Cisco Certified Network Associate 200-301 CCNA Exam Questions and Answers – Page 1

The latest Cisco Certified Network Associate 200-301 CCNA certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the Cisco Certified Network Associate 200-301 CCNA exam and earn Cisco Certified Network Associate 200-301 CCNA certification.

Exam Question 71

Which type of network uses Carrier Sense Multiple Access with Collision Detection (CSMA/CD) as an access method?

A. Token Ring
B. LocalTalk
C. 100VG-AnyLan
D. Ethernet

Correct Answer:
D. Ethernet
Answer Description:
Ethernet networks use CSMA/CD as an access method. In CSMA/CD, if a device wants to send a frame in the network, it first determines if the network is free. If the network is not free, the node will wait before sending the frame into a network. If the network is free, it sends the frame; if another device sends a frame simultaneously then their signals or frames collide. When the collision is detected, both packets wait for a random time before retrying.
The following statements are true regarding CSMA/CD:

  • CSMA/CD is required for shared collision domains, such as when hosts are connected via hubs. (Hubs are Layer 1 devices, and thus do not create collision domains.)
  • CSMA/CD networks normally operate in half-duplex mode, since in a shared collision domain, a host cannot send and receive data at the same time.
  • CSMA/CD is not required when connected to non-shared (private) collision domains, such as when hosts are connected to dedicated switch ports.
  • Switches create dedicated collision domains, so devices can operate in full-duplex mode.

Token Ring is incorrect because Token Ring uses token passing as the access method.
LocalTalk is incorrect because LocalTalk uses CSMA/CA (Collision Avoidance) as the access method.
100VG-AnyLan is incorrect because 100VG-AnyLan uses demand priority as the access method.
Objective: LAN Switching Fundamentals
Sub-Objective: Interpret Ethernet frame format

Exam Question 72

You are advising a client on the options available to connect a small office to an ISP.
Which of the following is an advantage of using an ADSL line?

A. it uses the existing cable TV connection
B. it uses the existing phone line
C. you receive a committed information rate (CIR) from the provider
D. the upload rate is as good as the download rate

Correct Answer:
B. it uses the existing phone line
Answer Description:
xDSL lines, including the ADSL variant, use the existing phone line and as such make installing only a matter of hooking up the DSL modem to the line.
It does not use the use the existing cable TV connection. This is a characteristic of using a cable modem rather than ADSL.
You do not receive a committed information rate (CIR) from the provider. CIR is provided with a frame relay connection.
The upload rate is NOT as good as the download rate with asynchronous DSL (ADSL). The download rate is significantly better than the upload rate. Symmetric Digital Subscriber Line (SDSL) is a version of DSL that supplies an equal upload and download rate, but that is not the case with ADSL.
Objective: WAN Technologies
Sub-Objective: Describe WAN access connectivity options

Exam Question 73

Consider the following diagram:

Which of the following routing protocols could NOT be used with this design?
Which of the following routing protocols could NOT be used with this design?

Which of the following routing protocols could NOT be used with this design?

A. RIPv1
B. RIPv2
C. EIGRP
D. OSPF

Correct Answer:
A. RIPv1
Answer Description:
The network design displayed has subnets of a major classful network located in opposite directions from the perspective of some of the individual routers. This configuration can be accommodated by any routing protocol that supports Variable Length Subnet masks (VLSM) or the transfer of subnet mask information in routing advertisements.
RIPv1 supports neither of these. RIPv1 will automatically summarize routing advertisements to their classful network (in this case 192.168.1.0/24). This action will cause some of the routers to have routes to the same network with different next hop addresses, which will NOT work.
EIGRP, RIPv2 and OSPF all support VLSM and can be used in the design shown in the scenario.
Objective: Routing Fundamentals
Sub-Objective: Compare and contrast distance vector and link-state routing protocols

Exam Question 74

You and your team are evaluating the use of OSPFv3 in your IPv6 network.
Which of the following statements is true of OSPFv3?

A. There will be a higher demand on the processor to run the link-state routing algorithm
B. Router IDs must match for adjacency formation
C. Area IDs do not need to match for adjacency formation
D. Area types do not need to match for adjacency formation

Correct Answer:
A. There will be a higher demand on the processor to run the link-state routing algorithm
Answer Description:
There will be a higher demand on the processor to run the link-state routing algorithm. As with OSPFv2, OSPFv3 uses the Shortest Path first (SPF) algorithm, which is processor intensive. It is one of the only downsides of using the algorithm.
OSPFv3 also shares a number of other characteristics with its v2 counterpart with respect to adjacency formation. For example:

  • Router IDs should not match.
  • Router IDs should reflect the correct router ID for each device.
  • Area IDs must match.
  • Area types must match.

Objective: Routing Fundamentals
Sub-Objective: Configure, verify, and troubleshoot single area and multi-area OSPFv3 for IPv6 (excluding authentication, filtering, manual summarization, redistribution, stub, virtual-link, and LSAs)

Exam Question 75

You have established a console session with R1 and you are attempting to download an IOS image from the TFTP server in the diagram below.

You have established a console session with R1 and you are attempting to download an IOS image from the TFTP server
You have established a console session with R1 and you are attempting to download an IOS image from the TFTP server

However, you are unable to make the connection to 150.140.6.5. What is the problem?

A. The IP address of the management station is incorrect
B. The IP address of the TFTP server is incorrect
C. The interfaces between R1and R2 are not in the same subnet
D. The IP address of Switch B is incorrect

Correct Answer:
B. The IP address of the TFTP server is incorrect
Answer Description:
The IP address of the TFTP server is incorrect. The TFTP server, Switch B and the Fa0/2 interface on R3 should all be in the same subnet. With a 27-bit mask (255.255.255.224) against the 150.140.0.0 classful network the resulting subnets are:
150.140.0.0
150.140.0.32
150.140.0.64
and so on, incrementing in intervals of 32 in the last octet until it reaches the 150.140.6.0 subnet.
150.140.6.0
150.140.6.32
150.140.6.64
At this point, we can see that Switch B and the router interface are in the 150.140.6.32 subnet, while the TFTP server is in the 150.140.6.0 subnet. The IP address of the TFTP server needs to be in the 150.140.6.33-150.140.6.62 range, while avoiding the addresses already used on R1 and the switch.
The IP address of the management station does not appear to be in any of the networks listed in the diagram, but that doesn’t matter since the connection to the router is through the console cable which does not require a correct IP address.
The Fa0/2 and Fa0/1 interfaces on R1 and R2 are in the same subnet. Using a 25-bit mask against the 192.18.5.0/24 classful network yields the following subnets:
192.18.5.0
192.168.5.128
Both router interfaces in question are in the 192.18.5.0 subnet.
As we have already determined, the IP address of Switch B is correct. Even if it were incorrect or missing altogether, it would have no impact on connecting to the TFTP server. Switches merely switch frames based on MAC addresses and only need an IP address for management purposes.
Objective: Routing Fundamentals
Sub-Objective: Troubleshoot basic Layer 3 end-to-end connectivity issues

Exam Question 76

R1 and R2 are connected as shown in the diagram and are configured as shown in output in the partial output of the show run command.

R1 and R2 are connected as shown in the diagram and are configured
R1 and R2 are connected as shown in the diagram and are configured
Output in the partial output of the show run command
Output in the partial output of the show run command

The command ping R2 fails when executed from R1. What command(s) would allow R1 to ping R2 by name?

A. R1(config)#int S1
R1(config-if)#no ip address 192.168.5.5
R1(config-if)# ip address 192.168.5.9 255.255.255.252
B. R1(config)#no ip host R1
R1(config)# ip host R2 192.168.5.6 255.255.255.252
C. R1(config)#no hostname R2
R1(config)# hostname R1
D. R2(config)#int S1
R1(config-if)#no ip address 192.168.5.5
R1(config-if)# ip address 192.168.5.9 255.255.255.0

Correct Answer:
B. R1(config)#no ip host R1
R1(config)# ip host R2 192.168.5.6 255.255.255.252
Answer Description:
Both routers have been configured with the ip host command. This command creates a name to IP address mapping, thereby enabling the pinging of the device by address. On R1, the mapping is incorrect and needs to be corrected. Currently it is configured as ip host R1 192.168.5.6. It is currently mapping its own name to the IP address of R2.
To fix the problem, you should remove the incorrect IP address mapping and create the correct mapping for R2, as follows:
R1(config)#no ip host R1
R1(config)# ip host R2 192.168.5.6 255.255.255.252

Once this is done, the ping on R2 will succeed.
The IP address of the S1 interface on R1 does not need to be changed to 192.168.5.9 /30. In fact, if that is done the S1 interface on R1 and the S1 interface in R2 will no longer be in the same network. With a 30-bit mask configured, the network they are currently in extends from 192.168.5.4 – 192.168.5.7. They are currently set to the two usable addresses in that network, 192.168.5.5 and 192.168.5.6.
The hostnames of the two routers do need to be set correctly using the hostname command for the ping to function, but they are correct now and do not need to be changed.
The subnet mask of the S1 interface on R2 does not need to be changed to 255.255.255.0. The mask needs to match that of R1, which is 255.255.255.252.
Objective: Infrastructure Services
Sub-Objective: Troubleshoot client connectivity issues involving DNS

Exam Question 77

You run the following command: switch# show ip interface brief
What information is displayed?

A. A summary of the IP addresses and subnet mask on the interface
B. A summary of the IP addresses on the interface and the interface’s status
C. The IP packet statistics for the interfaces
D. The IP addresses for the interface and the routing protocol advertising the network

Correct Answer:
B. A summary of the IP addresses on the interface and the interface’s status
Answer Description:
The command show ip interface brief displays a summary of the IP address on the interface and the interface’s status. The status shows whether the interface is up. This command is useful when you are connected to a router or switch with which you are not familiar, because it allows you to obtain the state of all interfaces or switch ports.
Sample output of this command is shown below:

Sample output of this command is shown
Sample output of this command is shown

This command does not display subnet mask information. You should use other commands, such as show ip interface or show run interface, to verify the subnet mask.
IP statistics about the interface are displayed with the command show ip interface. Adding the brief keyword tells the switch to leave out everything but the state of the interface and its IP address.
To view the routing protocol advertising an interfaces network, you would use the command show ip protocol.
Objective: LAN Switching Fundamentals
Sub-Objective: Configure, verify, and troubleshoot interswitch connectivity

Exam Question 78

Which Cisco Internetwork Operating System (IOS) command would be used to set the privileged mode password to “cisco”?

A. router(config)# enable password cisco
B. router# enable secret cisco
C. router(config)# line password cisco
D. router(config-router)# enable password cisco

Correct Answer:
A. router(config)# enable password cisco
Answer Description:
The enable password command is used to set the local password to control access to privileged levels. This command is executed on the global configuration mode, as in router(config)# enable password cisco. The syntax of the command is:
router(config)# enable password [level level] {password | [encryption-type] encrypted-password}
The parameters of the command are as follows:

  • level: An optional parameter to set the privilege level at which the password applies. The default value is 15.
  • password: Specifies the password that is used to enter enable mode.
  • encryption-type: An optional parameter to specify the algorithm used to encrypt the password.
  • encrypted-password: Specifies the encrypted password that is copied from another router configuration.

The router# enable secret cisco command is incorrect because the enable secret command must be executed from global configuration mode, not privileged EXEC mode. In fact, this is the password for which you will be prompted when you attempt to enter privilege exec mode.
The line password command is incorrect because this command is not a valid Cisco IOS command.
The router(config-router)# enable password cisco command is incorrect because the enable password command must be entered in global configuration mode.
Objective: Infrastructure Security
Sub-Objective: Configure, verify, and troubleshoot basic device hardening

Exam Question 79

What command produced the following as a part of its output?
1 14.0.0.2 4 msec 4 msec 4 msec
2 63.0.0.3 20 msec 16 msec 16 msec
3 33.0.0.4 16 msec * 16 msec

A. Ping
B. Traceroute
C. Tracert
D. Extended ping

Correct Answer:
B. Traceroute
Answer Description:
The output displayed is a part of the output from executing the traceroute command. The traceroute command finds the path a packet takes while being transmitted to a remote destination. It is also used to track down routing loops or errors in a network. Each of the following numbered sections represents a router being traversed and the time the packet took to go through the router:
1 14.0.0.2 4 msec 4 msec 4 msec
2 63.0.0.3 20 msec 16 msec 16 msec
3 33.0.0.4 16 msec * 16 msec

The output would not be displayed by the ping command. This command is used to test connectivity to a remote ip address. The output from the ping command is as follows:
router1# ping 10.201.1.11
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.201.1.11, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)

The ping in this output was unsuccessful, as indicated by the Success rate is 0 percent output.
The output would not be displayed by the tracert command. The tracert command is used by Microsoft Windows operating systems, not the Cisco IOS command line interface. However, the purpose of the tracert command is similar to the Cisco traceroute utility, which is to test the connectivity or “reachability” of a network device or host. The tracert command uses Internet Control Message Protocol (ICMP).
The output would not be displayed by the extended version of the ping command. This command can be issued on the router to test connectivity between two remote routers. A remote execution means that you are not executing the command from either of the two routers you are interested in testing, but from a third router.
To execute an extended ping, enter the ping command from the privileged EXEC command line without specifying the target IP address. The command takes the router into configuration mode, where you can define various parameters, including the destination and target IP addresses. An example is below:
Protocol [ip]:
Target IP address: 10.10.10.1
Repeat count [5]:
Datagram size [100]:
Timeout in seconds [2]:
Extended commands [n]: y
Source address or interface: 12.1.10.2
Type of service [0]:
Set DF bit in IP header? [no]:
Validate reply data? [no]:
Data pattern [0xABCD]:
Loose, Strict, Record, Timestamp, Verbose[none]:
Sweep range of sizes [n]:
Type escape sequence to abort.

Each line is a menu question allowing you to either accept the default setting (in parenthesis) of the ping or apply a different setting. The real value of this command is that you can test connectivity between two remote routers without being physically present at those routers, as would be required with the standard version of the ping command.
Objective: Routing Fundamentals
Sub-Objective: Troubleshoot basic Layer 3 end-to-end connectivity issues

Exam Question 80

From which of the following attacks can Message Authentication Code (MAC) shield your network?

A. DoS
B. DDoS
C. spoofing
D. SYN floods

Correct Answer:
C. spoofing
Answer Description:
Message Authentication Code (MAC) can shield your network from spoofing attacks. Spoofing, also known as masquerading, is a popular trick in which an attacker intercepts a network packet, replaces the source address of the packets header with the address of the authorized host, and reinserts fake information which is sent to the receiver. This type of attack involves modifying packet contents. MAC can prevent this type of attack and ensure data integrity by ensuring that no data has changed. MAC also protects against frequency analysis, sequence manipulation, and ciphertext-only attacks.
MAC is a secure message digest that requires a secret key shared by the sender and receiver, making it impossible for sniffers to change both the data and the MAC as the receiver can detect the changes.
A denial-of-service (DoS) attack floods the target system with unwanted requests, causing the loss of service to users. One form of this attack generates a flood of packets requesting a TCP connection with the target, tying up all resources and making the target unable to service other requests. MAC does not prevent DoS attacks. Stateful packet filtering is the most common defense against a DoS attack.
A Distributed Denial of Service attack (DDoS) occurs when multiple systems are used to flood the network and tax the resources of the target system. Various intrusion detection systems, utilizing stateful packet filtering, can protect against DDoS attacks.
In a SYN flood attack, the attacker floods the target with spoofed IP packets and causes it to either freeze or crash. A SYN flood attack is a type of denial of service attack that exploits the buffers of a device that accept incoming connections and therefore cannot be prevented by MAC. Common defenses against a SYN flood attack include filtering, reducing the SYN-RECEIVED timer, and implementing SYN cache or SYN cookies.
Objective: Infrastructure Security
Sub-Objective: Configure, verify, and troubleshoot basic device hardening