Skip to Content

Cisco Certified Network Associate 200-301 CCNA Exam Questions and Answers – Page 6

By: Author Alex Lim

Posted on  - Last updated:

Categories Exam

The latest Cisco Certified Network Associate 200-301 CCNA certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the Cisco Certified Network Associate 200-301 CCNA exam and earn Cisco Certified Network Associate 200-301 CCNA certification.

Exam Question 521

Which Cisco IOS command is used to view the information about the interfaces on which Cisco Discovery Protocol (CDP) is enabled?

A. show cdp interface
B. show interfaces
C. show cdp
D. show cdp interfaces
Correct Answer:
A. show cdp interface
Answer Description:
The show cdp interface command is used to view the information about the interfaces on which Cisco Discovery Protocol (CDP) is enabled.

The syntax of the command is as follows: Router# show cdp interface [type number]

The parameters of the command are as follows:

  • type: specifies the type of interface for which information is required
  • number: specifies the number of interfaces for which information is required

The output of the show cdp interface command is as follows:
Router#show cdp interface
Serial0 is up, line protocol is up, encapsulation is SMDS
Sending CDP packets every 100 seconds
Holdtime is 300 seconds
Serial1 is up, line protocol is up, encapsulation is SMDS
Sending CDP packets every 60 seconds
Holdtime is 180 seconds
Ethernet0 is up, line protocol is up, encapsulation is ARPA
Sending CDP packets every 120 seconds
Holdtime is 360 seconds

The show interfaces command is incorrect because this command is used to view configured interfaces on the router. The output of this command can be very useful, especially when troubleshooting a connection with no connectivity. Consider the output of the command on the following two routers that are connected with a serial interface:

NewYork#show interfaces s0
Serial0 is up, line protocol is up
Hardware is HD64570
Internet Address is 192.168.10.1/24
MTU 1500 bytes,BW 1544 Kbit
Reliability 255/255
Encapsulation HDLC, loopback not set
Keepalive set (10 sec)
LosAngeles#show interfaces s1
Serial0 is up, line protocol is up
Hardware is HD64570
Internet Address is 192.168.11.2/24
MTU 1500 bytes,BW 56000 Kbit
Reliability 255/255
Encapsulation HDLC, loopback not set
Keepalive set (10 sec)

Notice that the following settings are correct:

  • The encapsulation matches (HDLC)
  • The physical connection is good (indicated by Serial0 is up)

Notice, however, that the IP addresses 192.168.10.1 and 192.168.11.2 are NOT in the same subnet when using a 24-bit mask. With a 24-bit mask, the two addresses should agree through the first three octets, and these do not. Problems such as this can be located through inspection of the output produced by the show interfaces command.

The show cdp command is incorrect because this command is used to view the global CDP information.

The show cdp interfaces command is incorrect because this command does not exist in the Cisco command reference. There is a show cdp interface command, which displays CDP activity on a perinterface basis.

Exam Question 522

You want to encrypt and transmit data between peer routers with high confidentiality. Which protocol option should you choose?

A. Authentication Header (AH) in tunnel mode
B. Authentication Header (AH) in transport mode
C. Encapsulating Security Payload (ESP) in tunnel mode
D. Encapsulating Security Payload (ESP) in transport mode
Correct Answer:
C. Encapsulating Security Payload (ESP) in tunnel mode
Answer Description:
You should choose Encapsulating Security Payload (ESP) in tunnel mode to encrypt and transmit data between peer routers with high confidentiality. Two protocols can be used to build tunnels and protect data traveling across the tunnel:

  • Authentication Header (AH) uses protocol 51.
  • ESP uses protocol 50.

AH is defined in Request for Comments (RFC) 1826 and 2402. AH does not perform data encryption and therefore, information is passed as clear text. The purpose of AH is to provide data integrity and authentication, and anti-reply service (optional). It ensures that a packet that crosses the tunnel is the same packet that left the peer device and no changes have been made. It uses a keyed hash to accomplish this.

ESP is defined in RFC 2406. ESP can provide data integrity and authentication, but its primary purpose is to encrypt data crossing the tunnel. There are two reasons why ESP is the preferred building block of IPSec tunnels:

  • The authentication component of ESP does not include any Layer 3 information. Therefore, this component can work in conjunction with a network using Network Address Translation (NAT).
  • On Cisco devices, ESP supports encryption using Advanced Encryption Standard (AES), Data Encryption Standard (DES), or Triple DES (3DES).

Tunnel mode is used between Virtual Private Network (VPN) gateways such as routers, firewalls, and VPN concentrators.

Transport mode is used between end-stations or between an end-station and a VPN gateway.

The options AH in tunnel mode and AH in transport mode are incorrect because AH does not provide encryption.

The option ESP in transport mode is incorrect because transport mode is used between end-stations or between an end-stations and a VPN gateway.

Exam Question 523

Which of the following statements is NOT true regarding flow control?

A. It determines the rate at which the data is transmitted between the sender and receiver.
B. It can help avoid network congestion.
C. It manages the data transmission between devices.
D. It uses a cyclic redundancy check (CRC) to identify and remove corrupted data.
Correct Answer:
D. It uses a cyclic redundancy check (CRC) to identify and remove corrupted data.
Answer Description:
It is NOT true that flow control uses a cyclic redundancy check (CRC) to identify and remove corrupted data. CRC is an error-checking schema that checks and removes corrupted data. It is a calculation that is performed at the source. Flow control uses CRC to identify corrupted data for the purpose of requesting retransmission, but it does not use CRC to remove the corrupted data from the packet. If corruption is detected, the entire packet will be dropped.

Flow control is a function that ensures that a sending device does not overwhelm a receiving device. The following statements are TRUE regarding flow control:

  • Flow control controls the amount of data that the sender can send to the receiver.
  • Flow control determines the rate at which the data is transmitted between the sender and receiver.
  • Flow control of certain types can aid in routing data around network congestion

Types of flow control include windowing, buffering, and congestion avoidance:

  • Windowing- a process whereby the sender and receiver agree to increase or decrease the number of packets received before an acknowledgment is required based on network conditions. This packet number is called a window. When conditions are favorable, the window size will be increased. During unfavorable network conditions, it will be decreased.
  • Buffering- the ability of a network card to store data received but not yet processed in a buffer (memory). This enhances its ability to handle spikes in traffic without dropping any data.
  • Congestion avoidance – a process that some routing protocols can perform by adding information in each frame that indicates the existence of congestion on the network, allowing the router to choose a different routing path based on this information.

Exam Question 524

You are planning the configuration of an IPsec-protected connection between two routers. You are concerned only with the integrity of the data that passes between the routers. You are less concerned with the confidentiality of the data, and you would like to minimize the effect of IPsec on the data throughput.
Which protocol option should you choose?

A. Authentication Header (AH) in tunnel mode
B. Authentication Header (AH) in transport mode
C. Encapsulating Security Payload (ESP) in tunnel mode
D. Encapsulating Security Payload (ESP) in transport mode
Correct Answer:
A. Authentication Header (AH) in tunnel mode
Answer Description:
You should choose Authentication Header (AH) in tunnel mode to meet the scenario requirements. Two protocols can be used to build tunnels and protect data traveling across the tunnel:

  • Authentication Header (AH) uses protocol 51.
  • ESP uses protocol 50.

AH is defined in Request for Comments (RFC) 1826 and 2402. AH does not perform data encryption, and therefore information is passed as clear text. The purpose of AH is to provide data integrity and authentication, and optionally to provide anti-reply service. It ensures that a packet that crosses the tunnel is the same packet that left the peer device and no changes have been made. It uses a keyed hash to accomplish this.

ESP is defined in RFC 2406. ESP can provide data integrity and authentication, but its primary purpose is to encrypt data crossing the tunnel. On Cisco devices, ESP supports encryption using Advanced Encryption Standard (AES), Data Encryption Standard (DES), or Triple DES (3DES). Tunnel mode is used between Virtual Private Network (VPN) gateways such as routers, firewalls, and VPN concentrators.

You would not choose Authentication Header (AH) in transport mode. Transport mode is used between end stations or between an end station and a VPN gateway.

You would not choose Encapsulating Security Payload (ESP) in tunnel mode or transport mode. Using ESP will slow the connection because of the encryption and decryption process that will occur with each packet.

Exam Question 525

Which prompt indicates the configuration mode at which Cisco IOS debug commands can be issued?

A. router>
B. router#
C. router(config)#
D. router(config-if)#
Correct Answer:
B. router#
Answer Description:
You would use privileged EXEC mode, as indicated by the router# prompt, to issue Cisco IOS show and debug commands. All debug commands are entered in privileged EXEC mode. A brief description of all the debugging commands can be displayed by entering the following command in privileged EXEC mode at the command line:

debug?

Debugging output consumes high CPU processing power and can leave the system unusable. The debug commands should be reserved to troubleshoot specific problems, preferably with the help of Cisco technical support staff.

The prompt router> indicates user exec mode, which provides limited access to the router.

The prompt router(config)# indicates global configuration mode, which allows configuration settings affecting the entire router. Passing through this mode is also required to access configuration mode for specific interfaces as well.

The prompt router(config-if)# indicates interface configuration mode, which allows configuration of the interface specified when entering this mode.

Exam Question 526

You are the network administrator for your company. Your company has opened a new site in London. The Chief Technical Officer (CTO) of the company wants to implement a routing protocol that can provide the following features:

  • Supports multiple large networks
  • Does not require a hierarchical physical topology
  • Supports VLSM
  • Provides loop prevention and fast convergence
  • Provides load balancing over un-equal cost links

Which routing protocol should be implemented in the new site?

A. Enhanced Interior Gateway Routing Protocol (EIGRP)
B. Open Shortest Path First (OSPF)
C. Interior Gateway Routing Protocol (IGRP)
D. Routing Information Protocol version 2 (RIPv2)
Correct Answer:
A. Enhanced Interior Gateway Routing Protocol (EIGRP)
Answer Description:
Enhanced Interior Gateway Routing Protocol (EIGRP) is the routing protocol that should be implemented for this scenario. EIGRP is a classless protocol that allows the use of variable length subnet masks (VLSM) and classless interdomain routing (CIDR) for the allocation of IP addresses. The following are characteristics of EIGRP:

  • Supports large networks due to high scalability.
  • Does not require a hierarchical physical topology.
  • Provides loop prevention and fast convergence by using Diffusing Update Algorithm (DUAL).
  • Performs equal cost load balancing by default.
  • Can be configured to perform unequal-cost load balancing.
  • Supports VLSM and CIDR.
  • Is a hybrid routing protocol (a distance-vector protocol that also provides link-state protocol characteristics).
  • Is a classless protocol.
  • Sends partial route updates only when there are changes.
  • Supports Message-Digest algorithm 5 (MD5) authentication.
  • Has an administrative distance is 90 for EIGRP internal routes, 170 for EIGRP external routes, and 5 for EIGRP summary routes.
  • Is only used with Cisco platforms.

All the other options are incorrect because they would not provide the features required in this scenario.

OSPF requires a hierarchical physical topology.

IGRP does not support VLSM.

RIPV2 is not designed for multiple large networks.

Exam Question 527

Based on the command output below, which of the interfaces on Router1 are trunk ports?
Based on the command output below, which of the interfaces on Router1 are trunk ports?

A. Fa0/1
B. Fa0/2
C. Fa0/3
D. Fa0/5
Correct Answer:
A. Fa0/1
Answer Description:
Interface Fa0/1 is a trunk port. The output shows that it has MAC addresses that belong to VLANs 1, 2 and 3. Only trunk ports can carry traffic from multiple VLANs.
Fa0/2 is not a trunk port. It only carries traffic from VLAN 1.
Fa0/3 is not a trunk port. It only carries traffic from VLAN 1.
Fa0/5 is not a trunk port. It only carries traffic from VLAN 1.

Exam Question 528

What is the possible IP range that can be assigned to hosts on a subnet that includes the address 192.168.144.34/29?

A. 192.168.144.32 – 192.168.144.63
B. 192.168.144.33 – 192.168.144.38
C. 192.168.144.33 – 192.168.144.48
D. 192.168.144.28 – 192.168.144.40
Correct Answer:
B. 192.168.144.33 – 192.168.144.38
Answer Description:
Range 192.168.144.33 – 192.168.144.38 is the correct answer. To determine the range of addresses that can be assigned in a subnet, you must first determine the network ID of the subnetwork and the broadcast address of the subnetwork. All addresses that can be assigned to hosts will lie between these endpoints.

The network ID can be obtained by determining the interval between subnet IDs. With a 29-bit mask, the decimal equivalent of the mask will be 255.255.255.248. The interval between subnets can be derived by subtracting the value of the last octet of the mask from 256. In this case, that operation would be 256 – 248 = 8. Therefore, the interval is 8.

The first network ID will always be the classful network you started with (in this case 192.168.144.0). Each subnetwork ID will fall at 8-bit intervals as follows:

192.168.114.0
192.168.144.8
192.168.144.16
192.168.144.24
192.168.144.32
192.168.144.40

We can stop at the 192.168.144.40 address because the address given in the scenario, 192.168.144.34, is in the network with a subnet ID of 192.168.144.32. Therefore, since the broadcast address for this network will be 1 less than the next subnet ID (192.168.144.39), the valid range of IP addresses is 192.168.144.33 – 192.168.144.38. 192.168.144.39 will be the broadcast address for the next subnet, and 192.168.144.40 will be the first valid address in the next subnet.

None of the other answers is the correct range.

Exam Question 529

Which WAN switching technology is used with ISDN?

A. packet switching
B. virtual switching
C. circuit switching
D. cell switching
Correct Answer:
C. circuit switching
Answer Description:
Circuit switching dynamically establishes a connection between a source and a destination. The connection cannot be used by other callers until the circuit is released. Circuit switching is the most common technique used with the public switched telephone network (PSTN) to make phone calls. During a call, a dedicated virtual circuit is temporarily established between the caller and receiver for the duration of the call. Once the caller or receiver hangs up the phone, the circuit is released and is made available for other users.

Packet switching is a technique popularly used for transfer of data that is not delay sensitive and does not require real-time transfer rates from a sender to a receiver. Also unlike circuit switching which makes a fixed amount of bandwidth available for the connection (which may not be fully utilized) packet switching uses bandwidth more efficiently. With packet switching, the data is broken into labeled packets and is transmitted using packet-switching networks.

Cell switching is used by Asynchronous Transfer Mode (ATM). ATM is an International Telecommunication Union-Telecommunications (ITU-T) standard for transmission of data, voice, or video traffic using a fixed size frame of 53 bytes, known as cells. Of these 53 bytes, the initial five bytes are header information and the remaining 48 bytes are the payload. These cells are transmitted over a path that may vary with each cell. It does not maintain a dedicated virtual circuit.

The term “virtual switching” is incorrect because it is not a valid WAN switching technology.

Exam Question 530

The conference room has a switch port available for use by the presenter during classes. You would like to prevent that port from hosting a hub or switch.
Which of the following commands could be used to prevent that port from hosting a hub or switch?

A. switchport port-security maximum
B. switchport port-security mac address sticky
C. switchport port-security mac address
D. switchport port-security
Correct Answer:
D. switchport port-security
Answer Description:
The switchport port-security command would prevent the port from hosting a hub or switch. This command enables port security on an interface. It does not specify a maximum number of MAC addresses, but in the default is 1, therefore it would accomplish the goal.

The switchport port-security maximum command alone could not be used to limit the number of MAC addresses allowed on the interface to 1. This command has no effect unless the switchport port-security command has been executed.

The switchport port-security mac address sticky command would not prevent that port from hosting a hub or switch. This command is used to allow a port to dynamically learn the first MAC address it sees in the port, add it to the MAC address table and save it to the running configuration of the switch.

The switchport port-security mac address command would not prevent that port from hosting a hub or switch. This command is used to manually assign a MAC address to a port as a secure address. When used in combination with the switchport port-security maximum command, the use of the port can not only be limited to one address at a time, but also limited to only a specific address. For example, the following set of commands would assure that only the device with the MAC address of 0018.cd33.46b3 will be able to connect to the port:
Switch(config-if)#switchport port-security maximum 1
Switch(config-if)#switchport port-security mac-address 0018.cd33.46b3