$0.00
Cisco 200-301 Exam Dumps
Cisco Certified Network Associate
Total Questions : 880
Update Date : May 01, 2024
PDF + Test Engine
$65.5 $95.5
Test Engine
$55.5 $85.5
PDF Only
$45 $75
Last Week 200-301 Exam Results
153
Customers Passed Cisco 200-301 Exam
96%
Average Score In Real 200-301 Exam
95%
Questions came from our 200-301 dumps.
Choosing the Right Path for Your 200-301 Exam Preparation
Welcome to PassExamHub's comprehensive study guide for the Cisco Certified Network Associate exam. Our 200-301 dumps is designed to equip you with the knowledge and resources you need to confidently prepare for and succeed in the 200-301 certification exam.
What Our Cisco 200-301 Study Material Offers
PassExamHub's 200-301 dumps PDF is carefully crafted to provide you with a comprehensive and effective learning experience. Our study material includes:
In-depth Content: Our study guide covers all the key concepts, topics, and skills you need to master for the 200-301 exam. Each topic is explained in a clear and concise manner, making it easy to understand even the most complex concepts.
Online Test Engine: Test your knowledge and build your confidence with a wide range of practice questions that simulate the actual exam format. Our test engine cover every exam objective and provide detailed explanations for both correct and incorrect answers.
Exam Strategies: Get valuable insights into exam-taking strategies, time management, and how to approach different types of questions.
Real-world Scenarios: Gain practical insights into applying your knowledge in real-world scenarios, ensuring you're well-prepared to tackle challenges in your professional career.
Why Choose PassExamHub?
Expertise: Our 200-301 exam questions answers are developed by experienced Cisco certified professionals who have a deep understanding of the exam objectives and industry best practices.
Comprehensive Coverage: We leave no stone unturned in covering every topic and skill that could appear on the 200-301 exam, ensuring you're fully prepared.
Engaging Learning: Our content is presented in a user-friendly and engaging format, making your study sessions enjoyable and effective.
Proven Success: Countless students have used our study materials to achieve their 200-301 certifications and advance their careers.
Start Your Journey Today!
Embark on your journey to Cisco Certified Network Associate success with PassExamHub. Our study material is your trusted companion in preparing for the 200-301 exam and unlocking exciting career opportunities.
Related Exams
Cisco 200-301 Sample Question Answers
Question # 1Which benefit does Cisco ONA Center provide over traditional campus management?
A. Cisco DNA Center leverages SNMPv3 tor encrypted management, and traditional
campus management uses SNMPv2.
B. Cisco DNA Center automates HTTPS for secure web access, and traditional campus
management uses HTTP.
C. Cisco DNA Center leverages APIs, and traditional campus management requires
manual data gathering.
D. Cisco DNA Center automates SSH access for encrypted entry, and SSH Is absent from
traditional campus management.
Question # 2
What is the primary purpose of a console port on a Cisco WLC?
A. In-band management via an asynchronous transport
B. out-of-band management via an IP transport
C. in-band management via an IP transport
D. out-of-band management via an asynchronous transport
Question # 3
What is the primary purpose of private address space?
A. conserve globally unique address space
B. simplify the addressing in the network
C. limit the number of nodes reachable via the Internet
D. reduce network complexity
Question # 4
What is a characteristics of a collapsed-core network topology?
A. It allows the core and distribution layers to run as a single combined layer.
B. It enables the core and access layers to connect to one logical distribution device over
an EtherChannel.
C. It enables all workstations in a SOHO environment to connect on a single switch with
internet access.
D. It allows wireless devices to connect directly to the core layer, which enables faster data
transmission.
Question # 5
A WLC sends alarms about a rogue AP, and the network administrator verifies that the alarms are caused by a legitimate autonomous AP.
A. Place the AP into manual containment.
B. Remove the AP from WLC management.
C. Manually remove the AP from Pending state.
D. Set the AP Class Type to Friendly.
Question # 6
What is a similarity OM3 and OM4 fiber optical cable?
A. Both have a 62.5 micron core diameter.
B. Both have a 50 micron core diameter.
C. Both have a 100 micron core diameter.
D. Both have a 9 micron core diameter.
Question # 7
What is an advantage of using auto mode versus static mode for power allocation when an access point is connected to a PoE switch port?
A. All four pairs of the cable are used
B. It detects the device is a powered device
C. The default level is used for the access point
D. Power policing is enabled at the same time
Question # 8
A network engineer is implementing a corporate SSID for WPA3-Personal security with a PSK. Which encryption cipher must be configured?
A. GCMP2S6
B. GCMP128
C. CCMP256
D. CCMP128
Question # 9
Which channel-group mode must be configured when multiple distribution interfaces connected to a WLC are bundled?
A. Channel-group mode passive.
B. Channel-group mode on.
C. Channel-group mode desirable.
D. Channel-group mode active.
Question # 10
Which command implies the use of SNMPv3?
A. snmp-server host
B. snmp-server community
C. snmp-server enable traps
D. snmp-server user
Question # 11
SIP-based Call Admission Control must be configured in the Cisco WLC GUI. SIP callsnooping ports are configured. Which two actions must be completed next? (Choose two.)
A. Set the QoS level to silver or greater for voice traffic.
B. Set the QoS level to platinum for voice traffic.
C. Enable Media Session Snooping on re WLAN.
D. Enable traffic shaping for the LAN interlace of the WLC.
E. Configure two different QoS rotes tor data and voice traffic.
Question # 12
What is the default port-security behavior on a trunk link?
A. It causes a network loop when a violation occurs.
B. It disables the native VLAN configuration as soon as port security is enabled.
C. It places the port in the err-disabled state if it learns more than one MAC address.
D. It places the port in the err-disabled slate after 10 MAC addresses are statically
configured.
Question # 13
Which IP header field is changed by a Cisco device when QoS marking is enabled?
A. Header Checksum
B. Type of service
C. DSCP
D. ECN
Question # 14
What is a link-local all-nodes IPv6 multicast address?
A. ff02:0:0:0:0:0:0:1
B. 2004:31c:73d9:683e:255::
C. fffe:034:0dd:45d6:789e::
D. fe80:4433:034:0dd::2
Question # 15
A network engineer must migrate a router loopback interface to the IPv6 address space. If the current IPv4 address of the interface is 10.54.73.1/32, and the engineer configures IPv6 address 0.0.0.0.0:ffff:a36:4901, which prefix length must be used?
A. /64
B. /96
C. /124
D. /128
Question # 16
What is the purpose of using First Hop Redundancy Protocol on a specific subnet?
A. ensures a loop-free physical topology
B. filters traffic based on destination IP addressing
C. sends the default route to the hosts on a network
D. forwards multicast hello messages between routers
Question # 17
What determines the sequence in which materials are planned during the material requirements planning (MRP) run?
A. The control parameters of the MRP run
B. The creation date of the materials
C. The low-level code of the materials
D. The replenishment lead time of the materials
Question # 18
Which cipher is supported for wireless encryption only with the WPA2 standard?
A. AES256
B. AES
C. RC4
D. SHA
Question # 19
Which WPA mode uses PSK authentication?
A. Local
B. Client
C. Enterprise
D. Personal
Question # 20
What is the purpose of the Cisco DNA Center controller?
A. to secure physical access to a data center
B. to scan a network and generate a Layer 2 network diagram
C. to securely manage and deploy network devices
D. to provide Layer 3 services to autonomous access points
Question # 21
Why would a network administrator choose to implement automation in a network environment?
A. To simplify the process of maintaining a consistent configuration state across all devices
B. To centralize device information storage
C. To implement centralized user account management
D. To deploy the management plane separately from the rest of the network Answer: A
Question # 22
What are two differences between WPA2 and WPA3 wireless security? (Choose two.)
A. WPA3 um AES for stronger protection than WPA2 which uses SAE
B. WPA2 uses 1 M-bit key encryption and WPA3 requires 256-brt key encryption
C. WPA3 uses AES for stronger protection than WPA2 which uses TKIP WPA3 uses
D. SAE tor stronger protection than WPA2 which uses AES
E. WPA2 uses 12B-M key encryption and WPA3 supports 128 bit and 192 bit key
encryption
Question # 23
Which security method is used to prevent man-in-the-middle attack?
A. authorization
B. authentication
C. anti-replay
D. accounting
Question # 24
What is the function of a controller in a software-defined network?
A. multicast replication at the hardware level
B. forwarding packets
C. fragmenting and reassembling packets
D. setting packet-handling policies
Question # 25
Which syslog severity level is considered the most severe and results in the system being considered unusable?
A. Alert
B. Error
C. Emergency
D. Critical
Question # 26
Why is TCP desired over UDP for application that require extensive error checking, such as HTTPS?
A. UDP operates without acknowledgments, and TCP sends an acknowledgment for every
packet received.
B. UDP reliably guarantees delivery of all packets, and TCP drops packets under heavy
load.
C. UDP uses flow control mechanisms for the delivery of packets, and TCP uses
congestion control for efficient packet delivery.
D. UDP uses sequencing data tor packets to arrive in order, and TCP offers trie capability
to receive packets in random order.
Question # 27
Which two IPv6 addresses are used to provide connectivity between two routers on a shared link? (Choose two)
A. ::ffif 1014 1011/96
B. 2001 7011046:1111:1/64
C. ;jff06bb43cd4dd111bbff02 4545234d
D. 2002 5121204b 1111:1/64
E. FF02::0WlFF00:0l)00/104
Question # 28
Refer to the exhibit. User traffic originating within site 0 is failing to reach an application hosted on IP address 192.168 0 10. Which is located within site A What is determined by the routing table?
A. The default gateway for site B is configured incorrectly
B. The lack of a default route prevents delivery of the traffic
C. The traffic is blocked by an implicit deny in an ACL on router2
D. The traffic to 192 168 010 requires a static route to be configured in router 1.
Question # 29
What is a purpose of traffic shaping?
A. It enables dynamic flow identification.
B. It enables policy-based routing.
C. It provides best-effort service.
D. It limits bandwidth usage.
Question # 30
An engineer is configuring a switch port that is connected to a VoIP handset. Which command must the engineer configure to enable port security with a manually assigned MAC address of abod-bod on voice VLAN 4?
A. switchport port-security mac-address abcd.abcd.abcd
B. switchport port-security mac-address abed.abed.abed vlan 4
C. switchport port-security mac-address sticky abcd.abcd.abcd vlan 4
D. switchport port-security mac-address abcd.abcd.abcd vlan voice
Question # 31
What is a specification for SSIDS?
A. They are a Cisco proprietary security feature.
B. They must include one number and one letter.
C. They define the VLAN on a switch.
D. They are case sensitive.
Question # 32
An engineer is installing a new wireless printer with a static IP address on the Wi-Fi network. Which feature must be enabled and configured to prevent connection issues with the printer?
A. client exclusion
B. passive client
C. DHCP address assignment
D. static IP tunneling
Question # 33
What is a function of Cisco Advanced Malware Protection for a Next-Generation IPS?
A. authorizing potentially compromised wireless traffic
B. inspecting specific files and file types for malware
C. authenticating end users
D. URL filtering
Question # 34
What is a function performed by a web server?
A. provide an application that is transmitted over HTTP
B. send and retrieve email from client devices
C. authenticate and authorize a user's identity
D. securely store flies for FTP access
Question # 35
Which access point mode relies on a centralized controller for management, roaming, and SSID configuration? SSID configuration?
A. repeater mode
B. autonomous mode
C. bridge mode
D. lightweight mode
Question # 36
What is the role of community strings in SNMP operations?
A. It serves as a sequence tag on SNMP traffic messages.
B. It serves as a password lo protect access to MIB objects.
C. It passes the Active Directory username and password that are required for device
access
D. It translates alphanumeric MIB output values to numeric values.
Question # 37
What is the function of "off-the-shell" switches in a controller-based network?
A. providing a central view of the deployed network
B. forwarding packets
C. making routing decisions
D. setting packet-handling policies
Question # 38
What is the difference between 1000BASE-LX/LH and 1000BASE-ZX interfaces?
A. 1000BASE-ZX is supported on links up to 1000km, and 1000BASE-LX/LH operates over
links up to 70 km.
B. 1000BASE-LX/LH interoperates with multimode and single-mode fiber, and 10008ASEZX needs a conditioning patch cable with a multimode.
C. 1000BASE-LX/LH is supported on links up to 10km, and 1000BASE-ZX operates over
links up to 70 km
D. 1000BASE-ZX interoperates with dual-rate 100M/1G 10Km SFP over multimode fiber,
and 1000BASE-LX/LH supports only single-rate
Question # 39
A network analyst is tasked with configuring the date and time on a router using EXEC mode. The date must be set to January 1. 2020 and the time must be set to 12:00 am. Which command should be used?
A. clock summer-time recurring
B. clock timezone
C. clock summer-time date
D. clock set
Question # 40
Which properly is shared by 10GBase-SR and 10GBase-LR interfaces?
A. Both require fiber cable media for transmission.
B. Both require UTP cable media for transmission.
C. Both use the single-mode fiber type.
D. Both use the multimode fiber type.
Question # 41
How does authentication differ from authorization?
A. Authentication verifies the identity of a person accessing a network, and authorization
determines what resource a user can access.
B. Authentication is used to record what resource a user accesses, and authorization is
used to determine what resources a user can access
C. Authentication is used to determine what resources a user is allowed to access, and
authorization is used to track what equipment is allowed access to the network
D. Authentication is used to verify a person's identity, and authorization is used to create
syslog messages for logins.
Question # 42
Which command do you enter so that a switch configured with Rapid PVST + listens and learns for a specific time period?
A. switch(config)#spanning-tree vlan 1 max-age 6
B. switch(config)#spanning-tree vlan 1 hello-time 10
C. switch(config)#spanning-tree vlan 1 priority 4096
D. switch(config)#spanning-tree vlan 1 forward-time 20
Question # 43
Which Cisco proprietary protocol ensures traffic recovers immediately, transparently, and automatically when edge devices or access circuits fail?
A. SLB
B. FHRP
C. VRRP
D. HSRP
Question # 44
What is a benefit of a point-to-point leased line?
A. flexibility of design
B. simplicity of configurator
C. low cost
D. full-mesh capability
Question # 45
What is the function of northbound API?
A. It upgrades software and restores files.
B. It relies on global provisioning and configuration.
C. It supports distributed processing for configuration.
D. It provides a path between an SDN controller and network applications.
Question # 46
An engineer is configuring router R1 with an IPv6 static route for prefix 2019:C15C:0CAF:E001::/64. The next hop must be 2019:C15C:0CAF:E002::1 The route must be reachable via the R1 Gigabit 0/0 interface. Which command configures the designated route?
A. R1(config)#ipv6 route 2019:C15C:0CAF:E001::/64 2019:C15C:0CAF:E002::1
B. R1(config-if)#ipv6 route 2019:C15C:0CAF:E001::/64 2019:C15C:0CAF:E002::1
C. R1(config-if)#ip route 2019:C15C:0CAF:E001::/64 GigabitEthernet0/0
D. R1(config)#ip route 2019:C15C:0CAF:E001::/64 GigabitEthernet0/0
Question # 47
In a cloud-computing environment what is rapid elasticity?
A. control and monitoring of resource consumption by the tenant
B. automatic adjustment of capacity based on need
C. pooling resources in a multitenant model based on need
D. self-service of computing resources by the tenant
Question # 48
Which two practices are recommended for an acceptable security posture in a network? (Choose two)
A. Backup device configurations to encrypted USB drives for secure retrieval
B. maintain network equipment in a secure location
C. Use a cryptographic keychain to authenticate to network devices
D. Place internal email and file servers in a designated DMZ
E. Disable unused or unnecessary ports, interfaces and services
Question # 49
What is the functionality of the Cisco DNA Center?
A. data center network pokey con
B. console server that permits secure access to all network devices
C. IP address cool distribution scheduler
D. software-defined controller for automaton of devices and services
Question # 50
What is a reason to implement LAG on a Cisco WLC?
A. Increase the available throughput on the link.
B. Increase security by encrypting management frames
C. Allow for stateful failover between WLCs
D. Enable the connected switch ports to use different Layer 2 configurations
Question # 51
Which two features introduced in SNMPv2 provides the ability to retrieve large amounts of data in one request
A. Get
B. GetNext
C. Set
D. GetBulk
E. Inform
Question # 52
By default, how long will the switch continue to know a workstation MAC address after the workstation stops sending traffic?
A. 200 seconds
B. 300 seconds
C. 600 seconds
D. 900 seconds
Question # 53
What is the purpose of classifying network traffic in QoS?
A. services traffic according to its class
B. identifies the type of traffic that will receive a particular treatment
C. writes the class identifier of a packet to a dedicated field in the packet header
D. configures traffic-matching rules on network devices
Question # 54
What is the put method within HTTP?
A. It is a read-only operation.
B. It is a nonldempotent operation.
C. It replaces data at the destination.
D. It displays a web site.
Question # 55
Which functionality is provided by the console connection on a Cisco WLC?
A. out-of-band management
B. secure in-band connectivity for device administration
C. unencrypted in-band connectivity for file transfers
D. HTTP-based GUI connectivity
Question # 56
Which command configures the Cisco WLC to prevent a serial session with the WLC CLI from being automatical togged out?
A. config sessions maxsessions 0
B. config sessions timeout 0
C. config serial timeout 0
D. config serial timeout 9600
Question # 57
Which IPsec transport mode encrypts the IP header and the payload?
A. pipe
B. control
C. transport
D. tunnel
Question # 58
An administrator must use the password complexity not manufacturer-name command to prevent users from adding “cisco” as a password. Which command must be issued before this command?
A. Password complexity enable
B. confreg 0x2142
C. Login authentication my-auth-list
D. service password-encryption
Question # 59
A packet from a company s branch office is destined to host 172.31.0.1 at headquarters. The sending router has three possible matches in its routing table for the packet prefixes: 172. 31.0 .0/16.72.31.0.0724. and 172.31 0 0/25. How does the router handle the packet?
A. It sends the traffic via prefix 172.31.0.0/16
B. It sends the traffic via the default gateway 0.0.0.070.
C. It sends the traffic via prefix 172.31.0.0/24
D. It sends the traffic via prefix 172.31.0.0/25
Question # 60
What is the advantage of separating the control plane from the data plane within an SDN network?
A. decreases overall network complexity
B. limits data queries to the control plane
C. reduces cost
D. offloads the creation of virtual machines to the data plane
Question # 61
Which device separates networks by security domains?
A. firewall
B. access point
C. intrusion protection system
D. wireless controller
Question # 62
What is used as a solution for protecting an individual network endpoint from attack?
A. Router
B. Wireless controller
C. Anti software
D. Cisco DNA Center
Question # 63
Which protocol is used in Software Defined Access (SDA) to provide a tunnel between two edge nodes in different fabrics?
A. Generic Router Encapsulation (GRE)
B. Virtual Local Area Network (VLAN)
C. Virtual Extensible LAN (VXLAN)
D. Point-to-Point Protocol
Question # 64
A switch is a forwarding a frame out of an interfaces except the interface that received the frame. What is the technical term for this process?
A. ARP
B. CDP
C. flooding
D. multicast
Question # 65
Which component controls and distributes physical resources for each virtual machine?
A. OS
B. hypervisor
C. CPU
D. physical enclosure
Question # 66
A network engineer is replacing the switches that belong to a managed-services client with new Cisco Catalyst switches. The new switches will be configured for updated security standards, including replacing Telnet services with encrypted connections and doubling the modulus size from 1024. Which two commands must the engineer configure on the new switches? (Choose two.)
A. crypto key generate rsa general-keys modulus 1024
B. transport input all
C. crypto key generate rsa usage-keys
D. crypto key generate rsa modulus 2048
E. transport Input ssh
Question # 67
When an access point is seeking to join wireless LAN controller, which message is sent to the AP- Manager interface?
A. Discovery response
B. DHCP request
C. DHCP discover
D. Discovery request
Question # 68
What is the definition of backdoor malware?
A. malicious code that is installed onto a computer to allow access by an unauthorized user
B. malicious code with the main purpose of downloading other malicious code
C. malicious program that is used to launch other malicious programs
D. malicious code that infects a user machine and then uses that machine to send spam
Question # 69
Which WAN topology has the highest degree of reliability?
A. full mesh
B. Point-to-point
C. hub-and-spoke
D. router-on-a-stick
Question # 70
Which is a fact related to FTP?
A. It uses block numbers to identify and mitigate data-transfer errors
B. It always operates without user authentication
C. It relies on the well-known UDP port 69.
D. It uses two separate connections for control and data traffic
Question # 71
Which two server types support dornas name to IP address resolution? (Choose two >
A. ESX host
B. resolver
C. web
D. file transfer
E. authentication
Question # 72
Which type of address is shared by routers in a HSRP implementation and used by hosts
A. employs PKI and RADIUS to identify access points
B. applies 802.1x authentication and AES-128 encryption
C. uses TKIP and per-packet keying
D. defends against deauthentication and disassociation attacks
Question # 73
Which port type does a lightweight AP use to connect to the wired network when it is configured in local mode?
A. EtherChannel
B. LAG
C. trunk
D. access
Question # 74
Which type of address is shared by routers in a HSRP implementation and used by hosts on the subnet as their default gateway address?
A. multicast address
B. loopback IP address
C. virtual IP address
D. broadcast address
Question # 75
An engineer has configured the domain name, user name, and password on the local router. What is the next step to complete the configuration tor a Secure Shell access RSA key?
A. crypto key Import rsa pem
B. crypto key pubkey-chain rsa
C. crypto key generate rsa
D. crypto key zeroize rsa
Question # 76
What is a reason to implement IPv4 private addressing?
A. Reduce the risk of a network security breach
B. Comply with PCI regulations
C. Comply with local law
D. Reduce the size of the forwarding table on network routers
Question # 77
How does frame switching function on a switch?
A. forwards frames to a neighbor port using CDP
B. modifies frames that contain a known source VLAN
C. inspects and drops frames from unknown destinations
D. forwards known destinations to the destination port
Question # 78
What does the implementation of a first-hop redundancy protocol protect against on a network?
A. root-bridge loss
B. spanning-tree loops
C. default gateway failure
D. BGP neighbor flapping
Question # 79
Why would VRRP be implemented when configuring a new subnet in a multivendor environment?
A. when a gateway protocol is required that support more than two Cisco devices for
redundancy
B. to enable normal operations to continue after a member failure without requiring a
change In a host ARP cache
C. to ensure that the spanning-tree forwarding path to the gateway is loop-free
D. to interoperate normally with all vendors and provide additional security features for
Cisco devices
Question # 80
Why implement VRRP?
A. to provide end users with a virtual gateway in a multivendor network
B. to leverage a weighting scheme to provide uninterrupted service
C. to detect link failures without the overhead of Bidirectional Forwarding Detection
D. to hand over to end users the autodiscovery of virtual gateways
Question # 81
What are two protocols within the IPsec suite? (Choose two)
A. AH
B. 3DES
C. ESP
D. TLS
E. AES
Question # 82
What are two disadvantages of a full-mesh topology? (Choose two.)
A. It needs a high MTU between sites.
B. It has a high implementation cost.
C. It must have point-to-point communication.
D. It requires complex configuration.
E. It works only with BGP between sites.
Question # 83
Which REST method updates an object in the Cisco DNA Center Intent API?
A. CHANGE
B. UPDATE
C. POST
D. PUT
Question # 84
How do UTP and STP cables compare?
A. STP cables are cheaper to procure and easier to install and UTP cables are more
expensive and harder to install.
B. UTP cables are less prone to crosstalk and interference and STP cables are more prone
to crosstalk and interference.
C. UTP cables provide taster and more reliable data transfer rates and STP cables are
slower and less reliable
D. STP cables are shielded and protect against electromagnetic interference and UTP
lacks the same protection against electromagnetic interference.
Question # 85
To improve corporate security, an organization is planning to implement badge authentication to limit access to the data center. Which element of a security program is being deployed?
A. user training
B. user awareness
C. vulnerability verification
D. physical access control
Question # 86
Which two VPN technologies are recommended by Cisco for multiple branch offices and large-scale deployments? (Choose two.)
A. site-to-site VPN
B. IDMVPN
C. IGETVPN
D. IPsec remote access
E. clientless VPN
Question # 87
What is the collapsed layer in collapsed core architectures?
A. core and WAN
B. access and WAN
C. distribution and access
D. core and distribution
Question # 88
Which type of IPv4 address type helps to conserve the globally unique address classes?
A. multicast
B. private
C. loopback
D. public
Copyright © PassExamHub. All rights reserved.