Push Jobs configuration file. This port allows Chef Push Jobs clients to communicate with the Chef Push Jobs server.
- Puppet is an open-source configuration management solution, which is built with Ruby and offers custom Domain Specific Language (DSL) and Embedded Ruby (ERB) templates to create custom Puppet language files, offering a declarative-paradigm programming approach. A Puppet piece of code is called a manifest, and is a file with .pp extension.
QUESTION 16: Drag and drop the descriptions of file-transfer protocols from the left onto the correct protocols on the right.
Answer:
QUESTION 17: Drag and drop the WLAN components from the left onto the correct descriptions on the right.
Answer:
- The service port can be used management purposes, primarily for out-of-band management. However, AP management traffic is not possible across the service port. In most cases, the service port is used as a “last resort” means of accessing the controller GUI for management purposes. For example, in the case where the system distribution ports on the controller are down or their communication to the wired network is otherwise degraded.
- A dynamic interface with the Dynamic AP Management option enabled is used as the tunnel source for packets from the controller to the access point and as the destination for CAPWAP packets from the access point to the controller.
- The virtual interface is used to support mobility management, Dynamic Host Configuration Protocol (DHCP) relay, and embedded Layer 3 security such as guest web authentication. It also maintains the DNS gateway host name used by Layer 3 security and mobility managers to verify the source of certificates when Layer 3 web authorization is enabled.
Reference: https://www.cisco.com/c/en/us/td/docs/wireless/controller/8-5/configguide/b_cg85/ports_and_interfaces.html
QUESTION 18: Drag and drop the threat-mitigation techniques from the left onto the types of threat or attack they mitigate on the right.
Answer:
QUESTION 19: Drag and drop the functions from the left onto the correct network components on the right.
QUESTION 20: Drag and drop the AAA functions from the left onto the correct AAA services on the right.
Answer:
QUESTION 21: Drag and drop the IPv4 network subnets from the left onto the correct usable host ranges on the right.
QUESTION 22: Drag and drop the Cisco Wireless LAN Controller security settings from the left onto the correct security mechanism categories on the right.
Answer:
Layer 2 Security Mechanism includes WPA+WPA2, 802.1X, Static WEP, CKIP while Layer 3 Security Mechanisms (for WLAN) includes IPSec, VPN Pass-Through, Web Passthrough … Reference: https://www.cisco.com/c/en/us/support/docs/wireless/4400-series-wireless-lancontrollers/106082-wlc-compatibility-matrix.html.
QUESTION 23: What is a benefit of using a Cisco Wireless LAN Controller?
A. Central AP management requires more complex configurations
B. Unique SSIDs cannot use the same authentication method
C. It supports autonomous and lightweight APs
D. It eliminates the need to configure each access point individually
Answer: D
QUESTION 24: Which network allows devices to communicate without the need to access the Internet?
A. 1729.0.0/16
B. 172.28.0.0/16
C. 192.0.0.0/8
D. 209.165.201.0/24
Answer: B
This question asks about the private ranges of IPv4 addresses. The private ranges of each class of IPv4 are listed below: Class A private IP address ranges from 10.0.0.0 to 10.255.255.255 Class B private IP address ranges from 172.16.0.0 to 172.31.255.255 Class C private IP address ranges from 192.168.0.0 to 192.168.255.255 Only the network 172.28.0.0/16 belongs to the private IP address (of class B).
QUESTION 25: Which result occurs when PortFast is enabled on an interface that is connected to another switch?
A. Spanning tree may fail to detect a switching loop in the network that causes broadcast storms
B. VTP is allowed to propagate VLAN configuration information from switch to switch automatically.
C. Root port choice and spanning tree recalculation are accelerated when a switch link goes down
D. After spanning tree converges PortFast shuts down any port that receives BPDUs.
Answer: A
Enabling the PortFast feature causes a switch or a trunk port to enter the STP forwarding-state immediately or upon a linkup event, thus bypassing the listening and learning states. Note: To enable portfast on a trunk port you need the trunk keyword “spanning-tree portfast trunk”.
QUESTION 26: When configuring a WLAN with WPA2 PSK in the Cisco Wireless LAN Controller GUI, which two formats are available to select? (Choose two)
A. ASCII
B. base64
C. binary
D. decimal
E. hexadecimal
Answer: AE
When configuring a WLAN with WPA2 Preshared Key (PSK), we can choose the encryption key format as either ASCII or HEX. Reference: https://www.cisco.com/c/en/us/td/docs/wireless/controller/9800/configguide/b_wl_16_10_cg/ multi-preshared-key.pdf
QUESTION 27: Two switches are connected and using Cisco Dynamic Trunking Protocol SW1 is set to Dynamic Desirable What is the result of this configuration?
A. The link is in a downstate.
B. The link is in an error disables state
C. The link is becomes an access port.
D. The link becomes a trunkport.
Answer: D
QUESTION 28: When configuring IPv6 on an interface, which two IPv6 multicast groups are joined? (Choose two)
A. 2000::/3
B. 2002::5
C. FC00::/7
D. FF02::1
E. FF02::2
Answer: DE
When an interface is configured with IPv6 address, it automatically joins the all nodes (FF02::1) and solicited-node (FF02::1:FFxx:xxxx) multicast groups. The all node group is used to communicate with all interfaces on the local link, and the solicited-nodes multicast group is required for link-layer address resolution. Routers also join a third multicast group, the all-routers group (FF02::2).
QUESTION 29: Which MAC address is recognized as a VRRP virtual address?
A. 0000.5E00.010a
B. 0005.3711.0975
C. 0000.0C07.AC99
D. 0007.C070/AB01
Answer: A
With VRRP, the virtual router’s MAC address is 0000.5E00.01xx , in which xx is the VRRP group.
QUESTION 30: Which way does a spine and-leaf architecture allow for scalability in a network when additional access ports are required?
A. A spine switch and a leaf switch can be added with redundant connections between them
B. A spine switch can be added with at least 40 GB uplinks
C. A leaf switch can be added with a single connection to a core spine switch.
D. A leaf switch can be added with connections to every spine switch
Answer: D
- Spine-leaf architecture is typically deployed as two layers: spines (such as an aggregation layer), and leaves (such as an access layer). Spine-leaf topologies provide high-bandwidth, low-latency, nonblocking server-to-server connectivity.
- Leaf (aggregation) switches are what provide devices access to the fabric (the network of spine and leaf switches) and are typically deployed at the top of the rack. Generally, devices connect to the leaf switches. Devices can include servers, Layer 4-7 services (firewalls and load balancers), and WAN or Internet routers. Leaf switches do not connect to other leaf switches. In spine-and-leaf architecture, every leaf should connect to every spine in a full mesh.
- Spine (aggregation) switches are used to connect to all leaf switches and are typically deployed at the end or middle of the row. Spine switches do not connect to other spine switches.
QUESTION 31: Which type of wireless encryption is used for WPA2 in pre-shared key mode?
A. TKIP with RC4
B. RC4
C. AES-128
D. AES-256
Answer: D
We can see in this picture we have to type 64 hexadecimal characters (256 bit) for the WPA2 passphrase so we can deduce the encryption is AES-256, not AES-128. Reference: https://www.cisco.com/c/en/us/support/docs/wireless-mobility/wireless-lanwlan/67134-wpa2-config.html.
QUESTION 32: What makes Cisco DNA Center different from traditional network management applications and their management of networks?
A. It only supports auto-discovery of network elements in a green field deployment.
B. It modular design allows someone to implement different versions to meet the specific needs of an organization
C. It abstracts policy from the actual device configuration
D. It does not support high availability of management functions when operating in cluster mode
Answer: C
QUESTION 33: Which two actions are performed by the Weighted Random Early Detection mechanism? (Choose two)
A. It drops lower-priority packets before it drops higher-priority packets
B. It can identify different flows with a high level of granularity
C. It guarantees the delivery of high-priority packets
D. It can mitigate congestion by preventing the queue from filling up
E. IT supports protocol discovery
Answer: AD
QUESTION 34: A network engineer must back up 20 network router configurations globally within a customer environment. Which protocol allows the engineer to perform this function using the Cisco IOS MIB?
A. CDP
B. SNMP
C. SMTP
D. ARP
Answer: B
SNMP is an application-layer protocol that provides a message format for communication between SNMP managers and agents. SNMP provides a standardized framework and a common language used for the monitoring and management of devices in a network. The SNMP framework has three parts:
- An SNMP manager
- An SNMP agent
- The Management Information Base (MIB): is a virtual information storage area for network management information, which consists of collections of managed objects. With SNMP, the network administrator can send commands to multiple routers to do the backup.
QUESTION 35: Refer to the exhibit. An engineer is bringing up a new circuit to the MPLS provider on the Gi0/1 interface of Router1. The new circuit uses eBGP and teams the route to VLAN25 from the BGP path. What is the expected behavior for the traffic flow for route 10.10.13.0/25?
A. Traffic to 10.10.13.0.25 is load balanced out of multiple interfaces
B. Route 10.10.13.0/25 is updated in the routing table as being learned from interface Gi0/1.
C. Traffic to 10.10.13.0/25 is a symmetrical
D. Route 10.10.13.0/25 learned via the GiO/0 interface remains in the routing table
Answer: B
You need to assume that the routing table listed is before the change. And that the eBGP route will be the installed route after the change due to lower AD. The new eBGP route will be added to the routing table. eBGP has an administrative distance of 20 while OSPF has an administrative distance of 110. The new route will be preferred for sending traffic to 10.10.13.0/25. The existing OSPF route will turn into a floating route and not appear in the routing table.
QUESTION 36: Which action is taken by a switch port enabled for PoE power classification override?
A. When a powered device begins drawing power from a PoE switch port a syslog message is generated
B. As power usage on a PoE switch port is checked data flow to the connected device is temporarily paused
C. If a switch determines that a device is using less than the minimum configured power it assumes the device has failed and disconnects
D. If a monitored port exceeds the maximum administrative value for power, the port is shutdown and err-disabled
Answer: D
PoE monitoring and policing compares the power consumption on ports with the administrative maximum value (either a configured maximum value or the port’s default value). If the power consumption on a monitored port exceeds the administrative maximum value, the following actions occur:
- A syslog message is issued.
- The monitored port is shut down and error-disabled.
- The allocated power is freed.
QUESTION 37: Refer to the exhibit. Which type of route does R1 use to reach host 10.10.13.10/32?
A. floating static route
B. host route
C. default route
D. network route
Answer: D
From the output, we see R1 will use the entry “O 10.10.13.0/25 [110/4576] via 10.10.10.1, …” to reach host 10.10.13.10. This is a network route. Note: “B* 0.0.0.0/0 …” is a default route.
QUESTION 38: Which mode must be used to configure EtherChannel between two switches without using a negotiation protocol?
A. on
B. auto
C. active
D. desirable
Answer: A
The Static Persistence (or “on” mode) bundles the links unconditionally and no negotiation protocol is used. In this mode, neither PAgP nor LACP packets are sent or received.
QUESTION 39: An engineer configured an OSPF neighbor as a designated router. Which state verifies the designated router is in the proper mode?
A. Exchange
B. 2-way
C. Full
D. Init
Answer: C
QUESTION 40: Which configuration is needed to generate an RSA key for SSH on a router?
A. Configure the version of SSH
B. Configure VTY access.
C. Create a user with a password.
D. Assign a DNS domain name
Answer: D
In order to generate an RSA key for SSH, we need to configure the hostname and a DNS domain name on the router (a username and password is also required). Therefore in fact both answer C and answer D are correct.