Labour Day Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: suredis

Examstrust Logo
examstrust mcafee
  1. Home
  2. Cisco
  3. CCNA
  4. 200-301 - Cisco Certified Network Associate

Cisco 200-301 Cisco Certified Network Associate Exam Practice Test

Page: 1 / 95
Total 951 questions
Get 200-301 Full Access Download 200-301 PDF

Cisco Certified Network Associate Questions and Answers

PDF + Testing Engine

  • Product Type: PDF + Testing Engine
$63  $179.99
Add to Cart

Testing Engine

  • Product Type: Testing Engine
$47.25  $134.99
Add to Cart

PDF Study Guide

  • Product Type: PDF Study Guide
$40.25  $114.99
Add to Cart
Question 1

What are two functions of DHCP servers? (Choose two.)

Options:

A.

prevent users from assigning their own IP addresses to hosts

B.

assign dynamic IP configurations to hosts in a network

C.

support centralized IP management

D.

issue DHCPDISCOVER messages when added to the network

E.

respond to client DHCPOFFER requests by issuing an IP address

Question 2

What are two examples of multifactor authentication? (Choose two.)

Options:

A.

single sign-on

B.

unique user knowledge

C.

passwords that expire

D.

soft tokens

E.

shared password responsibility

Question 3

Refer to the exhibit.

Host A switch interface is configured in VLAN 2. Host D sends a unicast packet destined for the IP address of host A.

What does the switch do when it receives the frame from host D?

Options:

A.

It creates a broadcast storm.

B.

It drops the frame from the MAC table of the switch.

C.

It shuts down the source port and places It In err-disable mode.

D.

It floods the frame out of every port except the source port.

Question 4

Which Cisco proprietary protocol ensures traffic recovers immediately, transparently, and automatically when edge devices or access circuits fail?

Options:

A.

SLB

B.

FHRP

C.

VRRP

D.

HSRP

Question 5

Refer to the exhibit.

The EtherChannel is configured with a speed of 1000 and duplex as full on both ends of channel group 1. What is the next step to configure the channel on switch A to respond to but not initiate LACP communication?

Options:

A.

interface range gigabitethernet0/0/0-15 channel-group 1 mode on

B.

interface range gigabitethernet0/0/0-15 channel-group 1 mode desirable

C.

interface port-channel 1 channel-group 1 mode auto

D.

interface port-channel 1 channel-group 1 mode passive

Question 6

Refer to the exhibit. What is represented by “R1” and “SW1” within the JSON output?

Options:

A.

object

B.

value

C.

key

D.

array

Question 7

Refer to the exhibit.

An engineer is updating the management access configuration of switch SW1 to allow secured, encrypted remote configuration. Which two commands or command sequences must the engineer apply to the switch? (Choose two.)

Options:

A.

SW1(config)#enable secret ccnaTest123

B.

SW1(config)#username NEW secret R3mote123

C.

SW1(config)#line vty 0 15 SW1(config-line)#transport input ssh

D.

SW1(config)# crypto key generate rsa

E.

SW1(config)# interface f0/1 SW1(confif-if)# switchport mode trunk

Question 8

What differentiates the Cisco OfficeExtend AP mode from FlexConnect AP mode?

Options:

A.

FlexConnect allows a personal SSID to be configured on the AP, and personal SSIDs are not supported with OfficeExtend.

B.

OfficeExtend does not support DTLS tunneling of traffic to the WLC, and FlexConnect tunnels traffic to the WLC with DTLS.

C.

OfficeExtend tunnels all traffic through the WLC, and FlexConnect terminates client traffic at the AP switch port.

D.

FlexConnect must be deployed behind a router that NATs the client traffic, and OfficeExtend uses public IP sources.

Question 9

Drag and drop each characteristic of device-management technologies from the left onto the deployment type on the right.

Options:

Question 10

Drag and drop the IPv6 addresses from the left onto the corresponding address types on the right.

Options:

Question 11

What is a purpose of traffic shaping?

Options:

A.

It enables dynamic flow identification.

B.

It enables policy-based routing.

C.

It provides best-effort service.

D.

It limits bandwidth usage.

Question 12

Refer to the exhibit.

An engineer assigns IP addressing to the current VLAN with three PCs. The configuration must also account for the expansion of 30 additional VLANS using the same Class C subnet for subnetting and host count. Which command set fulfills the request while reserving address space for the expected growth?

Options:

A.

Switch(config)#interface vlan 10

Switch(config-if)#ip address 192.168.0.1 265 255.255.252

B.

Switch(config)#interface vlan 10

Switch(config-if)#ip address 192.168.0.1 255 255.255.248

C.

Switch(config)#interface vlan 10

Switch(config-if)#ip address 192.168.0.1 255 255.255.0

D.

Switch(config)#interface vlan 10

Switch(config-if)#ip address 192.168.0.1 255.255.255.128

Question 13

What is a specification for SSIDS?

Options:

A.

They are a Cisco proprietary security feature.

B.

They must include one number and one letter.

C.

They define the VLAN on a switch.

D.

They are case sensitive.

Question 14

Drag and drop the characteristic from the left onto the IPv6 address type on the right.

Options:

Question 15

What is the role of disaggregation in controller-based networking?

Options:

A.

It divides the control-plane and data-plane functions.

B.

It summarizes the routes between the core and distribution layers of the network topology.

C.

It enables a network topology to quickly adjust from a ring network to a star network

D.

It streamlines traffic handling by assigning individual devices to perform either Layer 2 or Layer 3 functions.

Question 16

Which action implements physical access control as part of the security program of an organization1?

Options:

A.

backing up syslogs at a remote location

B.

configuring a password for the console port

C.

configuring enable passwords on network devices

D.

setting up IP cameras to monitor key infrastructure

Question 17

Refer to the exhibit.

The network administrator must prevent the switch Cat9K-2 IP address from being visible in LLDP without disabling the protocol. Which action must be taken must be taken to complete the task?

Options:

A.

Configure the no lldp tlv-select-management-address command globally on Cat9K-2

B.

Configure the no lldp transmit command on interface G1/0/21 in Cat9K-1

C.

Configure the no lldp receive command on interface G1/0/21 on Cat9K-1

D.

Configure the no lldp mac-phy-cfg command globally on Cat9K-2

Question 18

Refer to the exhibit.

R1 has taken the DROTHER role in the OSPF DR/BDR election process. Which configuration must an engineer implement so that R1 is elected as the DR?

Options:

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Question 19

How does authentication differ from authorization?

Options:

A.

Authentication verifies the identity of a person accessing a network, and authorization determines what resource a user can access.

B.

Authentication is used to record what resource a user accesses, and authorization is used to determine what resources a user can access

C.

Authentication is used to determine what resources a user is allowed to access, and authorization is used to track what equipment is allowed access to the network

D.

Authentication is used to verify a person's identity, and authorization is used to create syslog messages for logins.

Question 20

Drag and drop the configuration management terms from the left onto the descriptions on the right. Not all terms are used.

Options:

Question 21

What is a link-local all-nodes IPv6 multicast address?

Options:

A.

ff02:0:0:0:0:0:0:1

B.

2004:31c:73d9:683e:255::

C.

fffe:034:0dd:45d6:789e::

D.

fe80:4433:034:0dd::2

Question 22

Refer to the exhibit.

What is represented beginning with line 1 and ending with line 5?

Options:

A.

value

B.

object

C.

key

D.

array

Question 23

Drag and drop the use cases for device-management technologies from the left onto the corresponding.

Options:

Question 24

Which two features introduced in SNMPv2 provides the ability to retrieve large amounts of data in one request

Options:

A.

Get

B.

GetNext

C.

Set

D.

GetBulk

E.

Inform

Question 25

Refer to the exhibit.

Which format matches the Modified EUI-64 IPv6 interface address for the network 2001:db8::/64?

Options:

A.

2001 :db8::5000:0004:5678:0090/64

B.

2001 :db8:4425:5400:77ft:fe07:/64

C.

2001 :db8::5000:00ff:fe04 0000/64

D.

2001 :db8::5200:00ff:fe04:0000/64

Question 26

Drag and drop the characteristic from the left onto the IPv6 address type on the right.

Options:

Question 27

Drag and drop the REST API call method for HTTP from the left onto the action they perform on the right.

Options:

Question 28

What is an enhancement implemented in WPA3?

Options:

A.

employs PKI and RADIUS to identify access points

B.

applies 802.1x authentication and AES-128 encryption

C.

uses TKIP and per-packet keying

D.

defends against deauthentication and disassociation attacks

Question 29

Refer to the exhibit. An engineer must translate the PC1 IP address to 10.199.77.100 and permit PC1 to ping the loopback 0 on router R2. What command set must be used?

A)

B)

C)

D)

Options:

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Question 30

Which device segregates a network into separate zones that have their own security policies?

Options:

A.

IPS

B.

firewall

C.

access point

D.

switch

Question 31

Refer to the exhibit.

The network engineer is configuring a new WLAN and is told to use a setup password for authentication instead of the RADIUS servers. Which additional set of tasks must the engineer perform to complete the configuration?

Options:

A.

Disable PMF Enable PSK Enable 802.1x

B.

Select WPA Policy Enable CCKM Enable PSK

C.

Select WPA Policy Select WPA2 Policy Enable FT PSK

D.

Select WPA2 Policy Disable PMF Enable PSK

Question 32

Refer to the exhibit. An engineer is building a new Layer 2 LACP EtherChannel between SW1 and SW2. and they executed the given show commands to verify the work Which additional task must be performed so that the switches successfully bundle the second member in the LACP port-channel?

Options:

A.

Configure the switchport trunk allowed vlan 300 command on SW1 port-channel 1

B.

Configure the switchport trunk allowed vlan 300 command on interface Fa0/2 on SW1.

C.

Configure the switchport trunk allowtd vlan add 300 command on interface FaO 2 on SW2.

D.

Configure the switchport trunk allowtd vlan add 300 command on SW1 port-channel 1

Question 33

Refer to the exhibit.

The P2P blocking action option is disabled on the WLC.

Options:

A.

Enable the Static IP Tunneling option.

B.

Disable the Coverage Hole Detection option.

C.

Check the DHCP Addr. Assignment check box.

D.

Set the P2P Blocking Action option to Forward-UpStream.

Question 34

Refer to the exhibit.

How must OSPF be configured on the GigabitEthernet0/0 interface of the neighbor device to achieve.

A)

B)

C)

D)

Options:

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Question 35

Which command configures the Cisco WLC to prevent a serial session with the WLC CLI from being automatical togged out?

Options:

A.

config sessions maxsessions 0

B.

config sessions timeout 0

C.

config serial timeout 0

D.

config serial timeout 9600

Question 36

Which QoS queuing method discards or marks packets that exceed the desired bit rate of traffic flow?

Options:

A.

shaping

B.

policing

C.

CBWFQ

D.

LLQ

Question 37

Drag and drop the statements about AAA services firm the left onto the corresponding AAA services on the right Not all options are used.

Options:

Question 38

What is the role of community strings in SNMP operations?

Options:

A.

It serves as a sequence tag on SNMP traffic messages.

B.

It serves as a password lo protect access to MIB objects.

C.

It passes the Active Directory username and password that are required for device access

D.

It translates alphanumeric MIB output values to numeric values.

Question 39

Refer to the exhibit. An engineer must configure a static network route between two networks so that host A communicates with host B. Drag and drop the commands from the left onto the routers where they must be configured on the right. Not all commands are used.

Options:

Question 40

How do UTP and STP cables compare?

Options:

A.

STP cables are cheaper to procure and easier to install and UTP cables are more expensive and harder to install.

B.

UTP cables are less prone to crosstalk and interference and STP cables are more prone to crosstalk and interference.

C.

UTP cables provide taster and more reliable data transfer rates and STP cables are slower and less reliable.

D.

STP cables are shielded and protect against electromagnetic interference and UTP lacks the same protection against electromagnetic interference.

Question 41

Refer to the exhibit.

The image server and client A are running an application that transfers an extremely high volume of data between the two. An engineer is configuring a dedicated circuit between R1 and R2. Which set of commands must the engineer apply to the routers so that only traffic between the image server and client A is forces to use the new circuit?

Options:

A.

R1(config)#ip route 10.10.13.10 255.255.255.255 10.10.10.6

R2(config)#ip route 192.168.0.100 255.255.255.255 10.10.10.5

B.

R1(config)#ip route 10.10.13.10 255.255.255.128 10.10.10.6

R2(config)#lp route 192.168.0.100 255.255.255.0 10.10.10.5

C.

R1(config)#ip route 10.10.13.10 255.255.255.252 10.10.10.6

R2(config)#tp route 192.168.0.100 255.255.255.252 10.10.10.5

D.

R1(config)#ip route 10.10.13.10 255.255.255.255 10.10.10.2

R2(config)#ip route 192.168.0.100 255.255.255.255 10.10.10.1

Question 42

Refer to the exhibit. An engineer is asked to confère router R1 so that it forms an OSPF single-area neighbor relationship with R2. Which command sequence must be implemented to configure the router?

Options:

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Question 43

Refer to the exhibit.

Router R1 receives static routing updates from routers A. B, C, and D. The network engineer wants R1 to advertise static routes in OSPF area 1. Which nary address must be advertised in OSPF?

Options:

A.

10.1.40.0/25

B.

10.1.40.0/24

C.

10.1.40.0/23

D.

10.1.41.0/25

Question 44

Which channel-group mode must be configured when multiple distribution interfaces connected to a WLC are bundled?

Options:

A.

Channel-group mode passive.

B.

Channel-group mode on.

C.

Channel-group mode desirable.

D.

Channel-group mode active.

Question 45

Which encryption method is used by WPA3?

Options:

A.

PSK

B.

TKIP

C.

SAE

D.

AES

Question 46

Options:

A.

LAG

B.

EtherChannel

C.

trunk

D.

access

Question 47

Refer to the exhibit. The router R1 is in the process of being configured. Routers R2 and R3 are configured correctly for the new environment. Which two commands must be configured on R1 for PC1 to communicate to all PCs on the 10.10.10.0/24 network? (Choose two.)

Options:

A.

ip route 10.10.10.0 255.255.255.0 192.168.2.3

B.

ip route 10.10.10.10 255.255.255.255 192.168.2.2

C.

ip route 10.10.10.10 255.255.255.255 g0/1

D.

ip route 10.10.10.8 255.255.255.248 g0/1

E.

ip route 10.10.10.0 255.255.255.248 192.168.2.2

Question 48

What is the primary purpose of private address space?

Options:

A.

conserve globally unique address space

B.

simplify the addressing in the network

C.

limit the number of nodes reachable via the Internet

D.

reduce network complexity

Question 49

Which IPsec transport mode encrypts the IP header and the payload?

Options:

A.

pipe

B.

control

C.

transport

D.

tunnel

Question 50

How is noise defined in Wi-Fi?

Options:

A.

ratio of signal-to-noise rating supplied by the wireless device

B.

signals from other Wi-Fi networks that interfere with the local signal

C.

measured difference between the desired Wi-Fi signal and an interfering Wi-Fi signal

D.

any interference that is not Wi-Fi traffic that degrades the desired signal

Question 51

Refer to the exhibit.

An architect is managing a wireless network with APs from several branch offices connecting to the WLC in the data center. There is a new requirement for a single WLAN to process the client data traffic without sending it to the WLC. Which action must be taken to complete the request?

Options:

A.

Enable local HTTP profiling.

B.

Enable Disassociation Imminent.

C.

Enable FlexConnect Local Switching.

D.

Enable local DHCP Profiling.

Question 52

An engineer is configuring router R1 with an IPv6 static route for prefix 2019:C15C:0CAF:E001::/64. The next hop must be 2019:C15C:0CAF:E002::1 The route must be reachable via the R1 Gigabit 0/0 interface. Which command configures the designated route?

Options:

A.

R1(config)#ipv6 route 2019:C15C:0CAF:E001::/64 2019:C15C:0CAF:E002::1

B.

R1(config-if)#ipv6 route 2019:C15C:0CAF:E001::/64 2019:C15C:0CAF:E002::1

C.

R1(config-if)#ip route 2019:C15C:0CAF:E001::/64 GigabitEthernet0/0

D.

R1(config)#ip route 2019:C15C:0CAF:E001::/64 GigabitEthernet0/0

Question 53

Refer to the exhibit.

Which switch becomes the root bridge?

A)

B)

C)

D)

Options:

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Question 54

When a switch receives a frame for an unknown destination MAC address, how is the frame handled?

Options:

A.

broadcast to all ports on the switch

B.

flooded to all ports except the origination port

C.

forwarded to the first available port

D.

inspected and dropped by the switch

Question 55

In a cloud-computing environment what is rapid elasticity?

Options:

A.

control and monitoring of resource consumption by the tenant

B.

automatic adjustment of capacity based on need

C.

pooling resources in a multitenant model based on need

D.

self-service of computing resources by the tenant

Question 56

What describes the functionality of southbound APIs?

Options:

A.

They use HTTP messages to communicate.

B.

They enable communication between the controller and the network device.

C.

They convey information from the controller to the SDN applications.

D.

They communicate with the management plane.

Question 57

IP connectivity between the three routers is configured. OSPF adjacencies must be established.

1. Configure R1 and R2 Router IDs using the interface IP addresses from the link that is shared between them.

2. Configure the R2 links with a max value facing R1 and R3. R2 must become the DR. R1 and R3 links facing R2 must remain with the default OSPF configuration for DR election. Verify the configuration after clearing the OSPF process.

3. Using a host wildcard mask, configure all three routers to advertise their respective Loopback1 networks.

4. Configure the link between R1 and R3 to disable their ability to add other OSPF routers.

Options:

Question 58

All physical cabling is in place. A company plans to deploy 32 new sites.

The sites will utilize both IPv4 and IPv6 networks.

1 . Subnet 172.25.0.0/16 to meet the subnet requirements and maximize

the number of hosts

Using the second subnet

• Assign the first usable IP address to e0/0 on Sw1O1

• Assign the last usable IP address to e0/0 on Sw102

2. Subnet to meet the subnet requirements and maximize

the number of hosts

c Using the second subnet

• Assign an IPv6 GUA using a unique 64-Bit interface identifier

on e0/0 on Sw101

• Assign an IPv6 GUA using a unique 64-Bit interface identifier

on eO/O on swi02

Guidelines

This is a lab item in which tasks will be performed on virtual devices.

• Refer to the Tasks tab to view the tasks for this lab item.

• Refer to the Topology tab to access the device console(s) and perform the tasks.

• Console access is available for all required devices by clicking the device icon or using

the tab(s) above the console window.

• All necessary preconfigurations have been applied.

• Do not change the enable password or hostname for any device.

• Save your configurations to NVRAM before moving to the next item.

• Click Next at the bottom of the screen to submit this lab and move to the next question.

• When Next is clicked, the lab closes and cannot be reopened.

Options:

Question 59

All physical cabling between the two switches is installed. Configure the network connectivity between the switches using the designated VLANs and interfaces.

1. Configure VLAN 100 named Compute and VLAN 200 named Telephony where required for each task.

2. Configure Ethernet0/1 on SW2 to use the existing VLAN named Available.

3. Configure the connection between the switches using access ports.

4. Configure Ethernet0/1 on SW1 using data and voice VLANs.

5. Configure Ethemet0/1 on SW2 so that the Cisco proprietary neighbor discovery protocol is turned off for the designated interface only.

Options:

Question 60

All physical cabling is in place. Router R4 and PCI are fully configured and

inaccessible. R4's WAN interfaces use .4 in the last octet for each subnet.

Configurations should ensure that connectivity is established end-to-end.

1 . Configure static routing to ensure RI prefers the path through R2 to

reach only PCI on R4's LAN

2. Configure static routing that ensures traffic sourced from RI will take

an alternate path through R3 to PCI in the event of an outage along

the primary path

3. Configure default routes on RI and R3 to the Internet using the least number of hops

Guidelines

This is a lab item in which tasks will be performed on virtual devices.

• Refer to the Tasks tab to view the tasks for this lab item.

• Refer to the Topology tab to access the device console(s) and perform the tasks.

• Console access is available for all required devices by clicking the device icon or using

the tab(s) above the console window.

• All necessary preconfigurations have been applied.

• Do not change the enable password or hostname for any device.

• Save your configurations to NVRAM before moving to the next item.

• Click Next at the bottom of the screen to submit this lab and move to the next question.

• When Next is clicked, the lab closes and cannot be reopened.

Options:

Question 61

Connectivity between four routers has been established. IP connectivity must be configured in the order presented to complete the implementation. No dynamic routing protocols are included.

1. Configure static routing using host routes to establish connectivity from router R3 to the router R1 Loopback address using the source IP of 209.165.200.230.

2. Configure an IPv4 default route on router R2 destined for router R4.

3. Configure an IPv6 default router on router R2 destined for router R4.

Options:

Question 62

Configure IPv4 and IPv6 connectivity between two routers. For IPv4, use a /28 network from the 192.168.1.0/24 private range. For IPv6, use the first /64 subnet from the 2001:0db8:aaaa::/48 subnet.

1. Using Ethernet0/1 on routers R1 and R2, configure the next usable/28 from the 192.168.1.0/24 range. The network 192.168.1.0/28 is unavailable.

2. For the IPv4 /28 subnet, router R1 must be configured with the first usable host address.

3. For the IPv4 /28 subnet, router R2 must be configured with the last usable host address.

4. For the IPv6 /64 subnet, configure the routers with the IP addressing provided from the topology.

5. A ping must work between the routers on the IPv4 and IPv6 address ranges.

Options:

Question 63

Three switches must be configured for Layer 2 connectivity. The company requires only the designated VLANs to be configured on their respective switches and permitted accross any links between switches for security purposes. Do not modify or delete VTP configurations.

The network needs two user-defined VLANs configured:

VLAN 110: MARKETING

VLAN 210: FINANCE

1. Configure the VLANs on the designated switches and assign them as access ports to the interfaces connected to the PCs.

2. Configure the e0/2 interfaces on Sw1 and Sw2 as 802.1q trunks with only the required VLANs permitted.

3. Configure the e0/3 interfaces on Sw2 and Sw3 as 802.1q trunks with only the required VLANs permitted.

Options:

Question 64

Physical connectivity is implemented between the two Layer 2 switches,

and the network connectivity between them must be configured.

I . Configure an LACP EtherChanneI and number it as 44; configure it

between switches SWI and SW2 using interfaces EthernetO/O and

Ethernet0/1 on both sides. The LACP mode must match on both ends.

2. Configure the EtherChanneI as a trunk link.

3. Configure the trunk link with 802. Iq tags.

4. Configure VLAN 'MONITORING' as the untagged VLAN of the

EtherChannel.

==================

Guidelines

This is a lab item in which tasks will be performed on virtual devices.

• Refer to the Tasks tab to view the tasks for this lab item.

• Refer to the Topology tab to access the device console(s) and perform the tasks.

• Console access is available for all required devices by clicking the device icon or using

the tab(s) above the console window.

• All necessary preconfigurations have been applied.

• Do not change the enable password or hostname for any device.

• Save your configurations to NVRAM before moving to the next item.

• Click Next at the bottom of the screen to submit this lab and move to the next question.

• When Next is clicked, the lab closes and cannot be reopened.

Options:

Question 65

Physical connectivity is implemented between the two Layer 2 switches, and the network connectivity between them must be configured

1. Configure an LACP EtherChannel and number it as 1; configure it between switches SW1 and SVV2 using interfaces Ethernet0/0 and Ethernet0/1 on both sides. The LACP mode must match on both ends

2 Configure the EtherChannel as a trunk link.

3. Configure the trunk link with 802.1 q tags.

4. Configure the native VLAN of the EtherChannel as VLAN 15.

Options:

Question 66

Connectivity between three routers has been established, and IP services must be configured jn the order presented to complete the implementation Tasks assigned include configuration of NAT, NTP, DHCP, and SSH services.

1. All traffic sent from R3 to the R1 Loopback address must be configured for NAT on R2. All source addresses must be translated from R3 to the IP address of Ethernet0/0 on R2, while using only a standard access list named NAT To verify, a ping must be successful to the R1 Loopback address sourced from R3. Do not use NVI NAT configuration.

2. Configure R1 as an NTP server and R2 as a client, not as a peer, using the IP address of the R1 Ethernet0/2 interface. Set the clock on the NTP server for midnight on January 1, 2019.

3. Configure R1 as a DHCP server for the network 10.1.3.0/24 in a pool named TEST. Using a single command, exclude addresses 1-10 from the range. Interface Ethernet0/2 on R3 must be issued the IP address of 10.1.3.11 via DHCP.

4. Configure SSH connectivity from R1 to R3, while excluding access via other remote connection protocols. Access for user root and password Cisco must be set on router R3 using RSA and 1024 bits. Verify connectivity using an SSH session from router R1 using a destination address of 10.1.3.11. Do NOT modify console access or line numbers to accomplish this task.

Options:

Question 67

IP connectivity and OSPF are preconfigured on all devices where necessary. Do not make any changes to the IP addressing or OSPF. The company policy uses connected interfaces and next hops when configuring static routes except for load balancing or redundancy without floating static. Connectivity must be established between subnet 172.20.20.128/25 on the Internet and the LAN at 192.168.0.0/24 connected to SW1:

1. Configure reachability to the switch SW1 LAN subnet in router R2.

2. Configure default reachability to the Internet subnet in router R1.

3. Configure a single static route in router R2 to reach to the Internet subnet considering both redundant links between routers R1 and R2. A default route is NOT allowed in router R2.

4. Configure a static route in router R1 toward the switch SW1 LAN subnet where the primary link must be through Ethernet0/1. and the backup link must be through Ethernet0/2 using a floating route. Use the minimal administrative distance value when required.

Options:

Question 68

Refer to the exhibit.

Which outcome is expected when PC_A sends data to PC_B?

Options:

A.

The switch rewrites the source and destination MAC addresses with its own.

B.

The source MAC address is changed.

C.

The source and destination MAC addresses remain the same.

D.

The destination MAC address is replaced with ffff.ffff.ffff.

Question 69

Which command automatically generates an IPv6 address from a specified IPv6 prefix and MAC address of an interface?

Options:

A.

ipv6 address dhcp

B.

ipv6 address 2001:DB8:5:112::/64 eui-64

C.

ipv6 address autoconfig

D.

ipv6 address 2001:DB8:5:112::2/64 link-local

Question 70

Which two functions are performed by the core layer in a three-tier architecture? (Choose two)

Options:

A.

Provide uninterrupted forwarding service.

B.

Police traffic that is sent to the edge of the network.

C.

Provide direct connectivity for end user devices.

D.

Ensure timely data transfer between layers.

E.

Inspect packets for malicious activity.

Question 71

What are two functions of a Layer 2 switch? (Choose two)

Options:

A.

acts as a central point for association and authentication servers

B.

selects the best route between networks on a WAN

C.

moves packets within a VLAN

D.

moves packets between different VLANs

E.

makes forwarding decisions based on the MAC address of a packet

Question 72

An engineer is configuring an encrypted password for the enable command on a router where the local user database has already been configured Drag and drop the configuration commands from the left into the correct sequence on the right Not all commands are used

Options:

Question 73

in Which way does a spine and-leaf architecture allow for scalability in a network when additional access ports are required?

Options:

A.

A spine switch and a leaf switch can be added with redundant connections between them

B.

A spine switch can be added with at least 40 GB uplinks

C.

A leaf switch can be added with a single connection to a core spine switch.

D.

A leaf switch can be added with connections to every spine switch

Question 74

Which output displays a JSON data representation?

Options:

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Question 75

How does a switch process a frame received on Fa0/1 with the destination MAC address of 0e38.7363.657b when the table is missing the address?

Options:

A.

lt drops the frame immediately.

B.

It forwards the frame back out of interface Fa0/1.

C.

It floods the frame to all interfaces except Fa0/1.

D.

It holds the frame until the MAC address timer expires and then drops the frame.

Question 76

How do TCP and UDP differ in the way they guarantee packet delivery?

Options:

A.

TCP uses checksum, acknowledgement, and retransmissions, and UDP uses checksums only.

B.

TCP uses two-dimensional parity checks, checksums, and cyclic redundancy checks and UDP uses retransmissions only.

C.

TCP uses checksum, parity checks, and retransmissions, and UDP uses acknowledgements only.

D.

TCP uses retransmissions, acknowledgement and parity checks and UDP uses cyclic redundancy checks only.

Question 77

Refer to exhibit.

Which statement explains the configuration error message that is received?

Options:

A.

It is a broadcast IP address

B.

The router does not support /28 mask.

C.

It belongs to a private IP address range.

D.

IT is a network IP address.

Question 78

Refer to the exhibit.

Which switch becomes the root of the spanning tree for VLAN 110?

Options:

A.

Switch 1

B.

Switch 2

C.

Switch 3

D.

Switch 4

Question 79

Which command is used to specify the delay time in seconds for LLDP to initialize on any interface?

Options:

A.

lldp timer

B.

lldp holdtimt

C.

lldp reinit

D.

lldp tlv-select

Question 80

When a floating static route is configured, which action ensures that the backup route is used when the primary route fails?

Options:

A.

The floating static route must have a higher administrative distance than the primary route so it is used as a backup

B.

The administrative distance must be higher on the primary route so that the backup route becomes secondary.

C.

The floating static route must have a lower administrative distance than the primary route so it is used as a backup

D.

The default-information originate command must be configured for the route to be installed into the routing table

Question 81

Which WAN topology provides a combination of simplicity quality, and availability?

Options:

A.

partial mesh

B.

full mesh

C.

point-to-point

D.

hub-and-spoke

Question 82

Which HTTP status code is returned after a successful REST API request?

Options:

A.

200

B.

301

C.

404

D.

500

Question 83

What protocol allows an engineer to back up 20 network router configurations globally while using the copy function?

Options:

A.

SMTP

B.

SNMP

C.

TCP

D.

FTP

Question 84

Which type of information resides on a DHCP server?

Options:

A.

a list of the available IP addresses in a pool

B.

a list of public IP addresses and their corresponding names

C.

usernames and passwords for the end users in a domain

D.

a list of statically assigned MAC addresses

Question 85

When a switch receives a frame for a known destination MAC address, how is the frame handed?

Options:

A.

sent to the port identified for the known MAC address

B.

broadcast to all ports

C.

forwarded to the first available port

D.

flooded to all ports except the one from which it originated

Question 86

What are network endpoints?

Options:

A.

act as routers to connect a user to the service prowler network

B.

a threat to the network if they are compromised

C.

support inter-VLAN connectivity

D.

enforce policies for campus-wide traffic going to the internet

Question 87

When a site-to-site VPN is configured, which IPsec mode provides encapsulation and encryption of the entire original P packet?

Options:

A.

IPsec tunnel mode with AH

B.

IPsec transport mode with AH

C.

IPsec tunnel mode with ESP

D.

IPsec transport mode with ESP

Question 88

Which WLC port connects to a switch to pass normal access-point traffic?

Options:

A.

redundancy

B.

console

C.

distribution system

D.

service

Question 89

Refer to the exhibit.

An engineer configured NAT translations and has verified that the configuration is correct.

Which IP address is the source IP?

Options:

A.

10.4.4.4

B.

10.4.4.5

C.

172.23.103.10

D.

172.23.104.4

Question 90

What must be considered when using 802:11 ta?

Options:

A.

It is compatible with 802 lib- and 802 11-compliant wireless devices

B.

It is used in place of 802 11b/g when many nonoverlapping channels are required

C.

It is susceptible to interference from 2 4 GHz devices such as microwave ovens.

D.

It is chosen over 802 11b/g when a lower-cost solution is necessary

Question 91

Refer to the exhibit.

Which password must an engineer use to enter the enable mode?

Options:

A.

adminadmin123

B.

default

C.

testing 1234

D.

cisco123

Question 92

What is the primary effect of the spanning-tree portfast command?

Options:

A.

it enables BPDU messages

B.

It minimizes spanning-tree convergence time

C.

It immediately puts the port into the forwarding state when the switch is reloaded

D.

It immediately enables the port in the listening state

Question 93

Which network allows devices to communicate without the need to access the Internet?

Options:

A.

1729.0.0/16

B.

172.28.0.0/16

C.

192.0.0.0/8

D.

209.165.201.0/24

Question 94

Which command enables a router to become a DHCP client?

Options:

A.

ip address dhcp

B.

ip helper-address

C.

ip dhcp pool

D.

ip dhcp client

Question 95

Which command entered on a switch configured with Rapid PVST* listens and learns for a specific time period?

Options:

A.

switch(config)#spanning-tree vlan 1 max-age 6

B.

switch(config)#spanning-tree vlan 1 hello-time 10

C.

switch(config)#spanning-tree vlan 1 priority 4096

D.

switch(config)#spanning-tree vlan 1 forward-time 20

Question 96

Refer to the exhibit.

An extended ACL has been configured and applied to router R2 The configuration failed to work as intended Which two

changes stop outbound traffic on TCP ports 25 and 80 to 10.0.20 0 26 from the 10.0.10 0/26 subnet while still allowing all other traffic? (Choose

two )

Options:

A.

Add a "permit ip any any" statement to the begining of ACL 101 for allowed traffic.

B.

Add a "permit ip any any" statement at the end of ACL 101 for allowed traffic

C.

The source and destination IPs must be swapped in ACL 101

D.

The ACL must be configured the Gi0/2 interface inbound on R1

E.

The ACL must be moved to the Gi0/1 interface outbound on R2

Question 97

What is the purpose of traffic shaping?

Options:

A.

to mitigate delays over slow links

B.

to provide fair queuing for buffered flows

C.

to limit the bandwidth that a flow can use to

D.

be a marking mechanism that identifies different flows

Question 98

After installing a new Cisco ISE server, which task must the engineer perform on the Cisco WLC to connect wireless clients on a specific VLAN based on their credentials?

Options:

A.

Enable the allow AAA Override

B.

Enable the Even: Driven RRM.

C.

Disable the LAG Mode or Next Reboot.

D.

Enable the Authorized MIC APs against auth-list or AAA.

Question 99

An engineer needs to add an old switch back into a network. To prevent the switch from corrupting the VLAN database which action must be taken?

Options:

A.

Add the switch in the VTP domain with a lower revision number

B.

Add the switch with DTP set to dynamic desirable

C.

Add the switch in the VTP domain with a higher revision number

D.

Add the switch with DTP set to desirable

Question 100

What are two functions of an SDN controller? (Choose two)

Options:

A.

Layer 2 forwarding

B.

coordinating VTNs

C.

tracking hosts

D.

managing the topology

E.

protecting against DDoS attacks

Question 101

What is the primary purpose of a First Hop Redundancy Protocol?

Options:

A.

It allows directly connected neighbors to share configuration information.

B.

It allows a router to use bridge priorities to create multiple loop-free paths to a single destination.

C.

It reduces routing failures by allowing Layer 3 load balancing between OSPF neighbors that have the same link metric.

D.

It reduces routing failures by allowing more than one router to represent itself, as the default gateway of a network.

Question 102

Which option about JSON is true?

Options:

A.

uses predefined tags or angle brackets () to delimit markup text

B.

used to describe structured data that includes arrays

C.

used for storing information

D.

similar to HTML, it is more verbose than XML

Question 103

What does a switch use to build its MAC address table?

Options:

A.

VTP

B.

DTP

C.

egress traffic

D.

ingress traffic

Question 104

Which mode must be used to configure EtherChannel between two switches without using a negotiation protocol?

Options:

A.

on

B.

auto

C.

active

D.

desirable

Question 105

What is a benefit of using a Cisco Wireless LAN Controller?

Options:

A.

Central AP management requires more complex configurations

B.

Unique SSIDs cannot use the same authentication method

C.

It supports autonomous and lightweight APs

D.

It eliminates the need to configure each access point individually

Question 106

Refer to the exhibit.

R5 is the current DR on the network, and R4 is the BDR. Their interfaces are flapping, so a network engineer wants the OSPF network to elect a different DR and BDR. Which set of configurations must the engineer implement?

A)

B)

C)

D)

Options:

A.

Option

B.

Option

C.

Option

D.

Option

Question 107

What is the role of a firewall in an enterprise network?

Options:

A.

Forwards packets based on stateless packet inspection

B.

Processes unauthorized packets and allows passage to less secure segments of the network

C.

determines which packets are allowed to cross from unsecured to secured networks

D.

explicitly denies all packets from entering an administrative domain

Question 108

What is a similarity between OM3 and OM4 fiber optic cable?

Options:

A.

Both have a 50 micron core diameter

B.

Both have a 9 micron core diameter

C.

Both have a 62.5 micron core diameter

D.

Both have a 100 micron core diameter

Question 109

Which type of wireless encryption is used for WPA2 in preshared key mode?

Options:

A.

TKIP with RC4

B.

RC4

C.

AES-128

D.

AES-256

Question 110

Which configuration ensures that the switch is always the root for VLAN 750?

Options:

A.

Switch(config)#spanning-tree vlan 750 priority 38003685

B.

Switch(config)#spanning-tree vlan 750 root primary

C.

Switch(config)#spanning-tree vlan 750 priority 614440

D.

Switch(config)#spanning-tree vlan 750 priority 0

Question 111

Which technology is appropriate for communication between an SDN controller and applications running over the network?

Options:

A.

OpenFlow

B.

REST API

C.

NETCONF

D.

Southbound API

Question 112

What is a function of the Cisco DNA Center Overall Health Dashboard?

Options:

A.

It provides a summary of the top 10 global issues.

B.

It provides detailed activity logging for the 10 devices and users on the network.

C.

It summarizes the operational status of each wireless devise on the network.

D.

It summarizes daily and weekly CPU usage for servers and workstations in the network.

Question 113

What is the maximum bandwidth of a T1 point-to-point connection?

Options:

A.

1.544 Mbps

B.

2.048 Mbps

C.

34.368 Mbps

D.

43.7 Mbps

Question 114

Which two components comprise part of a PKI? (Choose two.)

Options:

A.

preshared key that authenticates connections

B.

RSA token

C.

CA that grants certificates

D.

clear-text password that authenticates connections

E.

one or more CRLs

Question 115

Refer to the exhibit.

Site A was recently connected to site B over a new single-mode fiber path. Users at site A report Intermittent connectivity Issues with applications hosted at site B. What is the reason for the problem?

Options:

A.

Heavy usage is causing high latency.

B.

An incorrect type of transceiver has been inserted into a device on the link.

C.

physical network errors are being transmitted between the two sites.

D.

The wrong cable type was used to make the connection.

Question 116

What is a requirement when configuring or removing LAG on a WLC?

Options:

A.

The Incoming and outgoing ports for traffic flow must be specified If LAG Is enabled.

B.

The controller must be rebooted after enabling or reconfiguring LAG.

C.

The management interface must be reassigned if LAG disabled.

D.

Multiple untagged interfaces on the same port must be supported.

Question 117

Refer to the exhibit.

A network engineer must update the configuration on Switch2 so that it sends LLDP packets every minute and the information sent via LLDP is refreshed every 3 minutes Which configuration must the engineer apply?

A)

B)

C)

D)

Options:

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Question 118

Which interface mode must be configured to connect the lightweight APs in a centralized architecture?

Options:

A.

WLAN dynamic

B.

management

C.

trunk

D.

access

Question 119

Which QoS per-hop behavior changes the value of the ToS field in the IPv4 packet header?

Options:

A.

shaping

B.

classification

C.

policing

D.

marking

Question 120

Which protocol is used for secure remote CLI access?

Options:

A.

HTTPS

B.

HTTP

C.

Telnet

D.

SSH

Question 121

Refer to the exhibit.

The router has been configured with a supernet to accommodate the requirement for 380 users on a subnet The requirement already considers 30% future growth. Which configuration verifies the IP subnet on router R4?

A)

B)

C)

D)

Options:

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Question 122

What is a requirement for nonoverlapping Wi-Fi channels?

Options:

A.

different security settings

B.

discontinuous frequency ranges

C.

different transmission speeds

D.

unique SSIDs

Question 123

Refer to the exhibit.

A company is configuring a failover plan and must implement the default routes in such a way that a floating static route will assume traffic forwarding when the primary link goes down. Which primary route configuration must be used?

Options:

A.

ip route 0.0.0.0 0.0.0.0 192.168.0.2 GigabitEthernetl/0

B.

ip route 0.0.0.0 0.0.0.0 192.168.0.2 tracked

C.

ip route 0.0.0.0 0.0.0.0 192.168.0.2 floating

D.

ip route 0.0.0.0 0.0.0.0 192.168.0.2

Question 124

Refer to the exhibit.

An engineer is updating the R1 configuration to connect a new server to the management network. The PCs on the management network must be blocked from pinging the default gateway of the new server. Which command must be configured on R1 to complete the task?

Options:

A.

R1(config)#lp route 172.16.2.2 255.255.255.248 gi0/1

B.

R1(config)#jp route 172.16.2.2 255.255.255.255 gi0/0

C.

R1(config>#ip route 172.16.2.0 255.255.255.0 192.168.1.15

D.

R1(conflg)#ip route 172.16.2.0 255.255.255.0 192.168.1.5

Question 125

Refer to the exhibit.

Traffic sourced from the loopback0 Interface is trying to connect via ssh to the host at 10.0.1.15. What Is the next hop to the destination address?

Options:

A.

192.168.0.7

B.

192.168.0.4

C.

192.168.0.40

D.

192.168.3.5

Question 126

Drag and drop the statements about networking from the left onto the corresponding networking types on the right.

Options:

Question 127

Refer to the exhibit.

An engineer built a new L2 LACP EtherChannel between SW1 and SW2 and executed these show commands to verify the work. Which additional task allows the two switches to establish an LACP port channel?

Options:

A.

Change the channel-group mode on SW2 to auto

B.

Change the channel-group mode on SW1 to desirable.

C.

Configure the interface port-channel 1 command on both switches.

D.

Change the channel-group mode on SW1 to active or passive.

Question 128

How does Rapid PVST+ create a fast loop-free network topology?

Options:

A.

lt requires multiple links between core switches

B.

It generates one spanning-tree instance for each VLAN

C.

It maps multiple VLANs into the same spanning-tree instance

D.

It uses multiple active paths between end stations.

Question 129

Refer to the exhibit.

Router R1 currently is configured to use R3 as the primary route to the Internet, and the route uses the default administrative distance settings. A network engineer must configure R1 so that it uses R2 as a backup, but only if R3 goes down. Which command must the engineer configure on R1 so that it correctly uses R2 as a backup route, without changing the administrative distance configuration on the link to R3?

Options:

A.

ip route 0.0.0.0 0.0.0.0 g0/1 1

B.

ip route 0.0.0.0 0.0.0.0 209.165.201.5 10

C.

ip route 0.0.0.0 0.0.0.0 209.165.200.226 1

D.

ip route 0,0.0.0 0.0.0.0 g0/1 6

Question 130

Refer to the exhibit.

An engineer is asked to insert the new VLAN into the existing trunk without modifying anything previously configured Which command accomplishes this task?

Options:

A.

switchport trunk allowed vlan 100-104

B.

switchport trunk allowed vlan add 104

C.

switchport trunk allowed vlan all

D.

switchport trunk allowed vlan 104

Question 131

Refer to the exhibit.

The DHCP server and clients are connected to the same switch. What is the next step to complete the DHCP configuration to allow clients on VLAN 1 to receive addresses from the DHCP server?

Options:

A.

Configure the ip dhcp snooping trust command on the interlace that is connected to the DHCP client.

B.

Configure the ip dhcp relay information option command on the interface that is connected to the DHCP client.

C.

Configure the ip dhcp snooping trust command on the interface that is connected to the DHCP server.

D.

Configure the Ip dhcp relay information option command on the interface that is connected to the DHCP server.

Question 132

What is one reason to implement LAG on a Cisco WLC?

Options:

A.

to increase security and encrypt management frames

B.

to provide link redundancy and load balancing

C.

to allow for stateful and link-state failover

D.

to enable connected switch ports to failover and use different VLANs

Question 133

Refer to the exhibit.

Which two commands must be configured on router R1 to enable the router to accept secure remote-access connections? (Choose two)

Options:

A.

transport input telnet

B.

crypto key generate rsa

C.

ip ssh pubkey-chain

D.

login console

E.

username cisco password 0 Cisco

Question 134

What are two benefits of FHRPs? (Choose two.)

Options:

A.

They enable automatic failover of the default gateway.

B.

They allow multiple devices to serve as a single virtual gateway for clients in the network.

C.

They are able to bundle multiple ports to increase bandwidth.

D.

They prevent loops in the Layer 2 network.

E.

They allow encrypted traffic.

Question 135

Refer to the exhibit.

Which route must be configured on R1 so that OSPF routing is used when OSPF is up. but the server is still reachable when OSPF goes down?

Options:

A.

ip route 10.1.1.10 255.255.255.255 172.16.2.2 100

B.

ip route 10.1.1.0 255.255.255.0 gi0/1 125

C.

ip route 10.1.1.0 255.255.255.0 172.16.2.2 100

D.

ip route 10.1.1.10 255.255.255.255 gi0/0 125

Question 136

Refer to the exhibit.

Switch A is newly configured. All VLANs are present in the VLAN database. The IP phone and PC A on Gi0/1 must be configured for the appropriate VLANs to establish connectivity between the PCs. Which command set fulfills the requirement?

A)

B)

C)

D)

Options:

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Question 137

Drag and drop the facts about wireless architectures from the left onto the types of access point on the right. Not all options are used.

Options:

Question 138

Refer to the exhibit.

Which configuration enables DHCP addressing for hosts connected to interface FastEthernetO/1 on router R4?

Options:

A.

interface FastEthernet0/0

ip helper-address 10.0.1.1

i

access-list 100 permit udp host 10.0.1.1 eq bootps host 10.148.2.1

B.

interface FastEthernot0/1

ip helper-address 10.0.1.1

!

access-list 100 permit tcp host 10.0.1.1 eq 67 host 10.148.2.1

C.

interface FastEthernetO/0

ip helper-address 10.0.1.1

I

access-list 100 permit host 10.0.1.1 host 10.148.2.1 eq bootps

D.

interface FastEthernet0/1

ip helper-address 10.0.1.1

!

access-list 100 permit udp host 10.0.1.1 eq bootps host 10.148.2.1

Question 139

Which WLC management connection type is vulnerable to man-in-the-middle attacks?

Options:

A.

SSH

B.

HTTPS

C.

Telnet

D.

console

Question 140

Refer to the exhibit.

An engineer is configuring the HO router. Which IPv6 address configuration must be applied to the router fa0'1 interface for the router to assign a unique 64-brt IPv6 address to Itself?

Options:

A.

ipv6 address 2001:DB8:0:1:C601:42FF:FE0F:7/64

B.

ipv6 address 2001:DB8:0:1:C601:42FE:800F:7/64

C.

ipv6 address 2001 :DB8:0:1:FFFF:C601:420F:7/64

D.

iov6 address 2001 :DB8:0:1:FE80:C601:420F:7/64

Question 141

A Cisco engineer must configure a single switch interface to meet these requirements

• accept untagged frames and place them in VLAN 20

• accept tagged frames in VLAN 30 when CDP detects a Cisco IP phone

Which command set must the engineer apply?

A)

B)

C)

D)

Options:

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Question 142

Which action is taken by the data plane within a network device?

Options:

A.

forwards traffic to the next hop

B.

constructs a routing table based on a routing protocol

C.

provides CLI access to the network device

D.

looks up an egress interface in the forwarding information base

Question 143

What is a function of Opportunistic Wireless Encryption in an environment?

Options:

A.

offer compression

B.

increase security by using a WEP connection

C.

provide authentication

D.

protect traffic on open networks

Question 144

Refer to the exhibit.

An engineer assumes a configuration task from a peer Router A must establish an OSPF neighbor relationship with neighbor 172 1 1 1 The output displays the status of the adjacency after 2 hours. What is the next step in the configuration process for the routers to establish an adjacency?

Options:

A.

Configure router A to use the same MTU size as router B.

B.

Set the router B OSPF ID to a nonhost address.

C.

Configure a point-to-point link between router A and router B.

D.

Set the router B OSPF ID to the same value as its IP address

Question 145

Refer to the exhibit.

The following must be considered:

• SW1 is fully configured for all traffic

• The SW4 and SW9 links to SW1 have been configured

• The SW4 interface Gi0/1 and Gi0/0 on SW9 have been configured

• The remaining switches have had all VLANs adde d to their VLAN database

Which configuration establishes a successful ping from PC2 to PC7 without interruption to traffic flow between other PCs?

A)

B)

C)

D)

Options:

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Question 146

Refer to the exhibit.

Which command configures OSPF on the point-to-point link between routers R1 and R2?

Options:

A.

router-id 10.0.0.15

B.

neighbor 10.1.2.0 cost 180

C.

ipospf priority 100

D.

network 10.0.0.0 0.0.0.255 area 0

Question 147

Refer to the exhibit.

Which two commands must be added to update the configuration of router R1 so that it accepts only encrypted connections? (Choose two )

Options:

A.

username CNAC secret R!41!4319115@

B.

ip ssh version 2

C.

line vty 0 4

D.

crypto key generate rsa 1024

E.

transport input ssh

Question 148

Which wireless security protocol relies on Perfect Forward Secrecy?

Options:

A.

WPA3

B.

WPA

C.

WEP

D.

WPA2

Question 149

Refer to the exhibit.

All VLANs are present in the VLAN database. Which command sequence must be applied to complete the configuration?

Options:

A.

Interface FastEthernet0/1 switchport trunk native vlan 10 switchport trunk allowed vlan 10,15

B.

Interface FastEthernet0/1 switchport mode trunk switchport trunk allowed vlan 10,15

C.

interface FastEthernet0/1 switchport mode access switchport voice vlan 10

D.

Interface FastEthernet0/1 switchport trunk allowed vlan add 10 vlan 10 private-vlan isolated

Question 150

R1 as an NTP server must have:

• NTP authentication enabled

• NTP packets sourced from Interface loopback 0

• NTP stratum 2

• NTP packets only permitted to client IP 209.165 200 225

How should R1 be configured?

A)

B)

C)

D)

Options:

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Question 151

Which Layer 2 switch function encapsulates packets for different VLANs so that the packets traverse the same port and maintain traffic separation between the VLANs?

Options:

A.

VLAN numbering

B.

VLAN DSCP

C.

VLAN tagging

D.

VLAN marking

Question 152

A Cisco engineer is configuring a factory-default router with these three passwords:

• The user EXEC password for console access is p4ssw0rd1

• The user EXEC password for Telnet access is s3cr3t2

• The password for privileged EXEC mode is pnv4t3p4ss Which command sequence must the engineer configured

A)

B)

C)

D)

Options:

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Question 153

Which type of IPv6 address is similar to a unicast address but is assigned to multiple devices on the same network at the same time?

Options:

A.

global unicast address

B.

anycast address

C.

multicast address

D.

link-local address

Question 154

Refer to the exhibit.

The link between PC1 and the switch is up. but it is performing poorly. Which interface condition is causing the performance problem?

Options:

A.

There is a duplex mismatch on the interface

B.

There is an issue with the fiber on the switch interface.

C.

There is a speed mismatch on the interface.

D.

There is an interface type mismatch

Question 155

Refer to the exhibit.

Which command must be issued to enable a floating static default route on router A?

Options:

A.

lp route 0.0.0.0 0.0.0.0 192.168.1.2

B.

ip default-gateway 192.168.2.1

C.

ip route 0.0.0.0 0.0.0.0 192.168.2.1 10

D.

ip route 0.0.0.0 0.0.0.0 192.168.1.2 10

Question 156

What is the difference between IPv6 unicast and anycast addressing?

Options:

A.

IPv6 anycast nodes must be explicitly configured to recognize the anycast address, but IPv6 unicast nodes require no special configuration

B.

IPv6 unicast nodes must be explicitly configured to recognize the unicast address, but IPv6 anycast nodes require no special configuration

C.

An individual IPv6 unicast address is supported on a single interface on one node but an IPv6 anycast address is assigned to a group of interfaces on multiple nodes.

D.

Unlike an IPv6 anycast address, an IPv6 unicast address is assigned to a group of interfaces on multiple nodes

Question 157

What is an expected outcome when network management automation is deployed?

Options:

A.

A distributed management plane must be used.

B.

Software upgrades are performed from a central controller

C.

Complexity increases when new device configurations are added

D.

Custom applications are needed to configure network devices

Question 158

What is the function of the controller in a software-defined network?

Options:

A.

multicast replication at the hardware level

B.

fragmenting and reassembling packets

C.

making routing decisions

D.

forwarding packets

Question 159

Refer to the exhibit.

How should the configuration be updated to allow PC1 and PC2 access to the Internet?

Options:

A.

Modify the configured number of the second access list.

B.

Add either the ip nat {inside|outside} command under both interfaces.

C.

Remove the overload keyword from the ip nat inside source command.

D.

Change the ip nat inside source command to use interface GigabitEthernet0/0.

Question 160

Which type of network attack overwhelms the target server by sending multiple packets to a port until the half-open TCP resources of the target are exhausted?

Options:

A.

SYIM flood

B.

reflection

C.

teardrop

D.

amplification

Question 161

Which PoE mode enables powered-device detection and guarantees power when the device is detected?

Options:

A.

dynamic

B.

static

C.

active

D.

auto

Question 162

Which two network actions occur within the data plane? (Choose two.)

Options:

A.

Add or remove an 802.1Q trunking header.

B.

Make a configuration change from an incoming NETCONF RPC.

C.

Run routing protocols.

D.

Match the destination MAC address to the MAC address table.

E.

Reply to an incoming ICMP echo request.

Question 163

An engineer is tasked to configure a switch with port security to ensure devices that forward unicasts multicasts and broadcasts are unable to flood the port The port must be configured to permit only two random MAC addresses at a time Drag and drop the required configuration commands from the left onto the sequence on the right Not all commands are used.

Options:

Question 164

Refer to the exhibit.

Which network prefix was learned via EIGRP?

Options:

A.

172.16.0.0/16

B.

192.168.2.0/24

C.

207.165.200.0/24

D.

192.168.1.0/24

Question 165

Refer to the exhibit.

Which configuration allows routers R14 and R86 to form an OSPFv2 adjacency while acting as a central point for exchanging OSPF information between routers?

A)

B)

C)

D)

Options:

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Question 166

Refer to the exhibit.

Web traffic is coming in from the WAN interface. Which route takes precedence when the router is processing traffic destined for the LAN network at 10 0.10.0/24?

Options:

A.

via next-hop 10.0.1.5

B.

via next-hop 10 0 1.4

C.

via next-hop 10.0 1.50

D.

via next-hop 10.0 1 100

Question 167

Refer to the exhibit.

Traffic that is flowing over interface TenGigabitEthernet0/0 experiences slow transfer speeds. What is the reason for the issue?

Options:

A.

heavy traffic congestion

B.

a duplex incompatibility

C.

a speed conflict

D.

queuing drops

Question 168

Which field within the access-request packet is encrypted by RADIUS?

Options:

A.

authorized services

B.

authenticator

C.

username

D.

password

Question 169

Drag and drop the Rapid PVST+ forwarding slate actions from the loft to the right. Not all actions are used.

Options:

Question 170

Refer to the exhibit.

Which two commands when used together create port channel 10? (Choose two.)

Options:

A.

int range g0/0-1

channel-group 10 mode active

B.

int range g0/0-1 chanm.l-group 10 mode desirable

C.

int range g0/0-1

channel-group 10 mode passive

D.

int range g0/0-1 channel-group 10 mode auto

E.

int range g0/0-1 channel-group 10 mode on

Question 171

Refer to the exhibit.

An access list is created to deny Telnet access from host PC-1 to RTR-1 and allow access from all other hosts A Telnet attempt from PC-2 gives this message:"% Connection refused by remote host" Without allowing Telnet access from PC-1, which action must be taken to permit the traffic?

Options:

A.

Add the access-list 10 permit any command to the configuration

B.

Remove the access-class 10 in command from line vty 0.4.

C.

Add the ip access-group 10 out command to interface g0/0.

D.

Remove the password command from line vty 0 4.

Question 172

Refer to the exhibit.

Only four switches are participating in the VLAN spanning-tree process.

Branch-1 priority 614440

Branch-2: priority 39082416

Branch-3: priority 0

Branch-4: root primary

Which switch becomes the permanent root bridge for VLAN 5?

Options:

A.

Branch-1

B.

Branch-2

C.

Branch-3

D.

Branch-4

Question 173

Refer to the exhibit.

The New York router is configured with static routes pointing to the Atlanta and Washington sites. Which two tasks must be performed so that the Serial0/0/0 interfaces on the Atlanta and Washington routers can reach one another?

(Choose two.)

Options:

A.

Configure the ipv6 route 2012::/126 2023::1 command on the Washington router.

B.

Configure the ipv6 route 2023::/126 2012::1 command on the Atlanta router.

C.

Configure the Ipv6 route 2012::/126 s0/0/0 command on the Atlanta router.

D.

Configure the ipv6 route 2023::/126 2012::2 command on the Atlanta router.

E.

Configure the ipv6 route 2012::/126 2023::2 command on the Washington router.

Question 174

Refer to the exhibit.

To which device does Router1 send packets that are destined to host 10.10.13.165?

Options:

A.

Router2

B.

Router3

C.

Router4

D.

Router5

Question 175

A network engineer must create a diagram of a multivendor network. Which command must be configured on the Cisco devices so that the topology of the network can be mapped?

Options:

A.

Device(Config)#lldp run

B.

Device(Config)#cdp run

C.

Device(Config-if)#cdp enable

D.

Device(Config)#flow-sampler-map topology

Question 176

Where does a switch maintain DHCP snooping information?

Options:

A.

in the MAC address table

B.

in the CAM table

C.

in the binding database

D.

in the frame forwarding database

Question 177

An office has 8 floors with approximately 30-40 users per floor What command must be configured on the router Switched Virtual Interface to use address space efficiently?

Options:

A.

ip address 192.168.0.0 255.255.0.0

B.

ip address 192.168.0.0 255.255.254.0

C.

ip address 192.168.0.0 255.255.255.128

D.

ip address 192.168.0.0 255.255.255.224

Question 178

Refer to the exhibit.

An engineer is bringing up a new circuit to the MPLS provider on the Gi0/1 interface of Router1 The new circuit uses eBGP and teams the route to VLAN25 from the BGP path What s the expected behavior for the traffic flow for route 10.10.13.0/25?

Options:

A.

Traffic to 10.10.13.0.25 is load balanced out of multiple interfaces

B.

Route 10.10.13.0/25 is updated in the routing table as being learned from interface Gi0/1.

C.

Traffic to 10.10.13.0/25 is asymmeteical

D.

Route 10.10.13.0/25 learned via the GiO/0 interface remains in the routing table

Question 179

Which two values or settings must be entered when configuring a new WLAN in the Cisco Wireless LAN Controller GUI? (Choose two)

Options:

A.

management interface settings

B.

QoS settings

C.

Ip address of one or more access points

D.

SSID

E.

Profile name

Question 180

Refer to the exhibit.

An engineer configured the New York router with state routes that point to the Atlanta and Washington sites. When command must be configured on the Atlanta and Washington routers so that both sites are able to reach the loopback2 interface on the New York router?

Options:

A.

ipv6 route ::/0 Serial 0/0/1

B.

ipv6 route 0/0 Serial 0/0/0

C.

ipv6 route ::/0 Serial 0/0/0

D.

ip route 0.0.0.0.0.0.0.0 Serial 0/0/0

E.

ipv6 route ::/0 2000::2

Question 181

A network administrator needs to aggregate 4 ports into a single logical link which must negotiate layer 2 connectivity to ports on another switch. What must be configured when using active mode on both sides of the connection?

Options:

A.

802.1q trunks

B.

Cisco vPC

C.

LLDP

D.

LACP

Question 182

Refer to the exhibit.

A network engineer is in the process of establishing IP connectivity between two sites. Routers R1 and R2 are partially configured with IP addressing. Both routers have the ability to access devices on their respective LANs. Which command set configures the IP connectivity between devices located on both LANs in each site?

Options:

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Question 183

Which technology can prevent client devices from arbitrarily connecting to the network without state remediation?

Options:

A.

802.1x

B.

IP Source Guard

C.

MAC Authentication Bypass

D.

802.11n

Question 184

Which IPv6 address type provides communication between subnets and is unable to route on the Internet?

Options:

A.

global unicast

B.

unique local

C.

link-local

D.

multicast

Question 185

Which action does the router take as rt forwards a packet through the network?

Options:

A.

The router replaces the source and desinaoon labels wth the sending router uterface label as a source and the next hop router label as a desbnabon

B.

The router encapsulates the source and destination IP addresses with the sending router P address as the source and the neighbor IP address as the destination

C.

The router replaces the original source and destination MAC addresses with the sending router MAC address as the source and neighbor MAC address as the destination

D.

The router encapsulates the original packet and then includes a tag that identifies the source router MAC address and transmit transparently to the destination

Question 186

Which type of organization should use a collapsed-core architecture?

Options:

A.

large and requires a flexible, scalable network design

B.

large and must minimize downtime when hardware fails

C.

small and needs to reduce networking costs currently

D.

small but is expected to grow dramatically in the near future

Question 187

What are two reasons for an engineer to configure a floating state route? (Choose two)

Options:

A.

to automatically route traffic on a secondary path when the primary path goes down

B.

to route traffic differently based on the source IP of the packet

C.

to enable fallback static routing when the dynamic routing protocol fails

D.

to support load balancing via static routing

E.

to control the return path of traffic that is sent from the router

Question 188

An engineer is configuring NAT to translate the source subnet of 10.10.0.0/24 to any of three addresses 192.168.30.1, 192.168.3.2, 192.168.3.3 Which configuration should be used?

Options:

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Question 189

With REST API, which standard HTTP header tells a server which media type is expected by the client?

Options:

A.

Accept-Encoding: gzip. deflate

B.

Accept-Patch: text/example; charset=utf-8

C.

Content-Type: application/json; charset=utf-8

D.

Accept: application/json

Question 190

An engineer must configure traffic for a VLAN that is untagged by the switch as it crosses a trunk link. Which command should be used?

Options:

A.

switchport trunk allowed vlan 10

B.

switchport trunk native vlan 10

C.

switchport mode trunk

D.

switchport trunk encapsulation dot1q

Question 191

Which two QoS tools provides congestion management? ( Choose two )

Options:

A.

CAR

B.

CBWFQ

C.

PQ

D.

PBR

E.

FRTS

Question 192

Which 802.11 frame type is indicated by a probe response after a client sends a probe request?

Options:

A.

action

B.

management

C.

control

D.

data

Question 193

Which goal is achieved by the implementation of private IPv4 addressing on a network?

Options:

A.

provides an added level of protection against Internet exposure

B.

provides a reduction in size of the forwarding table on network routers

C.

allows communication across the Internet to other private networks

D.

allows servers and workstations to communicate across public network boundaries

Question 194

Which set of action satisfy the requirement for multifactor authentication?

Options:

A.

The user swipes a key fob, then clicks through an email link

B.

The user enters a user name and password, and then clicks a notification in an authentication app on a mobile device

C.

The user enters a PIN into an RSA token, and then enters the displayed RSA key on a login screen

D.

The user enters a user name and password and then re-enters the credentials on a second screen

Question 195

Refer to the exhibit.

Between which zones do wireless users expect to experience intermittent connectivity?

Options:

A.

between zones 1 and 2

B.

between zones 2 and 5

C.

between zones 3 and 4

D.

between zones 3 and 6

Question 196

Refer to the exhibit.

A network administrator assumes a task to complete the connectivity between PC A and the File Server. Switch A and Switch B have been partially configured with VLAN 10, 11, 12, and 13. What is the next step in the configuration?

Options:

A.

Add PC A to VLAN 10 and the File Server to VLAN 11 fa VLAN segmentation

B.

Add VLAN 13 to the trunk links on Switch A and Switch B for VLAN propagation

C.

Add a router on a stick between Switch A and Switch B allowing for Inter-VLAN routing.

D.

Add PC A to the same subnet as the Fie Server allowing for intra-VLAN communication.

Question 197

What Is a syslog facility?

Options:

A.

Host that is configured for the system to send log messages

B.

password that authenticates a Network Management System to receive log messages

C.

group of log messages associated with the configured severity level

D.

set of values that represent the processes that can generate a log message

Question 198

Refer to the exhibit.

With which metric was the route to host 172.16.0.202 learned?

Options:

A.

0

B.

110

C.

38443

D.

3184439

Question 199

What are two descriptions of three-tier network topologies? (Choose two)

Options:

A.

The core and distribution layers perform the same functions

B.

The access layer manages routing between devices in different domains

C.

The network core is designed to maintain continuous connectivity when devices fail.

D.

The core layer maintains wired connections for each host

E.

The distribution layer runs Layer 2 and Layer 3 technologies

Question 200

A router running EIGRP has learned the same route from two different paths. Which parameter does the router use to select the best path?

Options:

A.

cost

B.

adminstrative distance

C.

metric

D.

as-path

Question 201

Refer to the exhibit.

Which route type does the routing protocol Code D represent in the output?

Options:

A.

internal BGP route

B.

/24 route of a locally configured IP

C.

statically assigned route

D.

route learned through EIGRP

Question 202

What is a difference between RADIUS and TACACS+?

Options:

A.

RADIUS is most appropriate for dial authentication, but TACACS+ can be used for multiple types of authentication

B.

TACACS+ encrypts only password information and RADIUS encrypts the entire payload

C.

TACACS+ separates authentication and authorization, and RADIUS merges them

D.

RADIUS logs all commands that are entered by the administrator, but TACACS+ logs only start, stop, and interim commands

Question 203

If a switch port receives a new frame while it is actively transmitting a previous frame, how does it process the frames?

Options:

A.

The new frame is delivered first, the previous frame is dropped, and a retransmission request is sent.

B.

The previous frame is delivered, the new frame is dropped, and a retransmission request is sent.

C.

The new frame is placed in a queue for transmission after the previous frame.

D.

The two frames are processed and delivered at the same time.

Question 204

Which port type supports the spanning-tree portfast command without additional configuration?

Options:

A.

access ports

B.

Layer 3 main Interfaces

C.

Layer 3 suninterfaces

D.

trunk ports

Question 205

What are two differences between optical-fiber cabling and copper cabling? (Choose two)

Options:

A.

Light is transmitted through the core of the fiber

B.

A BNC connector is used for fiber connections

C.

The glass core component is encased in a cladding

D.

Fiber connects to physical interfaces using Rj-45 connections

E.

The data can pass through the cladding

Question 206

Refer to the exhibit.

A network engineer must block access for all computers on VLAN 20 to the web server via HTTP All other computers must be able to access the web server Which configuration when applied to switch A accomplishes this task?

Options:

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Question 207

Refer to the exhibit.

The default-information originate command is configured under the R1 OSPF configuration After testing workstations on VLAN 20 at Site B cannot reach a DNS server on the Internet Which action corrects the configuration issue?

Options:

A.

Add the default-information originate command onR2

B.

Configure the ip route 0.0.0.0 0.0.0.0 10.10.10.18 command on R1

C.

Configure the ip route 0.0.0.0 0.0.0.0 10.10.10.2 command on R2

D.

Add the always keyword to the default-information originate command on R1

Question 208

What is a function of TFTP in network operations?

Options:

A.

transfers a backup configuration file from a server to a switch using a username and password

B.

transfers files between file systems on a router

C.

transfers a configuration files from a server to a router on a congested link

D.

transfers IOS images from a server to a router for firmware upgrades

Question 209

Refer to the exhibit.

Which IPv6 configuration is required for R17 to successfully ping the WAN interface on R18?

A)

B)

C)

D)

Options:

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Question 210

Refer to the exhibit.

Shortly after SiteA was connected to SiteB over a new single-mode fiber path users at SiteA report intermittent connectivity issues with applications hosted at SiteB What is the cause of the intermittent connectivity issue?

Options:

A.

Interface errors are incrementing

B.

An incorrect SFP media type was used at SiteA

C.

High usage is causing high latency

D.

The sites were connected with the wrong cable type

Question 211

Refer to me exhibit.

Which action is taken by the router when a packet is sourced from 10.10.10.2 and destined for 10.10.10.16?

Options:

A.

It uses a route that is similar to the destination address

B.

It discards the packets.

C.

It floods packets to all learned next hops.

D.

It Queues the packets waiting for the route to be learned.

Question 212

Refer to the exhibit.

If R1 receives a packet destined to 172.161.1, to which IP address does it send the packet?

Options:

A.

192.168.12.2

B.

192.168.13.3

C.

192.168.14.4

D.

192.168.15.5

Question 213

How does a Cisco Unified Wireless network respond to Wi-Fi channel overlap?

Options:

A.

It alternates automatically between 2.4 GHz and 5 GHz on adjacent access points

B.

It allows the administrator to assign channels on a per-device or per-interface basis.

C.

It segregates devices from different manufacturers onto different channels.

D.

It analyzes client load and background noise and dynamically assigns a channel.

Question 214

While examining excessive traffic on the network, it is noted that all incoming packets on an interface appear to be allowed even though an IPv4 ACL is applied to the interface.

Which two misconfigurations cause this behavior? (Choose two)

Options:

A.

The packets fail to match any permit statement

B.

A matching permit statement is too high in the access test

C.

A matching permit statement is too broadly defined

D.

The ACL is empty

E.

A matching deny statement is too high in the access list

Question 215

Refer to the exhibit.

For security reasons, automatic neighbor discovery must be disabled on the R5 Gi0/1 interface. These tasks must be completed:

• Disable all neighbor discovery methods on R5 interface GiO/1.

• Permit neighbor discovery on R5 interface GiO/2.

• Verify there are no dynamically learned neighbors on R5 interface Gi0/1.

• Display the IP address of R6*s interface Gi0/2.

Which configuration must be used?

Options:

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Question 216

Refer to the exhibit.

An engineer booted a new switch and applied this configuration via the console port. Which additional configuration must be applied to allow administrators to authenticate directly to enable privilege mode via Telnet using a local username and password?

Options:

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Question 217

How does the dynamically-learned MAC address feature function?

Options:

A.

The CAM table is empty until ingress traffic arrives at each port

B.

Switches dynamically learn MAC addresses of each connecting CAM table.

C.

The ports are restricted and learn up to a maximum of 10 dynamically-learned addresses

D.

It requires a minimum number of secure MAC addresses to be filled dynamically

Question 218

Refer to the exhibit.

A packet is being sent across router R1 to host 172.16.0.14. What is the destination route for the packet?

Options:

A.

209.165.200.254 via Serial0/0/1

B.

209.165.200.254 via Serial0/0/0

C.

209.165.200.246 via Serial0/1/0

D.

209.165.200.250 via Serial0/0/0

Question 219

Where is the interface between the control plane and data plane within the software-defined architecture?

Options:

A.

control layer and the infrastructure layer

B.

application layer and the infrastructure layer

C.

application layer and the management layer

D.

control layer and the application layer

Question 220

Refer to the exhibit.

Which route type is configured to reach the internet?

Options:

A.

host route

B.

default route

C.

floating static route

D.

network route

Question 221

What are two recommendations for protecting network ports from being exploited when located in an office space outside of an IT closer? (Choose two.)

Options:

A.

enable the PortFast feature on ports

B.

implement port-based authentication

C.

configure static ARP entries

D.

configure ports to a fixed speed

E.

shut down unused ports

Question 222

What is a characteristic of private IPv4 addressing?

Options:

A.

traverse the Internet when an outbound ACL is applied

B.

issued by IANA in conjunction with an autonomous system number

C.

composed of up to 65.536 available addresses

D.

used without tracking or registration

Question 223

What is the primary function of a Layer 3 device?

Options:

A.

to analyze traffic and drop unauthorized traffic from the Internet

B.

to transmit wireless traffic between hosts

C.

to pass traffic between different networks

D.

forward traffic within the same broadcast domain

Question 224

Refer to the exhibit.

Which two commands were used to create port channel 10? (Choose two )

Options:

A.

Option A

B.

Option B

C.

Option C

D.

Option D

E.

Option E

Question 225

What is the primary different between AAA authentication and authorization?

Options:

A.

Authentication verifies a username and password, and authorization handles the communication between the authentication agent and the user database.

B.

Authentication identifies a user who is attempting to access a system, and authorization validates the users password

C.

Authentication identifies and verifies a user who is attempting to access a system, and authorization controls the tasks the user can perform.

D.

Authentication controls the system processes a user can access and authorization logs the activities the user initiates

Question 226

Which configuration is needed to generate an RSA key for SSH on a router?

Options:

A.

Configure the version of SSH

B.

Configure VTY access.

C.

Create a user with a password.

D.

Assign a DNS domain name

Question 227

What is a function of a Layer 3 switch?

Options:

A.

move frames between endpoints limited to IP addresses

B.

transmit broadcast traffic when operating in Layer 3 mode exclusively

C.

forward Ethernet frames between VLANs using only MAC addresses

D.

flood broadcast traffic within a VLAN

Load More 200-301 Questions
Page: 1 / 95
Total 951 questions
Get 200-301 Full Access Download 200-301 PDF