200-301: Cisco Certified Network Associate (CCNA) Part 17
Question #: 981
Topic #: 1
Refer to the exhibit. A network administrator is configuring a router for user access via SSH. The service-password encryption command has been issued. The configuration must meet these requirements:
• Create the username as CCUser.
• Create the password as NA!2$cc.
• Encrypt the user password.
What must be configured to meet the requirements?
A. username CCUser privilege 10 password NA!2$cc
B. username CCUser privilege 15 password NA!2$cc
enable secret 0 NA!2$cc
C. username CCUser secret NA!2Sce
D. username CCUser password NA!2$cc
enable password level 5 NA!2$cc
Selected Answer: C
Question #: 982
Topic #: 1
Refer to the exhibit. A network engineer started to configure port security on a new switch. These requirements must be met:
• MAC addresses must be learned dynamically.
• Log messages must be generated without disabling the interface when unwanted traffic is seen.
Which two commands must be configured to complete this task? (Choose two.)
A. SW(config-if)#switchport port-security violation restrict
B. SW(config-if)#switchport port-security mac-address 0010.7B84.45E6
C. SW(config-if)#switchport port-security maximum 2
D. SW(config-if)#switchport port-security violation shutdown
E. SW(config-if)#switchport port-security mac-address sticky
Selected Answer: AE
Question #: 983
Topic #: 1
Which type of security program is violated when a group of employees enters a building using the ID badge of only one person?
A. intrusion detection
B. network authorization
C. physical access control
D. user awareness
Selected Answer: C
Question #: 984
Topic #: 1
What are two protocols within the IPsec suite? (Choose two.)
A. 3DES
B. AES
C. ESP
D. TLS
E. AH
Selected Answer: CE
Question #: 985
Topic #: 1
Refer to the exhibit. Local access for R4 must be established and these requirements must be met:
• Only Telnet access is allowed.
• The enable password must be stored securely.
• The enable password must be applied in plain text.
• Full access to R4 must be permitted upon successful login.
Which configuration script meets the requirements?
A. !
conf t
!
username test1 password testpass1
enable secret level 15 0 Test123
!
line vty 0 15
login local
transport input telnet
B. !
config t
!
username test1 password testpass1
enable password level 15 0 Test123
!
line vty 0 15
login local
transport input all
C. !
config t
!
username test1 password testpass1
enable password level 1 7 Test123
!
line vty 0 15
accounting exec default
transport input all
D. !
config t
!
username test1 password testpass1
enable secret level 1 0 Test123
!
line vty 0 15
login authentication
password Test123
transport input telnet
Selected Answer: A
Question #: 986
Topic #: 1
What is a characteristic of RSA?
A. It uses preshared keys for encryption.
B. It is an asymmetric encryption algorithm.
C. It is a symmetric decryption algorithm.
D. It requires both sides to have identical keys for encryption.
Selected Answer: B
Question #: 987
Topic #: 1
What are two differences between WPA2 and WPA3 wireless security? (Choose two.)
A. WPA2 uses 192-bit key encryption, and WPA3 requires 256-bit key encryption.
B. WPA3 uses AES for stronger protection than WPA2, which uses SAE.
C. WPA2 uses 128-bit key encryption, and WPA3 supports 128-bit and 192-bit key encryption.
D. WPA3 uses SAE for stronger protection than WPA2, which uses AES.
E. WPA3 uses AES for stronger protection than WPA2, which uses TKIP.
Selected Answer: CD
Question #: 988
Topic #: 1
What is an enhancement implemented in WPA3?
A. applies 802.1x authentication and AES-128 encryption
B. employs PKI and RADIUS to identify access points
C. uses TKIP and per-packet keying
D. defends against deauthentication and disassociation attacks
Selected Answer: D
Question #: 989
Topic #: 1
Which action must be taken when password protection is implemented?
A. Use less than eight characters in length when passwords are complex.
B. Include special characters and make passwords as long as allowed.
C. Share passwords with senior IT management to ensure proper oversight.
D. Store passwords as contacts on a mobile device with single-factor authentication.
Selected Answer: B
Question #: 990
Topic #: 1
DRAG DROP
–
Drag and drop the statements about AAA from the left onto the corresponding AAA services on the right. Not all options are used.
Suggestion Answer:
Question #: 991
Topic #: 1
An engineer must configure R1 for a new user account. The account must meet these requirements:
• It must be configured in the local database.
• The username is engineer2.
• It must use the strongest password configurable.
Which command must the engineer configure on the router?
A. R1(config)# username engineer2 privilege 1 password 7 test2021
B. R1(config)# username engineer2 secret 4 $1$b1Ju$kZbBS1Pyh4QzwXyZ
C. R1(config)# username engineer2 algorithm-type scrypt secret test2021
D. R1(config)# username engineer2 secret 5 password $1$b1Ju$kZbBS1Pyh4QzwXyZ
Selected Answer: C
Question #: 992
Topic #: 1
Which two VPN technologies are recommended by Cisco for multiple branch offices and large-scale deployments? (Choose two.)
A. GETVPN
B. DMVPN
C. site-to-site VPN
D. clientless VPN
E. IPsec remote access
Selected Answer: AB
Question #: 993
Topic #: 1
DRAG DROP
–
Drag and drop the statements about AAA services from the left onto the corresponding AAA services on the right. Not all options are used.
Suggestion Answer:
Question #: 994
Topic #: 1
What is a characteristic of RSA?
A. It uses preshared keys for encryption.
B. It is a public-key cryptosystem.
C. It is a private-key encryption algorithm.
D. It requires both sides to have identical keys.
Selected Answer: B
Question #: 995
Topic #: 1
What is used as a solution for protecting an individual network endpoint from attack?
A. antivirus software
B. wireless controller
C. router
D. Cisco DNA Center
Selected Answer: A
Question #: 996
Topic #: 1
Which security method is used to prevent man-in-the-middle attacks?
A. authentication
B. anti-replay
C. authorization
D. accounting
Selected Answer: A
Question #: 997
Topic #: 1
Which cipher is supported for wireless encryption only with the WPA2 standard?
A. RC4
B. AES
C. SHA
D. AES256
Selected Answer: B
Question #: 998
Topic #: 1
Refer to the exhibit. This ACL is configured to allow client access only to HTTP, HTTPS, and DNS services via UDP. The new administrator wants to add TCP access to the ONS service. Which configuration updates the ACL efficiently?
A. no ip access-list extended Services
ip access-list extended Services
30 permit tcp 10.0.0.0 0.255.255.255 host 198.51.100.11 eq domain
B. ip access-list extended Services
35 permit tcp 10.0.0.0 0.255.255.255 host 198.51.100.11 eq domain
C. ip access-list extended Services
permit tcp 10.0.0.0 0.255.255.255 host 198.51.100.11 eq domain
D. no ip access-list extended Services
ip access-list extended Services
permit udp 10.0.0.0 0.255.255.255 any eq 53
permit tcp 10.0.0.0 0.255.255.255 host 198.51.100.11 eq domain deny ip any any log
Selected Answer: B
Question #: 999
Topic #: 1
Which WPA mode uses PSK authenticaton?
A. Local
B. Personal
C. Enterprise
D. Client
Selected Answer: B
Question #: 1000
Topic #: 1
An engineer is configuring remote access to a router from IP subnet 10.139.58.0/28. The domain name, crypto keys, and SSH have been configured. Which configuration enables the traffic on the destination router?
A. interface FastEthernet0/0
ip address 10.122.49.1 255.255.255.252
ip access-group 110 in
ip access-list extended 110
permit tcp 10.139.58.0 0.0.0.15 host 10.122.49.1 eq 22
B. interface FastEthernet0/0
ip address 10.122.49.1 255.255.255.240
access-group 120 in
ip access-list extended 120
permit tcp 10.139.58.0 255.255.255.248 any eq 22
C. interface FastEthernet0/0
ip address 10.122.49.1 255.255.255.252
ip access-group 105 in
ip access-list standard 105
permit tcp 10.139.58.0 0.0.0.7 eq 22 host 10.122.49.1
D. interface FastEthernet0/0
ip address 10.122.49.1 255.255.255.248
ip access-group 10 in
ip access-list standard 10
permit udp 10.139.58.0 0.0.0.7 host 10.122.49.1 eq 22
Selected Answer: A
Question #: 1001
Topic #: 1
To improve corporate security, an organization is planning to implement badge authentication to limit access to the data center. Which element of a security program is being deployed?
A. user awareness
B. user training
C. physical access control
D. vulnerability verification
Selected Answer: C
Question #: 1002
Topic #: 1
DRAG DROP
–
Drag and drop the characteristics of northbound APIs from the left onto any position on the right. Not all characteristics are used.
Suggestion Answer:
Question #: 1003
Topic #: 1
Which benefit does Cisco DNA Center provide over traditional campus management?
A. Cisco DNA Center automates HTTPS for secure web access, and traditional campus management uses HTTP.
B. Cisco DNA Center leverages SNMPv3 for encrypted management, and traditional campus management uses SNMPv2.
C. Cisco DNA Center leverages APIs, and traditional campus management requires manual data gathering.
D. Cisco DNA Center automates SSH access for encrypted entry, and SSH is absent from traditional campus management.
Selected Answer: C
Question #: 1004
Topic #: 1
How does Chef configuration management enforce a required device configuration?
A. The Chef Infra Server uses its configured cookbook to push the required configuration to the remote device requesting updates.
B. The installed agent on the device connects to the Chef Infra Server and pulls its required configuration from the cookbook.
C. The Chef Infra Server uses its configured cookbook to alert each remote device when it is time for the device to pull a new configuration.
D. The installed agent on the device queries the Chef Infra Server and the server responds by pushing the configuration from the cookbook.
Selected Answer: B
Question #: 1005
Topic #: 1
What is the PUT method within HTTP?
A. It replaces data at the destination.
B. It is a nonidempotent operation.
C. It is a read-only operation.
D. It displays a web site.
Selected Answer: A
Question #: 1006
Topic #: 1
Which advantage does the network assurance capability of Cisco DNA Center provide over traditional campus management?
A. Cisco DNA Center leverages YANG and NETCONF to assess the status of fabric and nonfabric devices, and traditional campus management uses CLI exclusively.
B. Cisco DNA Center handles management tasks at the controller to reduce the load on infrastructure devices, and traditional campus management uses the data backbone.
C. Cisco DNA Center automatically compares security postures among network devices, and traditional campus management needs manual comparisons.
D. Cisco DNA Center correlates information from different management protocols to obtain insights, and traditional campus management requires manual analysis.
Selected Answer: D
Question #: 1007
Topic #: 1
Refer to the exhibit. In which structure does the word “warning” directly reside?
A. array
B. object
C. Boolean
D. string
Selected Answer: A
Question #: 1008
Topic #: 1
What is the purpose of a southbound API in a controller-based networking architecture?
A. facilitates communication between the controller and the applications
B. allows application developers to interact with the network
C. integrates a controller with other automation and orchestration tools
D. facilitates communication between the controller and the networking hardware
Selected Answer: D
Question #: 1009
Topic #: 1
DRAG DROP
–
Drag and drop the statements about device management from the left onto the corresponding types on the right.
Suggestion Answer:
Question #: 1010
Topic #: 1
Which two northbound APIs are found in a software-defined network? (Choose two.)
A. REST
B. OpenFlow
C. SOAP
D. NETCONF
E. OpFlex
Selected Answer: AC
Question #: 1011
Topic #: 1
Which function generally performed by a traditional network device is replaced by a software-defined controller?
A. building route tables and updating the forwarding table
B. encapsulation and decapsulation of packets in a data-link frame
C. changing the source or destination address during NAT operations
D. encryption and decryption for VPN link processing
Selected Answer: A
Question #: 1012
Topic #: 1
What describes a northbound REST API for SDN?
A. network-element-facing interface for GET, POST, PUT, and DELETE methods
B. application-facing interface for SNMP GET requests
C. application-facing interface for GET, POST, PUT, and DELETE methods
D. network-element-facing interface for the control and data planes
Selected Answer: C
Question #: 1013
Topic #: 1
When is the PUT method used within HTTP?
A. to update a DNS server
B. when a nonidempotent operation is needed
C. to display a web site
D. when a read-only operation is required
Selected Answer: A
Question #: 1014
Topic #: 1
Which two HTTP methods are suitable for actions performed by REST-based APIs? (Choose two.)
A. REMOVE
B. REDIRECT
C. POST
D. GET
E. POP
Selected Answer: CD
Question #: 1015
Topic #: 1
What is the advantage of separating the control plane from the data plane within an SDN network?
A. limits data queries to the control plane
B. reduces cost
C. decreases overall network complexity
D. offloads the creation of virtual machines to the data plane
Selected Answer: C
Question #: 1016
Topic #: 1
Refer to the exhibit. What is missing from this output for it to be executed?
A. double quotes (” “) around the “Cisco Devices” string
B. exclamation point (!) at the beginning of each line
C. square bracket ( [ ) at the beginning
D. curly braket ( } ) at the end
Selected Answer: D
Question #: 1017
Topic #: 1
What is a function of a northbound API in an SDN environment?
A. It relies on global provisioning and configuration.
B. It upgrades software and restores files.
C. It supports distributed processing for configuration.
D. It provides orchestration and network automation services.
Selected Answer: D
Question #: 1018
Topic #: 1
What is an Ansible inventory?
A. unit of Python code to be executed within Ansible
B. file that defines the target devices upon which commands and tasks are executed
C. device with Ansible installed that manages target devices
D. collection of actions to perform on target devices, expressed in YAML format
Selected Answer: B
Question #: 1019
Topic #: 1
DRAG DROP
–
Drag and drop the Ansible features from the left to the right. Not all features are used.
Suggestion Answer:
Question #: 1020
Topic #: 1
What is a function of a northbound API?
A. It relies on global provisioning and configuration.
B. It upgrades software and restores files.
C. It supports distributed processing for configuration.
D. It provides a path between an SDN controller and network applications.
Selected Answer: D
Question #: 1021
Topic #: 1
Refer to the exhibit. What does apple represent within the JSON data?
A. array
B. object
C. number
D. string
Selected Answer: D
Question #: 1022
Topic #: 1
DRAG DROP
–
Drag and drop the use cases of device-management technologies from the left onto the corresponding types on the right.
Suggestion Answer:
Question #: 1023
Topic #: 1
Under the CRUD model, which two HTTP methods support the UPDATE operation? (Choose two.)
A. PATCH
B. DELETE
C. GET
D. POST
E. PUT
Selected Answer: AE
Question #: 1024
Topic #: 1
A network architect is considering whether to implement Cisco DNA Center to deploy devices on a new network. The organization is focused on reducing the time it currently takes to deploy devices in a traditional campus design. For which reason would Cisco DNA Center be more appropriate than traditional management options?
A. Cisco DNA Center supports deployment with a single pane of glass.
B. Cisco DNA Center provides zero-touch provisioning to third-party devices.
C. Cisco DNA Center reduces the need for analytics on third-party access points and devices.
D. Cisco DNA Center minimizes the level of syslog output when reporting on Cisco devices.
Selected Answer: A
Question #: 1025
Topic #: 1
DRAG DROP
–
Drag and drop the statements about device management from the left onto the corresponding device-management types on the right.
Suggestion Answer:
Question #: 1026
Topic #: 1
In a cloud-computing environment, what is rapid elasticity?
A. control and monitoring or resource consumption by the tenant
B. automatic adjustment of capacity based on need
C. pooling resources in a multitenant model based on need
D. self-service of computing resources by the tenant
Selected Answer: B
Question #: 1027
Topic #: 1
Which interface enables communication between a program on the controller and a program on the networking device?
A. software virtual interface
B. tunnel interface
C. northbound interface
D. southbound interface
Selected Answer: D
Question #: 1028
Topic #: 1
Refer to the exhibit. How many arrays are present in the JSON data?
A. one
B. three
C. six
D. nine
Selected Answer: B
Question #: 1029
Topic #: 1
DRAG DROP
–
Drag and drop the configuration management terms from the left onto the descriptions on the right. Not all terms are used.
Suggestion Answer:
Question #: 1030
Topic #: 1
Which interface type enables an application running on a client to send data over an IP network to a server?
A. northbound interface
B. application programming interface
C. southbound interface
D. Representational State Transfer application programming interface
Selected Answer: A
Question #: 1031
Topic #: 1
Refer to the exhibit. The IPv6 address for the LAN segment on router R2 must be configured using the EUI-64 format. When configured which ipv6 address is produced by the router?
A. 2001:db8:9aa6:6aa9:C801:A6FF:FEA4:1
B. 2001:db8:9aa6:6aa9:C081:A6FF:FF4A:1
C. 2001:db8:9aa6:6aa9:C001:6AFE:FF00:1
D. 2001:db8:9aa6:6aa9:4642:823F:FE47:1
Selected Answer: A
Question #: 1032
Topic #: 1
Which QoS feature drops traffic that exceeds the committed access rate?
A. policing
B. FIFO
C. shaping
D. weighted fair queuing
Selected Answer: A
Question #: 1033
Topic #: 1
What does traffic shaping do?
A. It queues excess traffic
B. It sets QoS attributes within a packet
C. It organizes traffic into classes
D. It modifies the QoS attributes of a packet
Selected Answer: A
Question #: 1034
Topic #: 1
Refer to the exhibit. A Cisco engineer is asked to update the configuration on switch 1 so that the EtherChannel stays up when one of the links fails. Which configuration meets this requirement?
A. Switch1(config) # interface Fa0/0
Switch1(config-if) # lacp port-priority 100
Switch1(config) # interface Fa0/1
Switch1(config-if) # lacp port-priority 200
B. Switch1(config) # interface port-channel 1
Switch1(config-if) # port-channel min-links 1
C. Switch1(config) # interface Fa0/0
Switch1(config-if) # lacp port-priority 200
Switch1(config) # interface Fa0/1
Switch1(config-if) # lacp port-priority 100
D. Switch1(config) # interface port-channel 1
Switch1(config-if) # lacp max-bundle 1
Selected Answer: B
Question #: 1035
Topic #: 1
Which two protocols are supported on service-port interfaces? (Choose two.)
A. Telnet
B. SCP
C. TACACS+
D. SSH
E. RADIUS
Selected Answer: AD
Question #: 1036
Topic #: 1
What is the benefit of using private IPv4 addressing?
A. to enable secure connectivity over the Internet
B. to shield internal network devices from external access
C. to provide reliable connectivity between like devices
D. to be routable over an external network
Selected Answer: B
Question #: 1037
Topic #: 1
Two switches have been implemented and all interfaces are at the default configuration level. A trunk link must be implemented between two switches with these requirements:
• using an industry-standard trunking protocol
• permitting VLANs 1-10 and denying other VLANs
How must the interconnecting ports be configured?
A. switchport mode dynamic
channel-protocol lacp
switchport trunk allowed vlans 1-10
B. switchport mode trunk
switchport trunk allowed vlans 1-10
switchport trunk native vlan 11
C. switchport mode trunk
switchport trunk encapsulation dot1q
switchport trunk allowed vlans 1-10
D. switchport mode dynamic desirable
channel-group 1 mode desirable
switchport trunk encapsulation isl
switchport trunk allowed vlan except 11-4094
Selected Answer: C
Question #: 1038
Topic #: 1
Refer to the exhibit. Traffic that is flowing over interface TenGigabitEthemet0/0/0 experiences slow transfer speeds. What is the cause of this issue?
A. speed conflict
B. queuing drops
C. duplex incompatibility
D. heavy traffic congestion
Selected Answer: C
Question #: 1039
Topic #: 1
Which two host addresses are reserved for private use within an enterprise network? (Choose two.)
A. 10.172.76.200
B. 12.17.1.20
C. 172.15.2.250
D. 172.31.255.100
E. 192.169.32.10
Selected Answer: AD
Question #: 1040
Topic #: 1
Refer to the exhibit. The iPv6 address for the LAN segment on router R2 must be configured using the EUI-64 format. Which address must be used?
A. ipv6 address 2001:DB8:D8D2:1009:10A0:ABFF:FECC:1 eui-64
B. ipv6 address 2001:DB8:D8D2:1009:1230:ABFF:FECC:1 eui-64
C. ipv6 address 2001:DB8:D8D2:1009:4347:31FF:FF47:0 eui-64
D. ipv6 address 2001:DB8:D8D2:1009:12A0:AB34:FFCC:1 eui-64
Selected Answer: A
