Cisco Certified Network Associate (CCNA) 200-301 Exam Questions and Answers

Question 31: Refer to the exhibit. An extended ACL has been configured and applied to router R2. The configuration failed to work as intended.

Which two changes stop outbound traffic on TCP ports 25 and 80 to 10.0.20.0/26 from the 10.0.10.0/26 subnet while still allowing all other traffic? (Choose two.)

A. Add a “permit ip any any” statement at the end of ACL 101 for allowed traffic.
B. Add a “permit ip any any” statement to the beginning of ACL 101 for allowed traffic.
C. The ACL must be moved to the Gi0/1 interface outbound on R2.
D. The source and destination IPs must be swapped in ACL 101.
E. The ACL must be configured the Gi0/2 interface inbound on R1.

Question 32: Which type of wireless encryption is used for WPA2 in preshared key mode?

A. AES-128
B. TKIP with RC4
C. AES-256
D. RC4

Question 33: Which command prevents passwords from being stored in the configuration as plain text on a router or switch?

A. enable secret
B. enable password
C. service password-encryption
D. username cisco password encrypt

Question 34: Refer to the exhibit. A network engineer must block access for all computers on VLAN 20 to the web server via HTTP. All other computers must be able to access the web server. Which configuration when applied to switch A accomplishes the task?

A.
config t
ip access-list extended wwwblock
permit ip any any
deny tcp any host 10.30.0.100 eq 80
int vlan 20
ip access-group wwwblock in

B.
config t
ip access-list extended wwwblock
permit ip any any
deny tcp any host 10.30.0.100 eq 80
int vlan 30
ip access-group wwwblock in

C.
config t
ip access-list extended wwwblock
deny tcp any host 10.30.0.100 eq 80
int vlan 10
ip access-group wwwblock in

D.
config t
ip access-list extended wwwblock
deny tcp any host 10.30.0.100 eq 80
permit ip any any
int vlan 20
ip access-group wwwblock in

Question 35: In which two ways does a password manager reduce the chance of a hacker stealing a user’s password? (Choose two.)

A. It encourages users to create stronger passwords
B. It uses an internal firewall to protect the password repository from unauthorized access
C. It stores the password repository on the local workstation with built-in antivirus and anti-malware functionality
D. It automatically provides a second authentication factor that is unknown to the original user
E. It protects against keystroke logging on a compromised device or web site

Question 36: What benefit does controller-based networking provide versus traditional networking?

A. allows configuration and monitoring of the network from one centralized point
B. provides an added layer of security to protect from DDoS attacks
C. combines control and data plane functionality on a single device to minimize latency
D. moves from a two-tier to a three-tier network architecture to provide maximum redundancy

Question 37: Which statement correctly compares traditional networks and controller-based networks?

A. Only controller-based networks decouple the control plane and the data plane.
B. Traditional and controller-based networks abstract policies from device configurations.
C. Only traditional networks natively support centralized management.
D. Only traditional networks offer a centralized control plane.

Question 38: What are two benefits of network automation? (Choose two.)

A. reduced hardware footprint
B. reduced operational costs
C. faster changes with more reliable results
D. fewer network failures
E. increased network security

Question 39: What are two characteristics of a controller-based network? (Choose two.)

A. It uses Telnet to report system issues.
B. The administrator can make configuration updates from the CLI.
C. It uses northbound and southbound APIs to communicate between architectural layers.
D. It decentralizes the control plane, which allows each device to make its own forwarding decisions.
E. It moves the control plane to a central point.

Question 40: Which output displays a JSON data representation?
A.
{
“response”: {
“taskId”: {};
“url”: “string”
};
“version”: “strong”
}

B.
{
“response”- {
“taskId”- {},
“url”- “string”
},
“version”- “strong”
}

C.
{
“response”: {
“taskId”: {},
“url”: “string”
},
“version”: “strong”
}

D.
{
“response”, {
“taskId”, {};
“url”, “string”
};
“version”, “strong”
}

Published by Thomas Apel

, a dynamic and self-motivated information technology architect, with a thorough knowledge of all facets pertaining to system and network infrastructure design, implementation and administration. I enjoy the technical writing process and answering readers' comments included.