Cisco Certified Network Associate 200-301 CCNA Exam Questions and Answers – Page 2

The latest Cisco Certified Network Associate 200-301 CCNA certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the Cisco Certified Network Associate 200-301 CCNA exam and earn Cisco Certified Network Associate 200-301 CCNA certification.

Exam Question 151

You have three EIGRP routers that are connected as shown in the diagram below.

You have three EIGRP routers that are connected as shown in the diagram below.
You have three EIGRP routers that are connected as shown in the diagram below.

Router A and Router C do not seem to be exchanging information. You execute commands on all three routers, and receive as output the information shown below:

You execute commands on all three routers, and receive as output the information.
You execute commands on all three routers, and receive as output the information.

What needs to be done to make Routers A and C start exchanging information?
A. Execute the auto-summary command on Router A
B. Execute the network 192.168.9.0 command under EIGRP 56 on Router C
C. Correct the IP address on the S1 interface of Router C
D. Recreate the EIGRP configuration on Router C as EIGRP 55

Correct Answer:
B. Execute the network 192.168.9.0 command under EIGRP 56 on Router C
Answer Description:
Router C is not displayed in the neighbor table of Router A, which indicates that Router C and Router A are not forming a neighbor relationship or exchanging information. This is because Router C does not have EIGRP configured for its S1 interface. You can see this is missing from its configuration in the output of the show run command for RouterC. To solve the issue, you should execute the network 192.168.9.0 command under the EIGRP 56 configuration on Router C. Then Router C will start sending hellos on that interface and the two routers will become neighbors.

The show ip eigrp neighbors command displays the following information for each EIGRP neighbor. In parentheses is the value of each found in the output of router A for Router B:

IP address (192.168.10.2)
Local interface (S1)
Retransmit interval (13)
Queue count (100)

There is no need to execute the auto-summary command on Router A. It will not affect the establishment of a neighbor relationship between Routers A and C.

There is no need to correct the IP address on the S1 interface of Router C. The address 192.168.9.1 is correctly located in the same subnet as the address on S0 of Router A.

Finally, changing the EIGRP configuration on Router C to EIGRP 55 will not help. Router C will not start sending hellos on its S1 interface until EIGRP is enabled on the S1 interface. Until then, the Routers A and C will not form a neighbor relationship and will not share information.

Objective: Routing Fundamentals
Sub-Objective: Configure, verify, and troubleshoot EIGRP for IPv4 (excluding authentication, filtering, manual summarization, redistribution, stub)

Exam Question 152

You are the network administrator for your company. You recently configured Cisco Discovery Protocol (CDP) in the network. You want to view output regarding all of the neighboring devices discovered by CDP. This information should include network address, enabled protocols, and hold time.

Which Cisco Internetwork Operating System (IOS) command would allow you to accomplish this task?
A. show cdp
B. show cdp entry
C. show cdp neighbor entries
D. show cdp neighbors detail

Correct Answer:
D. show cdp neighbors detail
Answer Description:
In this scenario, you should use the show cdp neighbors detail command to view the details of the neighboring devices that were discovered by CDP. CDP is a Layer 2 (data link layer) protocol used to find information about neighboring network devices. The show cdp neighbors detail command is used to view details such as network address, enabled protocols, and hold time. The complete syntax of this command is:

show cdp neighbors [type number] [detail]

The command parameters are defined in this way:

type: An optional parameter which specifies the type of interface used to connect to the neighbors for which you require information.

number: An optional parameter used to specify the interface number connected to the neighbors for which you want information.

detail: An optional parameter used to get detailed information about neighboring devices, such as network address, enabled protocols, software version and hold time.

The following code is a sample partial output of the show cdp neighbors detail command:

The following code is a sample partial output of the show cdp neighbors detail command.
The following code is a sample partial output of the show cdp neighbors detail command.

The show cdp command is incorrect because this command is used to view global CDP information such as the timer and hold time.

The show cdp entry command is incorrect because this command is used to view information about a specific neighboring device.

The show cdp neighbor entries command is incorrect because this is not a valid Cisco IOS command.

Objective: LAN Switching Fundamentals
Sub-Objective: Configure and verify Layer 2 protocols

Exam Question 153

If a routing table contains multiple routes for the same destination, which were inserted by the following methods, which route will the router use to reach the destination network?
A. The route inserted by RIP
B. The route inserted by OSPF
C. The route inserted by BGP
D. The route configured as a static route

Correct Answer:
D. The route configured as a static route
Answer Description:
A static route will be preferred because it has the lowest administrative distance. Routing protocols are dynamic routing methods. With the default configuration, static routes are preferred over dynamic routes.

The default administrative distance for the offered options is:

  • RIP 120
  • OSPF 110
  • eBGP 20
  • Static 1

When Routing Information Protocol (RIP), Open Shortest Path First (OSPF), Border Gateway Protocol (BGP), and static routing is enabled on a router, the router will prefer the static route.

Objective: Routing Fundamentals
Sub-Objective: Interpret the components of routing table

Exam Question 154

Which of the following is NOT a mode of Dynamic Trunking Protocol (DTP)?
A. dynamic auto
B. dynamic trunk
C. dynamic desirable
D. nonegotiate

Correct Answer:
B. dynamic trunk
Answer Description:
Dynamic trunk is not a DTP mode. DTP is a Cisco proprietary trunk negotiation protocol and is used to determine if two interfaces on connected devices can become a trunk. There are five modes of DTP:

  • Trunk: Puts the interface into permanent trunking mode and negotiates to convert the link into a trunk link. The interface becomes a trunk interface even if the neighboring interface does not agree to the change.
  • Access: Puts the interface into permanent nontrunking mode and negotiates to convert the link into a nontrunk link. The interface becomes a nontrunk interface even if the neighboring interface does not agree to the change.
  • Dynamic desirable: Makes the interface actively attempt to convert the link to a trunk link. The interface becomes a trunk interface if the neighboring interface is set to trunk, desirable, or auto mode.
  • Dynamic auto: Makes the interface willing to convert the link to a trunk link. The interface becomes a trunk interface if the neighboring interface is set to trunk or desirable mode. This is the default mode for all Ethernet interfaces in Cisco IOS.
  • Nonegotiate: Puts the interface into permanent trunking mode but prevents the interface from generating DTP frames. You must configure the neighboring interface manually as a trunk interface to establish a trunk link. Use this mode when connecting to a device that does not support DTP.

If one side’s mode of link is in trunk mode, dynamic desirable mode, or dynamic auto mode, and the other side is trunk or dynamic desirable, a trunk will form. Nonegotiate mode enables trunking but disables DTP.

Objective: LAN Switching Fundamentals
Sub-Objective: Configure and verify Layer 2 protocols

Exam Question 155

Which command is NOT mandatory for inclusion in a plan to implement IP Service Level Agreements (SLAs) to monitor IP connections and traffic?
A. ip sla
B. ip sla schedule
C. ip sla reset
D. icmp-echo

Correct Answer:
C. ip sla reset
Answer Description:
The ip sla reset command is not mandatory for an implementation plan to configure IP SLAs for monitoring IP connections and traffic. This command causes the IP SLA engine to either restart or shutdown. As a result, all IP SLAs operations are stopped, IP SLA configuration information is erased, and IP SLAs are restarted. The IP SLAs configuration information will need to be reloaded to the engine.

The following commands are essential to the implementation plan:

ip sla
ip sla schedule
icmp-echo

The ip sla command allows you to configure IP SLAs operations. When you execute this command in the global configuration mode, it enables the IP SLA configuration mode. In the IP SLA configuration mode, you can configure different IP SLA operations. You can configure up to 2000 operations for a given IP SLA ID number.

The icmp-echo command allows you to monitor IP connections and traffic on routers by creating an IP SLA ICMP Echo operation. This operation monitors end-to-end response times between routers.

The ip sla schedule command allows you to schedule the IP SLA operation that has been configured. With this command, you can specify when the operation starts, how long the operation runs, and the how long the operation gathers information. For example, if you execute the ip sla schedule 40 start-time now life forever command, the IP SLA operation with the identification number 40 immediately starts running. This is because the now keyword is specified for the start-time parameter. Using the forever keyword with the life parameter indicates that the operation keeps collecting information indefinitely. Note that you cannot reconfigure the IP SLA operation after you have executed the ip sla schedule command.

The information gathered by an IP SLA operation is typically stored in RTTMON-MIB. A Management Information Base (MIB) is a database hosting information required for the management of routers or network devices. The RTTMON-MIB is a Cisco-defined MIB intended for Cisco IOS IP SLAs. RTTMON MIB acts as an interface between the Network Management System (NMS) applications and the Cisco IOS IP SLAs operations.

Objective: Infrastructure Management
Sub-Objective: Troubleshoot network connectivity issues using ICMP echo-based IP SLA

Exam Question 156

What Cisco Catalyst switch feature can be used to define ports as trusted for DHCP server connections?
A. DHCP snooping
B. port security
C. 802.1x
D. private VLANs

Correct Answer:
A. DHCP snooping
Answer Description:
DHCP snooping is used to define ports as trusted for DHCP server connections. The purpose of DHCP snooping is to mitigate DHCP spoofing attacks. DHCP spoofing is an attack that can be used to force user traffic through an attacking device. This is accomplished by an attacker responding to DHCP queries from users. Eliminating the response from the correct DHCP server would make this more effective, but if the attacker’s response gets to the client first, the client will accept it.

The DHCP response from the attacker will include a different gateway or DNS server address. If they define a different gateway, the user traffic will be forced to travel through a device controlled by the attacker. This will allow the attacker to capture traffic and gain company information. If the attacker changes the DNS server in the response, they can use their own DNS server to force traffic to selected hosts to go to a device they control. Again, this would allow the attacker to capture traffic and gain information.

DHCP snooping can be used to determine what ports are able to send DHCP server packets, such as DHCPOFFER, DHCPACK, and DHCPNAK, from the company DHCP server. DHCP snooping can also cache the MAC address to IP address mapping for clients receiving DHCP addresses from a valid DHCP server.

The three required steps to implement DHCP snooping are:

  1. Enable DHCP snooping globally with the ip dhcp snooping command: switch(config)# ip dhcp snooping
  2. Enable DHCP snooping for a VLAN with the vlan parameter: switch(config)# ip dhcp snooping vlan vlan # (for example, ip dhcp snooping 10 12 specifies snooping on VLANs 10 and 12)
  3. Define an interface as a trusted DHCP port with the trust parameter: switch(config-if)# ip dhcp snooping trust

When specifying trusted ports, access ports on edge switches should be configured as untrusted, with the exception of any ports that may have company DHCP severs connected. Only ports where DHCP traffic is expected should be trusted. Most certainly, ports in any area of the network where attacks have been detected should be configured as untrusted.

Some additional parameters that can be used with the ip dhcp snooping command are:

  • switch(config)# ip dhcp snooping verify mac-address – this command enables DHCP MAC address verification.
  • switch(config)# ip dhcp snooping information option allow-untrusted – this command enables untrusted ports to accept incoming DHCP packets with option 82 information. DHCP option 82 is used to identify the location of a DHCP relay agent operating on a subnet remote to the DHCP server.

When DHCP snooping is enabled, no other relay agent-related commands are available. The disabled commands include:

ip dhcp relay information check global configuration
ip dhcp relay information policy global configuration
ip dhcp relay information trust-all global configuration
ip dhcp relay information option global configuration
ip dhcp relay information trusted interface configuration

Private VLANs are a method of protecting or isolating different devices on the same port and VLAN. A VLAN can be divided into private VLANs, where some devices are able to access other devices and some are completely isolated from others. This was designed so service providers could keep customers on the same port isolated from each other, even if the customers had the same Layer 3 networks.

Port security is a method of only permitting specified MAC addresses access to a switch port. This can be used to define what computer or device can be connected to a port, but not to limit which ports can have DHCP servers connected to them.

802.1x is a method of determining authentication before permitting access to a switch port. This is useful in restricting who can connect to the switch, but it cannot control which ports are permitted to have a DHCP server attached to it.

Objective: Infrastructure Security
Sub-Objective: Describe common access layer threat mitigation techniques

Exam Question 157

You execute the ping command from a host, but the router does not have a path to its destination.
Which of the following ICMP message types will a client receive from the router?
A. ICMP redirect
B. ICMP time exceeded
C. ICMP destination unreachable
D. ICMP echo-reply

Correct Answer:
C. ICMP destination unreachable
Answer Description:
When a router receives a ping packet and has no route to the destination in its routing table, it will respond to the client with an ICMP destination-unreachable message. Internet Control Message Protocol (ICMP) is a Layer 3 protocol used to test the connectivity between hosts in a network. There are six types of unreachable destination message:

  1. Network unreachable
  2. Host unreachable
  3. Protocol unreachable
  4. Port unreachable
  5. Fragmentation needed and Don’t Fragment (DF) bit set
  6. Source route failed

An ICMP redirect message would not be received. This type of response is received when the router is configured to direct clients to a different router for better routing.

An ICMP time-exceeded message would not be received. This type of response occurs when the router successfully sent the packet but did not receive an answer within the allotted time; in other words, the time-to-live of the ICMP packet has been exceeded.

An ICMP echo-reply message would not be received. This would be the response received if the destination received the ping command and responded successfully.

Objective: Routing Fundamentals
Sub-Objective: Troubleshoot basic Layer 3 end-to-end connectivity issues

Exam Question 158

Examine the partial output from two adjacent routers:

Examine the partial output from two adjacent routers.
Examine the partial output from two adjacent routers.

Which of the following statements describes why the two routers are NOT forming an OSPF neighbor adjacency?
A. The process IDs do not match
B. The router IDs are misconfigured
C. The distance is misconfigured
D. The reference bandwidth does not match

Correct Answer:
B. The router IDs are misconfigured
Answer Description:
The output shows that the router IDs for RTR78 and RTR79 are the same value, which should not be the case. One of the two routers has been misconfigured with the other router’s ID. This will prevent an OSPF neighbor adjacency from forming.

Other issues can that can prevent an adjacency are:

  • Mismatched OSPF area number
  • Mismatched OSPF area type
  • Mismatched subnet and subnet mask
  • Mismatched OSPF HELLO and dead timer values

The process IDs do not have to match. It does not matter whether they match or do not match because the process ID is only locally significant on the device.

The administrative distance is not misconfigured in the output. Both routers are using the default OSPF administrative distance of 110.

If the reference bandwidths do not match, it will affect the calculation of the path cost, but it will not prevent an adjacency from forming.

Objective: Routing Fundamentals
Sub-Objective: Configure, verify, and troubleshoot single area and multi-area OSPFv2 for IPv4 (excluding authentication, filtering, manual summarization, redistribution, stub, virtual-link, and LSAs)

Exam Question 159

Which of the following is NOT a characteristic of Open Shortest Path First (OSPF)?
A. Is a Cisco-proprietary routing protocol
B. Has a default administrative distance of 110
C. Supports authentication
D. Uses cost as the default metric

Correct Answer:
A. Is a Cisco-proprietary routing protocol
Answer Description:
OSPF is not a Cisco-proprietary routing protocol. It is an industry standard protocol supported by a wide range of vendors. The following are characteristics of OSPF:

  • Uses Internet Protocol (IP) protocol 89.
  • Has a default administrative distance of 110.
  • Is an industry standard protocol (non Cisco-proprietary).
  • Supports Non-Broadcast Multi-Access (NBMA) networks such as frame relay, X.25, and Asynchronous Transfer Mode (ATM). The default hello interval for NBMA networks is 30 seconds.
  • Supports point-to-point and point-to-multipoint connections.
  • Supports authentication.
  • Uses 224.0.0.6 as multicast address for ALLDRouters.
  • Uses 224.0.0.5 as multicast address for ALLSPFRouters.
  • Uses link-state updates and SPF calculation that provides fast convergence.
  • Recommended for large networks due to good scalability.
  • Uses cost as the default metric.

Objective: Routing Fundamentals
Sub-Objective: Compare and contrast interior and exterior routing protocols

Exam Question 160

You have a router that is not syncing with its configured time source.
Which of the following is NOT a potential reason for this problem?
A. The reported stratum of the time source is 12
B. The IP address configured for the time source is incorrect
C. NTP authentication is failing
D. There is an access list that blocks port 123

Correct Answer:
A. The reported stratum of the time source is 12
Answer Description:
A reported stratum of 12 will not cause a router’s inability to synchronize with its configured time source. The stratum value describes the device’s distance from the clock source, measured in NTP server hops. When a router reports a stratum value over 15, it is considered unsynchronized. Therefore, a report of 12 could be normal.

The other options describe potential reasons for a lack of synchronization.

When you are configuring the local router with a time source, if the IP address configured for the time source is incorrect, then no synchronization will occur.

If NTP authentication is configured between the local router and its time source, and that process is failing (for example, due to a non-matching key or hashing algorithm), then synchronization will not occur.

If there were an access list applied to any interface in the path between the local router and its time source that blocks port 123 (the port used for NTP), then synchronization will not occur.

Objective: Infrastructure Services
Sub-Objective: Configure and verify NTP operating in a client/server mode