Cisco CCNA 200-301 Questions & Answers

• Question 1221:

  What are two southbound APIs? (Choose two.)

  A. Thrift

  B. DSC

  C. CORBA

  D. NETCONF

  E. OpenFlow

  Correct Answer: DE

  OpenFlow is a well-known southbound API. OpenFlow defines the way the SDN Controller should interact with the forwarding plane to make adjustments to the network, so it can better adapt to changing business requirements.

  The Network Configuration Protocol (NetConf) uses Extensible Markup Language (XML) to install, manipulate and delete configuration to network devices.

  Other southbound APIs are:

  1.

  onePK: a Cisco proprietary SBI to inspect or modify the network element configuration without hardware upgrades.

  2.

  OpFlex: an open-standard, distributed control system. It send “summary policy” to network elements.

• Question 1222:

  What makes Cisco DNA Center different from traditional network management applications and their management of networks?

  A. Its modular design allows someone to implement different versions to meet the specific needs of an organization.

  B. It only supports auto-discovery of network elements in a greenfield deployment.

  C. It does not support high availability of management functions when operating in cluster mode.

  D. It abstracts policy from the actual device configuration.

  Correct Answer: D

  The primary characteristic and difference is still the separation of control and data plane:

  How is the policy abstract or abstracted from the device configuration?

  -It is separated from the device configuration. It is implemented on a higher, centralized level.

  -It is configured (mostly) in a GUI, which is a different way of interfacing than on the devices themselves.

  A is aiming more for qualities like for example scalability. And the way the sentence is worded would imply that traditional networking is not scalable (or very limited) to the needs of an organization.

• Question 1223:

  What are two benefits of network automation? (Choose two.)

  A. reduced hardware footprint

  B. reduced operational costs

  C. faster changes with more reliable results

  D. fewer network failures

  E. increased network security

  Correct Answer: BC

  https://www.cisco.com/c/en/us/solutions/collateral/executive-perspectives/network-automation-strategy-wp.html#BenefitsofNetworkAutomation

  Security is a higher level of automation and falls under "security automation" and a ssuch is not one of the primary benefits of network automation. Faster, cheaper and more reliable deployment are your first candidates.

• Question 1224:

  Which two encoding methods are supported by REST APIs? (Choose two.)

  A. SGML

  B. YAML

  C. XML

  D. JSON

  E. EBCDIC

  Correct Answer: CD

  The Application Policy Infrastructure Controller (APIC) REST API is a programmatic interface that uses REST architecture. The API accepts and returns HTTP (not enabled by default) or HTTPS messages that contain JavaScript Object Notation (JSON) or Extensible Markup Language (XML) documents.

  Reference: https://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus1000/sw/5_x/rest_api_config/b_Cisco_N1KV_VMware_REST_API_Config_5x/b_Cisco_N1KV_VMware_REST_API_Config_5x_chapter_010.pdf

• Question 1225:

  What are two characteristics of a controller-based network? (Choose two.)

  A. It uses Telnet to report system issues.

  B. The administrator can make configuration updates from the CLI.

  C. It uses northbound and southbound APIs to communicate between architectural layers.

  D. It decentralizes the control plane, which allows each device to make its own forwarding decisions.

  E. It moves the control plane to a central point.

  Correct Answer: CE

• Question 1226:

  Which output displays a JSON data representation?

  

  A. Option A

  B. Option B

  C. Option C

  D. Option D

  Correct Answer: C

  JSON data is written as name/value pairs.

  A name/value pair consists of a field name (in double quotes), followed by a colon, followed by a value:

  “name”:”Mark”

  JSON can use arrays. Array values must be of type string, number, object, array, boolean or null. For example:

  {

  “name”:”John”,

  “age”:30,

  “cars”:[ “Ford”, “BMW”, “Fiat” ]

  }

  JSON can have empty object like “taskId”:{}

• Question 1227:

  What is an enhancement implemented in WPA3?

  A. applies 802.1x authentication and AES-128 encryption

  B. employs PKI and RADIUS to identify access points

  C. uses TKIP and per-packet keying

  D. defends against deauthentication and disassociation attacks

  Correct Answer: D

  Additionally, WPA3 personal and enterprise connections requires PMF (Protected Management Frame) negotiation mandatorily. PMF provides an additional layer of protection from de-authentication and disassociation attacks.

• Question 1228:

  Which two capabilities of Cisco DNA Center make it more extensible? (Choose two.)

  A. REST APIs that allow for external applications to interact natively with Cisco DNA Center

  B. adapters that support all families of Cisco IOS Software

  C. SDKs that support interaction with third-party network equipment

  D. modular design that is upgradable as needed

  E. customized versions for small, medium, and large enterprises

  Correct Answer: AC

  Cisco DNA Center offers 360-degree extensibility through four distinct types of platform capabilities:

  1.

  Intent-based APIs leverage the controller and enable business and IT applications to deliver intent to the network and to reap network analytics and insights for IT and business innovation.

  2.

  Process adapters, built on integration APIs, allow integration with other IT and network systems to streamline IT operations and processes.

  3.

  Domain adapters, built on integration APIs, allow integration with other infrastructure domains such as data center, WAN, and security to deliver a consistent intent-based infrastructure across the entire IT environment.

  4.

  SDKs allow management to be extended to third-party vendor's network devices to offer support for diverse environments.

  Reference: https://www.cisco.com/c/en/us/products/collateral/cloud-systems-management/dna-center/nb-06-dna-cent-platf-aag-cte-en.html

• Question 1229:

  An engineer must configure a WLAN using the strongest encryption type for WPA2-PSK. Which cipher fulfills the configuration requirement?

  A. WEP

  B. AES

  C. RC4

  D. TKIP

  Correct Answer: B

  Many routers provide WPA2-PSK (TKIP), WPA2-PSK (AES), and WPA2-PSK (TKIP/AES) as options. TKIP is actually an older encryption protocol introduced with WPA to replace the very-insecure WEP encryption at the time. TKIP is actually quite similar to WEP encryption. TKIP is no longer considered secure, and is now deprecated. In other words, you shouldn't be using it.

  AES is a more secure encryption protocol introduced with WPA2 and it is currently the strongest encryption type for WPA2-PSK.

• Question 1230:

  Which feature on the Cisco Wireless LAN Controller when enabled restricts management access from specific networks?

  A. TACACS

  B. CPU ACL

  C. Flex ACL

  D. RADIUS

  Correct Answer: B

  Whenever you want to control which devices can talk to the main CPU, a CPU ACL is used.

  Note: CPU ACLs only filter traffic towards the CPU, and not any traffic exiting or generated by the CPU.

  Reference: https://www.cisco.com/c/en/us/support/docs/wireless-mobility/wlan-security/71978-acl-wlc.html