Cisco 200-301
Questions and Answers
Contents
Question 001 ........................................................................................................................................3
Question 002 ........................................................................................................................................6
Question 003 ......................................................................................................................................11
Question 004 ......................................................................................................................................15
Question 005 ......................................................................................................................................18
Question 006 ......................................................................................................................................24
Question 007 ......................................................................................................................................28
Question 008 ......................................................................................................................................33
Question 009 ......................................................................................................................................40
Question 010 ......................................................................................................................................41
Question 011 ......................................................................................................................................42
Question 012 ......................................................................................................................................43
Question 013 ......................................................................................................................................44
Question 014 ......................................................................................................................................46
Question 015 ......................................................................................................................................47
Question 016 ......................................................................................................................................47
Question 017 ......................................................................................................................................47
Question 018 ......................................................................................................................................48
Question 019 ......................................................................................................................................49
Question 020 ......................................................................................................................................50
Question 021 ......................................................................................................................................53
Question 022 ......................................................................................................................................54
Question 023 ......................................................................................................................................54
Question 024 ......................................................................................................................................55
Question 025 ......................................................................................................................................57
Question 026 ......................................................................................................................................58
Question 027 ......................................................................................................................................59
Question 028 ......................................................................................................................................60
Question 029 ......................................................................................................................................61
Question 030 ......................................................................................................................................62
Question 021 ......................................................................................................................................64
Question 022 ......................................................................................................................................65
Question 023 ......................................................................................................................................66
Page 1 of 112
Question 024 ......................................................................................................................................67
Question 025 ......................................................................................................................................68
Question 026 ......................................................................................................................................70
Question 027 ......................................................................................................................................71
Question 028 ......................................................................................................................................72
Question 029 ......................................................................................................................................73
Question 030 ......................................................................................................................................74
Page 2 of 112
Question 001
IP connectivity and OSPF are preconfigured on all devices where necessary.
Do not make any changes to the IP addressing or OSPF.
The company policy uses connected interfaces and next hops when configuring static routes
except for load balancing or redundancy without floating static.
Connectivity must be established between subnet 172.20.20.128/25 on the Internet, and the LAN
at 192.168.0.0/24 connected to SW1.
1.
2.
3.
4.
Configure reachability to the switch SW1 LAN subnet in router R2.
Configure default reachability to the Internet subnet in router R1.
Configure a single static route in router R2 to reach the Internet subnet considering both
redundant links between routers R1 and R2. Ad default route is NOT allowed on router R2.
Configure a static route in router R1 towards the switch SW1 LAN subnet where the
primary link must be through Gi 0/0/1 and the backup link must be through GI 0/0/2 using
a floating route. Use the minimal administrative distance value when required.
Page 3 of 112
Answer 001:
1.
Configure reachability to the switch SW1 LAN subnet in router R2.
enable
configure terminal
!
ip route 192.168.0.0 255.255.255.0 10.10.31.1
end
copy running-config startup-config
R2# ping 192.168.0.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.0.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 0/0/0 ms
2.
Configure default reachability to the Internet subnet in router R1.
enable
configure terminal
!
ip route 0.0.0.0 0.0.0.0 10.10.13.3
end
copy running-config startup-config
R1#ping 172.20.20.129
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.20.20.129, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 0/0/0 ms
3.
Configure a single static route in router R2 to reach the Internet subnet considering both
redundant links between routers R1 and R2. A default route is NOT allowed on router R2.
enable
configure terminal
!
ip route 172.20.20.128 255.255.255.128 Gi 0/0/1
ip route 172.20.20.128 255.255.255.128 Gi 0/0/2
end
copy running-config startup-config
<asymmetrical routing occurs – misses alternate pings>
Page 4 of 112
4.
Configure a static route in router R1 towards the switch SW1 LAN subnet where the
primary link must be through Gi 0/0/1 and the backup link must be through GI 0/0/2 using
a floating route. Use the minimal administrative distance value when required.
enable
configure terminal
!
ip route 192.168.0.0 255.255.255.0 Gi 0/0/1
(default AD = 1 )
ip route 192.168.0.0 255.255.255.0 Gi 0/0/1 2 (AD = 2 )
end
copy running-config startup-config
R1# ping 192.168.0.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.0.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 0/0/0 ms
Note: At R1, here is the routing table with Gi 0/0/1 up:
R1# show ip route
Gateway of last resort is 10.10.13.3 to network 0.0.0.0
C
C
L
C
L
C
L
S
S*
10.0.0.0/8 is variably subnetted, 7 subnets, 3 masks
10.10.1.1/32 is directly connected, Loopback0
10.10.12.0/25 is directly connected, GigabitEthernet0/0/1
10.10.12.1/32 is directly connected, GigabitEthernet0/0/1
10.10.12.128/25 is directly connected, GigabitEthernet0/0/2
10.10.12.129/32 is directly connected, GigabitEthernet0/0/2
10.10.13.0/24 is directly connected, GigabitEthernet0/0/0
10.10.13.1/32 is directly connected, GigabitEthernet0/0/0
192.168.0.0/24 is directly connected, GigabitEthernet0/0/1
0.0.0.0/0 [1/0] via 10.10.13.3
R1# show ip route 192.168.0.1
Routing entry for 192.168.0.0/24
Known via "static", distance 1, metric 0 (connected)
Routing Descriptor Blocks:
* directly connected, via GigabitEthernet0/0/1
Route metric is 0, traffic share count is 1
-
And at R1, here is the routing table with Gi 0/0/1 down:
R1# show ip route
Gateway of last resort is 10.10.13.3 to network 0.0.0.0
10.0.0.0/8 is variably subnetted, 5 subnets, 3 masks
C 10.10.1.1/32 is directly connected, Loopback0
C 10.10.12.128/25 is directly connected, GigabitEthernet0/0/2
L 10.10.12.129/32 is directly connected, GigabitEthernet0/0/2
C 10.10.13.0/24 is directly connected, GigabitEthernet0/0/0
L 10.10.13.1/32 is directly connected, GigabitEthernet0/0/0
S 192.168.0.0/24 is directly connected, GigabitEthernet0/0/2
S* 0.0.0.0/0 [1/0] via 10.10.13.3
R1# show ip route 192.168.0.1
Routing entry for 192.168.0.0/24
Known via "static", distance 2, metric 0 (connected)
Routing Descriptor Blocks:
* directly connected, via GigabitEthernet0/0/2
Route metric is 0, traffic share count is 1
Page 5 of 112
Question 002
Connectivity between three routers has been established an IP services must be configured in the
order presented to complete the implementation Tasks assigned including the configuration of
NAT, NTP, DHCP, and SSH services.
1.
All traffic sent from R3 to the R1 Loopback address must be configured for NAT on R2. All
source addresses must be translated from R3 to the Ip address of Gi 0/0/0 on R2, while
using only a standard access list named NAT. To verify, a ping must be successful to the R1
Loopback address sourced from R3. Do Not use NVI NAT configuration.
2.
Configure R1 as an NTP server and R2 as a client, not as a peer, using the IP address of the
R1 Gi 0/0/1 interface. Set the clock on the NTP server for midnight on January 1, 2019.
3.
Configure R1 as a DHCP server for the network 10.1.3.0 /24 in a pool named TEST. Using a
single command, exclude addresses 1-10 from the range. Interface Gi 0/0/0 on R3 must be
issued the IP address of 10.1.3.11 via DHCP.
4.
Configure SSH connectivity from R1 to R3, while excluding access via other remote
connection protocols. Access for user root and password Cisco must be set on router R3
using RSA and 1024 bits. Verify connectivity using an SSH session from router R1 using a
destination address of 10.1.3.11. Do NOT modify console access or line numbers to
accomplish this task.
Page 6 of 112
Answer 002:
1.
All traffic sent from R3 to the R1 Loopback address must be configured for NAT on R2. All
source addresses must be translated from R3 to the IP address of Gi 0/0/0 on R2, while
using only a standard access list named NAT. To verify, a ping must be successful to the R1
Loopback address sourced from R3. Do Not use NVI NAT configuration.
-
Implement NAT at R2.
All traffic from R3 to R1’s Loopback (192.168.1.1) is translated.
The outside address is R2’s Gi 0/0/0 (10.1.2.2)
R2
enable
configure terminal
!
ip nat inside source list NAT interface GigabitEthernet 0/0/0 overload
!
ip access-list standard NAT
remark <<< IP Addresses to be changed by NAT = R3 addresses >>>
permit 10.2.3.3 0.0.0.0
permit 192.168.3.1 0.0.0.0
permit 192.168.3.1 0.0.0.0
!
interface GigabitEthernet 0/0/0
ip nat outside
!
interface GigabitEthernet 0/0/1
ip nat inside
!
end
copy running-config startup-config
At R3:
R3# ping 192.168.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.1, timeout is 2 seconds:
!!!!!
At R1:
R1# debug ip icmp
ICMP packet debugging is on
R1#
ICMP: echo reply sent, src 192.168.1.1,
ICMP: echo reply sent, src 192.168.1.1,
ICMP: echo reply sent, src 192.168.1.1,
ICMP: echo reply sent, src 192.168.1.1,
ICMP: echo reply sent, src 192.168.1.1,
dst
dst
dst
dst
dst
Page 7 of 112
10.1.2.2
10.1.2.2
10.1.2.2
10.1.2.2
10.1.2.2
2.
Configure R1 as an NTP server and R2 as a client, not as a peer, using the IP address of the
R1 Gi 0/0/1 interface. Set the clock on the NTP server for midnight on January 1, 2019.
At R1, Set the clock for 00:00:00 on 1st January, 2019.
Make R1 the NTP “master”
Set R2 as an NTP “client”, using R1’s Gi 0/0/1 as a reference (10.1.3.1).
-
R1 and R2
R1#
clock set 00:00:00 01 JAN 2019
config t
!
ntp master 1
!
end
copy running-config startup-config
R2#
config t
ntp server 10.1.3.1
!
end
copy running-config startup-config
R1# show clock
0:0:3.453 UTC Tue Jan 1 2019
R2# show ntp status
Clock is synchronized, stratum 1, reference is 127.127.1.1
nominal freq is 250.0000 Hz, actual freq is 249.9990 Hz, precision is 2**24
reference time is DFAEF209.00000016 (0:6:33.022 UTC Tue Jan 1 2019)
clock offset is 0.00 msec, root delay is 0.00 msec
root dispersion is 0.00 msec, peer dispersion is 0.24 msec.
loopfilter state is 'CTRL' (Normal Controlled Loop), drift is - 0.000001193 s/s
system poll interval is 5, last update was 28 sec ago.
R2# show ntp associations
address
ref clock
st
when
poll
reach delay
offset
disp
*~127.127.1.1
.LOCL.
0
14
64
377
0.00
0.00
0.24
* sys.peer, # selected, + candidate, - outlyer, x falseticker, ~ configured
R1# show clock
0:8:8.941 UTC Tue Jan 1 2019
Page 8 of 112
3.
Configure R1 as a DHCP server for the network 10.1.3.0 /24 in a pool named TEST. Using a
single command, exclude addresses 1-10 from the range. Interface Gi 0/0/0 on R3 must be
issued the IP address of 10.1.3.11 via DHCP.
-
R1 is a DHCP server with a pool of 10.1.3.0 /24 called TEST.
Exclude 10.1.3.1 – 10.1.3.10
R3’s Gi 0/0/0 should get its IP address from the pool.
R1 and R3
R1:
service dhcp
ip dhcp pool TEST
network 10.1.3.0 255.255.255.0
default-router 10.1.3.1
domain-name cisco.com
lease 2
!
exit
ip dhcp excluded-address 10.1.3.1 10.1.3.10
!
end
copy running-config startup-config
R3:
enable
configure terminal
interface GigabitEthernet 0/0/0
ip address dhcp
!
end
copy running-config startup-config
R3# show ip int brief
Interface
GigabitEthernet0/0/0
GigabitEthernet0/0/1
Loopback0
Vlan1
IP-Address
10.1.3.11
10.2.3.3
192.168.3.1
unassigned
OK?
YES
YES
YES
YES
Method
DHCP
manual
manual
unset
Page 9 of 112
Status
up
up
up
administratively down
Protocol
up
up
up
down
4.
Configure SSH connectivity from R1 to R3, while excluding access via other remote
connection protocols. Access for user root and password Cisco must be set on router R3
using RSA and 1024 bits. Verify connectivity using an SSH session from router R1 using a
destination address of 10.1.3.11. Do NOT modify console access or line numbers to
accomplish this task.
-
SSH from R1 to R3
Exclude other protocols (TELNET)
Account: Username: root Password: Cisco
Use RSA and 1024-bit key
Check by SSH from R1 to 10.1.3.11 (R3’s Gi 0/0/0 interface).
R3
ip domain-name cisco.com
crypto key generate rsa general-keys modulus 1024
!
ip ssh version 2
ip ssh time-out 120
ip ssh authentication-retries 4
!
username root secret Cisco
!
line vty 0 15
no transport input
transport input ssh
login local
!
end
copy running-config startup-config
R1# ssh -l root 10.1.3.11
Password: <Cisco>
R3>
Page 10 of 112
Question 003
All the physical cabling between the two switches have been installed.
Configure the network connectivity between the switches using the designated VLANs and
interfaces.
Configure the following network as follows:
1.
VLAN 110 = MARKETING
VLAN 220 = FINANCE
2.
Sw1 has an access link (Fa 0/1) in VLAN 210 to PC5
Sw1 has a trunk link (Fa 0/2) to Sw2 – Native VLAN 1
3.
Sw2 has an access link (Fa 0/1) in VLAN 110 to PC3
Sw2 has a trunk link (Fa 0/2) to Sw1 – Native VLAN 1
Sw2 has a trunk link (Fa 0/3) to Sw3 – Native VLAN 1
4.
Sw3 has an access link (Fa 0/1) in VLAN 110 to PC4
Sw3 has an access link (Fa 0/2) in VLAN 210 to PC6
Sw3 has a trunk link (Fa 0/3) to Sw2 – Native VLAN 1
5.
Sw1, Fa 0/2 Trunk can only carry VLAN 210 Traffic
Sw2, Fa 0/2 Trunk can only carry VLAN 210 Traffic
Sw2, Fa 0/3 Trunk can only carry VLANs 110 and 210 Traffic
Sw3, Fa 0/3 Trunk can only carry VLANs 110 and 210 Traffic
Page 11 of 112
Answer 003
S1
enable
config t
!
hostname Sw1
no ip domain lookup
!
vlan 110
name MARKETING
vlan 210
name FINANCE
!
interface FastEthernet 0/1
description <<< VLAN 210 down to PC5 >>>
switchport mode access
switchport access vlan 210
no shutdown
!
interface FastEthernet 0/2
description <<< Trunk across to S2’s Fa 0/2 >>>
switchport mode trunk
! switchport trunk encapsulation dot1q (Not required as switch only does 802.1Q
switchport trunk native vlan 1
switchport trunk allowed vlan 210
no shutdown
!
line con 0
logging synchronous
exec-timeout 0 0
!
end
copy running-config startup-config
Sw1# show vlan brief
VLAN Name
Status
Ports
---- -------------------------------- --------- ------------------------------1
default
active
Fa0/3, Fa0/4, Fa0/5, Fa0/6
Fa0/7, Fa0/8, Fa0/9, Fa0/10
Fa0/11, Fa0/12, Fa0/13, Fa0/14
Fa0/15, Fa0/16, Fa0/17, Fa0/18
Fa0/19, Fa0/20, Fa0/21, Fa0/22
Fa0/23, Fa0/24, Gig0/1, Gig0/2
110 MARKETING
active
210 FINANCE
active
Fa0/1
Sw1# show int trunk
Port
Mode
Fa0/2
on
Encapsulation
802.1q
Status
trunking
Native vlan
1
Port
Fa0/2
Vlans allowed on trunk
210
Port
Fa0/2
Vlans allowed and active in management domain
210
Port
Fa0/2
Vlans in spanning tree forwarding state and not pruned
210
Page 12 of 112
S2
enable
config t
!
hostname Sw2
no ip domain lookup
!
vlan 110
name MARKETING
vlan 210
name FINANCE
!
interface FastEthernet 0/1
description <<< VLAN 110 down to PC3 >>>
switchport mode access
switchport access vlan 110
no shutdown
!
interface FastEthernet 0/2
description <<< Trunk across to S1’s Fa 0/2 >>>
switchport mode trunk
! switchport trunk encapsulation dot1q (Not required as switch only does 802.1Q
switchport trunk native vlan 1
switchport trunk allowed vlan 210
no shutdown
!
interface FastEthernet 0/3
description <<< Trunk across to S3’s Fa 0/3 >>>
switchport mode trunk
! switchport trunk encapsulation dot1q (Not required as switch only does 802.1Q
switchport trunk native vlan 1
switchport trunk allowed vlan 110,210
no shutdown
!
line con 0
logging synchronous
exec-timeout 0 0
!
end
copy running-config startup-config
Sw2# show vlan brief
VLAN Name
Status
Ports
---- -------------------------------- --------- ------------------------------1
default
active
Fa0/4, Fa0/5, Fa0/6, Fa0/7
Fa0/8, Fa0/9, Fa0/10, Fa0/11
Fa0/12, Fa0/13, Fa0/14, Fa0/15
Fa0/16, Fa0/17, Fa0/18, Fa0/19
Fa0/20, Fa0/21, Fa0/22, Fa0/23
Fa0/24, Gig0/1, Gig0/2
110 MARKETING
active
Fa0/1
210 FINANCE
active
…
Sw2# show int trunk
Port
Mode
Encapsulation Status
Native vlan
Fa0/2
on
802.1q
trunking
1
Fa0/3
on
802.1q
trunking
1
Port
Fa0/2
Fa0/3
Vlans allowed on trunk
210
110,210
Port
Fa0/2
Fa0/3
Vlans allowed and active in management domain
210
110,210
Port
Fa0/2
Fa0/3
Vlans in spanning tree forwarding state and not pruned
210
110,210
Page 13 of 112
S3
enable
config t
!
hostname Sw3
no ip domain lookup
!
vlan 110
name MARKETING
vlan 210
name FINANCE
!
interface FastEthernet 0/1
description <<< VLAN 110 down to PC4 >>>
switchport mode access
switchport access vlan 110
no shutdown
!
interface FastEthernet 0/2
description <<< VLAN 210 down to PC6 >>>
switchport mode access
switchport access vlan 210
no shutdown
!
interface FastEthernet 0/3
description <<< Trunk across to S2’s Fa 0/3 >>>
switchport mode trunk
! switchport trunk encapsulation dot1q (Not required as switch only does 802.1Q
switchport trunk native vlan 1
switchport trunk allowed vlan 110,210
no shutdown
!
line con 0
logging synchronous
exec-timeout 0 0
!
end
copy running-config startup-config
Sw3# show vlan brief
VLAN Name
Status
Ports
---- -------------------------------- --------- ------------------------------1
default
active
Fa0/4, Fa0/5, Fa0/6, Fa0/7
Fa0/8, Fa0/9, Fa0/10, Fa0/11
Fa0/12, Fa0/13, Fa0/14, Fa0/15
Fa0/16, Fa0/17, Fa0/18, Fa0/19
Fa0/20, Fa0/21, Fa0/22, Fa0/23
Fa0/24, Gig0/1, Gig0/2
110 MARKETING
active
Fa0/1
210 FINANCE
active
Fa0/2
…
Sw3# show int trunk
Port
Mode
Fa0/3
on
Encapsulation
802.1q
Status
trunking
Native vlan
1
Port
Fa0/3
Vlans allowed on trunk
110,210
Port
Fa0/3
Vlans allowed and active in management domain
110,210
Port
Fa0/3
Vlans in spanning tree forwarding state and not pruned
110,210
Page 14 of 112
Question 004
All the physical cabling between the two switches have been installed.
Configure the network connectivity between the switches using the designated VLANs and
interfaces.
1.
Configure VLAN 100 named Compute and VLAN 200 named Telephony where required
for each task.
2.
Configure FastEthernet 0/1 on SW2 to use the existing VLAN named Available.
3.
Configure the connection between the switches using access ports.
4.
Configure FastEthernet 0/1 on SW1 using data and voice VLANs
5.
Configure FastEthernet 0/1 on SW2 so that the Cisco proprietary neighbour discovery
protocol is turned off for the designated interface only.
Page 15 of 112
Answer 004
1.
Configure VLAN 100 named “Compute” and VLAN 200 named “Telephony” where
required for each task.
2.
Configure FastEthernet 0/1 on SW2 to use the existing VLAN named “Available” on VLAN
99.
3.
Configure the connection between the switches using access ports.
4.
Configure FastEthernet 0/1 on SW1 using data and voice VLANs
5.
Configure FastEthernet 0/1 on SW2 so that the Cisco proprietary neighbour discovery
protocol is turned off for the designated interface only.
-
SW1 has a standard “cookie-cutter” configuration.
Add the two VLANs for VLAN 100 and 200.
Configure the link between switches (Fa 0/2) as an access link (VLAN 1 by default)
Configure FastEthernet 0/1 on SW1 using data and voice VLANs
SW1
enable
configure terminal
!
no ip domain lookup
hostname SW1
!
vlan 100
name Compute
vlan 200
name Telephony
!
interface FastEthernet 0/1
description <<< Access Link to Phone and PC using two VLANs >>>
switchport mode access
switchport access vlan 100
switchport voice vlan 200
no shutdown
!
interface FastEthernet 0/2
description <<< Access Link to SW2 on VLAN 1 >>>
switchport mode access
switchport access vlan 1
no shutdown
!
line console 0
logging synchronous
exec-timeout 0 0
!
end
copy running-config startup-config
Page 16 of 112
-
SW2 has a standard “cookie-cutter” configuration.
Add the one VLAN 99 called “Available”.
Configure the link between switches (Fa 0/2) as an access link (VLAN 1 by default)
Configure FastEthernet 0/1 on SW2 using VLAN “Available” (VLAN 99)
Configure FastEthernet 0/1 on SW2 so that the Cisco proprietary neighbour discovery
protocol is turned off for the designated interface only.
SW2
enable
configure terminal
!
no ip domain lookup
hostname SW1
!
vlan 99
name Available
!
interface FastEthernet 0/1
description <<< Access Link down to PC on VLAN 1 >>>
switchport mode access
switchport access vlan 99
no shutdown
!
interface FastEthernet 0/2
description <<< Access Link to SW1 on VLAN 1 >>>
switchport mode access
switchport access vlan 1
no shutdown
no cdp enable
!
line console 0
logging synchronous
exec-timeout 0 0
!
end
copy running-config startup-config
Page 17 of 112
Question 005
Connectivity between four routers has been established.
IP connectivity must be configured in the order presented to complete the implementation. No
dynamic routing protocols are included.
1.
Configure static routing using host routes to establish connectivity from router R3 to router
R1’s Loopback address using the source IP of 209.165.200.230
2.
Configure an IPv4 default route on Router R2 destined for Router R4.
3.
Configure an IPv6 default route on Router R2 destined for Router R4.
Page 18 of 112
Answer 005
Configuration Setup
-
Start with a generic “Cookie-cutter” script.
Loopback 1 required.
Add IPv4 addressing
No IPv6 addressing, so no IPv6 routing required.
R1
enable
configure terminal
!
no ip domain lookup
hostname R1
!
interface Loopback 1
description <<< Destination Pinging Address >>>
ip address 192.168.1.1 255.255.255.255
no shutdown
!
interface GigabitEthernet 0/0/0
description <<< Link to R2 >>>
ip address 209.165.200.225 255.255.255.252
no shutdown
!
line console 0
logging synchronous
exec-timeout 0 0
!
end
copy running-config startup-config
Page 19 of 112
-
Start with a generic “Cookie-cutter” script.
Loopback 1 required.
Add IPv4 addressing
Add IPv6 addressing
Add IPv6 routing required.
R2
enable
configure terminal
!
no ip domain lookup
ipv6 unicast-routing
hostname R2
!
interface Loopback 1
description <<< Not used, but available >>>
ip address 192.168.2.1 255.255.255.255
no shutdown
!
interface GigabitEthernet 0/0/0
description <<< Link to R1 >>>
ip address 209.165.200.226 255.255.255.252
no shutdown
!
interface GigabitEthernet 0/0/1
description <<< Link to R3 >>>
ip address 209.165.200.229 255.255.255.252
no shutdown
!
interface GigabitEthernet 0/0/2
description <<< Link to R4 >>>
ip address 209.165.202.129 255.255.255.224
ipv6 address 2001:DB8:ACAD::1/64
no shutdown
!
line console 0
logging synchronous
exec-timeout 0 0
!
end
copy running-config startup-config
Page 20 of 112
-
Start with a generic “Cookie-cutter” script.
Loopback 1 required.
Add IPv4 addressing
No IPv6 addressing, so no IPv6 routing required.
R3
enable
configure terminal
!
no ip domain lookup
hostname R3
!
interface Loopback 1
description <<< Not used, but available >>>
ip address 192.168.3.1 255.255.255.255
no shutdown
!
interface GigabitEthernet 0/0/1
description <<< Link to R2 >>>
ip address 209.165.200.230 255.255.255.252
no shutdown
!
line console 0
logging synchronous
exec-timeout 0 0
!
end
copy running-config startup-config
-
Start with a generic “Cookie-cutter” script.
Loopback 1 not required.
Add IPv4 addressing
Add IPv6 addressing
Add IPv6 routing required.
R4
enable
configure terminal
!
no ip domain lookup
ipv6 unicast-routing
hostname R4
!
interface GigabitEthernet 0/0/2
description <<< Link to R2 >>>
ip address 209.165.202.130 255.255.255.224
ipv6 address 2001:DB8:ACAD::2/64
no shutdown
!
line console 0
logging synchronous
exec-timeout 0 0
!
end
copy running-config startup-config
Page 21 of 112
Custom Configuration:
1.
Configure static routing using host routes to establish connectivity from router R3 to router
R1’s Loopback address using the source IP of 209.165.200.230
-
This requires static routes at:
R3 out to R1 (via R2).
R2 out to R1.
R1 back to R3 (via R2)
<Don’t need R2 to R3, as R3’s address is connected to R2’s Gi 0/0/1>
R1 / R2 / R3
R3:
ip route 192.168.1.1 255.255.255.255 209.165.200.229
!
end
copy running-config startup-config
R2:
ip route 192.168.1.1 255.255.255.255 209.165.200.225
!
end
copy running-config startup-config
R1:
ip route 209.165.200.230 255.255.255.255 209.165.200.226
!
end
copy running-config startup-config
R3# ping 192.168.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 0/0/0 ms
R1# ping
Protocol [ip]:
Target IP address: 209.165.200.230
Repeat count [5]:
Datagram size [100]:
Timeout in seconds [2]:
Extended commands [n]: y
Source address or interface: 192.168.1.1
Type of service [0]:
Set DF bit in IP header? [no]:
Validate reply data? [no]:
Data pattern [0xABCD]:
Loose, Strict, Record, Timestamp, Verbose[none]:
Sweep range of sizes [n]:
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 209.165.200.230, timeout is 2 seconds:
Packet sent with a source address of 192.168.1.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 0/0/0 ms
Page 22 of 112
2.
Configure an IPv4 default route on Router R2 destined for Router R4.
R2
ip route 0.0.0.0 0.0.0.0 209.165.202.130
!
end
copy running-config startup-config
R2# show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default, U - per-user static route, o - ODR
P - periodic downloaded static route
Gateway of last resort is 209.165.202.130 to network 0.0.0.0
S
C
C
L
C
L
C
L
S*
3.
192.168.1.0/32 is subnetted, 1 subnets
192.168.1.1/32 [1/0] via 209.165.200.225
192.168.2.0/32 is subnetted, 1 subnets
192.168.2.1/32 is directly connected, Loopback1
209.165.200.0/24 is variably subnetted, 4 subnets, 2 masks
209.165.200.224/30 is directly connected, GigabitEthernet0/0/0
209.165.200.226/32 is directly connected, GigabitEthernet0/0/0
209.165.200.228/30 is directly connected, GigabitEthernet0/0/1
209.165.200.229/32 is directly connected, GigabitEthernet0/0/1
209.165.202.0/24 is variably subnetted, 2 subnets, 2 masks
209.165.202.128/27 is directly connected, GigabitEthernet0/0/2
209.165.202.129/32 is directly connected, GigabitEthernet0/0/2
0.0.0.0/0 [1/0] via 209.165.202.130
Configure an IPv6 default route on Router R2 destined for Router R4.
R2
ipv6 route ::/0 2001:DB8:ABCD::2
!
end
copy running-config startup-config
R2# show ipv6 route static
< Not supported by Packet Tracker, however this is a valid command >
Page 23 of 112
Question 006
Configure IPv6 and IPv6 connectivity between two routers.
For IPv4, use a /28 network from the 192.168.1.0/24 private range.
For IPv6, use the first /64 subnet from the 2001:0DB8:AAAA::/48 subnet.
1.
Using GigabitEthernet 0/0/1 on Routers R1 and R2, configure the next usable /28 from the
192.168.1.0 /24 range. The network 192.168.1.0 /28 is unavailable.
2.
For the IPv4 /28 subnet, Router R1 must be configured with the first usable host address.
3.
For the IPv4 /28 subnet, Router R2 must be configured with the last usable host address.
4.
For the IPv6 /64 subnet, configure the routers with the IP addressing provided from the
topology.
5.
A ping must work between the routers on the IPv4 and IPv6 address ranges.
Page 24 of 112
Answer 006
-
Initial Configuration
R1:
The IPv4 subnet is held within the 192.168.1.0 /24 subnet.
A /28 subnet has a Subnet Mask of 255.255.255.240
The first 192.168.1.0 /28 subnet is unavailable.
This spans 16 hosts (as 32-bits – 28-bits = 4-bits for hosts, and 24 = 16 hosts).
Range is 192.168.1.0  192.168.1.15 (broadcast).
Therefore, the next /28 subnet is 192.168.1.16 /28
This range is 192.168.1.16 (N/W)  192.168.1.31 (B/C).
First usable address is 192.168.1.17 (R1’s Gi 0/0/1)
Last usable address is 192.168.1.30 (R2’s Gi 0/0/1)
-
For IPv6, add IPv6 unicast-routing
The IPv6 addresses are shown on the diagram.
R1
enable
configure terminal
!
no ip domain lookup
ipv6 unicast-routing
hostname R1
!
interface GigabitEthernet 0/0/1
description <<< Link across to R2’s Gi 0/0/1 >>>
ip address 192.168.1.17 255.255.255.240
ipv6 address 2001:DB8:AAAA::1/64
no shutdown
!
line console 0
logging synchronous
exec-timeout 0 0
!
end
copy running-config startup-config
R1# show ip int brief
Interface
GigabitEthernet0/0/0
GigabitEthernet0/0/1
Vlan1
IP-Address
unassigned
192.168.1.17
unassigned
OK?
YES
YES
YES
Method
unset
manual
unset
Page 25 of 112
Status
Protocol
administratively down down
up
up
administratively down down
R2:
As calculated above, the last usable address is 192.168.1.30 (R2’s Gi 0/0/1)
For IPv6, add IPv6 unicast-routing
The IPv6 addresses are shown on the diagram.
R2
enable
configure terminal
!
no ip domain lookup
ipv6 unicast-routing
hostname R2
!
interface GigabitEthernet 0/0/1
description <<< Link across to R2’s Gi 0/0/1 >>>
ip address 192.168.1.30 255.255.255.240
ipv6 address 2001:DB8:AAAA::2/64
no shutdown
!
line console 0
logging synchronous
exec-timeout 0 0
!
end
copy running-config startup-config
R2# show ip int brief
Interface
GigabitEthernet0/0/0
GigabitEthernet0/0/1
Vlan1
IP-Address
unassigned
192.168.1.30
unassigned
OK?
YES
YES
YES
Method
unset
manual
unset
Page 26 of 112
Status
Protocol
administratively down down
up
up
administratively down down
-
Test Connectivity:
R1:
R1
R1# ping 192.168.1.30
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.30, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 0/0/0 ms
R1# ping ipv6 2001:DB8:AAAA::2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2001:DB8:AAAA::2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 0/0/0 ms
R2:
R2
R2# ping 192.168.1.17
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.17, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 0/0/0 ms
R2# ping ipv6 2001:DB8:AAAA::1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2001:DB8:AAAA::1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 0/0/0 ms
Page 27 of 112
Question 007
Physical connectivity is implemented between the two Layer 2 switches, and the network
connectivity between them must be configured.
The PCs have the addresses provided, and are connected to FastEthernet 0/3 of each switch.
The PCs are in VLAN 1.
1.
Configure an LACP EtherChannel (number 1) between Switches SW1 and SW2.
This is performed using Fa 0/0/0 and Fai 0/0/1 on both switches.
2.
Configure the EtherChannel as a trunk link.
3.
Configure the Trunk link with IEEE 802.1Q tags.
4.
Configure the Native VLAN of the EtherChannel links to VLAN 15.
Page 28 of 112
Answer 007
Part 1 – Basic Configuration
SW1:
Start with a basic configuration on the Switches.
Add VLAN 15 (no name) as this is the native VLAN for the EtherChannel links
No default-gateway required, as there’s no router, so no “off-net” available.
SW1
enable
configure terminal
!
no ip domain lookup
hostname SW1
!
vlan 15
!
interface FastEthernet 0/1
description <<< Link to SW2’s Fa 0/1 >>>
no shutdown
!
interface FastEthernet 0/2
description <<< Link to SW2’s Fa 0/2 >>>
no shutdown
!
interface FastEthernet 0/3
description <<< To PC1 on VLAN 1 >>>
switchport mode access
switchport access vlan 1
no shutdown
!
line console 0
logging synchronous
exec-timeout 0 0
!
end
copy running-config startup-config
Page 29 of 112
SW2:
Basic setup, much the same as SW1
SW2
enable
configure terminal
!
no ip domain lookup
hostname SW2
!
vlan 15
!
interface FastEthernet 0/1
description <<< Link to SW1’s Fa 0/1 >>>
no shutdown
!
interface FastEthernet 0/2
description <<< Link to SW1’s Fa 0/2 >>>
no shutdown
!
interface FastEthernet 0/3
description <<< To PC2 on VLAN 1 >>>
switchport mode access
switchport access vlan 1
no shutdown
!
line console 0
logging synchronous
exec-timeout 0 0
!
end
copy running-config startup-config
Page 30 of 112
Part 2 – EtherChannel Configuration
SW1:
Link Aggregation Protocol (LACP) is an IEEE open standard.
LACP uses “active” and “passive” settings at the interface.
-
This is often used instead of Cisco’s proprietary PAgP.
PAgP uses “auto” and “desirable” settings at the interface.
-
At the physical interfaces, nominate the channel-protocol as LACP.
Next, define the channel-protocol as LACP.
Then define the channel-group number and “LACP mode”
-
This channel-group is then accessed as a port-channel.
The port-channel is where the trunk, native VLAN (15), and allowed VLANs are set:
SW1
enable
configure terminal
!
interface range FastEthernet 0/1 – 2
description <<< Physical EtherChannel Ports >>>
channel-protocol lacp
channel-group 1 mode active
!
interface port-channel 1
description <<< Logical Channel using the two physical ports >>>
switchport mode trunk
! switchport trunk encapsulation dot1q (only supports 802.1Q, so not required).
switchport trunk native vlan 15
switchport trunk allowed vlan all
no shutdown
!
end
copy running-config startup-config
SW1# show int trunk
Port
Mode
Po1
on
Encapsulation
802.1q
Status
trunking
Native vlan
15
Port
Po1
Vlans allowed on trunk
1-1005
Port
Po1
Vlans allowed and active in management domain
1,15
Port
Po1
Vlans in spanning tree forwarding state and not pruned
1,15
Page 31 of 112
SW2:
Same as above.
SW2
enable
configure terminal
!
interface range FastEthernet 0/1 - 2
description <<< Physical EtherChannel Ports >>>
channel-protocol lacp
channel-group 1 mode active
!
interface port-channel 1
description <<< Logical Channel using the two physical ports >>>
switchport mode trunk
! switchport trunk encapsulation dot1q (only supports 802.1Q, so not required).
switchport trunk native vlan 15
switchport trunk allowed vlan all
no shutdown
!
end
copy running-config startup-config
SW2# show int trunk
Port
Mode
Po1
on
Encapsulation
802.1q
Status
trunking
Native vlan
15
Port
Po1
Vlans allowed on trunk
1-1005
Port
Po1
Vlans allowed and active in management domain
1,15
Port
Po1
Vlans in spanning tree forwarding state and not pruned
1,15
Page 32 of 112
Question 008
IP connectivity between the three routers has been configured.
OSPF adjacencies must be established.
1.
Configure R1 and R2 Router IDs using the interface IP addresses from the link that is shared
between them.
2.
Configure the R2 links with a max value facing R1 and R3. R2 must become the DR.
R1 and R3 links facing R2 must remain with the default OSPF configuration for DR election.
Verify the configuration after clearing the OSPF process.
3.
Using a host wildcard mask, configure all three routers to advertise their respective
Loopback 0 networks.
4.
Configure the link between R1 and R3 to disable their ability to add other OSPF routers.
Page 33 of 112
Answer 008
-
Basic Configuration of Devices:
R1
enable
configure terminal
!
no ip domain lookup
hostname R1
!
interface Loopback 0
description <<< Host Route to Represent Device for OSPF >>>
ip address 10.10.1.1 255.255.255.255
no shutdown
!
interface Loopback 1
description <<< Network Route to Represent a non-existent subnet >>>
ip address 192.168.1.1 255.255.255.0
no shutdown
!
interface GigabitEthernet 0/0/0
description <<< Link Down to R2 >>>
ip address 10.10.12.1 255.255.255.0
no shutdown
!
interface GigabitEthernet 0/0/1
description <<< Link Down to R3 >>>
ip address 10.10.13.1 255.255.255.0
no shutdown
!
router ospf 1
network 10.10.12.0 0.0.0.255 area 0
network 10.10.13.0 0.0.0.255 area 0
network 192.168.1.0 0.0.0.255 area 0
!
line console 0
logging synchronous
exec-timeout 0 0
!
end
copy running-config startup-config
Page 34 of 112
R2
enable
configure terminal
!
no ip domain lookup
hostname R2
!
interface Loopback 0
description <<< Host Route to Represent Device for OSPF >>>
ip address 10.10.2.2 255.255.255.255
no shutdown
!
interface Loopback 1
description <<< Network Route to Represent a non-existent subnet >>>
ip address 192.168.2.2 255.255.255.0
no shutdown
!
interface GigabitEthernet 0/0/0
description <<< Link Up to R1 >>>
ip address 10.10.12.2 255.255.255.0
no shutdown
!
interface GigabitEthernet 0/0/2
description <<< Link Across to R3 >>>
ip address 10.10.23.2 255.255.255.0
no shutdown
!
router ospf 1
network 10.10.12.0 0.0.0.255 area 0
network 10.10.23.0 0.0.0.255 area 0
network 192.168.2.0 0.0.0.255 area 0
!
line console 0
logging synchronous
exec-timeout 0 0
!
end
copy running-config startup-config
Page 35 of 112
R3
enable
configure terminal
!
no ip domain lookup
hostname R3
!
interface Loopback 0
description <<< Host Route to Represent Device for OSPF >>>
ip address 10.10.3.3 255.255.255.255
no shutdown
!
interface Loopback 1
description <<< Network Route to Represent a non-existent subnet >>>
ip address 192.168.3.3 255.255.255.0
no shutdown
!
interface GigabitEthernet 0/0/1
description <<< Link Up to R1 >>>
ip address 10.10.13.3 255.255.255.0
no shutdown
!
interface GigabitEthernet 0/0/2
description <<< Link Across to R2 >>>
ip address 10.10.23.3 255.255.255.0
no shutdown
!
router ospf 1
network 10.10.13.0 0.0.0.255 area 0
network 10.10.23.0 0.0.0.255 area 0
network 192.168.3.0 0.0.0.255 area 0
!
line console 0
logging synchronous
exec-timeout 0 0
!
end
copy running-config startup-config
Page 36 of 112
-
Configuration Additions:
1.
Configure R1 and R2 Router IDs using the interface IP addresses from the link that is shared
between them.
-
The “Router-ID” values are used to identify each router in the network.
It is selected as follows:
- The IP address configured with the router-id command.
- If not configured, then the highest IP address of any loopback interface.
- If no loopbacks, then the highest IP address of any interface that is “up”.
R1
router ospf 1
router-id 10.10.12.1
!
end
clear ip ospf process
R2
router ospf 1
router-id 10.10.12.2
!
end
clear ip ospf process
Page 37 of 112
2.
Configure the R2 links with a max value facing R1 and R3. R2 must become the DR.
R1 and R3 links facing R2 must remain with the default OSPF configuration for DR election.
Verify the configuration after clearing the OSPF process.
-
Here, the question is talking about the OSPF priority value.
This is a value between 0 and 255, configured on the interface in question.
0 = do not participate in the election process.
255 = maximum value (most likely to become the DR).
-
The default OSPF priority value is 1.
If all routers have the same priority, then the one with the highest Router-ID wins.
-
Verify by issuing the command: show ip ospf neighbor on R1 and R3.
R2
interface GigabitEthernet 0/0/0
ip ospf priority 255
!
interface GigabitEthernet 0/0/2
ip ospf priority 255
!
end
clear ip ospf process
copy running-config startup-config
R1# show ip ospf neighbor
Neighbor ID
10.10.12.2
192.168.3.3
Pri
255
1
State
FULL/DR
FULL/BDR
Dead Time
00:00:33
00:00:36
Address
10.10.12.2
10.10.13.3
Interface
Gi0/0/0
Gi0/0/1
Dead Time
00:00:37
00:00:32
Address
10.10.13.1
10.10.23.2
Interface
Gi0/0/1
Gi0/0/2
R3# show ip ospf neighbor
Neighbor ID
10.10.12.1
10.10.12.2
Pri
1
255
State
FULL/DR
FULL/DR
Page 38 of 112
3.
Using a host wildcard mask, configure all three routers to advertise their respective
Loopback 0 networks.
R1
router ospf 1
network 10.10.1.1 0.0.0.0 area 0
!
end
copy running-config startup-config
R2
router ospf 1
network 10.10.2.2 0.0.0.0 area 0
!
end
copy running-config startup-config
R3
router ospf 1
network 10.10.3.3 0.0.0.0 area 0
!
end
copy running-config startup-config
4.
Configure the link between R1 and R3 to disable their ability to add other OSPF routers.
-
This is performed using the following router-config command:
adjacency stagger {initial-limit | none} {maximum-limit | disable}
-
This command isn’t supported on Packet Tracer.
R1
router ospf 1
adjacency stagger 0 2
!
end
copy running-config startup-config
R3
router ospf 1
adjacency stagger 0 2
!
end
copy running-config startup-config
Page 39 of 112
Question 009
Drag and drop the IPv6 addresses from the left onto the corresponding address types on the right.
1.
2.
3.
4.
2001:DB8:6004:CAFE::123
FCBA:925A:CBC:7C25:B2:C640:1174:8658
FE80::A00:22FF:FEDC:CB01
FF04::1:3
a.
b.
c.
d.
Global Unicast
Link-Local Unicast
Multicast
Unique Local
Answer 009
-
Global Unicast
Link-Local Unicast
Multicast
Unique Local
=
=
=
=
2000::/3
FE80::/10
FF00::/8
FC00::/7
2001:DB8:6004:CAFE::123
FEBA:925A:CBC:7C25:B2:C640:1174:8658
FE80::A00:22FF:FEDC:CB01
FF04::1:3
= Global Unicast [Address] (GUA)
= Unique Local [Address] (ULA)
= Link-Local Unicast [Address] (LLA)
= Multicast [Address]
Page 40 of 112
Question 010
What is the MAC address used with VRRP as a virtual address?
a.
b.
c.
d.
00-00-0C-07-AC-89
00-00-5E-00-01-0A
00-07-B4-00-AB-01
00-C6-41-93-90-91
Answer 010
b.
00-00-0C-07-AC-xx is HSRP virtual MAC address (Ans. ‘a’ with xx=89)
00-00-5E-00-01xx is VRRP virtual MAC (Ans. ‘b’ with xx=0A group)
00-07-b4-00-xxyy is GLBP virtual MAC xx is group and yy is AVF
Note: Just remember the solution order (HSRP  VRRP  GLBP).
Then, notice that the MAC address “size” is in this order.
Specifically, HSRP has the lowest MAC address of 00-00-0C-07-AC-xx
Next, VRRP has the next lowest MAC address of 00-00-5E-00-01-xx
Finally, GLBP has the highest MAC address of 00-07-B4-00—xx-yy
Page 41 of 112
Question 011
Drag and Drop the HTT methods used with REST-Based APIs from the left onto the descriptions on
the right:
REST-BASED API
DELETE
GET
POST
PATCH
PUT
Description
Creates a resource and returns its RUI in the response header
Creates or replaces a previously modified resource using information in the
request body
Removes a resource
Retrieves a list of a resource’s URIs
Updates a resource using instructions included in the request body
Answer 011
REST-BASED API
POST
PUT
DELTE
GET
PATCH
Description
Creates a resource and returns its URI in the response header
Creates or replaces a previously modified resource using information in the
request body
Removes a resource
Retrieves a list of a resource’s URIs
Updates a resource using instructions included in the request body
Note: For a full explanation, see “Rest-based APIs” MS-Word document in G:\Professional
Development\39. CCNAv7 Recertification\01. Cisco Requirements\02. Study Documents\06.
Automation and Programmability\02. Additional Material\6.5 – REST-based APIs
POST:
Used to submit data to a resource for processing.
Creates and defines a new resource
Returns a URL for later reference
Creates a resource and returns its URI in the response header.
PUT:
Used to update an existing resource with new data.
Used to replace the ENTIRE resource (unlike PATCH).
PATCH:
Used to update a portion of an existing resource with new data.
Only replaces SOME of the resource content (unlike PUT).
GET:
Used to retrieve data from a resource.
Use in “read-only” mode to return a resource’s contents and data.
DELETE:
Used to delete a resource entirely.
Removes a resource
HEAD:
Similar to GET, but only returns the headers and not the body of the response.
OPTIONS:
Used to retrieve information about the communication options available for a
resource.
Page 42 of 112
Question 012
Drag and drop the functions of AAA supporting protocols from the Left onto the protocols on the
right:
a.
b.
c.
d.
e.
f.
Encrypts only the password when it sends an access request
Encrypts the entire body of the access-request packet
Separates all three AAA operations
Combines authentication and authorisation
Uses TCP
Uses UDP
RADIUS
TACACS+
Answer 012
RADIUS
Encrypts only the password when it sends an access request
Combines authentication and authorisation
Uses UDP
TACACS+
Encrypts the entire body of the access-request packet
Separates all three AAA operations
Uses TCP
Page 43 of 112
Question 013
Each router must be configured with the last usable IP address in the subnet.
Which configuration fulfils this requirement?
a.
R7#
interface FastEthernet 1/0
ip address 10.88.31.126 255.255.255.240
R8#
interface FastEthernet 0/0
ip address 10.19.63.94 255.255.255.192
R9#
interface FastEthernet 1/1
ip address 10.23.98.158 255.255.255.248
b.
R7#
interface FastEthernet 1/0
ip address 10.88.31.127 255.255.255.240
R8#
interface FastEthernet 0/0
ip address 10.19.63.95 255.255.255.192
R9#
interface FastEthernet 1/1
ip address 10.23.98.159 255.255.255.248
Page 44 of 112
c.
R7#
interface FastEthernet 1/0
ip address 10.88.31.126 255.255.255.192
R8#
interface FastEthernet 0/0
ip address 10.19.63.94 255.255.255.240
R9#
interface FastEthernet 1/1
ip address 10.23.98.158 255.255.255.224
d.
R7#
interface FastEthernet 1/0
ip address 10.88.31.127 255.255.255.192
R8#
interface FastEthernet 0/0
ip address 10.19.63.95 255.255.255.240
R9#
interface FastEthernet 1/1
ip address 10.23.98.159 255.255.255.224
Answer 013
c
Working:
1.
Check the subnet masks – do they match?
R7’s Fa 0/1 is /26 = 255.255.255.192
R8’s Fa 0/0 is /28 = 255.255.255.240
R9’s Fa 1/1 is /27 = 255.255.255.224
-
Only ‘c’ and ‘d’ have the correct subnet masks.
2.
Check the 4th octet IP addresses – the last usable address must be even as the last
address is the broadcast, which is an odd number (all 1’s).
-
The last octet of each address in ‘c’ is even
The last octet of each address in ‘d’ is odd
-
Only ‘c’ has the correct subnet masks, and even IPv4 addresses in the last octet.
As such, only ‘c’ can be correct.
Page 45 of 112
Question 014
An engineer is installing a new wireless printer with a static IP address on the Wi-Fi network.
Which feature must be enabled and configured to prevent connection issues with the printer?
a.
b.
c.
d.
Client exclusion
Passive client
DHCP address assignment
Static IP tunnelling
Answer 014
b.
Explanation:
Passive clients are wireless devices, such as scales and printers that are configured with a static
IP address. These clients do not transmit any IP information such as IP address, subnet mask,
and gateway information when they associate with an access point. As a result, when passive
clients are used, the controller never knows the IP address unless they use the DHCP.
https://www.examtopics.com/discussions/cisco/view/60680-exam-200-301-topic-1-question555-discussion/
Page 46 of 112
Question 015
Which set of 2.4 GHz non-overlapping wireless channels is standard in the United States?
a.
b.
c.
d.
Channels 2, 7, 9, and 11.
Channels 1, 6, 11, and 14.
Channels 2, 7, and 11.
Channels 1, 6, and 11.
Answer 015
d.
Question 016
What is the collapsed layer in collapsed core architectures?
a.
b.
c.
d.
Core and WAN
Access and WAN
Distribution and Access
Core and Distribution
Answer 016
d.
Question 017
What is a function performed by a web server?
a.
b.
c.
d.
Provide an application that is transmitted over HTTP
Send and retrieve email from client devices
Authentication and authorise a user’s identity
securely store files for FTP access
Answer 017
a.
Page 47 of 112
Question 018
Reger to the exhibit:
An engineer is asked to configure router R1 so that it forms an OSPF single-area neighbour
relationship with R2. Which command sequence must be implemented to configure the router?
a.
router ospf 10
network 10.0.0.0 0.0.0.3 area 0
network 10.0.2.0 0.0.0.255 area 0
b.
router ospf 10
network 10.0.0.0 0.0.0.3 area 0
network 10.0.1.0 0.0.0.255 area 0
c.
router ospf 100
network 10.0.0.0 0.0.0.3 area 0
network 10.0.2.0 255.255.255.0 area 0
d.
router ospf 100
network 10.0.0.0 0.0.0.252 area 0
network 10.0.1.0 0.0.0.255 area 0
Answer 018
b.
Explanation:
-
The OSPF area has no significance.
The /30 link is 10.0.0.0 0.0.0.3
The LAN link is 10.0.1.0 0.0.0.255
Only option b satisfies these requirements.
Page 48 of 112
Question 019
Drag and drop the statements about networking from the left onto the corresponding networking
types on the right.
a.
b.
c.
d.
This type implements changes individually at each device
This type leverages controllers to handle network management
Maintenance costs are higher than with other networking options
This type provides a centralised view of the network
Traditional Networking
Controller-Based Networking
Answer 019
Traditional Networking
This type implements changes individually at each device
Maintenance costs are higher than with other networking options
Controller-Based Networking
This type leverages controllers to handle network management
This type provides a centralised view of the network
Page 49 of 112
Question 020
Refer to the exhibit:
All interfaces are configured with duplex auto and ip ospf network broadcast.
Which configuration allows routers R14 and R86 to form an OSPFv2 adjacency and act as a central
point for exchanging OSPF information between routers?
a.
R14# interface FastEthernet0/0
ip address 10.73.65.65 255.255.255.252
ip ospf priority 255
ip mtu 1500
!
router ospf 10
router-id 10.10.1.14
network 10.10.1.14 0.0.0.0 area 0
network 10.73.65.64 0.0.0.3 area 0
!
R86#
interface FastEthernet0/0
ip address 10.73.65.66 255.255.255.252
ip mtu 1400
!
router ospf 10
router-id 10.10.1.86
network 10.10.1.86 0.0.0.0 area 0
network 10.73.65.64 0.0.0.3 area 0
!
b.
R14# interface Loopback0
ip ospf 10 area 0
!
interface FastEthernet0/0
ip address 10.73.65.65 255.255.255.252
ip ospf 10 area 0
ip mtu 1500
!
router ospf 10
ip ospf priority 255
router-id 10.10.1.14
!
Page 50 of 112
R86# interface Loopback0
ip ospf 10 area 0
!
interface FastEthernet0/0
ip address 10.73.65.66 255.255.255.252
ip ospf 10 area 0
ip mtu 1500
!
router ospf 10
router-id 10.10.1.86
!
c.
R14# interface FastEthernet0/0
ip address 10.73.65.65 255.255.255.252
ip ospf priority 0
ip mtu 1500
!
router ospf 10
router-id 10.10.1.14
network 10.10.1.14 0.0.0.0 area 0
network 10.73.65.64 0.0.0.3 area 0
!
R86# interface FastEthernet0/0
ip address 10.73.65.66 255.255.255.252
ip mtu 1500
!
router ospf 10
router-id 10.10.1.86
network 10.10.1.86 0.0.0.0 area 0
network 10.73.65.64 0.0.0.3 area 0
!
d.
R14# interface Loopback0
ip ospf 10 area 0
!
interface FastEthernet0/0
ip address 10.73.65.65 255.255.255.252
ip ospf priority 255
ip ospf 10 area 0
ip mtu 1500
!
router ospf 10
router-id 10.10.1.14
!
Page 51 of 112
R86# interface Loopback0
ip ospf 10 area 0
!
interface FastEthernet0/0
ip address 10.73.65.66 255.255.255.252
ip ospf 10 area 0
ip mtu 1500
!
router ospf 10
router-id 10.10.1.86
!
Answer 020
Explanation:
The following command manually sets the OSPF network type to broadcast, this is a default for
ethernet links. The Broadcast network type has a DR election.
Syntax:
Router(config-if)# ip ospf network broadcast
Option ‘a’ looks OK, however the MTU sizes differ. Ergo – this won’t work.
Option ‘b’ has no IP address on R14’s Loopback 0, nor R86’s Loopback 0.
Also, the ip ospf priority 255 has been configured at router-config, it should be on an interface.
Option ‘c’ is great – R14 won’t participate in the DR election, however R86 will.
This means that R14 can’t even be the BDR.
Further, the loopbacks haven’t been defined!
Option ‘d’, the loopbacks’ IPv4 addresses haven’t been defined, but that’s OK.
We are just advertising networks we don’t own.
This actually works – I tested it on Packet Tracer!
An OPSF adjacency forms, however you cannot ping the Loopback addresses!
Very poor question.
https://www.examtopics.com/discussions/cisco/view/79755-exam-200-301-topic-1-question-484discussion/
Page 52 of 112
Question 021
Refer to the exhibit. What two conclusions should be made about this configuration?
(Choose two.)
a. The root port is FastEthernet 2/1
b. The designated port is FastEthernet 2/1
c. The spanning-tree mode is PVST+
d. This is a root bridge
e. The spanning-tree mode is Rapid PVST+
Answer 021
a, and e
Explanation:
The output says that it is running the RSTP protocol.
Rapid PVST+ definition: This is a Cisco enhancement of RSTP that uses PVST+ and provides a
separate instance of 802.1w per VLAN. Each separate instance supports PortFast, BPDU guard,
BPDU filter, root guard, and loop guard. (Source: Netacad). Since there is no selection for RSTP
then Rapid PVST + is the closest answer.
The cost to the root is 19.
That means this switch isn’t the root.
It also means that to get to the root, go out port Fa 2/1.
Therefore, if the other end is a designated port (connected to the root bridge), then this is the
root port.
Further, it doesn’t say “This bridge is the root”, so it’s not the root (‘d’)
https://www.examtopics.com/discussions/cisco/view/41634-exam-200-301-topic-1-question-229discussion/
Page 53 of 112
Question 022
Question 023
Answer 023
Page 54 of 112
Question 024
Refer to the Exhibit:
What are the two steps an engineer must take to provide the highest encryption and
authentication using domain credentials from LDAP? (Choose two.)
a.
b.
c.
d.
e.
Select PSK under Authentication Key Management.
Select Static-WEP + 802.1X on Layer 2 Security.
Select WPA+WPA2 on Layer 2 Security.
Select 802.1X from under Authentication Key Management.
Select WPA Policy with TKIP Encryption.
Answer 024
c, and d.
Explanation:
Select WPA+WPA2 on Layer 2 Security: This step ensures the use of Wi-Fi Protected Access
(WPA) and Wi-Fi Protected Access 2 (WPA2) protocols for securing the wireless network. WPA
and WPA2 provide robust encryption and authentication mechanisms to protect network
communications. By selecting WPA+WPA2, the network supports both protocols, allowing
compatibility with a wide range of client devices.
https://www.examtopics.com/discussions/cisco/view/84991-exam-200-301-topic-1-question-699discussion/
Page 55 of 112
https://www.cisco.com/c/en/us/support/docs/wireless-mobility/wireless-lan-wlan/211277-WLCwith-LDAP-AuthenticationConfigurati.html#:~:text=Step%206.%20Set%20the%20L2%20security%20method%20to%20WPA2
%20%2B%20802.1x%20and%20set%20L3%20security%20to%20noneas%20shown%20in%20the%
20image.
Cisco.com support document
Page 56 of 112
Question 025
Refer to the exhibit:
The network administrator must prevent the switch Cat9K-2 IP address from being visible in LLDP
without disabling the protocol. Which action must be taken to complete the task?
a.
b.
c.
d.
Configure the no
Configure the no
Configure the no
Configure the no
lldp
lldp
lldp
lldp
mac-phy-cfg command globally on Cat9K-2.
receive command on interface G1/0/21 on Cat9K-1.
transmit command on interface G1/0/21 on Cat9K-1.
tlv-select management-address command globally on Cat9K-2.
Answer 025
d.
Explanation:
Step 6 - (Optional) [no] lldp tlv-select <tlv>
Specifies the TLVs to send and receive in LLDP packets. The available TLVs are
management-address
port-description
port-vlan
system-capabilities,
system-description
system-name
All available TLVs are enabled by default.
https://www.examtopics.com/discussions/cisco/view/79747-exam-200-301-topic-1-question-275discussion/
Page 57 of 112
Question 026
What is a feature of WPA?
a.
b.
c.
d.
TKIP/MIC encryption
Small Wi-Fi application
Preshared key
802.1x authentication
Answer 026
a.
Explanation:
The question should ask “What is an exclusive feature of WPA?”
a. Yes, WPA does TKIP and MIC.
b. Small Wi-Fi application is just wrong.
c. Preshared key is wrong, many protocols use this.
d. WPA doesn’t do 802.1x authentication
-
WPA used a “Temporal Key Integrity Protocol” (TKIP).
The TKIP dynamically generated a new 128-bit key for each packet.
This value is changed every 10,000 packets (or so).
This, along with the client MAC address provides much stronger encryption.
This overcame the weaknesses found in WEP.
-
WPA also included a “Message Integrity Check” (MIC).
This prevented an attacker from changing and resending data packets.
It replaced the CRC-32 found in WEP, which was rather weak.
Unfortunately, MIC re quired a large amount of computational power.
As such, many older wireless NICs couldn’t support this protocol.
https://www.examtopics.com/discussions/cisco/view/91179-exam-200-301-topic-1-question-684discussion/
Page 58 of 112
Question 027
Refer to the exhibit. R1 has taken the DROTHER role in the OSPF DR/BDR election process.
Which configuration must an engineer implement so that R1 is elected as the DR?
a.
R1(config)# interface FastEthernet 0/0
R1(config-if)# ip ospf priority 1
R1# clear ip ospf process
b.
R3(config)# interface FastEthernet 0/1
R3(config-if)# ip ospf priority 200
R3# clear ip ospf process
c.
R2(config)# interface FastEthernet 0/2
R2(config-if)# ip ospf priority 1
R2# clear ip ospf process
d.
R1(config)# interface FastEthernet 0/0
R1(config-if)# ip ospf priority 200
R1# clear ip ospf process
Answer 027
d.
Explanation:
Obvious.
https://www.examtopics.com/discussions/cisco/view/99351-exam-200-301-topic-1-question-474discussion/
Page 59 of 112
Question 028
Refer to the exhibit.
Load-balanced traffic is coming in from the WAN destined to a host at 172.16.1.190. Which nexthop is used by the router to forward the request?
a. 192.168.7.4
b. 192.168.7.7
c. 192.168.7.35
d. 192.168.7.40
Answer 028
c.
Explanation:
/29 = 8 IPs, 4th octet starts at a multiple of 8. 184 is the N/W address.
184 – 191 is the range.
190 is the last IPv4 address in the 172.16.1.184/29 subnet.
The next hop for this address is 192.168.7.35 – the answer.
This is the answer as it is the longest match (better than 172.16.1.0/24.
https://www.examtopics.com/discussions/cisco/view/75947-exam-200-301-topic-1-question-440discussion/
Page 60 of 112
Question 029
Which command entered on a switch configured with Rapid PVST+ listens and learns for a specific
time period?
a. switch(config)# spanning-tree
b. switch(config)# spanning-tree
c. switch(config)# spanning-tree
d. switch(config)# spanning-tree
vlan
vlan
vlan
vlan
1
1
1
1
priority 4096
hello-time 10
max-age 6
forward-time 20
Answer 029
d.
Explanation:
Answer ‘d’ explanation, it is a backup configuration but it still valid... "Determines how long
each of the listening and learning states last before the port begins forwarding. This timer is
generally not used by the protocol but is used as a backup. The default is 15 seconds, and the
range is from 4 to 30 seconds."
https://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus3000/sw/layer2/503_U1_1/Cisco
_n3k_layer2_config_gd_503_U1_1_chapter7.html#con_1205111
Page 61 of 112
Question 030
Drag and drop the QoS terms from the left onto the descriptions on the right.
Answer 030
1.
-
Cloud-base weighted fair queuing:
Guarantees minimum bandwidth to specific traffic classes when an interface is congested.
2.
-
Classification:
Categorises packets based on the value of a traffic descriptor.
3.
-
Congestion:
Outcome of overutilization.
4.
-
Policing:
Uses defined criteria to limit the transmission of one or more classes of traffic
5.
-
Shaping:
Prevents congestion by reducing the flow of outbound traffic.
Page 62 of 112
Explanation:
1. **classification**: Categorizes packets based on the value of a traffic descriptor.
2. **class-based weighted fair queueing**: Guarantees minimum bandwidth to specific traffic
classes when an interface is congested.
3. **shaping**: Prevents congestion by reducing the flow of outbound traffic.
4. **congestion**: Outcome of overutilization.
5. **policing**: Uses defined criteria to limit the transmission of one or more classes of traffic.
https://www.cisco.com/en/US/docs/ios/12_0t/12_0t5/feature/guide/cbwfq.html#wp17641
https://www.examtopics.com/discussions/cisco/view/82761-exam-200-301-topic-1-question-586discussion/
Page 63 of 112
Question 031
What is the function of `off-the-shelf` switches in a controller-based network?
a.
b.
c.
d.
setting packet-handling policies
forwarding packets
providing a central view of the deployed network
making routing decisions
Answer 031
b.
Explanation:
In a controller-based network, `off-the-shelf` switches primarily function to forward packets.
They are controlled by an SDN controller, which takes the computational complexity away from
the SDN network devices. This makes the switches more "commoditised", which is a synonym
for lower costs. Therefore, the correct answer is B. Note: that the certification guide calls Layer
3 switches “switches”, so they are forwarding packets.
https://www.examtopics.com/discussions/cisco/view/81738-exam-200-301-topic-1-question-767discussion/#:~:text=In%20a%20controller%2Dbased%20network%2C%20%60off%2Dthe%2D,from
%20the%20SDN%20network%20devices
Page 64 of 112
Question 032
Refer to the exhibit:
The administrator must configure a floating static default route that points to 2001:db8:1234:2::1
and replaces the current default route only if it fails. Which command must the engineer configure
on the CPE?
a.
b.
c.
d.
ipv6 route ::/0 2001:db8:1234:2::1 3
ipv6 route ::/128 2001:db8:1234:2::1 3
ipv6 route ::/0 2001:db8:1234:2::1 1
ipv6 route ::/0 2001:db8:1234:2::1 2
Answer 032
a.
Explanation:
Currently (in the routing table), the route to 2001:db8:1234:2::1 is:
::/0 [2/0] via FE80::A8BB:CCFF:FE00:200, Ethernet 0/0
The first number in the braces is the Administrative Distance (AD), the second is the metric.
The AD is set to 2, and the metric is 0.
To be a floating static, the AD must be greater than 2.
The answer has to be either ‘a’, or ‘b’.
The route to ‘b’ is wrong (/128), so the answer must be ‘a’.
https://www.examtopics.com/discussions/cisco/view/82982-exam-200-301-topic-1-question-478discussion/
Page 65 of 112
Question 033
Drag and drop the IPv6 addresses to the correct description boxes:
a.
b.
c.
d.
2001:DB8:600D:CAFÉ::123
FDBA:926A:E8E:7A25:B1:C6D2:1A76:8FDC
FE80::A00:27FE:FEEB:B9AA
FF05::1:3
IPv6 Address
Description
Global Unicast
Link-Local Unicast
Multicast
Unique Local
Answer 033
IPv6 Address
2001:DB8:600D:CAFÉ::123
FE80::A00:27FE:FEEB:B9AA
FF05::1:3
FDBA:926A:E8E:7A25:B1:C6D2:1A76:8FDC
Description
Global Unicast Address (GUA)
Link-Local Unicast
Multicast
Unique Local
Explanation:
Unique Local
=
FC00::/7
Link Local
=
FE80::/10
Global Unicast
=
2000::/3
Multicast
=
FF00::/8
(but only FD00::/8 defined)
(and any unused address)
Page 66 of 112
Question 034
Drag and drop the IPv6 address descriptions from the left onto the IPv6 address types on the right.
Not all options are used.
Select and Place:
a.
b.
c.
d.
e.
f.
IPv6 addresses in the format FF02::5
IPv6 addresses that begin with FD
May be used by multiple organisations at the same time
Private IPv6 addresses
Serve as next-hop addresses
Unable to serve as destination addresses
Unique Local Addresses
Link-Local Addresses
Answer 034
Unique Local Addresses
IPv6 addresses that begin with FD
May be used by multiple organisations at the same time
Private IPv6 addresses
Link-Local Addresses
Serve as next-hop addresses
Unable to serve as destination addresses*
Explanation:
Answer ‘a’ is a multicast, so it isn’t used.
Answer ‘b’ is a ULA as it is in the range of FC00::/7
Answer ‘c’ is a ULA as this is the definition of the address type.
Answer ‘d’ is effectively a ULA
Answer ‘e’ is a LLA, as this is what one should use for next-hop addresses
Answer ‘f’ is an LLA if and only if we mean global destination address (poor question).
https://www.examtopics.com/discussions/cisco/view/94644-exam-200-301-topic-1-question-136discussion/
Page 67 of 112
Question 035
Refer to the exhibit.
The IP address configurations must be completed on the DC-1 and HQ-1 routers based on these
requirements:
DC-1 Gi1/0 must be the last usable address on a /30
DC-1 Gi1/1 must be the first usable address on a /29
DC-1 Gi1/2 must be the last usable address on a /28
HQ-1 Gi1/3 must be the last usable address on a /29
Drag and drop the commands from the left onto the destination interfaces on the right. Not all
commands are used. Select and Place:
a.
b.
c.
d.
e.
f.
g.
ip address 192.168.4.9 255.255.255.248
ip address 192.168.3.14 255.255.255.240
ip address 209.165.202.129 255.255.255.252
ip address 192.168.4.13 255.255.255.240
209.165.202.130 255.255.255.252
209.165.202.131 255.255.255.252
ip address 192.168.3.14 255.255.255.248
DC-1
Interface
Gi 1/0
Gi 1/1
Gi 1/2
HQ-1
Interface
Gi 1/3
IPv4 Address
IPv4 Address
Page 68 of 112
Answer 035
DC-1
Interface
Gi 1/0
Gi 1/1
Gi 1/2
HQ-1
Interface
Gi 1/3
IPv4 Address
209.165.202.130 255.255.255.252
192.168.4.9 255.255.255.248
192.168.3.14 255.255.255.240
IPv4 Address
192.168.3.14 255.255.255.248
Explanation:
Note: Both the Network address and the last usable address are always EVEN.
Both the Broadcast address and the first usable address are always ODD.
DC-1 Gi 1/0 must have the last usable (EVEN) addresses on a /30 (Blocks of 4 addresses/subnet).
/30 has a subnet mask of 255.255.255.252
Possible answers include:
‘c’ = 129 (no – this is the first address of a /30) = ODD
‘e’ = 130 (yes – this is a second address of a /30) = EVEN
‘f’ = 131 (no – this is the B/C of a /30) = ODD
Answer = ‘e’ = 209.165.202.130 /30 (Last Usable Address = EVEN last Octet)
DC-1 Gi 1/1 is the first usable (ODD) address on a /29 (Blocks of 8 addresses/subnet)
/29 has a subnet mask of 255.255.255.248
Possible answers include:
‘a’ (192.168.4.9 /29 is the first usable address) = ODD
‘g’ (192.168.3.14 /29 isn’t – it’s the last usable) = EVEN
Answer is ‘a’ = 192.168.4.9 /29 (First Usable Address = ODD last Octet)
DC-1 Gi 1/2 is the last usable (EVEN) address on a /28 (Blocks of 16 addresses/subnet).
/28 has a subnet mask of 255.255.255.240
Possible answers include:
‘b’ = 192.168.3.14 = EVEN,
‘d’ = 192.168.4.13 = ODD
Considering blocks of 16: ‘b’ = 3.14 Is the last usable.
Considering blocks of 16: ‘d’ = 4.13 is not the last usable.
Answer is ‘b’ = 192.168.3.14 255.255.255.240 (Last Usable Address = EVEN last Octet)
HQ-1 Gi 1/3 is the last usable address on a /29 (Block of 8 addresses per subnet).
/29 has a subnet mask of 255.255.255.248
Possible answers include:
‘a’ = 192.168.4.9,
Cannot be ‘a’, as it is already an answer.
‘g’ = 192.168.3.14.
Must be ‘g’ – let’s look.
Answer ‘g’ = 192.168.3.14 /29 = EVEN
Considering blocks of 8: 3.14 is the last usable.
Answer is ‘g’ = 192.168.3.14 255.255.255.248 (Last Usable Address = EVEN last Octet)
https://www.examtopics.com/discussions/cisco/view/83687-exam-200-301-topic-1-question-132discussion/
Page 69 of 112
Question 036
Refer to the exhibit. Which two statements about the network environment of router R1 must be
true?
Refer to the exhibit. Router R1 must be configured to reach the 10.0.3.0/24 network from the
10.0.1.0/24 segment. Which command must be used to configure the route?
a.
b.
c.
d.
route add 10.0.3.0 0.255.255.255 10.0.4.2
ip route 10.0.3.0 0.255.255.255 10.0.4.2
route add 10.0.3.0 mask 255.255.255.0 10.0.4.3
ip route 10.0.3.0 255.255.255.0 10.0.4.3
Answer 036
d.
Explanation:
These are the only two statements that have the next hop of 10.0.4.3.
This is the Gi 0/1 interface of R3; then “next-hop” from R1.
Only ‘d’ can be applied to a router.
https://www.examtopics.com/discussions/cisco/view/93031-exam-200-301-topic-1-question-379discussion/
Page 70 of 112
Question 037
Refer to the exhibit.
How many JSON objects are represented?
a.
b.
c.
d.
1
2
3
4
Answer 037
1.
Explanation:
A JSON object is surrounded by curly brackets, { and }, and contains a comma-separated list of
name/value pairs.
https://www.examtopics.com/discussions/cisco/view/82446-exam-200-301-topic-1-question-769discussion/
Page 71 of 112
Question 038
What is a function of Cisco Advanced Malware Protection for a Next-Generation IPS?
a.
b.
c.
d.
inspecting specific files and file types for malware
authorizing potentially compromised wireless traffic
authenticating end users
URL filtering
Answer 038
a.
Explanation:
- URL filtering is a feature of NGFW (Next-Generation-Firewalls).
- Reputation-Based Filtering is a feature of NGIPS (Next-Generation-IPS).
→ It means that, it receives information from a Cisco Talos (for example) about the daily
security threats.
→ Part of that data identifies known bad actors, based on IP address, domain, name, or even
specific URL, with a reputation "score" for each.
→ So, the NGIPS can perform reputation-based filtering, taking the "scores" into account.
https://www.examtopics.com/discussions/cisco/view/116315-exam-200-301-topic-1-question683-discussion/
Page 72 of 112
Question 039
Drag and drop the TCP or UDP details from the left onto their corresponding protocols on the
right.
a.
Used to reliably share files between devices
b.
Appropriate for streaming operations with minimal latency
c.
Provides best-effort delivery
d.
Supports reliable data transmission
e.
Transmitted based on data contained in the packet without the need for a data channel
f.
Requires the client and the server to establish a connection before sending the packet
g.
Provides best-effort service
h.
Supports reliable data transmission
TCP
UDP
Answer 039
TCP
Used to reliably share files between devices
Supports reliable data transmission
Requires the client and the server to establish a connection before sending the packet
Supports reliable data transmission
UDP
Appropriate for streaming operations with minimal latency
Provides best-effort delivery
Transmitted based on data contained in the packet without the need for a data channel
Provides best-effort service
Explanation:
Obvious – Two questions were combined here.
https://www.examtopics.com/discussions/cisco/view/86808-exam-200-301-topic-1-question-146discussion/
https://www.examtopics.com/discussions/cisco/view/75270-exam-200-301-topic-1-question-95discussion/
Page 73 of 112
Question 040
Drag and drop the Cisco IOS attack mitigation features from the left onto the types of network
attack they mitigate on the right.
a.
b.
c.
d.
DHCP Snooping
Dynamic ARP Inspection
IP Source Guard
Storm Control
1.
2.
3.
4.
Rogue server that spoofs IP configuration
Cache Poisoning
Flood Attacks
Rogue Clients on the network
Answer 040
IOS Mitigation Feature
DHCP Snooping
Dynamic ARP Inspection
IP Source Guard
Storm Control
Type of Network Attack to Mitigate
Rogue server that spoofs IP configuration
Cache Poisoning
Rogue Clients on the network
Flood Attacks
Explanation:
Obvious.
https://www.examtopics.com/discussions/cisco/view/82777-exam-200-301-topic-1-question-701discussion/
Page 74 of 112
Question 041
Drag and drop the elements of a security program from the left onto the corresponding
descriptions on the right.
a.
b.
c.
d.
e.
Awareness
Education
Security Policy
Security Standard
Training
1.
Document that outlines an organisation’s security goals and practices and the roles and
responsibilities of the organisation’s personnel.
Tactical document that sets out specific tasks and methods to maintain security.
User-awareness learning level that focuses on learning about topics and practices beyond
what is typically required by the user’s job.
User-awareness learning level that focuses on security practices that all employees must
understand and enforce.
User-awareness learning level that focuses on teaching employees how to perform tasks
specifically required by their jobs.
2.
3.
4.
5.
Answer 041
Element
Security Policy
Security Standard
Education
Awareness
Training
Description
Document that outlines an organisation’s
security goals and practices and the roles and
responsibilities of the organisation’s personnel
Tactical document that sets out specific tasks
and methods to maintain security
User-awareness learning level that focuses on
learning about topics and practices beyond
what is typically required by the user’s job
User-awareness learning level that focuses on
security practices that all employees must
understand and enforce
User-awareness learning level that focuses on
teaching employees how to perform tasks
specifically required by their jobs
Explanation:
1 (document) and 2(tactical document) must be c and d (or d and c).
A standard is a tactical document, so d = 2.
Therefore, a policy outlines the organisation’s security goals, etc. (c = 1).
Awareness, Education, and Training = 3, 4, 5 (in some order).
Awareness = must understand and enforce = 4.
Education = learning = 3
Training = 5; teaching employees.
https://www.examtopics.com/discussions/cisco/view/85442-exam-200-301-topic-1-question-689discussion/
Page 75 of 112
Question 042
Refer to the exhibit:
A network engineer configures the Cisco WLC to authenticate local wireless clients against a
RADIUS server. Which task must be performed to complete the process?
a.
b.
c.
d.
Change the Support for CoA to Enabled
Select Enable next to Management
Select Enable next to Network User
Change the Server Status to Disabled
Answer 042
c.
Explanation:
Network users is for authenticating the people connected to the wireless network.
Management is for authentication people who try to login to the WLC.
"If you are not authenticating management user via RADIUS then you must disable it"
https://mrncciew.com/2013/04/21/configuring-radius-on-wlc/
https://www.examtopics.com/discussions/cisco/view/83956-exam-200-301-topic-1-question-340discussion/
Page 76 of 112
Question 043
Refer to the exhibit:
What must be configured to enable 802.11w on the WLAN?
a.
b.
c.
d.
Set Fast Transition to Enabled.
Enable WPA Policy.
Set PMF to Required.
Enable MAC Filtering.
Answer 043
c
Explanation:
802.11w, also known as Protected Management Frames (PMF), is a standard within the IEEE
802.11 family of wireless networking standards. It enhances the security of Wi-Fi networks by
protecting management frames exchanged between wireless devices and access points.
Management frames are used for tasks such as association, authentication, and disassociation
in a Wi-Fi network.
https://www.examtopics.com/discussions/cisco/view/74589-exam-200-301-topic-1-question-669discussion/
Page 77 of 112
Question 044
An engineer is configuring router R1 with an IPv6 static route for prefix
2019:C15C:0CAF:E001::/64. The next hop must be 2019:C15C:0CAF:E002::1. The route must be
reachable via the R1 Gigabit 0/0 interface. Which command configures the designated route?
a.
b.
c.
d.
R1(config-if)# ip route 2019:C15C:0CAF:E001::/64 GigabitEthernet 0/0
R1(config)# ip route 2019:C15C:0CAF:E001::/64 GigabitEthernet 0/0
R1(config-if)# ipv6 route 2019:C15C:0CAF:E001::/64 2019:C15C:0CAF:E002::1
R1(config)# ipv6 route 2019:C15C:0CAF:E001::/64 2019:C15C:0CAF:E002::1
Answer 044
d
Explanation:
This has to be an ipv6 route command.
The command must be from global configuration mode.
‘d’ is the only answer that satisfies these requirements.
A better answer would be this one:
ipv6 route 2019:C15C:0CAF:E001::/64 2019:C15C:0CAF:E002::1 GigabitEthernet0/0
https://www.examtopics.com/discussions/cisco/view/85061-exam-200-301-topic-1-question-458discussion/
Page 78 of 112
Question 045
An administrator must use the password complexity not manufacturer-name command to
prevent users from adding `Cisco` as a password. Which command must be issued before this
command?
a.
b.
c.
d.
login authentication my-auth-list
service password-encryption
password complexity enable
confreg 0x2142
Answer 045
a
Explanation:
configure terminal
!
passwords complexity enable
passwords complexity [min-length <number>] [min-classes <number>]
[not-current] [no-repeat <number>] [not-username]
[not manufacturer-name]
not-manufacturer-name — Specifies that the password cannot repeat or reverse the name of
the manufacturer or any variant reached by changing the case of the characters.
https://www.examtopics.com/discussions/cisco/view/87168-exam-200-301-topic-1-question-709discussion/
https://www.cisco.com/c/en/us/support/docs/smb/switches/cisco-small-business-300-seriesmanaged-switches/smb5563-configure-password-settings-on-a-switch-through-thecommand.html
Page 79 of 112
Question 046
Which two practices are recommended for an acceptable security posture in a network?
(Choose two).
a.
b.
c.
d.
e.
Use a cryptographic keychain to authenticate to network devices.
Place internal email and file servers in a designated DMZ.
Back up device configurations to encrypted USB drives for secure retrieval.
Disable unused or unnecessary ports, interfaces, and services.
Maintain network equipment in a secure location.
Answer 046
d, and e.
Explanation:
Obvious.
https://www.examtopics.com/discussions/cisco/view/87358-exam-200-301-topic-1-question-685discussion/
Page 80 of 112
Question 047
Which REST method updates an object in the Cisco DNA Centre Intent API?
a.
b.
c.
d.
CHANGE
UPDATE
POST
PUT
Answer 047
d
Explanation:
The RESTful Cisco DNA Centre Intent API uses HTTPS verbs (GET, POST, PUT, and DELETE) with
JSON structures to discover and control the network
In RESTful APIs, different HTTP methods are used to perform different actions on resources. The
PUT method is commonly used to update an existing resource or replace it entirely with a new
representation.
When using the Cisco DNA Centre Intent API to update an object, you would typically send an
HTTP request with the PUT method to the appropriate endpoint, providing the updated
representation of the object in the request body. This allows you to modify the attributes or
properties of the object and persist those changes in the system.
Therefore, the correct answer is D. PUT
Note:
Create new data structures and variables-> Create = POST
Read (retrieve) variable names, structures, and values -> Read = GET
Update or replace values of some variable Update -> = PATCH, PUT
Delete some variables and data structures Delete -> = DELETE
https://www.examtopics.com/discussions/cisco/view/83581-exam-200-301-topic-1-question-768discussion/
https://developer.cisco.com/docs/dna-center/#!overview/cisco-dna-center-platform-overview
Page 81 of 112
Question 048
Drag and drop each characteristic of device-management technologies from the left onto the
deployment type on the right (Cisco DNA Centre vs. Traditional).
a.
b.
c.
d.
e.
f.
Orchestrates background device configuration
Provides greater flexibility for custom and non-standard configurations
Relies on per-device management
Supports centralised software management
Supports open APIs
Uses individual software management
Answer 048
Cisco DNA Centre
Orchestrates background device configuration
Provides greater flexibility for custom and non-standard configurations
Supports centralised software management
Traditional
Supports open APIs (limited)
Relies on per-device management
Uses individual software management
Explanation:
A. Cisco DNA Centre (Software-Defined Networking Solution):
1. Orchestrates background device configuration, streamlining the process of applying changes
to multiple devices simultaneously and reducing manual configuration efforts.
2. Provides greater flexibility for custom and non-standard configurations, allowing network
administrators to tailor settings to specific requirements without being limited by rigid
configurations.
3. Supports centralized software management, enabling the deployment and updates of
software across the network from a single, unified interface.
B. Traditional (Legacy Networking):
1. Relies on per-device management, necessitating manual configuration adjustments for each
network device individually.
2. Uses individual software management, requiring separate installations and updates for
software on each device, potentially leading to longer deployment times.
3. May have limited support for open APIs, making it challenging to integrate with third-party
applications and limiting automation possibilities compared to more modern solutions like Cisco
DNA Centre
https://www.examtopics.com/discussions/cisco/view/84625-exam-200-301-topic-1-question-766discussion/
Page 82 of 112
Question 049
After a recent security breach and a RADIUS failure, an engineer must secure the console port of
each enterprise router with a local username and password.
Which configuration must the engineer apply to accomplish this task?
a.
b.
c.
d.
aaa new-model
line con 0
password plaintextpassword
privilege level 15
!
aaa new-model
aaa authorization exec default local
aaa authentication login default radius
username localuser privilege 15 secret plaintextpassword
!
username localuser secret plaintextpassword
line con 0
no login local
privilege level 15
!
username localuser secret plaintextpassword
line con 0
login authentication default
privilege level 15
!
Answer 049
d.
Explanation:
‘a’ is wrong because there’s no “login”, and no username!
‘b’ is wrong, because the authentication login order is radius.
‘c’ is wrong, as it says no login local.
‘d’ is possibly right – the most correct answer anyway.
Page 83 of 112
Question 050
An engineer is configuring SSH version 2 exclusively on the R1 router. What is the minimum
configuration required to permit remote management using the cryptographic protocol?
a.
b.
c.
d.
hostname R1
service password-encryption
crypto key generate rsa general-keys modulus 1024
username cisco privilege 15 password 0 cisco123
ip ssh version 2
line vty 0 15
transport input ssh
login local
hostname R1
ip domain name cisco
crypto key generate rsa general-keys modulus 1024
username cisco privilege 15 password 0 cisco123
ip ssh version 2
line vty 0 15
transport input ssh
login local
hostname R1
crypto key generate rsa general-keys modulus 1024
username cisco privilege 15 password 0 cisco123
ip ssh version 2
line vty 0 15
transport input ssh
login local
hostname R1
ip domain name cisco
crypto key generate rsa general-keys modulus 1024
username cisco privilege 15 password 0 cisco123
ip ssh version 2
line vty 0 15
transport input all
login local
!
Answer 050
b
Explanation:
‘a’ is wrong as it doesn’t have a domain name
‘b’ looks good.
‘c’ is wrong as it doesn’t have a domain name
‘d’ is wrong, as it allows all protocols, not just SSH.
https://www.examtopics.com/discussions/cisco/view/98165-exam-200-301-topic-1-question-584discussion/
Page 84 of 112
Question 051
An engineer has configured the domain name, user name, and password on the local router. What
is the next step to complete the configuration for a Secure Shell access RSA key?
a.
b.
c.
d.
crypto key import rsa pem
crypto key generate rsa
crypto key zeroize rsa
crypto key pubkey-chain rsa
Answer 051
b.
Explanation:
The next step to complete the configuration for a Secure Shell (SSH) access RSA key on the local
router is to use the "crypto key generate rsa" command. This command generates an RSA key
pair that will be used for SSH encryption and authentication purposes.
After running this command, the router will prompt for the key modulus size (usually 1024 or
2048 bits) and will generate the RSA key pair. The generated RSA public key will be used for SSH
server authentication, and the private key will be stored on the router for secure SSH
communication.
https://www.examtopics.com/discussions/cisco/view/109728-exam-200-301-topic-1-question673-discussion/
Page 85 of 112
Question 052
Why would VRRP be implemented when configuring a new subnet in a multivendor environment?
a.
b.
c.
d.
when a gateway protocol is required that supports more than two Cisco devices for
redundancy
to interoperate normally with all vendors and provide additional security features for Cisco
devices
to ensure that the spanning-tree forwarding path to the gateway is loop-free
to enable normal operations to continue after a member failure without requiring a
change in a host ARP cache
Answer 052
b.
Explanation:
VRRP provides vendor interoperability (RFC 2338), although "ALL" vendors is a bit of a stretch.
It also provides additional security features for Cisco devices, including:
- Object Tracking (track the state of interfaces, altering priority values accordingly.
- Enhanced authentication through the support of MD5.
https://www.examtopics.com/discussions/cisco/view/85223-exam-200-301-topic-1-question-502discussion/#:~:text=Why%20would%20VRRP%20be%20implemented,subnet%20in%20a%20multi
vendor%20environment%3F&text=VRRP%20is%20the%20industry%20standards,is%20supported
%20by%20multiple%20vendors.
Page 86 of 112
Question 053
Refer to the exhibit
The given Windows PC is requesting the IP address of the host at www.cisco.com. To which IP
address is the request sent?
a. 192.168.1.253
b. 192.168.1.100
c. 192.168.1.226
d. 192.168.1.254
Answer 053
a.
Explanation:
The graphic shows that the DNS Servers is 192.168.1.253.
https://www.examtopics.com/discussions/cisco/view/79407-exam-200-301-topic-1-question-103discussion/
Page 87 of 112
Question 054
Refer to the exhibit
What is the next hop for traffic entering R1 with a destination of 10.1.2.126?
a.
b.
c.
d.
10.165.20.126
10.165.20.146
10.165.20.166
10.165.20.226
Answer 054
a.
Explanation:
Longest match wins.
This is the D (EIGRP) going to 19.1.2.0 /25, next hop is 10.165.20.126 (answer ‘a’).
https://www.examtopics.com/discussions/cisco/view/100142-exam-200-301-topic-1-question452-discussion/
Page 88 of 112
Question 055
Drag and drop the TCP or UDP details from the left onto their corresponding protocols on the
right.
a.
b.
c.
d.
Transmitted based on data contained in the packet without the need for a data channel
Requires the client and the server to establish a connection before sending the packet
Provides best-effort service
Supports reliable data transmission
Answer 055
TCP
Requires the client and the server to establish a connection before sending the packet
Supports reliable data transmission
UDP
Transmitted based on data contained in the packet without the need for a data channel
Provides best-effort service
Explanation:
Obvious.
https://www.examtopics.com/discussions/cisco/view/75270-exam-200-301-topic-1-question-95discussion/
Page 89 of 112
Question 056
Drag and drop the IPv6 address details from the left onto the corresponding types on the right.
a.
b.
c.
d.
e.
f.
Includes Link-Local and Loopback addresses
Used exclusively by a non-host device
Identifies an interface on an IPv6 device
Assigned to more than one interface
Derived from the FF00::/8 address range
Provides one-to-many communications.
1.
2.
3.
Anycast
Multicast
Unicast
Answer 056
x
Anycast
Used exclusively by a non-host device
Assigned to more than one interface
Multicast
Derived from the FF00::/8 address range
Provides one-to-many communications.
Unicast
Includes Link-Local and Loopback addresses
Identifies an interface on an IPv6 device
Explanation:
Multicast:
1. Derived from the FFOO::/8 address range. Can't argue with that.
2. Provides one-to-many communications. That's what multicast is , one-to-many.
Unicast:
1. Includes Link-Local and Loopback addresses. Yip, these are single destinations.
2. Identifies an interface on an IPv6 device. Again, yip - it's a single destination.
AnyCast:
1. Used exclusively by a non-host device. I think what they are alluding to here is that this
address is associated with a group of servers that share an IP address, not a single host (nonhost).
2. Assigned to more than one interface. Yes - by definition its one-to-closest, so that implies
there's more than one instance of it, so it must be assigned to more than one interface.
https://www.examtopics.com/discussions/cisco/view/96923-exam-200-301-topic-1-question-118discussion/
Page 90 of 112
Question 057
What is the role of disaggregation in controller-based networking?
a.
b.
c.
d.
It divides the control-plane and data-plane functions.
It streamlines traffic handling by assigning individual devices to perform either Layer 2 or
Layer 3 functions
It summarises the routes between the core and distribution layers of the network topology
It enables a network topology to quickly adjust from a ring network to a star network
Answer 057
a.
Explanation:
Taken literally, “network disaggregation” means to separate the network into its component
parts. What we’re talking about here is the ability to source switching hardware and network
operating systems separately.
https://www.examtopics.com/exams/cisco/200-301/view/13/
Question 058
Which QoS queuing method discards or marks packets that exceed the desired bit rate of traffic
flow?
a. CBWFQ
b. policing
c. LLQ
d. shaping
Answer 058
b.
Explanation:
Use the police command to mark a packet with different quality of service (QoS) values based
on conformance to the service-level agreement. Traffic policing allows you to control the
maximum rate of traffic transmitted or received on an interface.
Reference:
https://www.cisco.com/c/en/us/td/docs/ios/qos/configuration/guide/12_2sr/qos_12_2sr_boo
k/traffic_policing.html
https://www.examtopics.com/discussions/cisco/view/83937-exam-200-301-topic-1-question-594discussion/
Page 91 of 112
Question 059
A network engineer is replacing the switches that belong to a managed-services client with new
Cisco Catalyst switches. The new switches will be configured for updated security standards,
including replacing Telnet services with encrypted connections and doubling the modulus size
from 1024. Which two commands must the engineer configure on the new switches? (Choose
two.)
a. transport input ssh
b. transport input all
c. crypto key generate rsa modulus 2048
d. crypto key generate rsa general-keys modulus 1024
e. crypto key generate rsa usage-keys
Answer 059
a, and c.
Explanation:
https://www.examtopics.com/discussions/cisco/view/84821-exam-200-301-topic-1-question-680discussion/
Question 060
What is a zero-day exploit?
a.
b.
c.
d.
It is when the network is saturated with malicious traffic that overloads resources and
bandwidth.
It is when an attacker inserts malicious code into a SQL server.
It is when a new network vulnerability is discovered before a fix is available.
It is when the perpetrator inserts itself in a conversation between two parties and captures
or alters data.
Answer 060
c.
Explanation:
https://www.examtopics.com/discussions/cisco/view/109096-exam-200-301-topic-1-question679discussion/#:~:text=What%20is%20a%20zero%2Dday,that%20overloads%20resources%20and%20
bandwidth.
Page 92 of 112
Question 061
Drag and drop the threat-mitigation techniques from the left onto the types of threat or attack
they mitigate on the right.
a.
b.
c.
d.
Configure BPDU guard.
Configure Dynamic ARP inspection
Configure Root Guard
Configure VACL
1.
2.
3.
4.
802.1q double tagging
ARP spoofing
Unwanted superior BPDUs
Unwanted BPDUs on PortFast-enabled interfaces
Answer 061
Technique
Configure VACL
Configure Dynamic ARP inspection
Configure Root Guard
Configure BPDU guard
Threat / Attack
802.1q double tagging
ARP spoofing
Unwanted superior BPDUs
Unwanted BPDUs on PortFast-enabled
interfaces
Explanation:
Obvious.
https://www.examtopics.com/discussions/cisco/view/19860-exam-200-301-topic-1-question-69discussion/
Page 93 of 112
Question 062
Refer to the exhibit.
An engineer has started to configure replacement switch SW1. To verify part of the configuration,
the engineer issued the commands as shown and noticed that the entry for PC2 is missing. Which
change must be applied to SW1 so that PC1 and PC2 communicate normally?
a.
b.
c.
d.
SW1(config)#interface fa0/2
SW1(config-if)#no switchport access vlan 2
SW1(config-if)#no switchport trunk allowed vlan 3
SW1(config-if)#switchport trunk allowed vlan 2
SW1(config)#interface fa0/2
SW1(config-if)#no switchport access vlan 2
SW1(config-if)#switchport trunk native vlan 2
SW1(config-if)#switchport trunk allowed vlan 3
SW1(config)#interface fa0/2
SW1(config-if)#no switchport mode trunk
SW1(config-if)#no switchport trunk allowed vlan 3
SW1(config-if)#switchport mode access
SW1(config)#interface fa0/1
SW1(config-if)#no switchport access vlan 2
SW1(config-if)#switchport access vlan 3
SW1(config-if)#switchport trunk allowed vlan 2
Answer 062
c.
Explanation:
First, remove the trunk port on Fa 0/2
Next, remove the associated VLANs allowed on the (now non-existent) trunk>
Finally, place the port in switchport access mode (the port is already in VLAN 2
https://www.examtopics.com/discussions/cisco/view/84205-exam-200-301-topic-1-question-276discussion/
Page 94 of 112
Question 063
Refer to the exhibit.
Packets received by the router from BGP enter via a serial interface at 209.165.201.10. Each route
is present within the routing table. Which interface is used to forward traffic with a destination IP
of 10.10.10.24?
a.
b.
c.
d.
F0/10
F0/11
F0/12
F0/1
Answer 063
b.
Explanation:
All entries go to 10.10.10.24
All have the same longest match – first election process met.
EIGRP is chosen over OSPF – lowest AD (EIGRP = 90, OSPF = 110) – 2nd election process met.
EIGRP route via F0/11 has the lowest metric, use it – 3rd election process met.
Answer is ‘b’.
https://www.examtopics.com/discussions/cisco/view/84238-exam-200-301-topic-1-question-465discussion/
Page 95 of 112
Question 064
What is a function of an endpoint on a network?
a.
b.
c.
d.
provides wireless services to users in a building
connects server and client device to a network
allows users to record data and transmit to a file server
forwards traffic between VLANs on a network
Answer 064
c.
Explanation:
An endpoint is a remote computing device that communicates back and forth with a network to
which it is connected. Examples of endpoints include:
✑ Desktops
✑ Laptops
✑ Smartphones
✑ Tablets
✑ Servers
✑ Workstations
Internet-of-things (IoT) devices
https://www.examtopics.com/discussions/cisco/view/83756-exam-200-301-topic-1-question-107discussion/
Page 96 of 112
Question 065
Which wireless security protocol relies on Perfect Forward Secrecy?
A. WEP
B. WPA2
C. WPA
D. WPA3
Answer 065
d.
Explanation:
WPA3 is the wireless security protocol that relies on Perfect Forward Secrecy (PFS). It uses the
Simultaneous Authentication of Equals (SAE) protocol, also known as Dragonfly, to provide PFS
for each Wi-Fi session, making it much more secure than its predecessors (WPA2 and WPA) in
terms of key management and encryption.
https://www.examtopics.com/discussions/cisco/view/80392-exam-200-301-topic-1-question-706discussion/
Page 97 of 112
Question 066
Refer to the exhibit.
An IP subnet must be configured on each router that provides enough addresses for the number
of assigned hosts and anticipates no more than 10% growth for new hosts. Which configuration
script must be used?
a.
R7#
configure terminal
interface FastEthernet 1/0
ip address 10.1.56.1 255.255.192.0
no shutdown
R8#
configure terminal
interface FastEthernet 0/0
ip address 10.9.32.1 255.255.224.0
no shutdown
R9#
configure terminal
interface FastEthernet 1/1
ip address 10.23.96.1 255.255.128.0
no shutdown
Page 98 of 112
b.
c.
d.
R7#
configure terminal
interface FastEthernet 1/0
ip address 10.1.56.1 255.255.240.0
no shutdown
R8#
configure terminal
interface FastEthernet 0/0
ip address 10.9.32.1 255.255.224.0
no shutdown
R9#
configure terminal
interface FastEthernet 1/1
ip address 10.23.96.1 255.255.192.0
no shutdown
R7#
configure terminal
interface FastEthernet 1/0
ip address 10.1.56.1 255.255.252.0
no shutdown
R8#
configure terminal
interface FastEthernet 0/0
ip address 10.9.32.1 255.255.255.0
no shutdown
R9#
configure terminal
interface FastEthernet 1/1
ip address 10.23.96.1 255.255.240.0
no shutdown
R7#
configure terminal
interface FastEthernet 1/0
ip address 10.1.56.1 255.255.192.0
no shutdown
R8#
configure terminal
interface FastEthernet 0/0
ip address 10.9.32.1 255.255.224.0
no shutdown
R9#
configure terminal
interface FastEthernet 1/1
ip address 10.23.96.1 255.255.128.0
no shutdown
Page 99 of 112
Answer 066
c.
Explanation:
R7’s Fa 1/0 has 923 * 1.1 = 1015 host, so go to 1024 = 210 = 22-bits left (255.255.252.0).
R8’s Fa 0/0 has 225 * 1.1 = 248 host, so go to 255 = 28 = 24-bits left (255.255.255.0).
R9’s Fa 1/1 has 3641 * 1.1 = 4005 host, so go to 4096 = 212 = 20-bits left (255.255.240.0).
Only ‘c’ offers these options.
https://www.examtopics.com/discussions/cisco/view/83583-exam-200-301-topic-1-question-156discussion/
Page 100 of 112
Question 067
OSPF must be configured between routers R1 and R2. Which OSPF configuration must be applied
to router R1 to avoid a DR'BDR election?
a.
router ospf 1
network 192.168.1.1 0.0.0.0 area 0
interface e1/1
ip address 192.168.1.1 255.255.255.252
ip ospf cost 0
b.
router ospf 1
network 192.168.1.1 0.0.0.0 area 0
hello interval 15
interface e1/1
ip address 192.168.1.1 255.255.255.252
c.
router ospf 1
network 192.168.1.1 0.0.0.0 area 0
interface e1/1
ip address 192.168.1.1 255.255.255.252
ip ospf network broadcast
d.
router ospf 1
network 192.168.1.1 0.0.0.0 area 0
interface e1/1
ip address 192.168.1.1 255.255.255.252
ip ospf network point-to-point
Answer 067
d.
Explanation:
There is no DR/BDR election process on a point-to-point link.
https://www.examtopics.com/discussions/cisco/view/84236-exam-200-301-topic-1-question-461discussion/
Page 101 of 112
Question 068
Refer to the exhibit.
Which configuration enables DHCP addressing for hosts connected to interface FastEthernet0/1
on router R4?
a.
interface FastEthernet0/1
ip helper-address 10.0.1.1
!
access-list 100 permit tcp host 10.0.1.1 eq 67 host 10.148.2.1
b.
interface FastEthernet0/0
ip helper-address 10.0.1.1
!
access-list 100 permit udp host 10.0.1.1 eq bootps host 10.148.2.1
c.
interface FastEthernet0/0
ip helper-address 10.0.1.1
!
access-list 100 permit host 10.0.1.1 host 10.148.2.1 eq bootps
d.
interface FastEthernet0/1
ip helper-address 10.0.1.1
!
access-list 100 permit udp host 10.0.1.1 eq bootps host 10.148.2.1
Page 102 of 112
Answer 068
d.
Explanation:
The helper address is on the gateway to the host requesting the DHCP address (Fa 0/1).
Therefore, the answer is down to either a, or d.
Furthermore, the ACL in ‘c’ is just wrong as there’s no protocol mentioned.
The ACL in ‘a’ is using TCP, so that’s out for DHCP (It should be using UDP here).
Process of elimination, it must be ‘d’.
Notice though, the ACL would appear at the bottom of the list, under the deny ip any any log.
As such, this wouldn’t work.
https://www.examtopics.com/discussions/cisco/view/82007-exam-200-301-topic-1-question-582discussion/
Page 103 of 112
Question 069
Refer to the exhibit.
Router R1 currently is configured to use R3 as the primary route to the internet, and the route
uses the default administrative distance settings. A network engineer must configure R1 so that it
uses R2 as a backup, but only if R3 goes down. Which command must the engineer configure on
R1 so that it correctly uses R2 as a backup route, without changing the administrative distance
configuration on the link to R3?
a.
b.
c.
d.
ip route 0.0.0.0 0.0.0.0 209.165.201.5.10
ip route 0.0.0.0 0.0.0.0 g0/1 1
ip route 0.0.0.0 0.0.0.0 209.165.200.226 1
ip route 0.0.0.0 0.0.0.0 g0/1 6
Answer 069
d.
Explanation:
The next hop from R1 is either the next-hop of 209.165.200.230 (not an option), or the exit
interface of Gi 0/1, so the answer is either ‘b’ or ‘d’.
‘b’ has an AD of 1 (which is the default), and ‘d’ has and AD of ‘6’.
The floating static’s AD (6) must be larger than that of the primary route (AD =1).
Therefore, the answer is ‘d’.
https://www.examtopics.com/discussions/cisco/view/86505-exam-200-301-topic-1-question-463discussion/
Page 104 of 112
Question 070
What is the purpose of the ip address dhcp command?
a.
b.
c.
d.
to configure an interface as a DHCP relay
to configure an interface as a DHCP client
to configure an interface as a DHCP helper
to configure an interface as a DHCP server
Answer 070
b.
Explanation:
https://www.examtopics.com/discussions/cisco/view/84667-exam-200-301-topic-1-question-581discussion/
Page 105 of 112
Question 071
Refer to the exhibit. Which minimum configuration items are needed to enable Secure Shell
version 2 access to R15?
A. Router(config)#hostname R15 R15(config)#ip domain-name cisco.com
R15(config)#crypto key generate rsa general-keys modulus 1024
R15(config)#ip ssh version 2 R15(config-line)#line vty 0 15 R15(config-line)# transport input ssh
B. Router(config)#crypto key generate rsa general-keys modulus 1024
Router(config)#ip ssh version 2 Router(config-line)#line vty 015
Router(config-line)# transport input ssh
Router(contig)#ip ssh logging events
R15(config)#ip ssh stricthostkeycheck
C. Router(config)#hostname R15 R15(config)#crypto key generate rsa general-keys modulus 1024
R15(config-line)#line vty 0 15 R15(config-line)# transport input ssh
R15(config)#ip ssh source-interface Fa0/0
R15(config)#ip ssh stricthostkeycheck
D. Router(config)#ip domain-name cisco.com
Router(config)#crypto key generate rsa general-keys modulus 1024
Router(contig)#ip ssh version 2 Router(config-line)#line vty 0 15
Router(config-line)# transport input all
Router(config)#ip ssh logging events
Answer 071
x.
Explanation:
https://www.examtopics.com/discussions/cisco/view/99830-exam-200-301-topic-1-question-964discussion/
Question 072
Page 106 of 112
Answer 072
x.
Explanation:
Question 073
Answer 073
x.
Explanation:
Question 074
Answer 074
x.
Explanation:
Question 075
Answer 075
x.
Page 107 of 112
Explanation:
Question 076
Answer 076
x.
Explanation:
Question 077
Answer 077
x.
Explanation:
Question 078
Answer 078
x.
Explanation:
Page 108 of 112
Question 079
Answer 079
x.
Explanation:
Question 080
Answer 080
x.
Explanation:
<<< Template for Titles >>>
Question 021
Answer 021
x.
Explanation:
Page 109 of 112
Question 022
Answer 022
x.
Explanation:
Question 023
Answer 023
x.
Explanation:
Question 024
Answer 024
x.
Explanation:
Page 110 of 112
Question 025
Answer 025
x.
Explanation:
Question 026
Answer 026
x.
Explanation:
Question 027
Answer 027
x.
Explanation:
Question 028
Page 111 of 112
Answer 028
x.
Explanation:
Question 029
Answer 029
x.
Explanation:
Question 030
Answer 030
x.
Explanation:
Page 112 of 112