The latest Cisco Certified Network Associate 200-301 CCNA certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the Cisco Certified Network Associate 200-301 CCNA exam and earn Cisco Certified Network Associate 200-301 CCNA certification.
Exam Question 561
Your network consists of one HSRP group of six routers. All of the routers are functioning properly. The network has been stable for several days.
In which HSRP state are most of the routers?
A. Learn
B. Listen
C. Standby
D. Active
Correct Answer:
B. Listen
Answer Description:
If all of the routers in the Hot Standby Routing Protocol (HSRP) group are functioning properly, then most of the routers in the group are in the listen state. Four routers will be in the listen state, one router will be in the standby state, and one router will be in the active state.
HSRP is used by a group of routers to create the appearance of a virtual router with which end stations can communicate in the event that the default gateway becomes unavailable. The active router is responsible for forwarding packets that are sent to the virtual router. The standby router is responsible for assuming the role of active router should the active router fail or become unavailable. All other HSRP routers monitor the hello messages sent by the active and standby routers. Should the active and standby routers both become unavailable, the HSRP router with the highest priority is elected to become the active router by default. For routers with equal priority values, the router with the highest IP address becomes the active router.
HSRP routers can exist in one of the following six states:
- Initial
- Learn
- Listen
- Speak
- Standby
- Active
All HSRP routers start in the initial state. A router in the learn state is waiting for its first hello message from the active router so that it can learn the virtual router’s IP address. When the hello message is received and the virtual router’s IP address is discovered, the HSRP router is in the listen state. A router in the listen state listens for hello messages from the active and standby routers. If an election for a new active router and a new standby router is required, then an HSRP router will enter the speak state and begin transmitting hello messages. The standby state is reserved for the standby router, and the active state is reserved for the active router. Only routers in speak, standby, and active states will transmit hello packets.
Exam Question 562
You are the network administrator for your company. The network at the company’s office is due to be upgraded, and you have been assigned the responsibility of identifying the requirements for designing the network. You need to provide network connectivity to 200 client computers that will reside in the same sub network, and each client computer must be allocated dedicated bandwidth. Which device should you use to accomplish the task?
A. router
B. hub
C. switch
D. firewall
Correct Answer:
C. switch
Answer Description:
You should use a switch to accomplish the task in this scenario. A switch is used to provide dedicated
bandwidth to each node by eliminating the possibility of collisions on the switch port where the node
resides. Switches work at Layer 2 in the Open System Interconnection (OSI) model and perform the
function of separating collision domains. When a node resides in its own collision domain, the possibility of
collisions (which slow throughput due to the subsequent but necessary retransmission) is eliminated. The
advantage of using a switch instead of a hub is that a switch provides dedicated bandwidth to each client, while all connected clients share the bandwidth on a hub.
A router will not be a suitable device in this scenario. Routers are Network layer devices that are used to separate broadcast domains and connect two or more different subnets or network types. There is only a single subnet in the scenario so a router is not required.
A hub will not be a suitable device in this scenario. Hubs are Physical layer (Layer 1) devices that are used to connect clients to the network. A hub simply broadcasts data to all its ports; it does not create separate collision domains. All clients connected to a hub are a member of a single collision domain. In a scenario where a number of devices connected to a hub are experiencing network slowdowns, especially when using network-based applications, replacing the hub with a switch is almost always the best solution.
A firewall will not be a suitable device in this scenario. A firewall is a device used to secure the network against unauthorized intrusions and malicious attacks.
Exam Question 563
Users on the LAN are unable to access the Internet. How would you correct the immediate problem?
Router# show ip interface brief
Interface IP-Address OK? Method Status Protocol
FastEthernet 0/0 unassigned YES unset down down
FastEthernet 0/1 172.16.1.254 YES NVRAM up up
Serial0/0 200.16.4.25 YES NVRAM administratively down down
Serial0/1 unassigned YES unset down down
A. Configure a bandwidth on the serial interface.
B. Perform a no shutdown command on the serial interface.
C. Configure a private IP address on the Fastethernet0/0 LAN interface.
D. Change the IP address on the serial interface.
Correct Answer:
B. Perform a no shutdown command on the serial interface.
Answer Description:
The output indicates that the serial interface leading to the Internet is administratively down. All router
interfaces are disabled by default due to the presence of a shutdown command in the running configuration.
The no shutdown command removes this configuration, and the interface becomes active. The command
sequence is:
Router(config)# interface serial0/0
Router(config-if)# no shutdown
Although it was not the problem in the scenario, the S0/0 interface could also cause an error if it is
configured as shown in this output:
Interface IP-Address OK? Method Status Protocol
Serial0/0 200.16.4.25 YES NVRAM up down
In this example, the S0/0 interface has been enabled, and while there is Layer 1 connectivity (the Status
column), Layer 2 is not functioning (the Protocol column). There are two possible reasons for this result:
- Interface S0/0 is not receiving a clock signal from the CSU/DSU (if one is present).
- The encapsulation type configured on S0/0 does not match the type configured on the other end of the
link (if the other end is a router).
Configuring a bandwidth on the serial interface is incorrect because the output indicates the interface is
administratively down, which does not pertain to bandwidth.
Configuring a private IP address on the Fastethernet0/0 LAN interface is incorrect because the output
indicates the problem is with the disabled serial interface.
The IP address on the serial interface may or may not be valid, but it is not the immediate cause of the
connectivity problem. The serial interface is disabled.
Exam Question 564
Which Cisco Internetwork Operating System (IOS) command is used to copy the configuration stored in Random Access Memory (RAM) to Non-Volatile Random Access Memory (NVRAM)?
A. router# copy running-config startup-config
B. router(config)# copy running-config startup-config
C. router# copy startup-config running-config
D. router(config)# copy startup-config running-config
Correct Answer:
A. router# copy running-config startup-config
Answer Description:
The router# copy running-config startup-config command is used to copy the configuration stored in Random Access Memory (RAM) to Non-Volatile Random Access Memory (NVRAM). This command is issued in privileged EXEC mode. The syntax of the command is as follows:
router# copy running-config startup-config
The parts of the command are as follows:
- running-config is the running configuration stored in RAM.
- startup-config is the startup configuration stored in Non-Volatile Random Access Memory (NVRAM).
The router(config)# copy running-config startup-config command is incorrect because the copy run start command (abbreviated) is not issued in global configuration mode. It is executed in privileged EXEC mode.
The router# copy startup-config running-config command is incorrect because this command is used to copy the configuration stored in NVRAM to RAM.
The router(config)# copy startup-config running-config command is incorrect because neither the copy run start nor the copy start run commands are executed in global configuration mode. Moreover, the copy startup-config running-config command is used to copy the configuration stored in NVRAM to RAM.
Exam Question 565
Which of the following commands would allow you to determine the bandwidth of an interface?
A. show interfaces
B. show interfaces accounting
C. show cdp
D. show cdp neighbors
Correct Answer:
A. show interfaces
Answer Description:
The show interfaces command shows information about each interface including a section on the bandwidth of the connection. If you wanted to locate this information in the output, it would be in the third down line as follows:
MTU 1500 bytes, BW 10000 Kbit, DLY 100000 usec, rely 255/255, load 1/255
Where BW = bandwidth
The show interfaces accounting command focuses on the relative amounts of traffic going through each interface, but does not indicate the bandwidth.
The show cdp command shows information about the Cisco Discovery protocol, a Layer 2 protocol used by Cisco devices to advertise their existence and capabilities to other Cisco devices ion the network.
The show cdp neighbors command shows information about each discovered neighbor, but does not display the bandwidth of an interface.
Exam Question 566
You are considering a candidate for a job as a Cisco network technician. As part of the assessment process, you ask the candidate to write down the commands required to configure a serial interface, in the proper order with the correct command prompts. The candidate submits the set of commands shown below (line numbers are for reference only):
1 Router# configure terminal
2 Router(config)# interface S0
3 Router(config)# ip address 192.168.5.5
4 Router(config-if)# enable interface
5 Router(config-if)# description T1 to Raleigh
What part(s) of this submission are incorrect? (Choose all that apply.)
A. The prompt is incorrect on line 1
B. The IP address is missing a subnet mask
C. The prompt is incorrect on line 5
D. The prompt is incorrect on line 3
E. The command on line 4 is incorrect
F. The prompt is incorrect on line 4
G. The description command must be executed before the interface is enabled
Correct Answer:
B. The IP address is missing a subnet mask
D. The prompt is incorrect on line 3
E. The command on line 4 is incorrect
Answer Description:
The IP address is missing a subnet mask, the prompt is incorrect on line 3, and the command enabling the interface (line 4) is incorrect.
The correct prompts and commands are as follows:
Router# configure terminal
Router(config)# interface S0
Router(config-if)# ip address 192.168.5.5 255.255.255.0
Router(config-if)# no shutdown
Router(config-if)# description T1 to Raleigh
The prompt for line 3 would be Router(config-if)# because the interface S0 command was issued immediately prior to the ip address 192.168.5.5 command. The prompt will remain Router(config-if)# for lines 3, 4, and 5 as each command that applies to the S0 interface is executed, including the description command.
The command to enable the interface is no shutdown, not enable interface. Therefore, the command executed on line 4 was incorrect.
Exam Question 567
Which device performs stateful inspection of traffic?
A. switch
B. firewall
C. access point
D. wireless controller
Correct Answer:
B. firewall
Exam Question 568
Refer to the exhibit. Which statement about the interface that generated the output is true?
A. A syslog message is generated when a violation occurs.
B. One secure MAC address is manually configured on the interface.
C. One secure MAC address is dynamically learned on the interface.
D. Five secure MAC addresses are dynamically learned on the interface.
Correct Answer:
B. One secure MAC address is manually configured on the interface.
Exam Question 569
An email user has been lured into clicking a link in an email sent by their company’s security organization. The webpage that opens reports that it was safe, but the link may have contained malicious code.
Which type of security program is in place?
A. user awareness
B. brute force attack
C. physical access control
D. social engineering attack
Correct Answer:
A. user awareness
Answer Description:
This is a training program which simulates an attack, not a real attack (as it says “The webpage that opens reports that it was safe”) so we believed it should be called a “user awareness” program. Therefore the best answer here should be “user awareness”. This is the definition of “User awareness” from CCNA 200-301
Offical Cert Guide Book:
“User awareness: All users should be made aware of the need for data confidentiality to protect corporate information, as well as their own credentials and personal information. They should also be made aware of potential threats, schemes to mislead, and proper procedures to report security incidents. “
Note: Physical access control means infrastructure locations, such as network closets and data centers, should remain securely locked.
Exam Question 570
Which set of actions satisfy the requirement for multifactor authentication?
A. The user enters a user name and password, and then re-enters the credentials on a second screen.
B. The user swipes a key fob, then clicks through an email link.
C. The user enters a user name and password, and then clicks a notification in an authentication app on a mobile device.
D. The user enters a PIN into an RSA token, and then enters the displayed RSA key on a login screen.
Correct Answer:
C. The user enters a user name and password, and then clicks a notification in an authentication app on a mobile device.
Answer Description:
This is an example of how two-factor authentication (2FA) works:
1. The user logs in to the website or service with their username and password.
2. The password is validated by an authentication server and, if correct, the user becomes eligible for the second factor.
3. The authentication server sends a unique code to the user’s second-factor method (such as a smartphone app).
4. The user confirms their identity by providing the additional authentication for their second-factor method.