CCNA exam Flashcards
Which of the following DTP modes actively negotiates a trunk connection with a neighboring
interface?
A.
desirable
B.
off
C.
auto
D.
on
Answer: A
Explanation:
Dynamic Trunking Protocol (DTP) desirable mode actively negotiates a trunk connection with a
neighboring interface. There are two dynamic modes of operation for a switch port:
You want to create a user account named oson with the password eX$1mM©x on a router. The
password should be converted to an MD5 hash and stored on the router.
Which of the following commands should you issue on the router?
A.
username oson secret 5 eX$1mM@x
B.
username oson secret eX$1mM@x
C.
username oson eX$1mM@x
D.
username oson password eX$1mM@x
Answer: B
Explanation:
To create a user account named oson with a Message Digest 5 (MD5)-hashed password of
eX$1mM©x, you should issue the username oson secret eX$1mM@x command on the router.
The username command creates a new user and adds the user to the local user database on a
router. The local user database on a router contains a list of users that have been added to the
router; these users can access the router. When using the username command to create a new
user on a router, you can configure the user’s password to be stored as plain text or as an MD5
hash. To configure a user name with a plain-text password, you should use the username username password password command. Using the secret keyword instead of the password
keyword ensures that the password is stored as an MD5 hash. Thus the command username
oson secret eX$1mM@x creates a user named oson and stores the password as an MD5 hash
value. In the output of the show running-config command, the hash value of the password rather
than the actual password would be displayed, similar to the following:
Which of the following combinations represents a single-factor authentication method?
A.
a password and a PIN
B.
a smart card, a password, and a PIN
C.
a password, a fingerprint, and a smart card
D.
a fingerprint, a retina scan, and a password
Answer: A
Explanation:
Of the available options, the combination of a password and a personal identification number (PIN)
represents a single-factor authentication method. A single-factor authentication method refers to
the use of only one of the three common methods to verify a user’s identity. The three
authentication factors are something you know, something you have, and something you are. A
password and a PIN are knowledge factor access control methods, which are pieces of
information that you know. Because a password and a PIN are both something you know, when
the two are used in combination with each other they represent a single-factor authentication
method.
Two-factor, or dual-factor, authentication refers to th
Which of the following APIs are typically used to enable communication between an SDN
controller and the application plane? (Choose two.)
A.
OpenFlow
B.
OnePK
C.
OpFlex
D.
OSGi
E.
NETCONF
F.
REST
Answer: D,F
Explanation:
Of the available choices, only Representational State Transfer (REST) and Java Open Services
Gateway initiative (OSGi) are the Application Programming Interfaces (APIs) typically used to
enable communication between a Software-Defined Networking (SDN) controller and the
application plane. SDN is an intelligent network architecture in which a software controller
Cisco 200-301 Exam
“Pass Any Exam. Any Time.” - www.actualtests.com 9
assumes the control plane functionality for all network devices. A northbound API, which is
sometimes called a northbound interface (NBI), enables an SDN controller to communicate with
applications in the application plane.
REST is a northbound API architecture that uses Hypertext Transfer Protocol (HTTP) or HTTP
Secure (HTTPS) to enable external resources to access and make use of programmatic methods
that are exposed by the API. REST APIs typically return data in either Extensible Markup
Language (XML) or JavaScript Object Notation (JSON) format.
OSGi is a Java-based northbound API framework that is intended to enable the development of
modular programs. OSGi also allows the use of the Python programming language as a means of
extended controller functions. For transport, OSGi deployments often rely on HTTP.
A southbound API, which is sometimes called a southbound interface (SBI), enables an SDN
controller to communicate with devices on the network data plane. NETCONF, OnePK, OpenFlow,
and OpFlex are all examples of southbound APIs.
NETCONF uses Extensible Markup Language (XML) and Remote Procedure Calls (RPCs) to
configure network devices. XML is used for both data encoding and protocol messages.
NETCONF typically relies on Secure Shell (SSH) for transport.
OpFlex uses a declarative SDN model in which the instructions that are sent to the controller are
not so detailed. The controller allows the devices in the data plane to make more network
decisions about how to implement the policy.
OpenFlow uses an imperative SDN model in which detailed instructions are sent to the SDN
controller when a new policy is to be configured. The SDN controller manages both the network
and the policies applied to the devices.
The OnePK API is a Cisco-proprietary API. It uses Java, C, or Python to configure network
devices. It can use either Secure Sockets Layer (SSL) or Transport Layer Security (TLS) to
encrypt data in transit.
Reference: https://www.cisco.com/c/en/us/td/do
You are configuring security on a new WLAN by using the WLC GUI.
Which of the following security settings are you most likely to configure by using the Layer 3
Security drop-down list box on the Layer 3 tab?
A.
VPN Pass-Through
B.
Web Passthrough
C.
WPA+WPA2
D.
Web Authentication
Answer: A
Explanation:
When you are configuring a new wireless local area network (WLAN), you are most likely to
configure the VPN Pass-Through setting by using the Layer 3 Security drop-down list box on the
Layer 3 tab of the Cisco Wireless LAN Controller (WLC) graphical user interface (GUI). There are
two types of WLANs that you can configure by using the WLC GUI: a WLAN and a Guest LAN.
The VPN Pass-Through setting is only available when you are configuring a WLAN.
When you configure a new WLAN by using the WLC GUI, you can configure security settings by
clicking the new WLAN’s Security tab. By default, the Layer 2 tab is selected when you click the
Security tab. However, it is not possible to configure Layer 2 security on a Guest LAN.
On the Layer 2 tab of the Security tab, you can select one of the following Layer 2 wireless
security features from the Layer 2 Security drop-down list box:
* None, which disables Layer 2 security and allows open authentication to the WLAN
Cisco 200-301 Exam
“Pass Any Exam. Any Time.” - www.actualtests.com 11
* WPA+WPA2, which enables Layer 2 security by using Wi-Fi Protected Access (WPA) or the
more secure WPA2
* 802.1X, which enables Layer 2 security by using Extensible Authentication Protocol (EAP)
authentication combined with a dynamic Wired Equivalent Privacy (WEP) key
* Static WEP, which enables Layer 2 security by using a static shared WEP key
* Static WEP + 802.1X, which enables Layer 2 security by using either a static shared WEP key or
EAP authentication
* CKIP, which enables Layer 2 security by using the Cisco Key Integrity Protocol (CKIP)
* None + EAP Passthrough, which enables Layer 2 security by using open authentication
combined with remote EAP authentication
There are two different sets of Layer 3 security features that you can configure on a Cisco WLC:
one set for a WLAN and one set for a Guest LAN. Depending on which type of WLAN you create
and which Layer 2 security options you have selected, you can select one of the following Layer 3
wireless security features from the Layer 3 Security drop-down list box on the Layer 3 tab of the
Security tab in the WLC GUI:
* None, which disables Layer 3 security no matter which Layer 2 security option is configured and
regardless of whether you are configuring
* IPSec, which enables Layer 3 security for WLANs by using Internet Protocol Security (IPSec)
* VPN Pass-Through, which enables Layer 3 security for WLANs by allowing a client to establish a
connection with a specific virtual private
* Web Authentication, which enables Layer 3 security for Guest LANs by prompting for a user
name and password when a client connects
* Web Passthrough, which enables direct access to the network for Guest LANs without prompting
for a user name and password
Not every Layer 3 security mechanism is compatible with every Layer 2 security mechanism. It is
therefore important to first configure Layer 2 security options before you attempt to configure Layer
3 security options.
QUESTION NO: 8
You issue the ip ospf network non-broadcast command on an interface.
Which of the following statements is correct regarding how OSPF operates on the interface?
A.
Multicast updates are sent.
B.
DR and BDR elections are not performed.
C.
The Hello timer is set to 10 seconds, and the dead timer is set to 40 seconds.
D.
The neighbor command is required to establish adjacencies.
Answer: D
Explanation:
The neighbor command is required to establish adjacencies on Open Shortest Path First (OSPF)
nonbroadcast networks. There are five OSPF network types:
* Broadcast
* Nonbroadcast
* Point-to-point
* Point-to-multipoint broadcast
* Point-to-multipoint nonbroadcast
Nonbroadcast and point-to-multipoint nonbroadcast networks do not allow multicast packets. To
configure OSPF to send unicast updates, you must configure neighbor routers with the neighbor
command. Broadcast, point-to-point, and point-to-multipoint broadcast networks allow multicast
packets, so manual configuration of neighbor routers with the neighbor command is not required.
On broadcast networks, designated router (DR) and backup designated router (BDR) elections are
performed. By default, the Hello timer is set to 10 seconds and the dead timer is set to 40
seconds. To configure an OSPF broadcast network, you should issue the ip ospf network
broadcast command. The OSPF broadcast network type is enabled by default on Fiber
Cisco 200-301 Exam
“Pass Any Exam. Any Time.” - www.actualtests.com 13
Distributed Data Interface (FDDI) and Ethernet interfaces, including Fast Ethernet and Gigabit
Ethernet interfaces.
On nonbroadcast networks, DR and BDR elections are performed. By default, the Hello timer is
set to 30 seconds and the dead timer is set to 120 seconds. To configure an OSPF nonbroadcast
network, which is also called a nonbroadcast multiaccess (NBMA) network, you should issue the
ip ospf network non-broadcast command.
On point-to-point networks, DR and BDR elections are not performed. By default, the Hello timer is
set to 10 seconds and the dead timer is set to 40 seconds. To configure an OSPF point-to-point
network, you should issue the ip ospf network point-to-point command. The OSPF point-topoint network type is enabled by default on High-Level Data Link Control (HDLC) and Point-toPoint Protocol (PPP) serial interfaces.
OSPF point-to-multipoint broadcast networks operate just like OSPF point-to-point networks
except the Hello timer is set to 30 seconds and the dead timer is set to 120 seconds by default. To
configure an OSPF point-to-multipoint broadcast network, you should issue the ip ospf network
point-to-multipoint command.
OSPF point-to-multipoint nonbroadcast networks operate just like OSPF point-to-multipoint
broadcast networks except that multicasts cannot be sent; therefore, manual configuration of
neighbor routers with the neighbor command is required so that OSPF sends unicast updates. To
configure an OSPF point-to-multipoint nonbroadcast network, you should issue the ip ospf
network point-to-multipoint non-broadcast command
An administrator has generated the following MD5 hash from a plain-text password:
$1$cf6N$Ugo.y0CXMLffTfQtyO/Xt.
Cisco 200-301 Exam
“Pass Any Exam. Any Time.” - www.actualtests.com 16
Answer: D
Explanation:
The administrator should issue the enable secret 5 $1$cf6N$Ugo.y0CXMLffTfQtyO/Xt.
command to configure the Message Digest 5 (MD5) hash generated from a plain-text password so
that it will be used to access enable mode on a Cisco router in this scenario. The no service
password-encryption command has been issued in this scenario. This command disables the
automatic encryption of new passwords when they are created by an administrator. If the service
password-encryption command had been issued in this scenario, all current and future
passwords in the running configuration would be encrypted automatically. Thus, of the available
choices, the enable secret 5 $1$cf6N$Ugo.y0CXMLffTfQtyO/Xt. command is the only option in
this scenario that enables the administrator to store a previously encrypted password that allows
access to enable mode on a Cisco router.
In some Cisco IOS versions prior to 15.3(3), the enable secret command by default stores an
encrypted password in the device’s configuration file by using a Secure Hash Algorithm (SHA)
256-bit hash. As of Cisco IOS 15.3(3), Type 4 passwords have been deprecated because of a
security flaw in their implementation. The syntax for the enable secret command is enable secret
[level level] {password | [encryption-type] encrypted-password}, where password is a string of
characters that represents the clear-text password. Instead of supplying a clear-text password,
you can specify an encryption-type value of 0, 4, or 5 and an encrypted-password value of either a
clear-text password, a SHA-256 hash, or an MD5 hash, respectively. Supplying a hash value
requires that you have previously encrypted the value by using a hashing algorithm in the same
fashion that IOS uses the algorithm. This command configures a password that is required in order
to place the device into enable mode, which is also known as privileged EXEC mode. The device
must, at a minimum, be placed into enable mode for the user to be able to display the running
Cisco 200-301 Exam
“Pass Any Exam. Any Time.” - www.actualtests.com 17
configuration.
The administrator should not issue the enable secret 0 $1$cf6N$Ugo.y0CXMLffTfQtyO/Xt.
command in this scenario. Specifying an encryption-type value of 0 when you issue the enable
secret command indicates that the string following the command is in clear-text format, not
encrypted format. Because the router assumes the string is a clear-text password and the length
of the hash is greater than 25 characters, issuing the enable secret 0
$1$cf6N$Ugo.y0CXMLffTfQtyO/Xt. command would cause the router to generate an error similar
to the following:
% Invalid Password length - must contain 1 to 25 characters. Password configuration failed
If the already encrypted 1$cf6N$Ugo.y0CXMLffTfQtyO/Xt. string was shorter than 25 characters,
the command would encrypt that string and require anyone who is attempting to access enable
mode to issue 1$cf6N$Ugo.y0CXMLffTfQtyO/Xt. as the password instead of the original
unencrypted value that the MD5 hash 1$cf6N$Ugo.y0CXMLffTfQtyO/Xt. represents.
The administrator should not issue the enable password 5 $1$cf6N$Ugo.y0CXMLffTfQtyO/Xt.
command in this scenario. You can issue the enable password command to create a password
that must be used to gain access to enable mode. The syntax of the enable password command
is enable password [level level] {password | [encryption-type] encrypted-password}. The enable
password command supports the encryption-type values of 0 and 7, not 5. The encryption-level
value of 0 indicates that a clear-text password of 1 to 25 characters will follow. The MD5 hash in
this scenario is longer than 25 characters. An encryption-level value of 7 indicates that a hidden
password consisting of a Cisco-proprietary form of encryption will follow. Issuing the enable
password 5 $1$cf6N$Ugo.y0CXMLffTfQtyO/Xt. command would result in the following error:
You issue the following commands on SwitchA:
SwitchA(config)#interface port-channel 1
SwitchA(config-if)#interface range fastethernet 0/5 - 6
SwitchA(config-if-range)#channel-protocol lacp
SwitchA(config-if-range)#channel-group 1 mode on
You then issue the following commands on SwitchB:
SwitchB(config)#interface port-channel 1
SwitchB(config-if)#interface range fastethernet 0/5 - 6
SwitchB(config-if-range)#channel-protocol pagp
SwitchB(config-if-range)#channel-group 1 mode on
Which of the following statements is true about the resulting EtherChannel link between SwitchA
and SwitchB?
A.
No link is formed.
B.
A link is formed using LACP because it was configured first and has priority.
C.
A link is formed without an aggregation protocol.
D.
A link is formed using PAgP because it was configured last and has priority
Answer: A
Explanation:
An EtherChannel link is not formed in this scenario. EtherChannel is used to bundle two or more
identical, physical interfaces into a single logical link between switches. An EtherChannel can be
permanently established between switches, or it can be negotiated by using one of two
aggregation protocols: the Cisco-proprietary Port Aggregation Protocol (PAgP) or the openstandard Institute of Electrical and Electronics Engineers (IEEE) 802.3ad protocol, which is also
known as Link Aggregation Control Protocol (LACP). An EtherChannel can have up to eight active
switch ports in the bundle that forms the logical link between switches. Every switch port in the
bundle, which is also referred to as a channel group, must be configured with the same speed and
duplex settings.
To configure a switch port to use an aggregation protocol, you should use the channel-protocol {
lacp | pagp} command. The EtherChannel aggregation protocol must match on each switch, or
they will be unable to dynamically establish an EtherChannel link between them. In addition, if a
channel protocol is explicitly configured, each local switch port in the EtherChannel bundle must
be configured to operate in a mode that is compatible with the channel protocol or the switch will
display an error message and refuse to bundle the offending interface. In this scenario, the
channel protocol command on SwitchA specifies that LACP should be used to dynamically
establish an EtherChannel; however, the channel-group command attempts to configure an
incompatible operating mode. Because the channel-group command cannot override the
configuration specified by the channel-protocol command, the channel-group command issued
on SwitchA will produce an error message similar to the following sample output:
Command rejected (Channel protocol mismatch for interface Fa0/5 in group 1): the interface can
not be added to the channel group
% Range command terminated because it failed on FastEthernet0/5
To configure a switch port to be a member of a particular channel group, you should issue the
channel-group number mode {on | active | passive | {auto | desirable} [non-silent]} command.
This command uses a number parameter to specify a particular channel group; the number value
should correspond to the PortChannel interface being configured. The supported values for the
number parameter vary depending on hardware platform and IOS revision.
The following table displays the channel-group configurations that will establish an EtherChannel:
You are connecting two Catalyst 6500 switches with fiber-optic cable. When you boot SwitchA,
you receive a SYS-3-TRANSCEIVER_NOTAPPROVED error.
Which of the following is most likely the cause of the problem?
A.
There is a physical problem with the fiber cable.
B.
You have installed the SFP module upside down.
Cisco 200-301 Exam
“Pass Any Exam. Any Time.” - www.actualtests.com 23
C.
You have connected a cable to an incorrect port.
D.
You have installed a third-party SFP module.
Answer: D
Explanation:
You have most likely installed a third-party Small Form-Factor Pluggable (SFP) transceiver
module in SwitchA if you receive a SYS-3-TRANSCEIVER_NOTAPPROVED error when you boot
SwitchA. An SFP module is a hot-pluggable device that enables a switch, router, or other device to
accept connections from Fibre Channel (FC) or Gigabit Ethernet cables. Cisco devices do not
support the use of third-party SFP modules.
An SFP module that is installed in a Cisco device stores identifying information, such as the
module serial number, vendor name, and security code. When a switch detects the insertion of an
SFP module, the switch software attempts to read the identifying information stored on the SFP
module. If the information is not valid or not present, the switch software will report the SYS-3-
TRANSCEIVER_NOTAPPROVED error.
The switch would not report a SYS-3-TRANSCEIVER_NOTAPPROVED error if you had
connected a cable to an incorrect port. If you connected a cable to the wrong SFP module port,
you would most likely notice that the ports on the switches are up, but the line protocol is down.
The switch would not report a SYS-3-TRANSCEIVER_NOTAPPROVED error if there were a
physical problem with the fiber cable. If the fiber cable were broken, you would notice that the port
status light-emitting diodes (LEDs) on the SFP modules are not lit.
The switch would not report a SYS-3-TRANSCEIVER_NOTAPPROVED error if you had installed
the SFP module upside down. Instead, the switch would not recognize the SFP module, and the
output from show commands would contain no information about the module.
QUESTION NO: 14
Which of the following best describes an AP deployment that connects APs to a WLC that is
housed within a switch stack?
Cisco 200-301 Exam
“Pass Any Exam. Any Time.” - www.actualtests.com 24
Answer: A
Explanation:
Of the available choices, an embedded access point (AP) deployment typically connects APs to a
Cisco wireless LAN controller (WLC) that is housed within a switch stack. An AP is a device that
connects a wireless client to a wired network. The primary difference between this deployment and
others is that the WLC is embedded within a stack of switching hardware instead of existing as a
separate entity. APs can connect to the WLC by connecting to switches that are directly hosting
the WLC or switch ports that are operating on the same virtual local area network (VLAN) as the
WLC.
A lightweight AP deployment can be an embedded AP deployment. However, a lightweight AP
deployment does not always connect APs to a WLC that is housed within a switch stack. A
lightweight AP deployment requires a separate wireless controller. Wireless clients connect to
lightweight APs, which are capable of performing real-time wireless network functions but rely on a
WLC for management functions. The connection between a lightweight AP and a WLC is created
by using two tunnels established by the Control and Provisioning of Wireless Access Points
(CAPWAP) tunneling protocol. Information sent between lightweight APs and the WLC is
encapsulated in Internet Protocol (IP) packets. This process enables a lightweight AP and WLC to
manage connectivity to the same wireless local area network (WLAN) yet be separated by both
physical and logical means. This type of deployment is also known as a split-MAC architecture
because the lightweight AP handles the frames while the WLC handles the management
functions.
An autonomous AP deployment does not connect APs to a WLC that is housed within a switch
stack. An autonomous AP contains network interfaces for both wireless and wired networks; it is
typically deployed as part of an autonomous AP architecture in which APs are connected directly
to the access layer of the three-tier hierarchical network model.
A cloud-based AP deployment does not connect APs to a WLC that is housed within a switch
stack. Instead cloud-based APs connect to and are automatically configured by a WLC that is
housed in a cloud-based system. For example, a Cisco Meraki AP provides wireless access by
connecting to a centralized management system known as the Cisco Meraki Cloud. APs deployed
at the access layer of the three-tier hierarchical network model contact the cloud in order to
You are implementing common Layer 2 security measures on a Cisco switch. You create a new
VLAN with an ID of 4. No devices operate on VLAN 4. Next, you issue the following commands on
a switch interface:
switchport access vlan 4
switchport nonegotiate
Which of the following Layer 2 security measures are you implementing? (Choose two.)
A.
configuring the port mode manually
B.
disabling DTP on a port
C.
enabling port security on an access port
D.
moving the port to an unused VLAN
E.
disabling an unused port
Answer: B,D
Explanation:
You are disabling Dynamic Trunking Protocol (DTP) on a port when you issue the switchport
nonegotiate command while you are implementing common Layer 2 security measures on a
Cisco switch. In addition, you are moving the port to an unused virtual local area network (VLAN)
by issuing the switchport access vlan 4 command. By default, every network interface on a
Cisco switch is an active port. Before you deploy a switch on a network, you should take steps to
ensure that every trunk port and access port on the switch is secured and that every unused port
on the switch is disabled.
By default, all interfaces on a Cisco switch will use DTP to automatically negotiate whether an
interface should be a trunk port or an access port. The transmission of DTP packets over an
Cisco 200-301 Exam
“Pass Any Exam. Any Time.” - www.actualtests.com 26
interface can be exploited by a malicious user to obtain information about the network or to
convert an interface that should be an access port into a trunked port. You should issue the
switchport nonegotiate command on a manually configured port to prevent any attempts by the
switch to negotiate by using DTP.
Moving an unused port to an unused VLAN creates a logical barrier that prevents rogue devices
from communicating on the network should such a device connect to the port. To move an access
port to an unused VLAN, you should issue the switchport access vlan vlan-id command on the
port, where vlan-id is the ID of the unused VLAN. When you move an unused port to an unused
VLAN, you should also manually configure the port as an access port by issuing the switchport
mode access command and shut down the port by issuing the shutdown command.
You are not configuring the port mode manually by issuing the commands in this scenario. To
manually configure a trunk port, you should first issue the switchport trunk encapsulation
protocol command in interface configuration mode, where protocol is the trunk encapsulation
protocol you want to use, and then issue the switchport mode trunk command in interface
configuration mode. To manually configure an access port, you should issue the switchport
mode access command in interface configuration mode. Manually configuring interfaces to use
either trunk mode or access mode effectively disables DTP and ensures that the traffic on those
ports is restricted to the intended purpose. Even so, you should issue the switchport nonegotiate
command on a manually configured trunk port to prevent any attempts by the switch to negotiate
by using DTP, because a manually configured trunk port will continue to send DTP frames.
You are not disabling an unused port by issuing the commands in this scenario. Disabling an
unused port creates a barrier that prevents rogue devices from communicating on the network
should such a device connect to the port. To disable an unused port on a switch, you should issue
the shutdown command on that port. To verify that a port is in the shutdown state, you should
issue the show interfaces type number command, where type and number specify the interface
you want to show. A port that has been shut down will be reported as administratively down by the
show interfaces type number command.
You are not enabling port security on an access port by issuing the commands in this scenario. To
protect switch interfaces against Media Access Control (MAC) flooding attacks, you should enable
port security on all access mode interfaces on the switch. Issuing the switchport port-security
command in interface configuration mode enables port security with default settings. You can
modify port security settings before you enable port security by issuing the switchport portsecurity mac-address mac-address command, the switchport port-security maximum
maximum-number-of-mac-addresses command, and the switchport port-security violation [
protect | restrict | shutdown] command.
When enabled with its default settings, port security will shut down a port on which a violation
occurs. In addition, port security will allow only the first MAC address to connect to the port to
access the port.
QUESTION NO: 16
You have enabled LAG on a WLC that contains eight distribution system ports.
How many ports will be included in the LAG bundle by default?
A.
eight
B.
one
C.
four
D.
none
Answer: A
Explanation:
By default, all eight ports will be included in the link aggregation (LAG) bundle if you have enabled
LAG on a Cisco wireless LAN controller (WLC) that contains eight distribution system ports. A
distribution system port is a data port that typically connects to a switch in Institute of Electrical
and Electronics Engineers (IEEE) 802.1Q trunk mode. Similar to EtherChannel on switches, LAG
enables multiple physical ports on a WLC to operate as one logical group. Thus, LAG enables
load balancing across links between devices and redundancy. If one link fails, the other links in the
LAG bundle will continue to function.
LAG will bundle all eight ports in this scenario. However, LAG requires only one functional physical
port in order to pass client traffic. Similar to EtherChannel, LAG enables redundancy. If one
physical port fails in a LAG bundle, the other ports are capable of passing client traffic in that port’s
place. If all but one port in a LAG bundle fails, that port will pass client traffic for all of the failed
ports.
Distribution system ports can be configured to work in pairs or independently of each other if LAG
is disabled. By default, a Cisco WLCs distribution system ports operate in 802.1Q trunk mode,
forming a trunk link between each WLC distribution system port and the switch to which it is
connected. When enabled, LAG modifies this configuration so that the ports are bundled and no
QUESTION NO: 17
Which of the following tables is used by a switch to discover the relationship between the Layer 2
address of a device and the physical port used to reach the device?
A.
the adjacency table
B.
the ARP table
C.
the VLAN table
D.
the FIB table
E.
the CAM table
Answer: E
Explanation:
The Content Addressable Memory (CAM) table is used by a switch to discover the relationship
between the Open Systems Interconnection (050 Layer 2 address of a device and the physical
port used to reach the device. Switches make forwarding decisions based on the destination MAC
address contained in a frame’s header. The switch first searches the CAM table for an entry that
matches the frame’s destination MAC address. If the frame’s destination MAC address is not
found in the table, the switch forwards the frame to all its ports, except the port from which it
received the frame. If the destination MAC address is found in the table, the switch forwards the
frame to the appropriate port. The source MAC address is also recorded if it did not previously
exist in the CAM table.
The Forwarding Information Base (FIB) is a table that contains all the prefixes from the Internet
Protocol (IP) routing table and is structured in a way that is optimized for forwarding. The FIB and
the adjacency table are the two main components of Cisco Express Forwarding (CEF), which is a
hardware-based switching method that is implemented in all OSI Layer 3-capable Catalyst
switches. The FIB is synchronized with the IP routing table and therefore contains an entry for
Cisco 200-301 Exam
“Pass Any Exam. Any Time.” - www.actualtests.com 29
every IP prefix in the routing table. The IP prefixes are ordered so that when a Layer 3 address is
compared against the FIB, the longest, most specific match will be found first; therefore, prefix
lookup times are minimized.
The adjacency table maintains the Layer 2 addressing information for the FIB. Each network prefix
in the FIB is associated with a next-hop address and an outbound interface. The adjacency table
contains the Layer 2 addressing information for each next-hop address listed in the FIB and is
used to rewrite the Layer 2 header of each forwarded IP packet. You can issue the show
adjacency command to display the contents of the adjacency table.
The Address Resolution Protocol (ARP) table contains Layer 3 to Layer 2 address translations.
Whenever the switch encounters a packet destined for a Layer 3 address that does not have an
entry in the ARP table, the switch broadcasts an ARP request to query the network for the Layer 2
address. When the ARP reply is received, the switch enters the address pair into the ARP table for
future reference. You can issue the show ip arp command to display the contents of the ARP
table.
The virtual local area network (VLAN) table contains a record of the VLAN definitions on the switch
and a list of the interfaces associated with each VLAN. The VLAN table does not contain any
Layer 3 information. You can issue the show vlan command to display the contents of the VLAN
table.
Reference: https://www.cisco.com/c/en/us/support/docs/switches/catalyst-6500-seriesswitches/71079-arp-cam-tableissues.html#backinfo CCNA 200-301 Official Cert Guide, Volume 1,
Chapter 5: Analyzing Ethernet LAN Switching, Learning MAC Addresse
QUESTION NO: 18
Which of the following statements is true regarding a floating static route?
A.
A floating static route is used to provide link redundancy.
B.
A floating static route is used to provide link load balancing.
C.
A router always prefers a floating static route to a dynamically learned route.
D.
A floating static route has a lower AD than a normal static route.
Answer: A
Explanation:
A floating static route is used to provide link redundancy. When multiple routes to a network exist
and a more specific route is not available, a router will choose the route with the lowest
administrative distance (AD). Because a normal static route has a default AD of 1, a router will
always prefer a normal static route over any other type of route. You can manually assign a static
route a higher AD than 1 to prevent a router from always choosing the normal static route as the
best path to a destination network. By assigning a floating static route a higher AD than another
route, you are able to create a static route that will be used only when routes with a lower AD are
no longer available. For example, if a router’s primary path to a remote office is a dynamically
learned route and a floating static route with a higher AD is configured to use a specified exit
interface as a backup path, the router will use only the primary route to reach the remote office.
The dynamically learned route is preferred over the floating static route because the floating static
route has a higher AD than the dynamically learned route. However, if the dynamically learned
route becomes unavailable, the router will search its routing table for an available path with the
lowest AD. In this example, the router will use the floating static route to forward packets destined
to the remote office to the exit interface specified in the floating static route when the dynamically
learned route becomes unavailable.
A router will not always prefer a floating static route to a dynamically learned route. Because an
administrator can arbitrarily assign an AD to a floating static route, a router will prefer a floating
static route only if it has a lower AD than a dynamically learned route to the same destination
network. Likewise, a router will not always prefer a dynamically learned route to a floating static
route unless the dynamically learned route has an AD lower than a floating static route to the
same destination network.
A floating static route is not used for link load balancing. Load balancing is possible if multiple
paths to a destination network exist with equal ADs and if cost values exist. Because a floating
static route has a higher AD than the primary path to a destination network, a router will not use a
floating static route unless the primary path becomes unavailable.
Which of the ports on SwitchA will use PortFast?
A.
all access ports
B.
all ports
C.
no ports, because PortFast cannot be enabled globally
D.
all trunk ports
Answer: A
Explanation:
All access ports on SwitchA will use PortFast. PortFast enables faster connectivity for hosts
connected to an access-layer switch port. If PortFast is not enabled, a switch port transitions
through the Spanning Tree Protocol (STP) listening and learning states before it enters the
forwarding state. This process can take as long as 30 seconds if the default STP timers are used.
In addition, port initialization could take as long as 50 seconds if Port Aggregation Protocol (PAgP)
is enabled. PortFast transitions the port into the STP forwarding state without going through the
STP listening and learning states.
PortFast is a feature that should be used only on switch ports that are connected to end devices,
such as user workstations or print devices. Because PortFast immediately transitions a port to the
STP forwarding state, skipping over the listening and learning states, steps should be taken to
ensure that a switch that is inadvertently or intentionally connected to the port cannot influence the
STP topology or cause switching loops. Cisco recommends that switches should not be connected
to access ports that are configured with PortFast; switches should always be connected by trunk
ports.
You can enable PortFast for specific ports by issuing the spanning-tree portfast command in
interface configuration mode. However, you can also enable PortFast for all access ports on the
switch by issuing the spanning-tree portfast default command in global configuration mode;
trunk ports are not affected by the spanning-tree portfast default command.
Which of the following VLANs is used by DTP to negotiate a trunk link when 802.1Q encapsulation
is configured on the interface?
A.
the native VLAN
B.
1
C.
0
Cisco 200-301 Exam
“Pass Any Exam. Any Time.” - www.actualtests.com 34
D.
4094
Answer: A
Explanation:
Dynamic Trunking Protocol (DTP) uses the native virtual local area network (VLAN) to negotiate a
trunk link when Institute of Electrical and Electronics Engineers (IEEE) 802.1Q encapsulation is
configured on the interface. Because DTP frames are always transmitted on the native VLAN,
changing the native VLAN can have unexpected consequences. For example, if the native VLAN
is not configured identically on both ends of a link, a trunk will not dynamically form.
By default, all interfaces on a Cisco switch will use DTP to automatically negotiate whether an
interface should be an IEEE 802.1Q trunk port or an access port. There are two dynamic modes of
operation for a switch port:
* auto – operates in access mode unless the neighboring interface actively negotiates to operate
as a trunk
* desirable – operates in access mode unless it can actively negotiate a trunk connection with a
neighboring interface
The default dynamic mode is dependent on the hardware platform. In general, departmental-level
or wiring closet-level switches default to auto mode, whereas backbone-level switches default to
desirable mode. Because a switch port in auto mode does not actively negotiate to operate in
trunk mode, it will form a trunk link only if negotiations are initiated by the neighboring interface. A
neighboring interface will initiate negotiations only if it is configured to operate in trunk mode or
desirable mode. By contrast, a switch port in desirable mode will actively negotiate to operate in
trunk mode and will form a trunk link with a neighboring port that is configured to operate in trunk,
desirable, or auto mode.
Although VLAN 1 is the default native VLAN on a Cisco switch, the native VLAN can be changed
by issuing the switchport trunk native vlan vlan-id command from interface configuration mode.
Because the configuration of the native VLAN in this scenario is not specified, you cannot be
certain that VLAN 1 is still configured as the native VLAN.
VLAN 0 is a special VLAN used by Internet Protocol (IP) phones to indicate to an upstream switch
that it is sending frames that have a configured 802.1p priority but that should reside in the native
VLAN. This VLAN is used if voice traffic and data traffic should be separated but do not require
that a unique voice virtual VLAN be created.
VLAN 4094 is an extended VLAN and is not used for DTP frames unless it has been configured as
the native VLAN. VLAN IDs in the number range from 1006 through 4094 are available only on
extended IOS images. A VLAN ID can be a value from 1 through 1005 or from 1 through 4094,
Cisco 200-301 Exam
“Pass Any Exam. Any Time.” - www.actualtests.com 35
depending on the IOS image and switch model. VLANs 1002 through 1005 are reserved for Token
Ring and Fiber Distributed Data Interface (FDDI) VLANs. VLANs in this reserved range, as well as
the switch’s native VLAN, can be modified but not deleted.
Reference: https://www.cisco.com/c/en/us/td/docs/switches/lan/
Which of the following statements best describe why WRED is useful for networks where the
majority of traffic uses TCP? (Choose two.)
A.
TCP sources reduce traffic flow when congestion occurs.
B.
TCP packets that are dropped must be retransmitted.
C.
TCP packets cannot arrive out of sequence
E.
TCP packets must have priority over UDP packets.
Answer: A,B
Explanation:
Weighted random early detection (WRED) is useful for networks where the majority of traffic uses
Transmission Control Protocol (TCP) because TCP packets that are dropped must be
retransmitted. Additionally, TCP sources reduce traffic flow when congestion occurs, thereby
further slowing down the network.
WRED is a congestion avoidance mechanism that addresses packet loss caused by tail drop,
which occurs when new incoming packets are dropped because a router’s queues are too full to
accept them. Tail drop causes a problem called global TCP synchronization, whereby all of the
TCP sources on a network reduce traffic flow during periods of congestion and then the TCP
sources increase traffic flow when the congestion is reduced, which again causes congestion and
dropped packets. When WRED is implemented, you can configure different tail drop thresholds for
each IP precedence or Differentiated Services Code Point (DSCP) value so that lower-priority
traffic is more likely to be dropped than higher-priority traffic, thereby avoiding global TCP
synchronization.
WRED does not address header size. To compress the header of TCP packets, you should
implement TCP header compression. Because TCP header compression compresses only the
header, not the entire packet, TCP header compression works best for packets with small
payloads, such as those carrying interactive data.
WRED does not address the order in which TCP packets arrive. TCP packets can arrive in any
order because each packet is numbered with a sequence number. When the TCP packets arrive
at their destination, TCP rearranges the packets into the correct order.
Although it is possible for TCP packets to require a higher priority than User Datagram Protocol
(UDP) packets, it is also possible for UDP packets to require a higher priority than TCP packets.
UDP traffic that requires a high priority includes Voice over IP (VoIP) traffic and real-time
multimedia traffic. You should avoid placing TCP and UDP traffic in the same traffic class,
because doing so can cause TCP starvation. UDP traffic is not aware of packet loss due to
congestion control mechanisms, so devices sending UDP traffic might not reduce their
transmission rates. This behavior causes the UDP traffic to dominate the queue and prevent TCP
traffic from resuming a normal flow.
Which of the following devices cannot be connected to leaf nodes in the Cisco ACI architecture?
A.
Cisco 200-301 Exam
“Pass Any Exam. Any Time.” - www.actualtests.com 48
leaf nodes
B.
spine nodes
C.
EPGs
D.
application servers
E.
APICs
Answer: A
Explanation:
In the Cisco Application Centric Infrastructure (ACI), leaf nodes cannot connect to each other.
Cisco ACI is a data center technology that uses switches, categorized as spine and leaf nodes, to
dynamically implement network application policies in response to application-level requirements.
Network application policies are defined on a Cisco Application Policy Infrastructure Controller
(APIC) and are implemented by the spine and leaf nodes.
The spine and leaf nodes create a scalable network fabric that is optimized for east-west data
transfer, which in a data center is typically traffic between an application server and its supporting
data services, such as database or file servers. Each spine node requires a connection to each
leaf node; however, spine nodes do not interconnect nor do leaf nodes interconnect. Despite its
lack of fully meshed connections between spine nodes or between leaf nodes, this physical
topology enables nonlocal traffic to pass from any ingress leaf interface to any egress leaf
interface through a single, dynamically selected spine node. By contrast, local traffic is passed
directly from an ingress interface on a leaf node to the appropriate egress interface on the same
leaf node.
Because a spine node has a connection to every leaf node, the scalability of the fabric is limited by
the number of ports on the spine node, not by the number of ports on the leaf node. For example,
if additional access ports are needed, a new leaf node can be added to the infrastructure as long
as there is a sufficient number of ports remaining on the existing spine nodes to support the new
leaf node. In addition, redundant connections between a spine and leaf pair are unnecessary
because the nature of the topology ensures that each leaf has multiple connections to the network
fabric. Therefore, each spine node requires only a single connection to each leaf node.
Redundancy is also provided by the presence of multiple APICs, which are typically deployed as a
cluster of three controllers. APICs are not directly involved in forwarding traffic and are therefore
not required to connect to every spine or leaf node. Instead, the APIC cluster is connected to one
or more leaf nodes in much the same manner that other endpoint groups (EPGs), such as
application servers, are connected. Because APICs are not directly involved in forwarding traffic,
the failure of an APIC does not affect the ability of the fabric to forward traffic.
What percentage of wireless coverage overlap is considered appropriate to ensure that wireless
clients do not lose connectivity when roaming from one AP to another?
A.
10 to 15 percent
B.
40 to 50 percent
C.
0 to 5 percent
D.
more than 50 percent
E.
20 to 35 percent
Answer: A
Explanation:
A wireless coverage overlap area of 10 to 15 percent is considered appropriate to ensure that
wireless clients do not lose connectivity when roaming from one access point (AP) to another. Too
little wireless coverage overlap often causes gaps in wireless coverage, which prevents roaming
clients from being able to seamlessly transition from one AP to another. Providing more than 10 to
15 percent wireless coverage overlap would require you to purchase more APs than are
necessary for adequate wireless coverage. In addition, too much wireless coverage overlap could
introduce radio interference from neighboring APs. You should ensure that the APs on the network
use nonoverlapping channels to avoid radio interference from neighboring APs. For example,
although 802.11b can be configured to use 11 different channels in the United States and Canada,
Cisco 200-301 Exam
“Pass Any Exam. Any Time.” - www.actualtests.com 52
only three nonoverlapping channels can be used: 1, 6, and 11.
Which of the following are used by WPA2 to provide MICs and encryption? (Choose two.)
A.
CCMP
B.
TKIP
C.
GCMP
D.
AES
E.
RC4
Answer: A,D
Explanation:
Advanced Encryption Standard (AES) and Counter Mode with Cipher Block Chaining Message
Authentication Code Protocol (CCMP) are used by Wi-Fi Protected Access 2 (WPA2) to provide
message integrity checks (MICs) and encryption. Wireless security protocols use MICs to prevent
data tampering. Encryption is used to protect confidentiality.
WPA2, which implements the 802.11i wireless standard, was developed to address the security
vulnerabilities in the original WPA standard. One enhancement over WPA included in WPA2 is the
encryption algorithm. AES is a stronger encryption algorithm than the RC4 algorithm used by
earlier wireless standards. When AES is implemented, a 128-bit block cipher is used to encrypt
data and a security key of 128, 192, or 256 bits can be used. This is a processor-intensive
operation, and implementing WPA2 and AES often requires new hardware, such as new wireless
access points (WAPs) and new client wireless network adapters.
In addition to AES, WPA2 also uses CCMP to provide encryption. CCMP is an encryption
mechanism that uses block ciphers. In WPA2, CCMP is used by AES during the encryption
process. The WPA2 encryption process is thus sometimes known as AES-CCMP.
RC4 is a stream cipher encryption algorithm used in the Wired Equivalent Privacy (WEP) protocol.
Unlike AES, which supports an encryption key length of 256 bits, RC4 supports an encryption key
length of up to 128 bits. Consequently, RC4 is not as secure as AES. Furthermore, RC4 uses a
stream cipher, which is a less secure encryption method. RC4 is not used with WPA2.
QUESTION NO: 32
Which of the following examples best describes the SaaS service model?
A.
A company licenses an office suite, including email service, that is delivered to the end user
through a web browser.
B.
A company hires a service provider to deliver cloud-based processing and storage that will house
multiple virtual hosts configured in a variety of ways.
C.
A company obtains a subscription to use a service provider’s infrastructure, programming tools,
and programming languages to develop and serve cloud-based applications.
D.
A company moves all company-wide policy documents to an Internet-based virtual file system
hosted by a service provider
Answer: A
Explanation:
A company that licenses an office suite, including email service, that is delivered to the end user
through a web browser is an example of the Software as a Service (SaaS) service model. The
National Institute of Standards and Technology (NIST) defines three service models in its
definition of cloud computing: SaaS, Infrastructure as a Service (IaaS), and Platform as a Service
(PaaS).
The SaaS service model enables its consumer to access applications running in the cloud
infrastructure but does not enable the consumer to manage the cloud infrastructure or the
Cisco 200-301 Exam
“Pass Any Exam. Any Time.” - www.actualtests.com 56
configuration of the provided applications. Of the three service models, SaaS exposes the least
amount of the consumer’s network to the cloud and is the least likely to require changes to the
consumer’s network design. A company that licenses a service provider’s office suite and email
service that is delivered to end users through a web browser is using SaaS. SaaS providers use
an Internet-enabled licensing function, a streaming service, or a web application to provide end
users with software that they might otherwise install and activate locally. Web-based email clients,
such as Gmail and Outlook.com, are examples of SaaS.
The PaaS service model provides its consumer with slightly more freedom than the SaaS model
by enabling the consumer to install and possibly configure provider-supported applications in the
cloud infrastructure. A company that uses a service provider’s infrastructure, programming tools,
and programming languages to develop and serve cloud-based applications is using PaaS. PaaS
enables a consumer to use the service provider’s development tools or Application Programming
Interface (API) to develop and deploy specific cloud-based applications or services. Another
example of PaaS might be using a third party’s MySQL database and Apache services to build a
cloud-based customer relationship management (CRM) platform.
The IaaS service model provides the greatest degree of freedom by enabling its consumer to
provision processing, memory, storage, and network resources within the cloud infrastructure. The
IaaS service model also enables its consumer to install applications, including operating systems
(OSs) and custom applications. However, with IaaS, the cloud infrastructure remains in control of
the service provider. A company that hires a service provider to deliver cloud-based processing
and storage that will house multiple physical or virtual hosts configured in a variety of ways is
using IaaS. For example, a company that wanted to establish a web server farm by configuring
multiple Linux Apache MySQL PHP (LAMP) servers could save hardware costs by virtualizing the
farm and using a provider’s cloud service to deliver the physical infrastructure and bandwidth for
the virtual farm. Control over the OS, software, and server configuration would remain the
responsibility of the organization, whereas the physical infrastructure and bandwidth would be the
responsibility of the service provider. Using a third party’s infrastructure to host corporate Domain
Name System (DNS) and Dynamic Host Configuration Protocol (DHCP) servers is another
example of IaaS.
A company that moves all company-wide policy documents to an Internet-based virtual file system
hosted by a third party is using cloud storage. Cloud storage is a term used to describe the use of
a service provider’s virtual file system as a document or file repository. Cloud storage enables an
organization to conserve storage space on a local network. However, cloud storage is also a
security risk in that the organization might not have ultimate control over who can access the files.
You are configuring a normal WLAN by using the WLC GUI. You want to configure the WLAN with
the SSID of MyCompanyLAN. You click Create New on the WLANs page.
Which action are you most likely to perform first?
A.
Assign a profile name of up to 32 characters in the Profile Name field.
B.
Select Guest LAN from the Type drop-down list box.
C.
Assign the SSID of MyCompanyLAN in the WLAN SSID field.
D.
Assign a unique ID of 1 in the ID field
Answer: A
Explanation:
Most likely, you will assign a profile name of up to 32 characters in the Profile Name field first if
you want to configure a wireless local area network (WLAN) by using the Cisco wireless LAN
controller (WLC) graphical user interface (GUI). The Cisco WLC GUI is a browser-based interface
that enables you to configure various wireless network settings. In this scenario, you want to
create a normal WLAN named MyCompanyLAN. To create a new normal WLAN, you should
complete four steps on the WLANs > New page of the WLC GUI:
1. Select the type of WLAN you are creating from the Type drop-down list box; by default, this
value is configured to WLAN.
2. Enter a 32-character or less profile name in the Profile Name field.
3. Enter a 32-character or less Service Set Identifier (SSID) in the SSID field.
4. Choose a WLAN ID from the ID drop-down list box.
There are three types of WLANs you can create by using the WLC GUI:
1. A normal WLAN, which is the WLAN to which wireless clients inside your company’s walls will
connect
2. A Guest LAN, which is the WLAN to which guest wireless clients inside your company’s walls
will connect
Cisco 200-301 Exam
“Pass Any Exam. Any Time.” - www.actualtests.com 58
3. A Remote LAN, which is the WLAN configuration for wired ports on the WLC
In this scenario, you are configuring a normal WLAN with an SSID of MyCompanyLAN.
Therefore, you do not need to select WLAN from the Type drop-down list box, because WLAN is
the default value for this drop-down list box. The Type drop-down list box should be configured to
WLAN in order to create a normal WLAN by using the WLC GUI.
After you configure the type of WLAN, you should configure a profile name for the WLAN in the
Profile Name field. The profile name can be up to 32 characters in length and should uniquely
identify the WLAN that you are configuring. The value that you enter in the Profile Name field will
be used by the WLC to identify the WLAN on other configuration pages. For simplicity, many
administrators choose to use the same value for the Profile Name field as they plan to configure
in the SSID field, although this is not required.
After you configure the Profile Name field, you should configure a value of up to 32 characters in
the SSID field. The SSID is the WLAN network name that will be broadcast to wireless clients. In
general, an SSID is the name for the collection of wireless clients that are all operating with the
same Institute of Electrical and Electronics Engineers (IEEE) 802.11 configuration.
Finally, you should configure the WLAN ID on which the WLAN will operate. By default, the ID
drop-down list box on the WLANs > New page will be configured to a value of 1. You can choose
to configure a WLAN on any WLAN ID in the range from 1 through 512. Although Cisco controllers
support a maximum of 512 WLANs, only 16 can be actively configured.
Reference: https://www.cisco.com/c/en/us/td/docs/wireless/controller/8-5/configguide/b_cg85/wlans.html#ID72 CCNA 200-301 Official Cert Guide, Volume 1, Chapter 29: Building
a Wireless LAN, Configuring a WLAN
Which of the following Application layer protocols use UDP for unsynchronized, connectionless
data transfer? (Choose two.)
A.
SMTP
B.
HTTP
C.
FTP
Cisco 200-301 Exam
“Pass Any Exam. Any Time.” - www.actualtests.com 59
D.
TFTP
E.
SNMP
Answer: D,E
Explanation:
Simple Network Management Protocol (SNMP) and Trivial File Transfer Protocol (TFTP) use User
Datagram Protocol (UDP) for unsynchronized, connectionless data transfer. UDP is a Transport
layer protocol that does not use sequence numbers or establish synchronized connections.
Because of UDP’s connectionless nature, transmitted datagrams can appear out of sequence or
can be dropped without notice; thus it is the responsibility of the Application layer protocol to
reorder packets or request the transmission of lost datagrams. SNMP is used to monitor and
manage network devices. TFTP uses UDP port 69 to transfer files unreliably and without
authentication over a network. Other common Application layer protocols that use UDP include
Dynamic Host Configuration Protocol (DHCP), which is used to assign Internet Protocol (IP)
addressing information to clients, Network Time Protocol (NTP), which is used to coordinate time
on a network, and Remote Authentication Dial-In User Service (RADIUS), which is used to
authenticate users.
Hypertext Transfer Protocol (HTTP) and File Transfer Protocol (FTP) use Transmission Control
Protocol (TCP) for reliable, connection-oriented data transfer. TCP is a Transport layer protocol
that uses sequencing and error-checking to ensure that transmitted data can be easily reordered if
packets arrive out of sequence and can be retransmitted if any packets are lost. Because TCP
handles data sequencing and the retransmission of lost data, the Application layer protocols that
rely on TCP do not need to handle those tasks and can rely on receiving reliable, ordered data.
FTP, which is used to transfer files over a network, uses TCP ports 20 and 21. Cisco devices can
reliably transfer IOS images by using FTP. FTP requires the transmission of authentication
credentials, even if anonymous FTP is in use, but those credentials are transmitted in plain text.
Other common TCP protocols are HTTP, which is used to transfer webpages over the Internet,
Simple Mail Transfer Protocol (SMTP), which is used to send email messages, Post Office
Protocol 3 (POP3), which is used to retrieve email messages, and Telnet, which is used to
manage network devices.
Reference: https://www.iana.org/protoco
QUESTION NO: 35
Which of the following is a valid HSRP version 2 virtual MAC address?
Cisco 200-301 Exam
“Pass Any Exam. Any Time.” - www.actualtests.com 60
A.
0007.6400.0102
B.
0000.5E00.0101
C.
0000.0C9F.F00A
D.
0000.0C07.AC0B
E.
0005.73A0.0FFF
Answer: C
Explanation:
Of the available choices, only 0000.0C9F.F00A is a valid Hot Standby Router Protocol (HSRP)
version 2 virtual Media Access Control (MAC) address. HSRP is a Cisco-proprietary protocol that
enables multiple routers to function as a single gateway for the network. HSRP configures two or
more routers to share a virtual Internet Protocol (IP) address and a virtual MAC address so that
the group of routers appears as a single device to other hosts on the network.
Based on priority value, HSRP elects a single active router and a standby router. The active router
is the router with the highest priority; it forwards packets, responds to Address Resolution Protocol
(ARP) requests with a virtual MAC address, and can be the only router that is explicitly configured
with the virtual IP address. The standby router is the router with the second-highest priority. If
multiple HSRP routers have the same priority, the router with the highest IP address is elected as
the active router. The router with the second-highest IP address is elected as the standby router,
which will assume the role of the active router if the active router fails. To participate in the active
and standby router election process, each HSRP router must be a member of the same group.
There are two versions of HSRP for IP version 4 (IPv4) networks: HSRP version 1 and HSRP
version 2. An HSRP version 1 group is identified by a group number from 0 through 255. An HSRP
version 2 group is identified by a group number from 0 through 4095. The default HSRP group
value for both versions is 0.
To differentiate the virtual MAC addresses of the various groups, HSRP version 1 uses a special
format based on the well-known virtual MAC address 0000.0007.ACxx, where xx is the group
number in hexadecimal format. HSRP version 2, on the other hand, uses a virtual MAC address of
0000.0C9F.Fxxx, where xxx is the group number in hexadecimal format. In this scenario, the
virtual MAC address for the HSRP group is 0000.0C9F.F00A; the group number is identified by
the final three digits, OOA, in the virtual MAC address. Thus, because 00A is the hexadecimal
equivalent of 10 in decimal notation, the virtual MAC address 0000.0C9F.F00A indicates that the
HSRP group number for this scenario is 10.
Cisco 200-301 Exam
“Pass Any Exam. Any Time.” - www.actualtests.com 61
The virtual MAC address 0000.5E00.0101 is not an HSRP version 2 virtual MAC address. This
MAC address is a Virtual Router Redundancy Protocol (VRRP) MAC address. VRRP is an Internet
Engineering Task Force (IETF)-standard First-Hop Redundancy Protocol (FHRP) that is supported
by both Cisco and non-Cisco devices. However, if only Cisco devices are used in the topology and
a choice between HSRP and VRRP is available, Cisco recommends using HSRP. A VRRP virtual
MAC address typically uses the 0000.5E00.01xx format, where xx is the VRRP group number.
The virtual MAC address 0007.B400.0102 is not an HSRP version 2 virtual MAC address. This
MAC address is a Gateway Load Balancing Protocol (GLBP) virtual MAC address. The GLBP
active virtual gateway (AVG) assigns a virtual MAC address to a maximum of four primary active
virtual forwarders (AVFs); all other routers in the group are considered secondary AVFs and are
placed in the listen state. GLBP virtual MAC addresses typically use the 0007.B400.xxyy format,
where xx represents the GLBP group number and yy represents the AVF number.
The virtual MAC address 0005.73A0.0FFF is not an HSRP version 2 virtual MAC address. There
is a version of HSRP for IPv6 that uses a range of virtual MAC addresses from 0005.73A0.0000
through 0005.73A0.0FFF. However, configuring HSRP for IPv6 is beyond the scope of CCNA.
QUESTION NO: 36
You are trying to configure OSPF to perform equal-cost load balancing. Router1 should have eight
equal-cost OSPF routes to the 192.168.102.0/24 network. However, only four OSPF routes exist.
Which of the following should you do to perform equal-cost load balancing over all eight routes?
A.
Issue the maximum-paths 8 command.
B.
Issue the ip ospf cost 1 command on all interfaces.
C.
Configure EIGRP throughout the network.
D.
Configure the variance to a value of 8.
Answer: A
Explanation:
You should issue the maximum-paths 8 command. Many Open Shortest Path First (OSPF) routers
can insert a maximum of four equal-cost paths into the routing table by default. You can override
the default maximum by issuing the maximum-paths maximum command in OSPF router
configuration mode, where maximum indicates the maximum number of equal-cost paths to insert
into the routing table.
You need not configure Enhanced Interior Gateway Routing Protocol (EIGRP) throughout the
network. OSPF supports equal-cost load balancing; if multiple OSPF paths to a destination exist
and each path has the same bandwidth, OSPF will load balance between the paths. By contrast,
EIGRP supports load balancing over equal-cost and unequal-cost paths. OSPF does not use
variance; therefore, configuring variance to a value of 8 will not enable Router1 to perform equalcost load balancing over eight paths. The variance command is used to determine whether EIGRP
feasible successors can be used for unequal-cost load balancing.
You need not issue the ip ospf cost 1 command on all interfaces, because the routes already have
the same cost. You can manually configure the OSPF cost of a path through an interface by
issuing the ip ospf cost costcommand in interface configuration mode, where cost is the path cost
that you want to assign. OSPF uses cost, which is based on bandwidth, as its metric. The higher
the bandwidth, the lower the cost. OSPF selects the lowest-cost path, which is the path with the
highest bandwidth, to a destination.
QUESTION NO: 38
Which of the following best describes a lightweight AP in bridge mode?
A.
It acts as a dedicated connection between two networks.
B.
It is the default operating mode for a lightweight AP.
C.
It captures wireless traffic for analysis.
D.
It enables a failsafe if the CAPWAP connection goes down.
Answer: A
Explanation:
A Cisco lightweight access point (AP) operating in bridge mode acts as a dedicated connection
between two networks. A lightweight AP provides an interface for wireless clients to connect to the
wireless local area network (WLAN). However, unlike autonomous APs, a lightweight AP relies on
a Cisco wireless LAN controller (WLC) for management and configuration. Lightweight APs
operating in bridge mode can connect to other networks in either a point-to-point or point-tomultipoint fashion. When multiple APs are configured in bridge mode, the collection of lightweight
APs can be used to form a mesh network.
Local mode is the default operating mode for a lightweight AP. A Cisco lightweight AP operating in
local mode is capable of providing multiple basic service sets (BSSs) on a single channel. In this
mode, the AP can connect to a WLC and can provide client connectivity. In addition, an AP
operating in local mode scans all wireless channels as a means of monitoring wireless quality and
security. The connection between a lightweight AP and a WLC is created by using two tunnels
established by the Control and Provisioning of Wireless Access Points (CAPWAP) tunneling
protocol. Information sent between lightweight APs and the WLC is encapsulated in Internet
Protocol (IP) packets. This process enables a lightweight AP and WLC to manage connectivity to
the same WLAN yet be separated by both physical and logical means.
A Cisco lightweight AP operating in sniffer mode, not bridge mode, captures wireless traffic for
analysis. When traffic is captured, a lightweight AP that is operating in sniffer mode will send the
traffic to an analyzer, which is typically software that is installed on a PC or other host.
A Cisco lightweight AP operating in FlexConnect mode, not bridge mode, enables a failsafe if the
CAPWAP connection goes down. FlexConnect mode does not provide BSSs. When configured,
FlexConnect mode enables a lightweight AP to switch traffic between a given Service Set Identifier
(SSID) and a given virtual LAN (VLAN).
QUESTION NO: 41
Which of the following is the default frequency that a Cisco switch will send LLDP advertisements
when LLDP is enabled on an interface?
A.
five seconds
B.
65534 seconds
C.
Cisco 200-301 Exam
“Pass Any Exam. Any Time.” - www.actualtests.com 70
120 seconds
D.
30 seconds
E.
60 seconds
Answer: D
Explanation:
By default, a Cisco switch will send Link Layer Discovery Protocol (LLDP) advertisements every
30 seconds when LLDP is enabled on an interface. LLDP is an Open Systems Interconnection
(050 Layer 2 open-standard discovery protocol that is used to facilitate interoperability between
Cisco devices and non-Cisco devices. Attributes that can be learned from neighboring devices
contain Type, Length, Value (TLV) information including port description, system description, and
management address. You can issue the lldp timer rate command from global configuration
mode to configure the frequency at which LLDP advertisements are sent by a switch. The default
rate value is 30 seconds; however, the rate can be configured to any integer value from 5 through
65534 seconds. You can issue the show lldp command from privileged EXEC mode to display
the current LLDP configuration. The following sample output shows the default settings for a Cisco
3560 series switch after LLDP has been enabled globally
QUESTION NO: 42
You want to configure SSH for incoming VTY connections on a new router. The router is running a
K9 IOS image but has not yet been configured with a host name, a domain name, or an RSA key
pair. In addition, the VTY lines are not yet configured to accept incoming SSH connections.
You issue the crypto key generate rsa command from global configuration mode.
Cisco 200-301 Exam
“Pass Any Exam. Any Time.” - www.actualtests.com 72
Which of the following messages will you most likely receive?
A.
Please define a hostname other than Router.
B.
Please create RSA keys to enable SSH.
C.
The name for the keys will be:
D.
Please enable SSH as a transport mode.
E.
Please define a domain-name first.
Answer: A
Explanation:
You will most likely receive the Please define a hostname other than Router message when you
issue the crypto key generate rsa command, because you have not configured the router with a
host name other than the default name of Router. To configure a router with a host name other
than the default, you should issue the hostname host-name command from global configuration
mode.
To enable Secure Shell (SSH) for virtual terminal (VTY) lines on a Cisco router, you should
complete the following steps:
1. Configure the router with a host name other than Router by issuing the hostname command.
2. Configure the router with a domain name by issuing the ip domain-name command.
3. Generate an RSA key pair for the router by issuing the crypto key generate rsa command.
4. Configure the VTY lines to use SSH by issuing the transport input ssh command from line
configuration mode.
SSH is often used as a secure replacement for Telnet to manage network devices. In order for
SSH to be enabled on a Cisco device, the device must be running a K9 IOS image, which
provides cryptographic functionality.
You will not receive the The name for the keys will be: message when you issue the crypto key
generate rsa command in this scenario. However, if you had already configured the router with a
valid host name and a domain name, you would have received the The name for the keys will be:
message after issuing the crypto key generate rsa command. After you specify the name for the
Cisco 200-301 Exam
“Pass Any Exam. Any Time.” - www.actualtests.com 73
keys, you will be prompted for the modulus length.
You will not receive the Please define a domain-name first message when you issue the crypto
key generate rsa command in this scenario. However, if you had configured the router with a
valid host name but had not configured the router with a domain name, you would have received
the Please define a domain-name first message after issuing the crypto key generate rsa
command. In this scenario, you have configured neither the domain name nor the host name. To
configure a router with a domain name, you should issue the ip domain-name domain-name
command from global configuration mode.
You will not receive the Please create RSA keys to enable SSH message when you issue the
crypto key generate rsa command in this scenario. However, if you had issued another
command related to SSH, such as the ip ssh time-out 60 command, but had not yet enabled
SSH on the router, you would have received the Please create RSA keys to enable SSH
message.
You will not receive the Please enable SSH as a transport mode message when you issue the
crypto key generate rsa command in this scenario. The Please enable SSH as a transport mode
message is not a warning message that is displayed on Cisco routers. You can issue the
transport input ssh command to configure SSH as the transport mode for VTY lines.
Reference: https://www.cisco.com/c/en/us/support/docs/security-vpn/secure-shell-ssh/4145-
ssh.html#settingupaniosrouterasssh CCNA 200-301 Official Cert Guide, Volume 1, Chapter 6:
Configuring Basic Switch Management, Securing Remote Access with Secure Shell
QUESTION NO: 43
Which of the following is a REST API encoding format that uses HTML-like tags to define blocks of
data?
A.
BSON
B.
XML
C.
YAML
D.
JSON
Answer: B
Explanation:
Of the available choices, Extensible Markup Language (XML) is a Representational State Transfer
(REST) Application Programming Interface (API) encoding format that uses Hypertext Markup
Language (HTML)-like tags to define blocks of data. REST APIs encode data in either XML format
or in JavaScript Object Notation (JSON) format. In addition, REST APIs are typically used to
communicate with a Software-Defined Networking (SDN) application plane.
An SDN controller uses two different sets of APIs: one set to communicate with applications and
another set to communicate with devices. Northbound APIs enable an SDN controller to
communicate with applications in the application plane. Applications use northbound APIs to send
requests or instructions to the SDN controller, which uses that information to modify and manage
network flow. Southbound APIs enable an SDN controller to communicate with devices in the data
plane.
XML is a markup language that is similar to HTML in structure; it uses tags to define blocks of
data. Whereas HTML is used to render information on a webpage, XML is a more structured
language that is used to format data in a way that can be easily transmitted over the Internet and
parsed by a variety of applications.
JSON is a REST API encoding format. However, JSON returns data in the form of an object that
contains key and value pairs. A single JSON object can contain multiple key and value pairs. Each
key and value pair inside a JSON object is separated from the others by a comma (,).
Furthermore, each pair’s key is separated from its value by a colon (:). The element in quotation
marks on the left side of each colon is the key. The element on the right side of each colon is the
value, which might or might not be enclosed in quotation marks. There are several data value
types that can be returned in JSON output: text, numeric, array, object, Boolean, and null.
YAML Ain’t Markup Language (YAML) is not a REST API encoding format. YAML is a data
serialization language that presents information in a format that is typically more human-readable
than either XML or JSON. YAML is commonly used by the Ansible configuration management tool
to store configuration playbooks.
Binary JSON (BSON) is not a REST API encoding format. BSON is a data serialization format that
stores JSON data in a binary form that is not human-readable. This is in contrast to the text format
that is typical of JSON. BSON is typically used in information storage systems, such as MongoDB
QUESTION NO: 44
You issue the following commands on a Cisco router named RouterA:
Cisco 200-301 Exam
“Pass Any Exam. Any Time.” - www.actualtests.com 75
enable password !abcu$3r!
enable secret abc4dm!n
line console 0
password abc4dm!n
line vty 0 15
login
password abcu$3r
service password-encryption
Another user has been asked to examine the running configuration on RouterA but not make any
configuration changes. The user connects to RouterA by using Telnet.
Which of the following will the user require in order to perform this task?
A.
the enable secret password and the console password
B.
the console password alone
C.
the VTY line password alone
D.
the enable password and the console password
E.
the enable secret password and the VTY line password
F.
the enable password and the VTY line password
G.
the console password and the VTY line password
Answer: E
Explanation:
The user will require the enable secret password and the virtual terminal (VTY) line password to
examine the running configuration on RouterA in this scenario. In this scenario, the user connects
to RouterA by using Telnet. You can configure Telnet login information on a Cisco device by
issuing the line vty first last command to place the device in VTY line configuration mode. Next,
Cisco 200-301 Exam
“Pass Any Exam. Any Time.” - www.actualtests.com 76
you can issue the password password command to configure a Telnet password and the login
command to enable password checks if the command has been disabled on the router. The login
command is typically configured by default. Issuing the Telnet password when you are connecting
to a device places the device into user EXEC mode, where it is not typically possible to display the
running configuration.
In Cisco IOS 15, the enable secret command stores an encrypted password in the device’s
configuration file by using a Secure Hash Algorithm (SHA) 256-bit hash. The syntax for the
enable secret command is enable secret [level level] {password | [encryption-type] encryptedpassword}, where password is a string of characters that represents the clear-text password.
Instead of supplying a clear-text password, you can specify an encryption-type value of 0, 4, or 5
and an encrypted-password value of either a clear-text password, a SHA-256 hash, or a Message
Digest 5 (MD5) hash, respectively. Supplying a hash value requires that you have previously
encrypted the value by using a hashing algorithm in the same fashion that IOS uses the algorithm.
This command configures a password that is required in order to place the device into enable
mode, which is also known as privileged EXEC mode. The device must, at a minimum, be placed
into enable mode for the user to be able to display the running configuration. In some Cisco IOS
versions prior to 15.3(3), the enable secret command by default stores an encrypted password in
the device’s configuration file by using a Secure Hash Algorithm (SHA) 256-bit hash. As of Cisco
IOS 15.3(3), Type 4 passwords have been deprecated because of a security flaw in their
implementation.
The user will need the enable secret password, not the enable password, to access privileged
EXEC mode in this scenario. The enable password password command configures a clear-text
enable password on a Cisco device. If both the enable password command and the enable
secret command are in the running configuration of a Cisco device, the device will ignore the
password associated with the enable password command. Therefore, issuing the password that
is configured by the enable password command in this scenario will not provide the user with
access to privileged EXEC mode. Because the service password-encryption command has
been configured on RouterA, all passwords on the device have been encrypted. However, the
router will still prefer the enable secret password over the enable password password.
The user will not need the console password in this scenario. The line console 0 command
followed by the password command configures a password for accessing the router by using the
console. Typically, the console is accessed by physically connecting a console cable between the
router and a device that is running terminal software. Issuing the password for t
QUESTION NO: 45
In a controller-based network, the functions of which of the following protocols are most likely to be
moved to a centralized controller? (Choose two.)
A.
Syslog
B.
EIGRP
C.
OSPF
D.
SSH
E.
SNMP
Answer: B,C
Explanation:
In a controller-based network, the functions of Enhanced Interior Gateway Routing Protocol
(EIGRP) and Open Shortest Path First (OSPF) are most likely to be moved to a centralized
controller. Routing protocols like EIGRP and OSPF operate in the control plane of a traditional
distributed network. These protocols make routing decisions for packets that require routing
among Layer 3 devices. In a controller-based network, such as a Software-Defined Networking
(SDN) network, the control plane is centralized. Therefore, the decision-making logic is either
moved to a central controller or monitored by a central controller.
In a controller-based network, none of the functions of Secure Shell (SSH), Syslog, or Simple
Network Management Protocol (SNMP) are likely to be moved to a centralized controller. All of
these protocols operate in the management plane in both a traditional network and a controllerbased network. Another network management protocol that operates in this plane includes Telnet.
All of these protocols enable an administrator to connect to and manage a network device.
Layer 2 switches, Layer 3 switches, and end devices typically operate in the data plane. In a
controller-based network, the controller communicates with the data plane by using a southbound
Application Programming Interface (API), such as NETCONF, OpenFlow, OpFlex, or OnePK.
Cisco 200-301 Exam
“Pass Any Exam. Any Time.” - www.actualtests.com 78
Network tasks that are typically performed in the data plane include the encapsulation and
decapsulation of packets, the adding or removing of trunk headers, the matching of Media Access
Control (MAC) addresses to a MAC address table, the matching of Internet Protocol (IP)
addresses to paths in a routing table, the encryption of data, Network Address Translation (NAT),
and filtering by using either access control lists (ACLs) or port security.
QUESTION NO: 47
Which of the following best describes what occurs when a packet must be re-sent because of an
interruption that occurs before the 64th byte has been transmitted?
A.
A jumbo frame is transmitted.
B.
A late collision occurs.
C.
A collision occurs.
D.
Cisco 200-301 Exam
“Pass Any Exam. Any Time.” - www.actualtests.com 80
A baby giant frame is transmitted.
E.
A runt frame is transmitted.
Answer: C
Explanation:
A collision occurs when a packet must be re-sent because of an interruption that occurs before the
64th byte, or 512th bit, has been transmitted. When two devices attempt to send data
simultaneously, a collision occurs. On Ethernet networks, which use Carrier Sense Multiple
Access with Collision Detection (CSMA/CD), both devices will wait a random amount of time
before resending. Collisions can be caused by a duplex mismatch, by a malfunctioning device, or
by having too many nodes on a network segment.
A late collision occurs when a packet must be re-sent because of an interruption that occurs after
the 64th byte, or 512th bit, has been transmitted. Late collisions can be caused by a duplex
mismatch or by a network segment that extends farther than the cable length supports.
A runt is a frame that is fewer than 64 bytes and has a bad Frame Check Sequence (FCS).
Frames that are smaller than 64 bytes are discarded. Runts can sometimes be caused by
excessive collisions but can also be caused by malfunctioning hardware.
A baby giant is a frame that is up to 1,600 bytes in length. The default maximum transmission unit
(MTU) size for Ethernet frames is 1,500 bytes, not including the Ethernet header and the cyclic
redundancy check (CRC) trailer, which add 18 bytes to the frame. Therefore, baby giant frames
are slightly larger than an Ethernet frame. Baby giants can occur if you use Q-in-Q encapsulation,
Multiprotocol Label Switching (MPLS), or any other feature that adds to the size of an Ethernet
frame.
A jumbo is a frame that is up to 9,216 bytes in length, which is much larger than a standard
Ethernet frame. You can issue the system mtu bytes global configuration command to change the
MTU size on Ethernet or Fast Ethernet interfaces; however, they cannot support jumbo frames.
Reference: https://www.cisco.com/c/en/
QUESTION NO: 48
You issue the spanning-tree guard root command on a switch port that you are connecting to a
Cisco 200-301 Exam
“Pass Any Exam. Any Time.” - www.actualtests.com 81
new, unconfigured switch.
Which of the following are you most likely attempting to do?
A.
prevent loops on a port that could erroneously receive BPDUs
B.
prevent the new switch from being elected root
C.
prevent loops from an interruption of BPDU flow
D.
prevent a port from transitioning through all of the STP states
Answer: B
Explanation:
Most likely, you are attempting to prevent the new switch from being elected root if you issue the
spanning-tree guard root command on a switch port that you are connecting to a new,
unconfigured switch. The spanning-tree guard root command configures the Spanning Tree
Protocol (STP) root guard feature.
Root guard is used to prevent newly introduced switches from being elected as the new root
switch. This allows administrators to maintain control over which switch is the root. When STP is
used, the device with the lowest switch priority is elected the root. If a new device is added to the
network with a lower priority than the current root, it will become the new root. However, this could
cause the network to reconfigure in unintended ways. To prevent this, root guard can be applied.
Root guard is applied on a per-port basis by issuing the spanning-tree guard root command. If
root guard is enabled on a loop guard-enabled port, loop guard will be automatically disabled.
You are not attempting to prevent a port from transitioning through all of the STP states. If you
want to ensure that a port immediately transitions to the STP forwarding state, you should enable
PortFast on the port. PortFast is a feature that provides immediate accessibility to the network for
edge ports, such as access ports that are connected to end-user workstations. PortFast transitions
the port into the STP forwarding state without going through the STP listening and learning states.
Because the ports are not expected to receive bridge protocol data units (BPDUs), they are not
required to listen for BPDUs and learn the network topology. It is important to note that if PortFast
is enabled on a port that is connected to another switch, the potential for creating spanning tree
loops significantly increases.
You are not attempting to prevent loops from an interruption of BPDU flow. The loop guard feature
prevents nondesignated ports from inadvertently forming bridging loops if the steady flow of
BPDUs is interrupted. When the port stops receiving BPDUs, loop guard puts the port into the
Cisco 200-301 Exam
“Pass Any Exam. Any Time.” - www.actualtests.com 82
loop-inconsistent state, which keeps the port in a blocking state. After the port starts receiving
BPDUs again, loop guard automatically re-enables the port so that it transitions through the
normal STP states. You can enable loop guard for the entire switch by issuing the spanning-tree
loopguard default command in global configuration mode, or you can enable loop guard for
specific ports by issuing the spanning-tree guard loop command in interface configuration mode.
You are not attempting to prevent loops on a port that could erroneously receive BPDUs. BPDU
guard is used to disable ports that erroneously receive BPDUs. BPDU guard is typically applied to
edge ports that have PortFast enabled. Because PortFast automatically places ports into a
forwarding state, a switch that has been connected to a PortFast-enabled port could cause
switching loops. However, when BPDU guard is applied, the receipt of a BPDU on a port will result
in the port being placed into the error-disabled state, which prevents loops from occurring. BPDU
guard should be enabled on ports that have been enabled with PortFast so that BPDU guard can
prevent a rogue switch from modifying the STP topology. When such a port receives a BPDU,
BPDU guard immediately puts that port into the error-disabled state and shuts down the port. The
port must then be manually re-enabled, or it can be recovered automatically by configuring the
errdisable recovery cause bpduguard command and the errdisable recovery interval interval
command.
QUESTION NO: 49
Which HSRP router or routers will use the HSRP virtual IP address and will respond to ARP
requests with the HSRP virtual MAC address?
A.
only the active router
B.
only the active router and the standby router
C.
only the standby router
D.
Cisco 200-301 Exam
“Pass Any Exam. Any Time.” - www.actualtests.com 83
all HSRP routers in a group
Answer: A
Explanation:
Only the active router will use the Hot Standby Router Protocol (HSRP) virtual Internet Protocol
(IP) address and will respond to Address Resolution Protocol (ARP) requests with the HSRP
virtual Media Access Control (MAC) address. HSRP is a Cisco-proprietary protocol that enables
two or more routers to act as a single virtual router. Multiple routers are assigned to an HSRP
group, and the routers function as a single gateway. The HSRP virtual IP address can then be
configured as the default gateway address for client devices.
Each HSRP group is identified by a group number from 0 through 255. The default HSRP group
value is 0. Based on priority value, HSRP elects a single active router and a standby router for
each group. To participate in the active and standby router election process, each HSRP router
must be a member of the same group. The active router is the router with the highest priority; it
forwards packets, responds to ARP requests with a virtual MAC address, and can be the only
router that is explicitly configured with the virtual IP address. The standby router is the router with
the second-highest priority. If multiple HSRP routers have the same priority, the router with the
highest IP address is elected as the active router. The router with the second-highest IP address is
elected as the standby router, which will assume the role of the active router if the active router
fails. Other routers in the HSRP group are in the listen state.
By default, Hello packets are sent by the active router every three seconds. Only the standby
router monitors the active router’s Hello packets. If the standby router does not receive a Hello
packet from the active router for the duration configured in the holdtime, the standby router will
take over the role of the active router. By default, the holdtime is set to 10 seconds.
To differentiate the virtual MAC addresses of the various groups, HSRP uses a special format for
the virtual MAC address that uses the well-known virtual MAC address 0000.0c07.acxx, where xx
is the group number in hexadecimal format. For example, the virtual MAC address for HSRP
group 11 is 0000.0c07.ac0b; 0b is the hexadecimal equivalent of 11 in decimal notation.
QUESTION NO: 50
Which of the following MAC addresses represents an IP multicast address?
Cisco 200-301 Exam
“Pass Any Exam. Any Time.” - www.actualtests.com 84
A.
01-00-5E-0F-0F-0F
B.
CF-00-00-00-00-00
C.
00-00-0C-F0-F0-F0
D.
FF-FF-FF-FF-FF-FF
Answer: A
Explanation:
The Media Access Control (MAC) address 01-00-5E-0F-0F-0F represents an Internet Protocol (IP)
multicast address. The Ethernet multicast range of 01-00-5E-00-00-00 through 01-00-5E-7F-FFFF has been allocated for IP multicast use. This means that the first 24 bits of a 48-bit multicast
MAC address are always 01-00-5E, and the twenty-fifth bit is always set to 0. The remaining 23
bits are created from the last 23 bits of the multicast IP address. Because IP addresses are 32 bits
long, several multicast IP addresses correspond to each multicast MAC address. For example, the
IP addresses 224.15.15.15 and 225.143.15.15 share the same last 23 bits, as shown below:
Which of the following Cisco management solutions supports Cisco SDA?
A.
Cisco DNA Center
B.
Cisco Network Assistant
C.
Cisco IOS 15
D.
Cisco PI
Answer: A
Explanation:
Of the available choices, Cisco Digital Network Architecture (DNA) Center is the Cisco
management solution that supports Cisco Software-Defined Access (SDA). Cisco SDA is a Ciscodeveloped means of building local area networks (LANs) by using policies and automation. Cisco
DNA Center, which abstracts the complexity of network configuration by implementing a
centralized controller and graphical user interface (GUI), also supports many of the same
traditional campus device management features that are supported by other Cisco management
solutions. Administrators typically interact with Cisco DNA by using a browser-based GUI. Cisco
DNA Center uses the Representational State Transfer (REST) API to natively communicate with
Cisco devices. To communicate with third-party devices, Cisco DNA Center relies on software
development kits (SDKs).
Cisco IOS 15 is not built specifically to support the Cisco SDA. Cisco IOS is a network device
operating system (OS) that is used to directly configure, manage, and troubleshoot a single
device. Administrators typically interact with Cisco IOS by using a command-line interface (CLI).
Access to the CLI can be gained by connecting to a device’s console port, by connecting to a
Telnet session, or by connecting to a Secure Shell (SSH) session, depending on how the device is
configured.
Cisco Network Assistant is not built specifically to support the Cisco SDA. Cisco Network Assistant
is a free Java-based desktop application that enables a LAN administrator to perform network
operations, diagnose problems, and interact with network devices by using a GUI. A typical Cisco
Network Assistant installation supports the management of up to 80 devices. Cisco Network
Assistant predates Cisco SDA and is therefore not specifically built to support Cisco SDA.
QUESTION NO: 52
Which of the following entries from the show ip route command indicates a host route?
A.
C 192.168.1.0/30 is directly connected, FastEthernet0/0
B.
S* 0.0.0.0/0 [1/0] via FastEthernet0/0
C.
L 192.168.1.1/32 is directly connected, FastEthernet0/0
D.
O 192.168.1.0/24 [110/2] via 10.1.1.13, 00:00:08, FastEthernet0/0
E.
D 192.168.0.4/30 [90/2195456] via 192.168.0.18, 00:03:31, FastEthernet0/0
F.
S 192.168.1.0/24 [5/0] via 10.1.2.3
Answer: C
Explanation:
The L 192.168.1.1/32 is directly connected, FastEthernet0/0 entry from the show ip route
command indicates a host route. Local host routes are marked with an L in the output of the
show ip route command or the show ipv6 route command. Internet Protocol version 4 (IPv4)
host routes have a /32 mask, and IP version 6 (IPv6) host routes have a /128 mask.
Not all IPv4 routes with a /32 mask are considered host routes. IPv4 addresses that are manually
configured with a /32 mask are considered to be connected addresses and are marked with a c in
the output of the show ip route command. For example, the C 192.168.1.0/30 is directly
connected, FastEthernet0/0 entry from the show ip route command indicates a connected route.
Routes that are marked with an o in the output of the show ip route command are Open Shortest
Path First (OSPF) routes. Routes that are marked with a D in the output of the show ip route
command are Enhanced Interior Gateway Routing Protocol (EIGRP) routes. OSPF routes and
EIGRP routes are considered network routes.
Cisco 200-301 Exam
“Pass Any Exam. Any Time.” - www.actualtests.com 88
Routes that are marked with an s in the output of the show ip route command are static routes.
Normal static routes have an administrative distance (AD) of 1; the AD is the first number inside
the brackets. A static route with a modified AD is called a floating static route and is often used as
a backup route in case the primary route goes down. The S 192.168.1.0/24 [5/0] via 10 .1.2.3
entry from the show ip route command indicates a floating static route with an AD of 5.
Routes that are marked with an * in the output of the show ip route command are default routes.
A static default route can be configured by issuing the ip route 0.0.0.0 0.0.0.0 {next-hop-IP |
interface} command. The S* 0.0.0.0/0 [1/0] via FastEthernet0/0 entry from the show ip route
QUESTION NO: 53
RouterA receives routes to the following overlapping networks:
* 192.168.1.0/24
* 192.168.1.0/25
* 192.168.1.0/26
* 192.168.1.0/28
Each of the routes is received from a different routing protocol.
Which of the following routes will RouterA install in the routing table?
A.
all of the routes
B.
the route with the highest AD
C.
the route with the longest prefix match
D.
the route with the lowest AD
E.
Cisco 200-301 Exam
“Pass Any Exam. Any Time.” - www.actualtests.com 89
the route with the shortest prefix match
Answer: A
Explanation:
RouterA will install all of the routes in the routing table. When multiple routes to overlapping
networks exist, a router will prefer the most specific route, which is the route with the longest prefix
match. For example, if RouterA receives a packet to 192.168.1.4, it will send the packet to the
192.168.1.0/28 route; if RouterA receives a packet to 192.168.1.20, it will send the packet to the
192.168.1.0/26 route. RouterA will not install only the route with the longest or shortest prefix
match.
RouterA will not install only the route with the highest or lowest administrative distance (AD),
because the routes target separate destination networks. When multiple routes to the same
destination network exist and each route uses a different routing protocol, a router will install only
the route from the routing protocol with the lowest AD. The following list contains the most
QUESTION NO: 54
In a two-tier network design, which layers are combined together?
A.
aggregation and access
B.
core, distribution, and access
C.
core, aggregation, and access
D.
core and access
E.
core and distribution
F.
distribution and access
Answer: E
Explanation:
In a two-tier network design, the core and distribution layers are combined together into a single
layer; this two-tier network design is often called the collapsed core design. The functionality of the
core layer can be collapsed into the distribution layer if the distribution layer infrastructure is
sufficient to meet the design requirements. The collapsed core in a two-tier network design
provides physical and logical paths as well as a Layer 2 aggregation and demarcation point. In
addition, a collapsed core defines routing polices and network access policies and provides
intelligent network services.
The Cisco hierarchical network model divides the network into three distinct layers:
* Core layer
* Distribution layer, sometimes called the aggregation layer
* Access layer
Cisco 200-301 Exam
“Pass Any Exam. Any Time.” - www.actualtests.com 91
The core layer of the hierarchical model is primarily associated with low latency and high reliability.
As the network backbone, the core layer provides fast convergence and typically provides the
fastest switching path in the network.
The distribution layer provides route filtering and interVLAN routing. The distribution layer serves
as an aggregation point for access layer network links. Because the distribution layer is the
intermediary between the access layer and the core layer, the distribution layer is the ideal place
to enforce security policies, to provide Quality of Service (QoS), and to perform tasks that involve
packet manipulation, such as routing. Summarization and next-hop redundancy are also
performed in the distribution layer.
The access layer serves as a media termination point for endpoints such as servers and hosts.
Because access layer devices provide access to the network, the access layer is the ideal place to
perform user authentication.
QUESTION NO: 55
You issue the following commands on a Cisco router’s FastEthernet 0/0 interface:
ipv6 enable
no shutdown
The interface on the other side of the link is not yet configured. In addition, there is no DHCPv6
server on the network.
How many IPv6 addresses are configured on the interface?
A.
one
B.
none
C.
three
Cisco 200-301 Exam
“Pass Any Exam. Any Time.” - www.actualtests.com 92
D.
two
Answer: A
Explanation:
One Internet Protocol version 6 (IPv6) address is configured on the interface after you issue the
ipv6 enable command on the Cisco router’s FastEthernet 0/0 interface. There are three ways to
enable IPv6 on an interface: by manually assigning an IPv6 address to the interface, by
automatically assigning an IPv6 address to the interface, or by issuing the ipv6 enable command
on the interface. Once IPv6 is enabled on an interface, it can use its automatically derived, linklocal IPv6 address to communicate with other IPv6 enabled devices on directly connected
networks.
IPv6 link-local unicast addresses are used for communication over a single link. Routers do not
forward traffic sent to a link-local address; the traffic stays on the local link. IPv6 link-local unicast
addresses are often used for neighbor discovery. These addresses usually begin with FE8, as
specified in Request for Comments (RFC) 4291.
To manually assign an IPv6 address to an interface, you can issue the ipv6 address
address/prefix-length [eui-64] command. The eui-64 keyword configures a static IPv6 prefix but
allows the router to automatically generate a 64-bit interface ID known as an extended unique
identifier (EUI)-64 interface ID; the EUI-64 interface ID is based on the interface’s Media Access
Control (MAC) address.
To automatically assign an IPv6 address to an interface, you can implement Stateless Address
Automatic Configuration (SLAAC), Dynamic Host Configuration Protocol version 6 (DHCPv6), or a
combination of the two. SLAAC configurations occur based on information that is sent in router
advertisements from an IPv6 gateway operating on the same network segment. When the linklocal interface is active on the segment, it can announce itself and receive router advertisements
from an IPv6 router that is operating on the same segment. If an IPv6 router exists and can
function as an IPv6 gateway, it will advertise that functionality as well as the globally unique prefix
with which it is configured and with which connected nodes should be used. The ipv6 address
autoconfig command configures an interface to automatically assign itself a global unicast IPv6
address by using SLAAC.
The same ipv6 address autoconfig command that enables SLAAC on an interface will enable
the interface to obtain additional information from a DHCPv6 server if a DHCPv6 server exists on
the network and is configured to send nonaddress information. The ipv6 address dhcp
command configures a DHCPv6 client interface to use stateful DHCPv6 addressing, which
configures addressing information and extra information from the DHCPv6 server.
Unlike with IP version 4 (IPv4), it is possible to configure more than one IPv6 address on an
interface without defining the addresses as primary or secondary. IPv4-only interfaces can be
configured with only one primary IPv4 address. However, in this scenario, the ipv6 enable
Cisco 200-301 Exam
“Pass Any Exam. Any Time.” - www.actualtests.com 93
command only configures a link-local IPv6 address. Although it is possible for an interface to have
more than two IPv6 addresses, that is not the case in this scenario.
QUESTION NO: 56
You issue the show ip ospf neighbor command on Router1 and see that Router2 is in the
2WAY/DROTHER state.
Which of the following statements is true regarding Router2?
A.
Router1 is the DR for the segment.
B.
Router2 is the DR for the segment.
C.
Router1 and Router2 are normal neighbor routers that are operating correctly.
D.
The MTU settings are mismatched between Router1 and Router2.
Answer: C
Explanation:
Router1 and Router2 are normal neighbor routers that are operating correctly. Neighbor routers
that are neither the designated router (DR) nor the backup designated router (BDR) remain in the
2-Way state. The DR and BDR will proceed to the Full state.
Neither Router1 nor Router2 is the DR for the segment. If Router1 were the DR, the output of the
show ip ospf neighbor command would show Router2 in the FULL/DROTHER state. If Router2
were the DR, the output of the show ip ospf neighbor command would show Router2 in the
FULL/DR state.
The maximum transmission unit (MTU) settings are not mismatched between Router1 and
Cisco 200-301 Exam
“Pass Any Exam. Any Time.” - www.actualtests.com 94
Router2. If the MTU settings were mismatched, the routers would be stuck in the Exstart,
Exchange, or Loading states.
When an OSPF neighbor router is powered on, it transitions through the following neighbor states:
* Down
* Init
* 2-Way
* Exstart
* Exchange
* Loading
* Full
An OSPF neighbor router begins in the Down state. A neighbor in the Down state has not yet sent
a Hello packet.
When a Hello packet is received from the neighbor router but the Hello packet does not contain
the receiving router’s ID, the neighbor router is in the Init state. The receiving router replies to the
neighbor router with a Hello packet that contains the neighbor router’s ID as an acknowledgment
that the receiving router received the neighbor’s Hello packet. If a router is stuck in the Init state, it
has sent Hello packets but has not received any from the neighbor router.
The neighbor router replies with a Hello packet that contains the receiving router’s ID. When this
occurs, the neighbor router is in the 2-Way state. At the end of the 2-Way state, the DR and BDR
are elected for broadcast and nonbroadcast multiaccess (NBMA) networks. On broadcast and
NBMA networks, neighbor routers will proceed to the Full state only with the DR and BDR; other
neighbor adjacencies will remain in the 2-Way state. If all routers on a segment remain in the 2-
Way state, you should verify whether all routers on the segment are set to a priority of 0, which
prevents any of them from becoming the DR or BDR.
After the DR and BDR are elected, neighbor routers form master-slave relationships in order to
establish the method for exchanging link-state information. Routers in this state are in the Exstart
state. If a router is stuck in the Exstart state, you should verify whether there is a problem with
mismatched maximum transmission unit (MTU) settings or duplicate router IDs.
Neighbor routers then exchange database descriptor (DBD) packets. These DBD packets contain
link-state advertisement (ISA) headers that describe the contents of the link-state database
(LSDB). Routers in this state are in the Exchange state. If a router is stuck in the Exchange state,
you should verify whether there is a problem with mismatched MTU settings or duplicate router
IDs.
Cisco 200-301 Exam
“Pass Any Exam. Any Time.” - www.actualtests.com 95
Routers then send link-state request (LSR) packets to request the contents of the neighbor
router’s OSPF database. The neighbor router replies with link-state update (LSU) packets that
contain the routing database information. Routers in this state are in the Loading state. If a router
is stuck in the Loading state, you should verify whether there is a problem with mismatched MTU
settings or corrupted LSR packets.
After the OSPF databases of neighbor routers are fully synchronized, the routers transition to the
Full state, which is the normal OSPF router state for DRs and BDRs. A router will periodically send
Hello packets to its neighbors to indicate that it is still functional. If a router does not receive a
Hello packet from a neighbor within the dead timer interval, the neighbor router will transition back
to the Down state.
Reference: https://www.cisco.com/c/en/us/support/docs/ip/open-shortest-path-first
QUESTION NO: 57
Which of the following statements are true regarding dynamic interfaces on WLCs? (Choose two.)
A.
Dynamic interfaces are user-defined.
B.
Dynamic interfaces are typically used for client data.
C.
Dynamic interfaces are typically used for management information.
D.
Dynamic interfaces must be reachable by other WLCs.
E.
Dynamic interfaces are often used for maintenance purposes.
Answer: A,B
Explanation:
Dynamic interfaces are user-defined and are typically used for client data. A wireless LAN
controller (WLC) contains both static and dynamic interfaces. A WLC can contain up to four types
of static interfaces: the management interface, the AP-manager interface, a virtual interface, and
the service port interface. A WLC can contain up to 512 dynamic interfaces. The dynamic
interfaces function similarly to virtual local area networks (VLANs). For example, you can create a
Cisco 200-301 Exam
“Pass Any Exam. Any Time.” - www.actualtests.com 96
dynamic interface to segment traffic on the WLC.
The management interface, which is a static interface, is used for management information. This
interface is used for all Layer 2 Lightweight Access Point Protocol (LWAPP) communications
between the controller and the lightweight access points (APs). In addition, the management
interface is used to communicate with other WLCs on the wireless network.
The service port interface, which is a static interface, is used for maintenance purposes on a WLC.
This interface is a physical interface on the WLC that can be used to recover the WLC in the event
that the WLC fails. The service port interface is the only interface that is available while the WLC is
booting.
It is not necessary for a dynamic interface to be reachable by all other WLCs. The WLCs will use
the management interface, not a dynamic interface, to exchange information
QUESTION NO: 58
To which of the following planes does a centralized controller connect by using a northbound API?
A.
the management plane
B.
the application plane
C.
the control plane
D.
the data plane
Answer: B
Explanation:
In a controller-based network, a centralized controller connects to the application plane by using a
northbound Application Programming Interface (API). The application plane is the component of a
Cisco 200-301 Exam
“Pass Any Exam. Any Time.” - www.actualtests.com 97
controller-based network in which applications that are written to allow interaction with the
centralized controller reside. These applications are typically designed to improve network
management efficiency through network automation. A controller communicates with applications
in the application plane by using a northbound API such as Representational State Transfer
(REST) or Java Open Services Gateway initiative (OSGi).
In a controller-based network, such as a Software-Defined Networking (SDN) network, the control
plane is centralized. The control plane is responsible for network decision making in both a
controller-based network and a traditional network. However, the control plane in a traditional
network is typically distributed among many devices. The Open Shortest Path First (OSPF) routing
protocol running on a series of routers on a traditional network is one example of a traditional
control plane. OSPF makes routing decisions for packets that require routing among Layer 3
devices. In a controller-based network, the decision-making logic is either moved to a central
controller or monitored by a central controller.
In a controller-based network, a centralized controller connects to the data plane by using a
southbound API, such as NETCONF, OpenFlow, OpFlex, or OnePK. Layer 2 switches, Layer 3
switches, and end devices typically operate in the data plane. Network tasks that are typically
performed in the data plane include the encapsulation and decapsulation of packets, the adding or
removing of trunk headers, the matching of Media Access Control (MAC) addresses to a MAC
address table, the matching of Internet Protocol (IP) addresses to paths in a routing table, the
encryption of data, Network Address Translation (NAT), and filtering by using either access control
lists (ACLs) or port security.
In both a controller-based network and a traditional network, the management plane consists of
network management protocols, such as Telnet, Secure Shell (SSH), Simple Network
Management Protocol (SNMP), and Syslog. All of these protocols enable an administrator to
connect to and manage a network device.
QUESTION NO: 59
In a split-MAC deployment, which device is responsible for prioritizing packets and responding to
beacon and probe requests?
A.
a lightweight AP
B.
a router
C.
a switch
Cisco 200-301 Exam
“Pass Any Exam. Any Time.” - www.actualtests.com 98
D.
a WLC
Answer: A
Explanation:
In a split-MAC deployment, a lightweight access point (AP) is responsible for prioritizing packets
and responding to beacon and probe requests. In a Cisco Unified Wireless Network deployment,
the Media Access Control (MAC) functions that are normally handled by a single device in an
autonomous wireless network are distributed between lightweight APs and wireless LAN
controllers (WLCs). The functionality provided by the lightweight AP includes handling the realtime processing of data, such as sending and receiving 802.11 traffic, responding to beacons and
probe messages, encryption, and packet prioritization. In addition, the lightweight AP must send
management information to the WLC so that the WLC can forward the information to a
management station.
By contrast, a WLC handles tasks that are not time-sensitive, such as security management,
lightweight AP configuration management, and client load balancing. The WLC is also responsible
for client association requests, data encapsulation, client authentication, key exchange, security
policy enforcement, and radio frequency (RF) management.
Reference: https://www.cisco.com/c/en/us/td/docs/wireless/controller/8-1/Enterprise-Mobility-8-1-
Design-Guide/Enterprise_Mobility_8-1_Deployment_Guide/cuwn.html#pgfId-1173394 CCNA 200-
301 Official Cert Guide, Volume 1, Chapter 27: Analy
QUESTION NO: 63
Which of the following is enabled on a Cisco router when you issue the ntp server command from
global configuration mode?
A.
symmetric active mode
B.
broadcast client mode
C.
authentication
D.
static client mode
E.
server mode
Answer: D
Explanation:
Network Time Protocol (NTP) static client mode is enabled on a Cisco router when you issue the
ntp server command from global configuration mode. NTP is used to synchronize the time on
network devices. An NTP static client receives its time from an NTP server. The syntax of the ntp
server command is ntp server ip-address, where ip-address is the Internet Protocol (IP) address
of the NTP server that the client will use to receive its time.
NTP broadcast client mode is enabled on a Cisco router when you issue the ntp broadcast client
command from interface configuration mode. An NTP broadcast client listens on the configured
interface for NTP broadcasts from an NTP server, which the NTP client uses to adjust its time. The
difference between a broadcast client and a static client is that a broadcast client can receive its
time from any NTP server. By contrast, a static client receives its time from the NTP server
Cisco 200-301 Exam
“Pass Any Exam. Any Time.” - www.actualtests.com 105
specified in the ntp server command.
NTP authentication is enabled on a Cisco router when you issue the ntp authenticate command
from global configuration mode. Authentication can be used with NTP to provide source
verification for NTP synchronization. NTP authentication supports only Message Digest 5 (MD5)
keys. To enable authentication on an NTP client, you should issue the following command set:
ntp authenticate
ntp authentication-key key-number md5 key
ntp trusted-key key-number
ntp server ip-address key key-number
To enable authentication on an NTP server, you should issue the following command set:
ntp authenticate
ntp authentication-key key-number md5 key
NTP server mode is enabled on a Cisco router when you issue the ntp master command from
global configuration mode. The syntax of the ntp master command is ntp master [stratum], where
stratum is an NTP stratum value from 1 through 15; if the stratum value is not specified, the NTP
server uses the default stratum value of 8. NTP servers not only synchronize time with NTP clients
but also synchronize time with each other. Devices with higher stratum numbers receive time from
devices with lower stratum numbers. For example, a stratum 2 device typically receives its time
from a stratum 1 device, a stratum 3 device typically receives its time from a stratum 2 device, and
so on.
NTP symmetric active mode is enabled on a Cisco router when you issue the ntp peer command
from global configuration mode. A device in symmetric active mode attempts to mutually
synchronize with another NTP host; the host might synchronize the peer, or it might be
synchronized by the peer. The syntax of the ntp peer command is ntp peer ip-address, where ipaddress is the IP address of the NTP host.
QUESTION NO: 64
Cisco 200-301 Exam
“Pass Any Exam. Any Time.” - www.actualtests.com 106
On which interfaces is the OSPF broadcast network type enabled by default? (Choose two.)
A.
Ethernet
B.
X.25
C.
PPP
D.
Frame Relay
E.
HDLC
F.
FDDI
Answer: A,F
Explanation:
The Open Shortest Path First (OSPF) broadcast network type is enabled by default on Fiber
Distributed Data Interface (FDDI) and Ethernet interfaces, including Fast Ethernet and Gigabit
Ethernet interfaces. If the ip ospf network command has not been issued for an OSPF interface,
the default network type is used. The default OSPF network type depends upon the type of
network to which the interface is connected.
There are five OSPF network types:
* Broadcast
* Nonbroadcast
* Point-to-point
* Point-to-multipoint broadcast
* Point-to-multipoint nonbroadcast
On broadcast networks, designated router (DR) and backup designated router (BDR) elections are
performed. Multicast updates are sent, so manual configuration of neighbor routers with the
neighbor command is not required. By default, the Hello timer is set to 10 seconds and the dead
timer is set to 40 seconds. To configure an OSPF broadcast network, you should issue the ip ospf
network broadcast command.
Cisco 200-301 Exam
“Pass Any Exam. Any Time.” - www.actualtests.com 107
The OSPF nonbroadcast network type is enabled by default on Frame Relay and X.25 interfaces.
On nonbroadcast networks, DR and BDR elections are performed. Nonbroadcast networks do not
allow multicasts; therefore, manual configuration of neighbor routers with the neighbor command
is required so that OSPF sends unicast updates. By default, the Hello timer is set to 30 seconds
and the dead timer is set to 120 seconds. To configure an OSPF nonbroadcast network, which is
also called a nonbroadcast multiaccess (NBMA) network, you should issue the ip ospf network
non-broadcast command.
The OSPF point-to-point network type is enabled by default on High-Level Data Link Control
(HDLC) and Point-to-Point Protocol (PPP) serial interfaces. On point-to-point networks, DR and
BDR elections are not performed. Multicast updates are sent, so manual configuration of
neighbor routers with the neighbor command is not required. By default, the Hello timer is set to
10 seconds and the dead timer is set to 40 seconds. To configure an OSPF point-to-point network,
you should issue the ip ospf network point-to-point command.
On OSPF point-to-multipoint networks, DR and BDR elections are not performed. Multicast
updates are sent, so manual configuration of neighbor routers with the neighbor command is not
required. By default, the Hello timer is set to 30 seconds and the dead timer is set to 120 seconds.
To configure an OSPF point-to-multipoint broadcast network, you should issue the ip ospf
network point-to-multipoint command.
On OSPF point-to-multipoint nonbroadcast networks, DR and BDR elections are not performed.
Nonbroadcast networks do not allow multicasts; therefore, manual configuration of neighbor
routers with the neighbor command is required so that OSPF sends unicast updates. By default,
the Hello timer is set to 30 seconds and the dead timer is set to 120 seconds. To configure an
OSPF point-to-multipoint nonbroadcast network, you should issue the ip ospf network point-tomultipoint non-broadcast command
QUESTION NO: 65
Which of the following networks is not defined by RFC 1918?
Cisco 200-301 Exam
“Pass Any Exam. Any Time.” - www.actualtests.com 108
A.
10.1.1.0
B.
192.168.111.0
C.
10.16.1.0
D.
172.172.1.0
E.
172.20.1.0
F.
192.168.1.0
Answer: D
Explanation:
The Internet Protocol (IP) address 172.172.1.0 is a public IP address and is not defined by
Request for Comments (RFC) 1918. Three network address ranges are defined as private
address ranges by RFC 1918. These network ranges are intended for private local area network
(LAN) use and are not routed across the Internet. RFC 1918 defines these private address ranges
and provides guidelines for their use. The following list indicates the IP address ranges that are
reserved for private, internal use:
* Class A – 10.0.0.0 to 10.255.255.255
* Class B – 172.16.0.0 to 172.31.255.255
* Class C – 192.168.0.0 to 192.168.255.255
Public IP addresses are maintained by the Internet Assigned Numbers Authority (IANA). In order
to use a public, routable IP address, you must obtain an available range of IP addresses from
IANA or from a third party that has obtained valid IP addresses from IANA. You can limit the
number of public IP addresses required for your network by using private IP addresses that have
been defined in RFC 1918 for internal use. This enables you to configure private IP addresses for
your network’s internal host computers. You can then implement Network Address Translation
(NAT) to translate these private addresses to a minimal number of public addresses for
transmission across public networks such as the Internet.
The IP addresses 10.16.1.0 and 10.1.1.0 are examples of a Class A internal, private address
defined by RFC 1918. The IP address 172.20.1.0 is an example of a Class B internal, private
address defined by RFC 1918. The IP addresses 192.168.111.0 and 192.168.1.0 are examples of
Class C internal, private addresses defined by RFC 1918
QUESTION NO: 66
You have issued the power inline police action log command from interface configuration mode
on a Cisco switch.
Which of the following best describes what will occur when an attached PD attempts to draw more
than its allocated amount of power from the configured interface?
A.
The port will enter an error-disabled state.
B.
A log message will appear on the console.
C.
The port will restart, and a log message will appear on the console.
D.
The port will enter an error-disabled state, and a log message will appear on the console
Answer: C
Explanation:
In this scenario, the port will restart and a log message will appear on the console when an
attached powered device (PD) attempts to draw more than its allocated amount of power from the
configured interface. Because sending an electrical current to a device that does not support
Power over Ethernet (PoE) could potentially damage the receiving device, power-sourcing
equipment (PSE), such as a PoE-capable switch, will first apply a small voltage to a PoE-enabled
port to determine whether a PD is attached to the port. The Institute of Electrical and Electronics
Engineers (IEEE) PoE standards require a PD to provide a measurable resistance of
approximately 25 kilo Ohms (kohms) when it is probed by a PSE. If the PSE detects a PD, the
PSE can then send a signal with a higher voltage to determine the class of the PD. When an IEEE
standards-compliant PD receives this higher-voltage signal from a PSE, its response will inform
the PSE about the PD’s power requirements. The PSE will categorize the PD into an appropriate
class, if possible, and will then guarantee a minimum amount of power relative to the class of the
PD. If the PSE cannot identify the appropriate class for a PD, the PD will be categorized into the
default class and will receive the default amount of power.
Power policing is a Cisco feature that enables a switch to monitor the current draw of connected
Cisco 200-301 Exam
“Pass Any Exam. Any Time.” - www.actualtests.com 110
devices and to take action if the draw exceeds the amount allocated to the PD in accordance with
its negotiated power class. The allocated maximum power draw is referred to as the cutoff power
value. You can issue the power inline police command from interface configuration mode to
enable power policing with the default settings. When power policing is enabled with the default
settings for a PoE-capable interface, the interface will enter an error-disabled state, effectively
shutting down the port, when an attached PD attempts to draw more than the cutoff power from
the configured interface. A log message describing the event will also be sent to the console.
An interface in an error-disabled state will remain shut down until it is manually reset (by an
administrator issuing the shutdown and no shutdown commands in sequence for the interface)
or until the error-disabled auto recovery mechanism timer expires and the port is automatically
reset. Although error-disable detection for inline power is enabled by default on Cisco PoEcapable switches, error-disable auto recovery for inline power is not enabled by default. Therefore,
a port that has been placed into an error-disabled state by an inline power event will not
automatically reset by default. You can issue the errdisable recovery cause inline-power
command from global configuration mode to enable error-disable auto recovery for inline power.
You can issue the power inline police action log command to change the default power policing
behavior. When the log action is configured, a PoE-enabled interface will restart and send a log
message to the console when an attached PD attempts to draw more than the cutoff power from
the configured interface. This will typically cause the PD to reboot and to renegotiate its power
requirements
