Skip to Content

Cisco Certified Network Associate 200-301 CCNA Exam Questions and Answers – Page 2

By: Author Alex Lim

Posted on  - Last updated:

Categories Exam

The latest Cisco Certified Network Associate 200-301 CCNA certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the Cisco Certified Network Associate 200-301 CCNA exam and earn Cisco Certified Network Associate 200-301 CCNA certification.

Exam Question 141

You wish to configure Secure Shell (SSH) support on your router so that incoming VTY connections are secure.
Which of the following commands must be configured? (Choose all that apply.)
A. ip domain-name
B. transport input ssh
C. ip access-group
D. crypto key generate rsa
E. service config

Correct Answer:
A. ip domain-name
B. transport input ssh
D. crypto key generate rsa
Answer Description:
Secure Shell (SSH) provides a secure alternative to Telnet for remote management of a Cisco device. Configuring Secure Shell (SSH) support on a Cisco router involves a minimum of three commands:

  • ip domain-name [domain-name]: configures the DNS of the router (global configuration mode)
  • crypto key generates rsa: generates a cryptographic key to be used with SSH (global configuration mode)
  • transport input ssh: allows SSH connections on the router’s VTY lines (VTY line configuration mode)

The transport input ssh command allows only SSH connectivity to the router, and prevents clear-text Telnet connections. To enable both SSH and Telnet, you would use the transport input ssh telnet command.

The ip access-group command is incorrect because this command is used to activate an access control list (ACL) on an interface, and does not pertain to SSH.

The service config command is incorrect because this command is used to automatically configure routers from a network server, and does not pertain to SSH.

Objective: Infrastructure Security
Sub-Objective: Configure, verify, and troubleshoot basic device hardening

Exam Question 142

Which Cisco Internetwork Operating System (IOS) command is used to assign a router a name for identification?
A. description
B. banner motd
C. hostname
D. banner exec

Correct Answer:
C. hostname
Answer Description:
The hostname command is used to assign the router a name for identification. This command is a global configuration mode command. The syntax of the command is as follows:

Router(config)# hostname [name]

The name parameter of the command specifies the new host name for the router.

The description command is incorrect because this command is used to set a description for an interface. The description command is an interface configuration mode command.

The banner motd command is used to specify a message of the day (MOTD) banner to users logging into the router. This is a global configuration mode command, but it does not assign a name to the router for identification.

The banner exec command enables a banner message to be displayed when an EXEC process is created; for example, if a line is activated or an incoming connection is made to a telnet line.

Objective: Network Fundamentals
Sub-Objective: Select the appropriate cabling type based on implementation requirements

Exam Question 143

Which command is used to disable Cisco Discovery Protocol (CDP) on a Cisco router?
A. disable cdp
B. no cdp run
C. no cdp enable
D. no cdp advertise-v2

Correct Answer:
B. no cdp run
Answer Description:
The no cdp run command is used to disable CDP on a Cisco router globally. CDP is a Layer 2 (Data Link layer) protocol that discovers information about neighboring network devices. CDP does not use network layer protocols to transmit information because it operates at the Data Link layer. Therefore, it is useful to determine information about directly connected Cisco network devices, because it can operate when network protocols have not been configured or are misconfigured. The show cdp neighbors detail command is used to view the IP addresses of the directly connected Cisco devices.

The no cdp advertise-v2 command disables CDPv2 advertisements. It will not disable the protocol globally.

The no cdp enable command is used to disable CDP on an interface. In a situation where CDP needs to be disabled on a single interface only, such as the interface leading to the Internet, this command would be executed from interface configuration mode for that specific interface. It will not disable the protocol globally. For example, to disable CDP for only the serial0 interface, the command sequence would be:

Router#configure terminal
Router(config)#interface serial 0
Router(config-if)no cdp enable

The disable cdp command is not a valid Cisco command.

Objective: LAN Switching Fundamentals
Sub-Objective: Configure and verify Layer 2 protocols

Exam Question 144

You are the network administrator for your company and have configured Cisco Discovery Protocol (CDP) in your network. You recently noticed that when devices send large numbers of CDP neighbor announcements, some devices are crashing. You decide to disable CDP on the router.
Which command should you use to achieve the objective?
A. no cdp run
B. set cdp disable
C. no cdp enable
D. no cdp advertise-v2

Correct Answer:
A. no cdp run
Answer Description:
You should use the no cdp run command to disable CDP on the router. Due to a known vulnerability regarding the handling of CDP by Cisco routers and switches when devices send large numbers of CDP neighbor announcements, some devices can crash or cause abnormal system behavior. To overcome this problem, you can disable CDP for the entire router by using the no cdp run command.

You cannot use the set cdp disable command to disable CDP on the router. This command disables CDP on an entire Catalyst switch.

You cannot use the no cdp enable command to disable CDP on the router. This command disables CDP on a specific interface.

You cannot use the no cdp advertise-v2 command to disable CDP on the router. This command disables CDPv2 advertisements.

Objective: LAN Switching Fundamentals
Sub-Objective: Configure and verify Layer 2 protocols

Exam Question 145

You instructed your assistant to add a new router to the network. The routers in your network run OSPF. The existing router, OldRouter, is configured as follows:

router ospf 1
network 192.168.5.0 0.0.0.255 area 0
network 192.168.10.0 0.0.0.255 area 0

The OldRouter interface that connects to NewRouter is 192.168.5.3/24. Your assistant shows you the configuration that will be implemented:

newrouter(config)# router ospf 1
newrouter(config-router)# network 192.168.5.0 255.255.255.0 area 0

What is wrong with this configuration?
A. The area ID is incorrectly configured.
B. The wildcard mask is incorrectly configured.
C. The network statement is incorrectly configured.
D. The process ID number is incorrectly configured.

Correct Answer:
B. The wildcard mask is incorrectly configured.
Answer Description:
When entering network statements for OSPF, a wildcard mask is used instead of a regular mask. Since the network connecting the two routers is a class C network, as shown by the address 192.168.5.0/24, the wildcard mask should be 0.0.0.255 rather than 255.255.255.0. With wildcard masks, the 0s octets must match, and the 255s octets do not have to match.

The area ID is correct. OldRouter is in area 0, so NewRouter should be as well. There must be an area 0 in an OSPF network. There can be multiple areas as well, but they must all connect to area 0. If non-0 areas cannot be directly connected to area 0, they must be configured with a virtual link across an area that does connect to the backbone (area 0).

The network statement is correct. The network between the routers is 192.168.5.0.

The process ID number is correct. The number is stated as OSPF 1 on OldRouter and OSPF 1 on NewRouter. They match in this case but that is not required. Process IDs are only locally significant.

Objective: Routing Fundamentals
Sub-Objective: Configure, verify, and troubleshoot single area and multi-area OSPFv2 for IPv4 (excluding authentication, filtering, manual summarization, redistribution, stub, virtual-link, and LSAs)

Exam Question 146

Which Wide Area Network (WAN) switching technology is used by Asynchronous Transfer Mode (ATM)?
A. packet switching
B. virtual switching
C. circuit switching
D. cell switching

Correct Answer:
D. cell switching
Answer Description:
Cell switching is a WAN switching technology that is used by ATM. ATM is an International Telecommunication Union-Telecommunications (ITU-T) standard for transmission of data, voice, or video traffic using a fixed size frame of 53 bytes, known as cells. Out of these 53 bytes, the initial five bytes are header information and the rest 48 bytes is the payload.

Packet switching is incorrect because packet switching is popularly used for data transfer, as data is not delay sensitive and it does not require real time transfer from a sender to a receiver. With packet switching, the data is broken into labeled packets and transmitted using packet-switching networks.

Virtual switching is incorrect because no such WAN switching technology exists.

Circuit switching is incorrect because circuit switching dynamically establishes a virtual connection between a source and destination. The virtual connection cannot be used by other callers unless the circuit is released. Circuit switching is the most common technique used by the Public Switched Telephone Network (PSTN) to make phone calls. A dedicated circuit is temporarily established for the duration of call between caller and receiver. Once the caller or receiver hangs up the phone, the circuit is released and is available for other users.

Objective: WAN Technologies
Sub-Objective: Describe WAN access connectivity options

Exam Question 147

You are configuring the link between a Cisco 2950 series switch and a Cisco 2611 router. You have physically connected the router’s Ethernet port to the switch using a straight-through cable. The switch has not been configured, except for a hostname. The router’s hostname has also been configured, and the Ethernet port has been enabled. However, you forgot to assign an IP address to the Ethernet port.

You issue the show cdp neighbors command and get the following output:

You issue the show cdp neighbors command and get the following output.

You issue the show cdp neighbors command and get the following output.

If you did not configure IP addresses, how is this information being passed between the two devices?
A. The devices established a connection using default IP addresses.
B. The ip unnumbered command has been issued, which means the interface does not require an IP address to be configured.
C. CDP is a Layer 2 protocol and does not require IP addresses to be configured.
D. CDP uses its own IP addressing system.

Correct Answer:
C. CDP is a Layer 2 protocol and does not require IP addresses to be configured.
Answer Description:
CDP is a Layer 2 protocol and does not require IP addresses to be configured. The structure of the OSI model requires that the upper-layer protocols rely on the lower-layer protocols for operation. Protocols at Layer 3 cannot be operational unless Layers 1 and 2 are operational. Conversely, lower-layer protocols do not rely on upper-layer protocols for their operation. Because CDP operates at Layer 2 of the OSI model, it does not require an IP address to be active, since IP addresses are a function of Layer 3.

The ip unnumbered command has not been issued in this scenario. This command can only be used on serial interfaces, not Ethernet interfaces. It allows a serial interface to use an address that is already applied to an Ethernet interface.

Information is not being passed between the devices through default IP addresses. There is no such thing as default IP addresses on Ethernet interfaces for Cisco routers.

Information is not being passed between the devices through CDP’s IP addressing system. CDP does not have its own IP addressing system because it does not use IP addresses for its operation.

Objective: Infrastructure Management
Sub-Objective: Use Cisco IOS tools to troubleshoot and resolve problems

Exam Question 148

Which of the following is a Point-to-Point Protocol (PPP) authentication protocol that supports sending of hashed values instead of sending passwords in clear text?
A. LCP
B. NCP
C. PAP
D. CHAP

Correct Answer:
D. CHAP
Answer Description:
There are two authentication methods available when implementing a PPP connection: Password Authentication Protocol (PAP) and Challenge Handshake Authentication Protocol (CHAP).

Challenge Handshake Authentication Protocol (CHAP) uses a one-way hash function based on the Message Digest 5 (MD5) hashing algorithm to hash the password. This hashed value is then sent across the wire. In this situation, the actual password is never sent. No one tapping the wire will be able to reverse the hash to come up with the original password. This is why MD5 is referred to as a one-way function. It cannot be reverse engineered. CHAP uses a three-way handshake process to perform the authentication. Moreover, CHAP periodically repeats the authentication process after link establishment.

When configuring PPP with CHAP authentication, both routers must be configured with a username that will be presented by the other router with a password. Therefore, the username to configure on Router A will be the username of Router B. The password should be the same on both machines. If these settings are not correct, then authentication will fail. The authentication process can be displayed as it happens with the debug PPP authentication command.

Link Control protocol (LCP) is defined in Request for Comments (RFCs) 1548 and 1570 and has primary responsibility to establish, configure, authenticate, and test a PPP connection. LCP negotiates the following when setting up a PPP connection:

  • Authentication method used (PAP or CHAP), if any
  • Compression algorithm used (Stacker or Predictor), if any
  • Callback phone number to use, if defined
  • Multilink; other physical connections to use, if configured

Network Control Protocol (NCP) defines the process for how the two PPP peers negotiate which network layer protocols, such as IP and IPX, will be used across the PPP connection. LCP is responsible for negotiating and maintaining a PPP connection whereas NCP is responsible for negotiating upper-layer protocols that will be carried across the PPP connection.

Password authentication Protocol (PAP) is simpler than CHAP, but less secure. During the authentication phase, PAP goes through a two-way handshake process. In this process, the source sends its user name (or hostname) and password in clear text, to the destination. The destination compares this information with a list of locally stored user names and passwords. If it finds a match, the destination returns an accept message. If it does not find a match, it returns a reject message.

Objective: WAN Technologies
Sub-Objective: Configure, verify, and troubleshoot PPPoE client-side interfaces using local authentication

Exam Question 149

With which type of service is bandwidth and latency the biggest consideration?
A. streaming video
B. telnet sessions
C. FTP transfers
D. authentication traffic

Correct Answer:
A. streaming video
Answer Description:
Streaming video places the largest demand on both bandwidth and latency. Video traffic is real-time and benefits from dedicated bandwidth with QoS implementation to ensure quality. Moreover, this service can tolerate very little latency.

Telnet and FTP sessions are both low bandwidth users and can tolerate a high degree of latency since the data can be reassembled when all pieces arrive, which is not possible when data is coming in real-time, and waiting for retransmissions and reassembly is not feasible.

Authentication traffic is not sensitive to latency and does not require much bandwidth either.

Objective: WAN Technologies
Sub-Objective: Describe basic QoS concepts

Exam Question 150

With respect to the network shown below, which of the following statements are true when R2 sends a packet to the 192.168.6.0/24 network? (Choose all that apply.)

With respect to the network shown below, which of the following statements are true when R2 sends a packet to the 192.168.6.0/24 network?

With respect to the network shown below, which of the following statements are true when R2 sends a packet to the 192.168.6.0/24 network?

A. If RIPv1 is in use, the path taken will be R2 – R4 – R3
B. If both RIPv2 and EIGRP are in use, the EIGRP route will be placed in the routing table
C. If EIGRP is in use, the only path taken will be R2 – R4 – R3
D. If RIPv2 is in use, the path taken will be R2 – R3

Correct Answer:
B. If both RIPv2 and EIGRP are in use, the EIGRP route will be placed in the routing table
D. If RIPv2 is in use, the path taken will be R2 – R3
Answer Description:
If both RIPv2 and EIGRP are in use, the EIGRP route will be placed in the routing table. If RIPv2 is in use, the path taken will be R2 – R3.

EIGRP has a default administrative distance (AD) of 90, while RIPv2 has a default administrative distance (AD) of 120. The route learned by the routing protocol with the lowest AD will be placed in the routing table.

If you wanted to force R2 to use the RIPv2 route instead of the EIGRP route, this could be accomplished by changing the administrative distance of RIPv2 to a value less than 90, such as 80. The commands that would accomplish this are:

R2(config)# router rip
R2(config-router)# distance 80

If either of the versions of RIP is in use, hop count is used to determine the route. The path with the least number of hops is R2 – R3.

If RIPv1 is in use, the path taken would be R2 – R3, not R2 – R4 – R3, because R2 – R3 has a lower hop count.

If EIGRP is in use, the path R2 – R4 – R3 will not be the only path taken. EIGRP load-balances two equal cost paths when they exist, and R2 – R4 – R3 and R2 – R1 – R3 are of equal cost so would both be used.

Objective: Routing Fundamentals
Sub-Objective: Compare and contrast distance vector and link-state routing protocols