The latest Cisco Certified Network Associate 200-301 CCNA certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the Cisco Certified Network Associate 200-301 CCNA exam and earn Cisco Certified Network Associate 200-301 CCNA certification.
Exam Question 631
Refer to the exhibit. If the network environment is operating normally, which type of device must be connected to interface FastEthernet 0/1?
A. DHCP client
B. access point
C. router
D. PC
Correct Answer:
D. PC
Exam Question 632
When a site-to-site VPN is used, which protocol is responsible for the transport of user data?
A. IPsec
B. IKEv1
C. MD5
D. IKEv2
Correct Answer:
A. IPsec
Answer Description:
A site-to-site VPN allows offices in multiple fixed locations to establish secure connections with each other over a public network such as the Internet. A site-to-site VPN means that two sites create a VPN tunnel by encrypting and sending data between two devices. One set of rules for creating a site-to-site VPN is defined by IPsec.
Exam Question 633
Which goal is achieved by the implementation of private IPv4 addressing on a network?
A. provides an added level of protection against Internet exposure
B. provides a reduction in size of the forwarding table on network routers
C. allows communication across the Internet to other private networks
D. allows servers and workstations to communicate across public network boundaries
Correct Answer:
A. provides an added level of protection against Internet exposure
Exam Question 634
What are two recommendations for protecting network ports from being exploited when located in an office space outside of an IT closet? (Choose two.)
A. enable the PortFast feature on ports
B. configure static ARP entries
C. configure ports to a fixed speed
D. implement port-based authentication
E. shut down unused ports
Correct Answer:
D. implement port-based authentication
E. shut down unused ports
Exam Question 635
Refer to the exhibit. A network administrator must permit SSH access to remotely manage routers in a network. The operations team resides on the 10.20.1.0/25 network. Which command will accomplish this task?
A. access-list 2699 permit udp 10.20.1.0 0.0.0.255
B. no access-list 2699 deny tcp any 10.20.1.0 0.0.0.127 eq 22
C. access-list 2699 permit tcp any 10.20.1.0 0.0.0.255 eq 22
D. no access-list 2699 deny ip any 10.20.1.0 0.0.0.255
Correct Answer:
D. no access-list 2699 deny ip any 10.20.1.0 0.0.0.255
Answer Description:
Already a statement is there in last to allow SSH Traffic for network 10.20.1.0 0.0.0.127, but Second statement says deny ip any 10.20.1.0 0.0.0.255, so how it will work once it is denied. So the right answer is remove the — no access-list 2699 deny ip any 10.20.1.0 0.0.0.255.
Exam Question 636
A port security violation has occurred on a switch port due to the maximum MAC address count being exceeded. Which command must be configured to increment the security-violation count and forward an SNMP trap?
A. switchport port-security violation access
B. switchport port-security violation protect
C. switchport port-security violation restrict
D. switchport port-security violation shutdown
Correct Answer:
C. switchport port-security violation restrict
Exam Question 637
What is a practice that protects a network from VLAN hopping attacks?
A. Enable dynamic ARP inspection
B. Configure an ACL to prevent traffic from changing VLANs
C. Change native VLAN to an unused VLAN ID
D. Implement port security on internet-facing VLANs
Correct Answer:
C. Change native VLAN to an unused VLAN ID
Exam Question 638
How do traditional campus device management and Cisco DNA Center device management differ in regards to deployment?
A. Traditional campus device management allows a network to scale more quickly than with Cisco DNA Center device management.
B. Cisco DNA Center device management can deploy a network more quickly than traditional campus device management.
C. Cisco DNA Center device management can be implemented at a lower cost than most traditional campus device management options.
D. Traditional campus device management schemes can typically deploy patches and updates more quickly than Cisco DNA Center device management.
Correct Answer:
B. Cisco DNA Center device management can deploy a network more quickly than traditional campus device management.
Exam Question 639
How does Cisco DNA Center gather data from the network?
A. Devices use the call-home protocol to periodically send data to the controller
B. Devices establish an IPsec tunnel to exchange data with the controller
C. The Cisco CLI Analyzer tool gathers data from each licensed network device and streams it to the controller
D. Network devices use different services like SNMP, syslog, and streaming telemetry to send data to the controller
Correct Answer:
D. Network devices use different services like SNMP, syslog, and streaming telemetry to send data to the controller
Exam Question 640
Which type of API allows SDN controllers to dynamically make changes to the network?
A. northbound API
B. REST API
C. SOAP API
D. southbound API
Correct Answer:
D. southbound API