The latest Cisco Certified Network Associate 200-301 CCNA certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the Cisco Certified Network Associate 200-301 CCNA exam and earn Cisco Certified Network Associate 200-301 CCNA certification.
Exam Question 421
Which keyword in a NAT configuration enables the use of one outside IP address for multiple inside hosts?
A. source
B. static
C. pool
D. overload
Correct Answer:
D. overload
Answer Description:
By adding the keyword “overload” at the end of a NAT statement, NAT becomes PAT (Port Address Translation). This is also a kind of dynamic NAT that maps multiple private IP addresses to a single public IP address (many-to-one) by using different ports. Static NAT and Dynamic NAT both require a one-to-one mapping from the inside local to the inside global address. By using PAT, you can have thousands of users connect to the Internet using only one real global IP address. PAT is the technology that helps us not run out of public IP address on the Internet. This is the most popular type of NAT.
An example of using “overload” keyword is shown below:
R1(config)# ip nat inside source list 1 interface ethernet1 overload
Exam Question 422
Which two statements about NTP operations are true? (Choose two.)
A. NTP uses UDP over IP.
B. Cisco routers can act as both NTP authoritative servers and NTP clients.
C. Cisco routers can act only as NTP servers.
D. Cisco routers can act only as NTP clients.
E. NTP uses TCP over IP.
Correct Answer:
A. NTP uses UDP over IP.
B. Cisco routers can act as both NTP authoritative servers and NTP clients.
Exam Question 423
Which command can you enter to allow Telnet to be supported in addition to SSH?
A. transport input telnet ssh
B. transport input telnet
C. no transport input telnet
D. privilege level 15
Correct Answer:
A. transport input telnet ssh
Exam Question 424
What is the authoritative source for an address lookup?
A. a recursive DNS search
B. the operating system cache
C. the ISP local cache
D. the browser cache
Correct Answer:
A. a recursive DNS search
Exam Question 425
Which Cisco IOS command will indicate that interface GigabitEthernet 0/0 is configured via DHCP?
A. show ip interface GigabitEthernet 0/0 dhcp
B. show interface GigabitEthernet 0/0
C. show ip interface dhcp
D. show ip interface GigabitEthernet 0/0
E. show ip interface GigabitEthernet 0/0 brief
Correct Answer:
D. show ip interface GigabitEthernet 0/0
Exam Question 426
What will happen if you configure the logging trap debug command on a router?
A. It causes the router to send messages with lower severity levels to the syslog server
B. It causes the router to send all messages with the severity levels Warning, Error, Critical, and Emergency to the syslog server
C. It causes the router to send all messages to the syslog server
D. It causes the router to stop sending all messages to the syslog server
Correct Answer:
C. It causes the router to send all messages to the syslog server
Exam Question 427
Refer to the exhibit.
What is the effect of this configuration?
What is the effect of this configuration?
A. The switch port remains administratively down until the interface is connected to another switch.
B. Dynamic ARP Inspection is disabled because the ARP ACL is missing.
C. The switch port interface trust state becomes untrusted.
D. The switch port remains down until it is configured to trust or untrust incoming packets.
Correct Answer:
C. The switch port interface trust state becomes untrusted.
Answer Description:
Dynamic ARP inspection (DAI) is a security feature that validates ARP packets in a network. It intercepts, logs, and discards ARP packets with invalid IP-to-MAC address bindings. This capability protects the network from certain man-in-the-middle attacks. After enabling DAI, all ports become untrusted ports.
Exam Question 428
What is the primary difference between AAA authentication and authorization?
A. Authentication identifies and verifies a user who is attempting to access a system, and authorization controls the tasks the user can perform.
B. Authentication controls the system processes a user can access, and authorization logs the activities the user initiates.
C. Authentication verifies a username and password, and authorization handles the communication between the authentication agent and the user database.
D. Authentication identifies a user who is attempting to access a system, and authorization validates the user’s password.
Correct Answer:
A. Authentication identifies and verifies a user who is attempting to access a system, and authorization controls the tasks the user can perform.
Answer Description:
AAA stands for Authentication, Authorization and Accounting.
- Authentication: Specify who you are (usually via login username & password)
- Authorization: Specify what actions you can do, what resource you can access
- Accounting: Monitor what you do, how long you do it (can be used for billing and auditing)
An example of AAA is shown below:
- Authentication: “I am a normal user. My username/password is user_tom/learnforever“
- Authorization: “user_tom can access LearnCCNA server via HTTP and FTP“
- Accounting: “user_tom accessed LearnCCNA server for 2 hours“. This user only uses “show” commands.
Exam Question 429
When configuring a WLAN with WPA2 PSK in the Cisco Wireless LAN Controller GUI, which two formats are available to select? (Choose two.)
A. decimal
B. ASCII
C. hexadecimal
D. binary
E. base64
Correct Answer:
B. ASCII
C. hexadecimal
Exam Question 430
An engineer is asked to protect unused ports that are configured in the default VLAN on a switch. Which two steps will fulfill the request? (Choose two.)
A. Configure the ports as trunk ports.
B. Enable the Cisco Discovery Protocol.
C. Configure the port type as access and place in VLAN 99.
D. Administratively shut down the ports.
E. Configure the ports in an EtherChannel.
Correct Answer:
C. Configure the port type as access and place in VLAN 99.
D. Administratively shut down the ports.