Cisco CCNA 200-301 Questions & Answers

• Question 1241:

  Which command prevents passwords from being stored in the configuration as plain text on a router or switch?

  A. enable secret

  B. enable password

  C. service password-encryption

  D. username cisco password encrypt

  Correct Answer: C

  Enable secret only encrypts the password used to enter privileged exec mode. Other passwords like line vty 0 4 password etc will have their passwords visible in the running configuration.

• Question 1242:

  Refer to the exhibit.

  

  A network engineer must block access for all computers on VLAN 20 to the web server via HTTP All other computers must be able to access the web server.

  

  Which configuration when applied to switch A accomplishes this task?

  A. Option A

  B. Option B

  C. Option C

  D. Option D

  Correct Answer: B

• Question 1243:

  Refer to the exhibit.

  

  What is the effect of this configuration?

  A. The switch port remains administratively down until the interface is connected to another switch.

  B. Dynamic ARP Inspection is disabled because the ARP ACL is missing.

  C. The switch port interface trust state becomes untrusted.

  D. The switch port remains down until it is configured to trust or untrust incoming packets.

  Correct Answer: C

  Dynamic ARP inspection (DAI) is a security feature that validates ARP packets in a network. It intercepts, logs, and discards ARP packets with invalid IP-to-MAC address bindings. This capability protects the network from certain man-in-themiddle attacks. After enabling DAI, all ports become untrusted ports.

• Question 1244:

  Which command enables a router to become a DHCP client?

  A. ip address dhcp

  B. ip dhcp client

  C. ip helper-address

  D. ip dhcp pool

  Correct Answer: A

  Reference: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipaddr_dhcp/configuration/12-4/dhcp-12-4-book/config-dhcp-client.html If we want to get an IP address from the DHCP server on a Cisco device, we can use the command “ip address dhcp”.

• Question 1245:

  A network engineer must back up 20 network router configurations globally within a customer environment. Which protocol allows the engineer to perform this function using the Cisco IOS MIB?

  A. ARP

  B. SNMP

  C. SMTP

  D. CDP

  Correct Answer: B

  SNMP is an application-layer protocol that provides a message format for communication between SNMP managers and agents. SNMP provides a standardized framework and a common language used for the monitoring and management

  of devices in a network.

  The SNMP framework has three parts:

  1.

  An SNMP manager

  2.

  An SNMP agent

  3.

  A Management Information Base (MIB)

  The Management Information Base (MIB) is a virtual information storage area for network management information, which consists of collections of managed objects.

  With SNMP, the network administrator can send commands to multiple routers to do the backup.

• Question 1246:

  Which two tasks must be performed to configure NTP to a trusted server in client mode on a single network device? (Choose two.)

  A. Enable NTP authentication.

  B. Verify the time zone.

  C. Specify the IP address of the NTP server.

  D. Set the NTP server private key.

  E. Disable NTP broadcasts.

  Correct Answer: AC

  To configure authentication, perform this task in privileged mode:

  Step 1: Configure an authentication key pair for NTP and specify whether the key will be trusted or untrusted.

  Step 2: Set the IP address of the NTP server and the public key.

  Step 3: Enable NTP client mode.

  Step 4: Enable NTP authentication.

  Step 5: Verify the NTP configuration.

  Reference: https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst4000/8-2glx/configuration/guide/ntp.html

• Question 1247:

  Which two actions are performed by the Weighted Random Early Detection mechanism? (Choose two.)

  A. It supports protocol discovery.

  B. It guarantees the delivery of high-priority packets.

  C. It can identify different flows with a high level of granularity.

  D. It can mitigate congestion by preventing the queue from filling up.

  E. It drops lower-priority packets before it drops higher-priority packets.

  Correct Answer: DE

  Weighted Random Early Detection (WRED) is just a congestion avoidance mechanism. WRED drops packets selectively based on IP precedence. Edge routers assign IP precedences to packets as they enter the network. When a packet arrives, the following events occur:

  1.

  The average queue size is calculated.

  2.

  If the average is less than the minimum queue threshold, the arriving packet is queued.

  3.

  If the average is between the minimum queue threshold for that type of traffic and the maximum threshold for the interface, the packet is either dropped or queued, depending on the packet drop probability for that type of traffic.

  4.

  If the average queue size is greater than the maximum threshold, the packet is dropped.

  WRED reduces the chances of tail drop (when the queue is full, the packet is dropped) by selectively dropping packets when the output interface begins to show signs of congestion (thus it can mitigate congestion by preventing the queue from filling up). By dropping some packets early rather than waiting until the queue is full, WRED avoids dropping large numbers of packets at once and minimizes the chances of global synchronization. Thus, WRED allows the transmission line to be used fully at all times.

  WRED generally drops packets selectively based on IP precedence. Packets with a higher IP precedence are less likely to be dropped than packets with a lower precedence. Thus, the higher the priority of a packet, the higher the probability that the packet will be delivered

  Reference: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/qos_conavd/configuration/15-mt/qos-conavd-15-mt-book/qos-conavd-cfg-wred.html

• Question 1248:

  If a notice-level messaging is sent to a syslog server, which event has occurred?

  A. A network device has restarted.

  B. A debug operation is running.

  C. A routing instance has flapped.

  D. An ARP inspection has failed.

  Correct Answer: C

  Routing instance refers to the OSPF process, as in EIGRP or BGP they use Autonomous System (AS), which are similar to OSPF areas.

  Below, a deliberate failure was created in the OSPF adjacency with hello mishmash, with this we can see that we received logging messages level 5 Notice, referring to the failure in the routing instance of Process 10.

  R3(config-if)#ip ospf hello-interval 20

  %OSPF-5-ADJCHG: Process 10, Nbr 10.23.0.2 on GigabitEthernet0/1 from FULL to DOWN, Neighbor Down: Dead timer expired.

  %OSPF-5-ADJCHG: Process 10, Nbr 10.23.0.2 on GigabitEthernet0/1 from FULL to DOWN, Neighbor Down: Interface down or detached.

• Question 1249:

  Refer to the exhibit.

  

  An engineer configured NAT translations and has verified that the configuration is correct.

  Which IP address is the source IP?

  A. 10.4.4.4

  B. 10.4.4.5

  C. 172.23.103.10

  D. 172.23.104.4

  Correct Answer: D

  The packet starts off with address 10.4.4.5 (Inside Local). It gets translated to 172.23.104.4 (Inside Global).

  It's destination is 172.23.103.10 (Outside Global). It may get natted at the destination, but to the source NAT Engine it is still 172.23.103.10.

• Question 1250:

  Refer to the exhibit.

  

  If configuring a static default route on the router with the ip route 0.0.0.0 0.0.0.0 10.13.0.1 120 command, how does the router respond?

  A. It starts sending traffic without a specific matching entry in the routing table to GigabitEthernet0/1.

  B. It immediately replaces the existing OSPF route in the routing table with the newly configured static route.

  C. It starts load-balancing traffic between the two default routes.

  D. It ignores the new static route until the existing OSPF default route is removed.

  Correct Answer: D

  Our new static default route has the Administrative Distance (AD) of 120, which is bigger than the AD of OSPF External route (O*E2) so it will not be pushed into the routing table until the current OSPF External route is removed.

  For your information, if you don't type the AD of 120 (using the command “ip route 0.0.0.0 0.0.0.0 10.13.0.1”) then the new static default route would replace the OSPF default route as the default AD of static route is 1. You will see such line in the routing table: S* 0.0.0.0/0 [1/0] via 10.13.0.1