Skip to Content

Cisco Certified Network Associate 200-301 CCNA Exam Questions and Answers – Page 6

By: Author Alex Lim

Posted on  - Last updated:

Categories Exam

The latest Cisco Certified Network Associate 200-301 CCNA certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the Cisco Certified Network Associate 200-301 CCNA exam and earn Cisco Certified Network Associate 200-301 CCNA certification.

Exam Question 541

Which of the following are characteristics of Open Shortest Path First (OSPF)? (Choose three.)

A. Administrative distance of OSPF is 90
B. Administrative distance of OSPF is 110
C. OSPF uses the Dijkstra algorithm to calculate the SPF tree
D. OSPF uses the Diffusing Update algorithm (DUAL) algorithm to calculate the SPF tree
E. OSPF uses 224.0.0.5 as multicast address for ALLDRouters
F. OSPF uses 224.0.0.6 as multicast address for ALLDRouters
Correct Answer:
B. Administrative distance of OSPF is 110
C. OSPF uses the Dijkstra algorithm to calculate the SPF tree
F. OSPF uses 224.0.0.6 as multicast address for ALLDRouters
Answer Description:
The following are characteristics of Open Shortest Path First (OSPF) routing protocol:

  • The default administrative distance is 110.
  • It uses 224.0.0.6 as the multicast address for ALLDRouters.
  • It uses the Dijkstra algorithm to calculate the Shortest Path First (SPF) tree.
  • It uses Internet Protocol (IP) protocol 89.
  • OSPF supports Non-Broadcast Multi-Access (NBMA) networks such as Frame Relay, X.25, and Asynchronous Transfer Mode (ATM). The default hello interval for NBMA networks is 30 seconds.
  • OSPF supports point-to-point and point-to-multipoint connections.
  • It also supports authentication.
  • OSPF uses 224.0.0.5 as the multicast address for ALLSPFRouters.
  • It uses link-state updates and SPF calculations that provides fast convergence.
  • OSPF is recommended for large networks due to good scalability.
  • It uses cost as the default metric.
  • There is no maximum hop count as with distance vector routing protocols. The number of hops to a network can be unlimited.

The option stating that AD of OSPF is 90 is incorrect because 90 is the default administrative distance for an internal Enhanced Interior Gateway Routing Protocol (EIGRP) route.

The option stating that OSPF uses the Diffusing Update algorithm (DUAL) algorithm to calculate the SPF tree is incorrect. The DUAL algorithm is used by EIGRP to calculate the SPF tree.

Keep the following in mind when comparing OSPF and EIGRP:

  • EIGRP is vendor specific; OSPF is not
  • EIGRP has an AD of 90; OSPF has an AD of 110
  • OSPF elects a DR on each multi-access network; EIGRP does not
  • OSPF uses cost as its metric, and EIGRP uses bandwidth as its metric

The option stating that OSPF uses 224.0.0.5 as multicast address for ALLDRouters is incorrect because OSPF uses 224.0.0.6 as multicast address for ALLDRouters, and 224.0.0.5 as multicast address for ALLSPFRouters.

Exam Question 542

Which statement correctly identifies a difference between Inter-Switch Link (ISL) and 802.1q?

A. 802.1q uses a native VLAN, ISL does not.
B. Cisco devices support only ISL.
C. ISL uses a 12-bit VLAN number field, and 802.1q does not.
D. ISL modifies the original Ethernet frame, while 802.1q encapsulates the original Ethernet frame.
Correct Answer:
A. 802.1q uses a native VLAN, ISL does not.
Answer Description:
802.1q defines a native virtual LAN (VLAN) on each trunk link, which defaults to VLAN 1. The 802.1q frame tagging method specifies that frames in the native VLAN will not be tagged while transmitting over a trunk link. The switch on the other end of the link identifies a native VLAN frame by the absence of the 802.1q header. ISL does not have the concept of native VLANs, and traffic from all VLANs is encapsulated.

While older Cisco devices support both the ISL and 802.1q frame tagging methods, ISL is a deprecated, Cisco-proprietary frame tagging method, and newer Cisco switches only support the 802.1q standard. When switches from multiple vendors are installed in the network, the 802.1q frame tagging method should be used.

It is incorrect to state that ISL uses a 12-bit VLAN number field and 802.1q does not. ISL uses a 15-bit VLAN ID field, while 802.1q uses a 12-bit VLAN ID field.

ISL encapsulates the original Ethernet frame, adding a 26-byte header and a 4-byte trailer. 802.1q operates by inserting a 4-byte header inside the original Ethernet frame, then recalculating the checksum (CRC) in the Ethernet trailer.

Exam Question 543

Which command(s) will enable you to configure only serial interface 0 on a Cisco router?

A. router>interface serial 0
B. router#interface serial 0
C. router(config)#interface serial 0
D. router(config-if)#interface serial 0
Correct Answer:
C. router(config)#interface serial 0
D. router(config-if)#interface serial 0
Answer Description:
You can use either the router(config)# interface serial 0 command or the router(config-if)# interface serial 0 command to configure serial interface 0 on the router. To perform configuration changes on a single interface, you must either enter interface configuration mode for that interface, or simply execute the command to enter configuration mode for another interface while still at the configuration prompt for the previous interface.

Router configuration mode (as indicated by the prompt router(config)#) allows global configuration of the router. This mode, also referred to as the global configuration mode, must be entered as a precursor to entering the interface configuration mode for a specific interface. The sequence of commands and prompts to arrive at this mode would be:

Router> enable (enters privileged mode)
Router# config t (enters global configuration mode, t is short for terminal)
Router(config)# interface serial 0 (enters interface configuration mode for the serial 0 interface)
Router(config-if)#

At this point, any commands executed would be configuration changes limited to the serial 0 interface. For example, to place an address on the interface, enable the interface, and save the configuration, the command series and prompts would be:

Router> enable
Router# config t
Router(config)# interface serial 0
Router(config-if)# ip address 192.168.20.1 255.255.255.0 (addresses the interface)
Router(config-if)# no shutdown (enables or "turns on" the interface)
Router(config-if)# exit (exits global configuration mode)
Router(config)# exit (exits privileged mode)
Router# copy running-config startup config (copies the changes to the configuration file on the router)

Alternately, you could enter interface configuration mode for one interface while still in configuration mode for another interface, as shown below. After entering the interface serial 1 command, you will be editing serial 1 instead of serial 0.

Router(config)# interface serial 0
Router(config)#
Router(config)# interface serial 1

You should not use the command router> interface serial 0. User EXEC mode, as indicated by the prompt router>, provides limited access to a router and is the initial mode you see after authenticating to the router. The subcommand interface serial 0 is not functional before you proceed to global configuration mode and interface configuration mode for a specific interface.

You should not use the command router# interface serial 0. Privileged mode (as indicated by the prompt router#) must be traversed to get to global configuration mode before you can execute the subcommand interface serial 0. This subcommand is not functional while you are still in privileged mode.

Exam Question 544

A switch is powered up, and the system LED is amber.
Which of the following describes this situation?

A. The switch is malfunctioning.
B. Utilization level is high.
C. The switch is performing normally.
D. There is a security violation on a switch port.
Correct Answer:
A. The switch is malfunctioning.
Answer Description:
The system LED indicates the overall health of the switch. The LED should turn solid green after a successful Power On Self Test (POST). An amber system LED indicates that there is a system-wide failure in the switch.

High utilization will not cause the system LED to turn amber.

An amber system LED indicates a general switch malfunction. It does not indicate that the switch is performing normally.

Port security violations will not cause the system LED to be amber. The system LED is used to identify the overall health of the switch.

Exam Question 545

Which statement is true regarding Inter-Switch Link (ISL) frame tagging?

A. ISL uses a native VLAN.
B. ISL works with non-Cisco switches.
C. ISL adds a 26-byte trailer and 4-byte header.
D. The original Ethernet frame is not modified.
Correct Answer:
D. The original Ethernet frame is not modified.
Answer Description:
With ISL frame tagging, the original Ethernet frame is not modified. ISL encapsulates the original frame by adding a 26-byte header and a 4-byte Cyclic Redundancy Check (CRC) trailer. The original Ethernet frame is placed between the header and trailer. A normal Ethernet frame can have a maximum size of 1,518 bytes, and therefore adding the header and trailer size gives an ISL frame a maximum size of 1,548 bytes.

ISL frame tagging does not use the concept of a native VLAN. Instead, Institute of Electrical and Electronics Engineers (IEEE) 802.1q frame tagging uses the native VLAN. Unlike ISL trunks, where every frame traversing the trunk is tagged with an ISL header and a trailer, 802.1Q trunks allow untagged frames over the native VLAN. An untagged frame does not carry VLAN identification information in it and is a simple Ethernet frame.

ISL is proprietary to Cisco, and thus does not work with non-Cisco switches.

ISL frame tagging does not add a 26-byte trailer and 4-byte header. It adds a 26-byte header and 4-byte trailer.

Exam Question 546

Which subnet is IP address 172.16.5.2 /23 a member of, and what is the broadcast address for that subnet?

A. subnet: 172.16.4.0, broadcast: 172.16.5.255
B. subnet: 172.16.5.0, broadcast: 172.16.5.255
C. subnet: 172.16.2.0, broadcast: 172.16.5.255
D. subnet: 172.16.0.0, broadcast: 172.16.7.255
Correct Answer:
A. subnet: 172.16.4.0, broadcast: 172.16.5.255
Answer Description:
The IP address 172.16.5.2 /23 is a member of subnet 172.16.4.0 and has the broadcast address of 172.16.5.255. The valid host range is between 172.16.4.1 and 172.16.5.254.

Binary form of IP address 172.16.5.2 = 10101100.00010000.00000101.00000010
Binary conversion for /23 netmask = 11111111.11111111.11111110.00000000
Decimal conversion for /23 netmask = 255.255.254.0

Calculations:
Perform the AND operation between the IP address and the netmask to obtain the subnet ID:

Address = 10101100.00010000.00000101.00000010
Netmask = 11111111.11111111.11111110.00000000
——————————————————————————-
Subnetwork ID = 10101100.00010000.00000100.00000000

Convert the binary version of the network ID to dotted decimal format, 172.16.4.0.

To obtain the broadcast address, replace the last 9 host bits (32 – 23 = 9 bits) of the network address, which yields the following:

Binary form of broadcast address = 10101100.00011001.00000101.11111111
Decimal form of broadcast address = 172.16.5.255
To obtain the broadcast address, replace the last 9 host bits (32 - 23 = 9 bits) of the network address, which yields the following.

Exam Question 547

You need to configure Network Address Translation (NAT) to allow users access to the Internet. There are 62 private hosts that need Internet access using the private network 10.4.3.64 /26, and all of them will be translated into the public IP address of the serial interface.
Which of the following NAT configurations will allow all 62 hosts to have simultaneous Internet access?

A. Router(config)# ip nat pool POOLNAME 10.4.3.64 /26
Router(config)# interface s0
Router(config-if)# ip nat inside source 1 pool POOLNAME overload
B. Router(config)# access-list 1 permit 10.4.3.64 0.0.0.127
Router(config)# interface s0/0
Router(config-if)# ip nat source list 1 pool POOLNAME overload
C. Router(config)# access-list 1 permit 10.4.3.64 /26
Router(config)# ip nat inside source list 1 interface serial 0
D. Router(config)# access-list 1 permit 10.4.3.64 0.0.0.63
Router(config)# ip nat inside source list 1 interface serial 0 overload
Correct Answer:
D. Router(config)# access-list 1 permit 10.4.3.64 0.0.0.63
Router(config)# ip nat inside source list 1 interface serial 0 overload
Answer Description:
You should execute the following commands:

Router(config)# access-list 1 permit 10.4.3.64 0.0.0.63
Router(config)# ip nat inside source list 1 interface serial 0 overload

A successful NAT configuration requires the creation of an access control list (ACL) to identify the private IP addresses that will be translated, as well as an ip nat inside source command to dictate what public IP addresses will be used for translation. Cisco uses the term “inside local” for IP addresses prior to translation, and “inside global” for public IP addresses after translation.

The access-list 1 permit 10.4.3.64 0.0.0.63 command correctly identifies the private host network of 10.4.3.64 /26, consisting of 62 hosts.

The ip nat command is broken down as follows:

  • inside: indicates that packets received on the inside (private) interface will be translated
  • list 1: specifies that access list 1 will be used to determine which private IP addresses will be translated
  • interface serial 0: specifies that NAT will translate private IP addresses into the IP address of the serial 0 interface
  • overload: allows NAT to reuse the IP address of the serial interface for all private IP addresses, providing them simultaneous access to the Internet

The correct wildcard mask is critical to ensuring that the access list allows translation of all LAN devices. For example, if the private LAN used the 192.168.9.0/24 network and 167 devices were present in the network, the correct wildcard mask would be 0.0.0.255. If you used an incorrect wildcard mask, such as 0.0.0.3, only the 192.168.9.0/30 network would be allowed translation (only the IP addresses 192.18.9.1 and 192.168.19.2.) Of the 167 devices, 165 would not receive translation.

The overload keyword is required in this configuration, since there are more private IP addresses (62) than there are public IP addresses (one). Overload activates NAT overloading, often called Port Address Translation (PAT), and assigns each private IP address a unique, dynamic source port in router memory to track connections. If the overload keyword were not included in the NAT configuration, only one private host could access the Internet at a time.

An alternate solution would involve the creation of a pool of public IP addresses on the NAT router, and applying the access control list to the NAT pool:

Router(config)# ip nat pool NATPOOL 201.52.4.17 201.52.4.22 netmask 255.255.255.248
Router(config)# ip nat inside source list 1 pool NATPOOL overload

The first command creates a NAT pool with six public IP addresses on subnet 201.52.4.16/29, which will be used for translation. The second command then ties access list 1 to the NAT pool, and specifies overload so that the six public addresses can be reused as often as necessary, allowing all of the private IP addresses simultaneous Internet access.

In both of these examples, dynamic mapping is used. Without dynamic mapping, it is not possible for computers from outside the network to establish a connection with computers inside the network unless a static mapping between the private IP address and the public IP address is established on the NAT device.

A common alternative approach is to use public IP addresses in the DMZ rather than private IP addresses, and to place any computers than must be accessed from outside the network in the DMZ. In this case, NAT is not required between the DMZ devices and the Internet. Even if public IP addresses are used in the DMZ, if the addresses undergo NAT translation, connections from outside the network will not be possible.

When NAT is used to translate a public IP address (or addresses) to private IP addresses, the NAT process is ONLY implemented on the router that connects the network to the Internet. This is because private IP addresses are not routable to the Internet, and translation must occur where the network connects to the Internet.

The following command sets are incorrect because they both involve the creation of a NAT pool:

Router(config)# ip nat pool POOLNAME 10.4.3.64 /26
Router(config)# interface s0
Router(config-if)# ip nat inside source 1 pool POOLNAME overload

and

Router(config)# access-list 1 permit 10.4.3.64 0.0.0.127
Router(config)# interface s0/0
Router(config-if)# ip nat source list 1 pool POOLNAME overload

The scenario states you must use the IP address of the serial interface as the public address. Also, the ip nat inside source command is configured in global configuration mode, not interface configuration mode. Finally, access control lists require inverse masks (such as 0.0.0.63). CIDR notation (as in POOLNAME 10.4.3.64 /26) is not allowed.

The following command set is incorrect because access control lists require inverse masks (such as 0.0.0.63) and CIDR notation (/26) is not allowed:

Router(config)# access-list 1 permit 10.4.3.64 /26
Router(config)# ip nat inside source list 1 interface serial 0

Also, the ip nat inside source command is configured in global configuration mode, not interface configuration mode.

Exam Question 548

At which of the following layers of the Cisco three-tier architecture should port security be implemented?

A. Access layer
B. Distribution layer
C. Core layer
D. Edge layer
Correct Answer:
A. Access layer
Answer Description:
Port security is one of the functions that should be performed at the Access layer. Among other functions that are done at this layer are:

  • PoE
  • Link aggregation
  • QoS

Port security should not be performed at the Distribution layer. Among the functions that should be done at this layer are:

  • Routing updates
  • Route summaries
  • VLAN traffic
  • Address aggregation

Port security should not be performed at the Core layer. Among the functions that should be done at this layer are:

  • Access-list checking
  • Data encryption
  • Address translation

Edge is not one of the three layers in the Cisco three-tier model.

Exam Question 549

The router interfaces for a network are configured as shown in the following exhibit. (Click the Exhibit(s) button.)
The router interfaces for a network are configured as shown in the following exhibit.
Warehouse 1 is having trouble connecting to the Internet. After troubleshooting the issue, several other connectivity issues are discovered.
What should you do to fix this problem?

A. Change the IP address of the Warehouse 1 LAN interface.
B. Change the IP address of the Warehouse 1 WAN interface.
C. Change the IP address of the Main Office LAN Interface.
D. Change the IP address of the Main Office WAN interface.
E. Change the IP address of the Main Office Internet interface.
Correct Answer:
D. Change the IP address of the Main Office WAN interface.
Answer Description:
You should change the IP address of the Main Office WAN interface.

With a 29-bit mask and the chosen class B address, the following network IDs are created:

172.16.0.0
172.16.0.8
172.16.0.16
172.16.0.24
172.16.0.32
172.16.0.40
172.16.0.48
172.16.0.56
172.16.0.64

…and so on, incrementing each time by 8 in the last octet. At the end of this series of increments, the network IDs will be:

172.16.1.240
172.16.1.248
172.16.2.0

172.16.1.248/29 is the subnet number for the WAN. This address cannot be used as a host address on the network. The legitimate addresses in this range are 172.16.0.249 through 172.16.0.254. This misconfiguration would cause both the Warehouse 1 and Warehouse 2 segment to have trouble connecting to the Internet.

All of the other addresses in the diagram are correct. The correct configuration of the network is shown in the following diagram:
All of the other addresses in the diagram are correct. The correct configuration of the network is shown in the following diagram.

Exam Question 550

You have successfully configured a router, but it prompts you to run Setup mode every time the router is restarted. Based on the following output, what could be causing this problem?
You have successfully configured a router, but it prompts you to run Setup mode every time the router is restarted. Based on the following output, what could be causing this problem?

A. The router does not have sufficient flash memory.
B. The configuration register is incorrect.
C. The configuration file could not be found in NVRAM.
D. The router could not locate a configuration file over the network.
Correct Answer:
B. The configuration register is incorrect.
Answer Description:
The configuration register is incorrect. The configuration register value of 2142 is preventing the router from loading the configuration file from NVRAM.

The router configuration register is used to control various aspects of the router boot sequence, and defaults to a value of 2102. A configuration register of 2102 indicates that the router should boot normally, which consists of loading the Internetwork Operating System (IOS) into RAM, then loading the saved configuration file from Non-Volatile RAM (NVRAM) to configure the router.

Changing the configuration register to 2142 tells the router to bypass the saved configuration in NVRAM. This causes the router to boot with a default running configuration, and prompt to run the Initial Configuration Dialog (or Setup mode). Changing the configuration register to 2142 is necessary to perform password recovery or to bypass any other aspect of a saved configuration that might be causing problems. After the situation is resolved, the configuration register would then be changed back to the default of 2102 with the following command:

Router(config)# config-register 0x2102

The router is successfully loading the IOS from flash memory, so insufficient flash memory is an incorrect answer.

The configuration register is instructing the router to bypass the configuration file in NVRAM, so it is incorrect to state that the configuration file could not be found in NVRAM.

The configuration register is instructing the router to bypass the configuration file in NVRAM, so it is incorrect to state that the router could not locate a configuration file over the network.