25/08/23, 13:15 200-301 Exam – Free Actual Q&As, Page 1 | ExamTopics

- Expert Verified, Online, Free.

 Custom View Settings

Question #903 Topic 1

Refer to the exhibit. With which metric does router R1 learn the route to host 172.16.0.202?

A. 90

B. 110

C. 32445

D. 3184439

Correct Answer: C

Community vote distribution

C (83%) D (17%)

https://www.examtopics.com/exams/cisco/200-301/custom-view/ 1/60
25/08/23, 13:15 200-301 Exam – Free Actual Q&As, Page 1 | ExamTopics

Question #904 Topic 1

Refer to the exhibit. A network engineer must configure the link with these requirements:
• Consume as few IP addresses as possible.
• Leave at least two additional useable IP addresses for future growth.

Which set of configurations must be applied?

A. R1(config-if)#ip address 10.10.10.1 255.255.255.252

R2(config-if)#ip address 10.10.10.2 255.255.255.252

B. R1(config-if)#ip address 10.10.10.1 255.255.255.240

R2(config-if)#ip address 10.10.10.12 255.255.255.240

C. R1(config-if)#ip address 10.10.10.1 255.255.255.248

R2(config-if)#ip address 10.10.10.4 255.255.255.248

D. R1(config-if)#ip address 10.10.10.1 255.255.255.0

R2(config-if)#ip address 10.10.10.5 255.255.255.0

Correct Answer: A

Community vote distribution

C (100%)

https://www.examtopics.com/exams/cisco/200-301/custom-view/ 2/60
25/08/23, 13:15 200-301 Exam – Free Actual Q&As, Page 1 | ExamTopics

Question #905 Topic 1

DRAG DROP
-

Drag and drop the device behaviors from the left onto the matching HSRP state on the right.

Correct Answer:

https://www.examtopics.com/exams/cisco/200-301/custom-view/ 3/60
25/08/23, 13:15 200-301 Exam – Free Actual Q&As, Page 1 | ExamTopics

Question #906 Topic 1

Refer to the exhibit. A static route must be configured on R86 to forward traffic for the 172.16.34.0/29 network, which resides on R14. Which
command must be used to fulfill the request?

A. ip route 10.73.65.65 255.255.255.248 172.16.34.0

B. ip route 172.16.34.0 255.255.255.248 10.73.65.65

C. ip route 172.16.34.0 0.0.0.7 10.73.65.64

D. ip route 172.16.34.0 255.255.224.0 10.73.65.66

Correct Answer: D

Community vote distribution

B (100%)

Question #907 Topic 1

Refer to the exhibit. An engineer must configure a floating static route on an external EIGRP network. The destination subnet is the /29 on the LAN
interface of R86. Which command must be executed on R14?

A. ip route 10.80.65.0 255.255.248.0 10.73.65.66 1

B. ip route 10.80.65.0 255.255.255.240 fa0/1 89

C. ip route 10.80.65.0 255.255.255.248 10.73.65.66 171

D. ip route 10.73.65.66 0.0.0.224 10.80.65.0 255

Correct Answer: C

Community vote distribution

C (100%)

https://www.examtopics.com/exams/cisco/200-301/custom-view/ 4/60
25/08/23, 13:15 200-301 Exam – Free Actual Q&As, Page 1 | ExamTopics

Question #908 Topic 1

Refer to the exhibit. What is the next-hop IP address for R2 so that PC2 reaches the application server via EIGRP?

A. 192.168.30.1

B. 10.10.10.6

C. 10.10.10.5

D. 192.168.20.1

Correct Answer: B

Community vote distribution

B (100%)

https://www.examtopics.com/exams/cisco/200-301/custom-view/ 5/60
25/08/23, 13:15 200-301 Exam – Free Actual Q&As, Page 1 | ExamTopics

Question #909 Topic 1

DRAG DROP
-

Correct Answer:

https://www.examtopics.com/exams/cisco/200-301/custom-view/ 6/60
25/08/23, 13:15 200-301 Exam – Free Actual Q&As, Page 1 | ExamTopics

Question #910 Topic 1

Refer to the exhibit. An IPv6 address must be obtained automatically on the LAN interface on R1. Which command must be implemented to
accomplish the task?

A. ipv6 address autocontig

B. ipv6 address dhcp

C. ipv6 address fe80::/10

D. ipv6 address 2001:db8:d8d2:1008:4332:45:0570::/64

Correct Answer: C

Community vote distribution

B (53%) A (47%)

https://www.examtopics.com/exams/cisco/200-301/custom-view/ 7/60
25/08/23, 13:15 200-301 Exam – Free Actual Q&As, Page 1 | ExamTopics

Question #911 Topic 1

Refer to the exhibit. A network engineer is updating the configuration on router R1 to connect a new branch office to the company network. R2 has
been configured correctly. Which command must the engineer configure so that devices at the new site communicate with the main office?

A. ip route 172.25.25.1 255.255.255.255 g0/2

B. ip route 172.25.25.0 255.255.255.0 192.168.2.2

C. ip route 172.25.25.0 255.255.255.0 192.168.2.1

D. ip route 172.25.25.1 255.255.255.255 g0/1

Correct Answer: B

Community vote distribution

B (78%) C (22%)

Question #912 Topic 1

A network engineer must migrate a router loopback interface to the IPv6 address space. If the current IPv4 address of the interface is
10.54.73.1/32, and the engineer configures IPv6 address 0:0:0:0:0:ffff:a36:4901, which prefix length must be used?

A. /64

B. /96

C. /124

D. /128

Correct Answer: B

Community vote distribution

D (100%)

https://www.examtopics.com/exams/cisco/200-301/custom-view/ 8/60
25/08/23, 13:15 200-301 Exam – Free Actual Q&As, Page 1 | ExamTopics

Question #913 Topic 1

A Cisco engineer notices that two OSPF neighbors are connected using a crossover Ethernet cable. The neighbors are taking too long to become
fully adjacent. Which command must be issued under the interface configuration on each router to reduce the time required for the adjacency to
reach the FULL state?

A. ip ospf dead-interval 40

B. ip ospf network broadcast

C. ip ospf priority 0

D. ip ospf network point-to-point

Correct Answer: D

Community vote distribution

D (100%)

Question #914 Topic 1

Refer to the exhibit. PC A is communicating with another device at IP address 10.227.225.255. Through which router does router Y route the
traffic?

A. router A

B. router B

C. router C

D. router D

Correct Answer: A

Community vote distribution

D (80%) A (15%) 5%

https://www.examtopics.com/exams/cisco/200-301/custom-view/ 9/60
25/08/23, 13:15 200-301 Exam – Free Actual Q&As, Page 1 | ExamTopics

Question #915 Topic 1

Refer to the exhibit. A packet sourced from 10.10.10.32 is destined for the Internet. What is the administrative distance for the destination route?

A. 0

B. 1

C. 2

D. 32

Correct Answer: B

Community vote distribution

B (71%) A (29%)

Question #916 Topic 1

Refer to the exhibit. Which format matches the Modified EUI-64 IPv6 interface address for the network 2001:db8::/64?

A. 2001:db8::5000:00ff:fe04:0000/64

B. 2001:db8::4332:5800:41ff:fe06:/64

C. 2001:db8::5000:0004:5678:0090/64

D. 2001:db8::5200:00ff:fe04:0000/64

Correct Answer: C

Community vote distribution

D (82%) A (18%)

https://www.examtopics.com/exams/cisco/200-301/custom-view/ 10/60
25/08/23, 13:15 200-301 Exam – Free Actual Q&As, Page 1 | ExamTopics

Question #917 Topic 1

What is the benefit of using FHRP?

A. reduced ARP traffic on the network

B. balancing traffic across multiple gateways in proportion to their loads

C. higher degree of availability

D. reduced management overhead on network routers

Correct Answer: C

Community vote distribution

C (100%)

Question #918 Topic 1

Why is a first-hop redundancy protocol implemented?

A. to enable multiple switches to operate as a single unit

B. to provide load-sharing for a multilink segment

C. to prevent loops in a network

D. to protect against default gateway failures

Correct Answer: C

Community vote distribution

D (100%)

https://www.examtopics.com/exams/cisco/200-301/custom-view/ 11/60
25/08/23, 13:15 200-301 Exam – Free Actual Q&As, Page 1 | ExamTopics

Question #919 Topic 1

Refer to the exhibit. A network engineer executes the show ip route command on router D. What is the next hop to network 192.168.1.0/24 and
why?

A. The next hop is 10.0.2.1 because it uses distance vector routing.

B. The next hop is 10.0.0.1 because it has a higher metric.

C. The next hop is 10.0.2.1 because it is a link-state routing protocol.

D. The next hop is 10.0.0.1 because it has a better administrative distance.

Correct Answer: D

Community vote distribution

C (57%) D (43%)

Question #920 Topic 1

What is a similarity between global and unique local IPv6 addresses?

A. They use the same process for subnetting.

B. They are part of the multicast IPv6 group type.

C. They are routable on the global internet.

D. They are allocated by the same organization.

Correct Answer: A

Community vote distribution

A (77%) D (23%)

https://www.examtopics.com/exams/cisco/200-301/custom-view/ 12/60
25/08/23, 13:15 200-301 Exam – Free Actual Q&As, Page 1 | ExamTopics

Question #921 Topic 1

An engineer must configure the IPv6 address 2001:0db8:0000:0000:0700:0003:400F:572B on the serial0/0 interface of the HQ router and wants to
compress it for easier configuration. Which command must be issued on the router interface?

A. ipv6 address 2001:db8::700:3:400F:572B

B. ipv6 address 2001:db8:0::700:3:4F:572B

C. ipv6 address 2001::db8:0000::700:3:400F:572B

D. ipv6 address 2001:0db8::7:3:4F:572B

Correct Answer: A

Question #922 Topic 1

Refer to the exhibit. A packet that is sourced from 172.16.3.254 is destined for the IP address of GigabitEthernet0/0/0. What is the subnet mask
of the destination route?

A. 0.0.0.0

B. 255.255.254.0

C. 255.255.255.0

D. 255.255.255.255

Correct Answer: C

https://www.examtopics.com/exams/cisco/200-301/custom-view/ 13/60
25/08/23, 13:15 200-301 Exam – Free Actual Q&As, Page 1 | ExamTopics

Question #923 Topic 1

Refer to the exhibit. The iPv6 address for the LAN segment on router R2 must be configured using the EUI-64 format. Which address must be
used?

A. ipv6 address 2001:DB8:D8D2:1009:10A0:ABFF:FECC:1 eui-64

B. ipv6 address 2001:DB8:D8D2:1009:1230:ABFF:FECC:1 eui-64

C. ipv6 address 2001:DB8:D8D2:1009:4331:89FF:FF23:9 eui-64

D. ipv6 address 2001:DB8:D8D2:1009:12A0:AB34:FFCC:1 eui-64

Correct Answer: B

https://www.examtopics.com/exams/cisco/200-301/custom-view/ 14/60
25/08/23, 13:15 200-301 Exam – Free Actual Q&As, Page 1 | ExamTopics

Question #924 Topic 1

Refer to the exhibit. According to the output, which parameter set is validated using the routing table of R7?

A. R7 is missing a gateway of last resort.

R7 is receiving routes that were redistributed in EIGRP.
R7 will forward traffic destined to 10.90.8.0/24.

B. R7 has a gateway of last resort available.

R7 is receiving routes that were redistributed from BGP.
R7 will drop traffic destined to 10.90.8.0/24.

C. R7 is missing a gateway of last resort.

R7 is receiving routes that were redistributed from BGP.
R7 will forward traffic destined to 10.90.8.0/24.

D. R7 has a gateway of last resort available.

R7 is receiving routes that were redistributed in EIGRP.
R7 will drop traffic destined to 10.90.8.0/24.

Correct Answer: B

https://www.examtopics.com/exams/cisco/200-301/custom-view/ 15/60
25/08/23, 13:15 200-301 Exam – Free Actual Q&As, Page 1 | ExamTopics

Question #925 Topic 1

Which type of IPv4 address type helps to conserve the globally unique address classes?

A. loopback

B. multicast

C. private

D. public

Correct Answer: C

Question #926 Topic 1

What are two purposes of HSRP? (Choose two.)

A. It provides a mechanism for diskless clients to autoconfigure their IP parameters during boot.

B. It improves network availability by providing redundant gateways.

C. It groups two or more routers to operate as one virtual router.

D. It passes configuration information to hosts in a TCP/IP network.

E. It helps hosts on the network to reach remote subnets without a default gateway.

Correct Answer: BC

Question #927 Topic 1

What are two benefits for using private IPv4 addressing? (Choose two.)

A. They allow for Internet access from IoT devices.

B. They alleviate the shortage of public IPv4 addresses.

C. They provide a layer of security from internet threats.

D. They supply redundancy in the case of failure.

E. They offer Internet connectivity to endpoints on private networks.

Correct Answer: BC

https://www.examtopics.com/exams/cisco/200-301/custom-view/ 16/60
25/08/23, 13:15 200-301 Exam – Free Actual Q&As, Page 1 | ExamTopics

Question #928 Topic 1

DRAG DROP
-

Refer to the exhibit. OSPF is running between site A and site B. Drag and drop the destination IPs from the left onto the network segments used to
reach the destination on the right.

https://www.examtopics.com/exams/cisco/200-301/custom-view/ 17/60
25/08/23, 13:15 200-301 Exam – Free Actual Q&As, Page 1 | ExamTopics

Correct Answer:

Question #929 Topic 1

Refer to the exhibit. Routers R1 and R2 are configured with RIP as the dynamic routing protocol. A network engineer must configure R1 with a
floating static route to service as a backup route to network 192.168.23. which command must the engineer configure on R1?

A. ip route 192.168.23.0 255.255.255.0 192.168,13.3 100

B. ip route 192.168.23.0 255.255.255.255 192.168.13.3 121

C. ip route 192.168.23.0 255.255.255.0 192.168.13.3 121

D. ip route 192.168.23.0 255.255.255.0 192.168.13.3

Correct Answer: C

https://www.examtopics.com/exams/cisco/200-301/custom-view/ 18/60
25/08/23, 13:15 200-301 Exam – Free Actual Q&As, Page 1 | ExamTopics

Question #930 Topic 1

When deploying a new network that includes both Cisco and third-party network devices, which redundancy protocol avoids the interruption of
network traffic if the default gateway router fails?

A. VRRP

B. FHRP

C. GLBP

D. HSRP

Correct Answer: A

Question #931 Topic 1

What are two benefits of private IPv4 addressing? (Choose two.)

A. propagates routing information to WAN links

B. provides unlimited address ranges

C. reuses addresses at multiple sites

D. conserves globally unique address space

E. provides external internet network connectivity

Correct Answer: CD

Question #932 Topic 1

Which Cisco proprietary protocol ensures traffic recovers immediately, transparently, and automatically when edge devices or access circuits fail?

A. FHRP

B. VRRP

C. HSRP

D. SLB

Correct Answer: C

https://www.examtopics.com/exams/cisco/200-301/custom-view/ 19/60
25/08/23, 13:15 200-301 Exam – Free Actual Q&As, Page 1 | ExamTopics

Question #933 Topic 1

Refer to the exhibit. Which entry is the longest prefix match for host IP address 192.168.10.5?

A. 1

B. 2

C. 3

D. 4

Correct Answer: B

Question #934 Topic 1

Refer to the exhibit. How does router R1 handle traffic to 172.16.1.4 /30 subnet?

A. It sends all traffic over the path via 172.16.9.5 using 172.16.4.4 as a backup.

B. It sends all traffic over the path via 10.0.1.100.

C. It sends all traffic over the path via 172.16.4.4.

D. It load-balances traffic over 172.16.9.5 and 172.16.4.4

Correct Answer: D

https://www.examtopics.com/exams/cisco/200-301/custom-view/ 20/60
25/08/23, 13:15 200-301 Exam – Free Actual Q&As, Page 1 | ExamTopics

Question #935 Topic 1

Which two IPv6 addresses are used to provide connectivity between two routers on a shared link? (Choose two.)

A. FF02::0001:FF00:0000/104

B. ff06:bb43:cc13:dd16:1bb:ff14:7545:234d

C. 2002::512:1204b:1111::1/64

D. 2001:701:104b:1111::1/64

E. ::ffff:10.14.101.1/96

Correct Answer: CD

https://www.examtopics.com/exams/cisco/200-301/custom-view/ 21/60
25/08/23, 13:15 200-301 Exam – Free Actual Q&As, Page 1 | ExamTopics

Question #936 Topic 1

DRAG DROP
-

Refer to the exhibit. Drag and drop the learned prefixes from the left onto the subnet masks on the right.

Correct Answer:

https://www.examtopics.com/exams/cisco/200-301/custom-view/ 22/60
25/08/23, 13:15 200-301 Exam – Free Actual Q&As, Page 1 | ExamTopics

Question #937 Topic 1

Refer to the exhibit. Which action is taken by the router when a packet is sourced from 10.10.10.2 and destined for 10.10.10.16?

A. It floods packets to all learned next hops.

B. It uses a route that is similar to the destination address.

C. It queues the packets waiting for the route to be learned.

D. It discards the packets.

Correct Answer: D

https://www.examtopics.com/exams/cisco/200-301/custom-view/ 23/60
25/08/23, 13:15 200-301 Exam – Free Actual Q&As, Page 1 | ExamTopics

Question #938 Topic 1

DRAG DROP
-

Refer to the exhibit. The Router1 routing table has multiple methods to reach 10.10.10.0/24 as shown. The default Administrative Distance is
used. Drag and drop the network conditions from the left onto the routing methods that Router1 uses on the right.

https://www.examtopics.com/exams/cisco/200-301/custom-view/ 24/60
25/08/23, 13:15 200-301 Exam – Free Actual Q&As, Page 1 | ExamTopics

Correct Answer:

Question #939 Topic 1

An engineer must configure a core router with a floating static default route to the backup router at 10.200.0.2. Which command meets the
requirements?

A. ip route 0.0.0.0 0.0.0.0 10.200.0.2 1

B. ip route 0.0.0.0 0.0.0.0 10.200.0.2 10

C. ip route 0.0.0.0 0.0.0.0 10.200.0.2

D. ip route 0.0.0.0 0.0.0.0 10.200.0.2 floating

Correct Answer: B

https://www.examtopics.com/exams/cisco/200-301/custom-view/ 25/60
25/08/23, 13:15 200-301 Exam – Free Actual Q&As, Page 1 | ExamTopics

Question #940 Topic 1

Refer to the exhibit. After configuring a new static route on the CPE, the engineer entered this series of commands to verify that the new
configuration is operating normally. When is the static default route installed into the routing table?

A. when a route to 203.0.113.1 is learned via BGP

B. when 203.0.113.1 is no longer reachable as a next hop

C. when the default route learned over external BGP becomes invalid

D. when the default route learned over external BGP changes its next hop

Correct Answer: C

https://www.examtopics.com/exams/cisco/200-301/custom-view/ 26/60
25/08/23, 13:15 200-301 Exam – Free Actual Q&As, Page 1 | ExamTopics

Question #941 Topic 1

Refer to the exhibit. Packets are flowing from 192.168.10.1 to the destination at IP address 192.168.20.75. Which next hop will the router select
for the packet?

A. 10.10.10.1

B. 10.10.10.11

C. 10.10.10.12

D. 10.10.10.14

Correct Answer: B

Question #942 Topic 1

A router received three destination prefixes: 10.0.0.0/8, 10.0.0.0/16, and 10.0.0.0/24. When the show ip route command is executed, which output
does it return?

A. Gateway of last resort is 172.16.1.1 to network 0.0.0.0

o E2 10.0.0.0/8 [110/5] via 192.168.1.1, 0:01:00, Ethernet0
o E2 10.0.0.0/16[110/5] via 192.168.2.1, 0:01:00, Ethernet1
o E2 10.0.0.0/24[110/5] via 192.168.3.1, 0:01:00, Ethernet2

B. Gateway of last resort is 172.16.1.1 to network 0.0.0.0

o E2 10.0.0.0/8 [110/5] via 192.168.1.1, 0:01:00, Ethernet0

C. Gateway of last resort is 172.16.1.1 to network 0.0.0.0

o E2 10.0.0.0/24[110/5] via 192.168.3.1, 0:01:00, Ethernet2

D. Gateway of last resort is 172.16.1.1 to network 0.0.0.0

o E2 10.0.0.0/16[110/5] via 192.168.2.1, 0:01:00, Ethernet1
o E2 10.0.0.0/24[110/5] via 192.168.3.1, 0:01:00, Ethernet2

Correct Answer: A

https://www.examtopics.com/exams/cisco/200-301/custom-view/ 27/60
25/08/23, 13:15 200-301 Exam – Free Actual Q&As, Page 1 | ExamTopics

Question #943 Topic 1

Refer to the exhibit. User traffic originating within site B is failing to reach an application hosted on IP address 192.168.0.10, which is located
within site A. What is determined by the routing table?

A. The traffic is blocked by an implicit deny in an ACL on router2.

B. The lack of a default route prevents delivery of the traffic.

C. The traffic to 192.168.0.10 requires a static route to be configured in router1.

D. The default gateway for site B is configured incorrectly.

Correct Answer: D

https://www.examtopics.com/exams/cisco/200-301/custom-view/ 28/60
25/08/23, 13:15 200-301 Exam – Free Actual Q&As, Page 1 | ExamTopics

Question #944 Topic 1

Refer to the exhibit. Which two values does router R1 use to identify valid routes for the R3 loopback address 1.1.1.3/32? (Choose two.)

A. lowest cost to reach the next hop

B. highest administrative distance

C. lowest metric

D. highest metric

E. lowest administrative distance

Correct Answer: CE

Question #945 Topic 1

What is the role of community strings in SNMP operations?

A. It translates alphanumeric MIB output values to numeric values.

B. It passes the Active Directory username and password that are required for device access.

C. It serves as a sequence tag on SNMP traffic messages.

D. It serves as a password to protect access to MIB objects.

Correct Answer: D

https://www.examtopics.com/exams/cisco/200-301/custom-view/ 29/60
25/08/23, 13:15 200-301 Exam – Free Actual Q&As, Page 1 | ExamTopics

Question #946 Topic 1

Which syslog severity level is considered the most severe and results in the system being considered unusable?

A. Error

B. Emergency

C. Alert

D. Critical

Correct Answer: B

Question #947 Topic 1

The clients and DHCP server reside on different subnets. Which command must be used to forward requests and replies between clients on the
10.10.0.1/24 subnet and the DHCP server at 192.168.10.1?

A. ip route 192.168.10.1

B. ip dhcp address 192.168.10.1

C. ip default-gateway 192.168.10.1

D. ip helper-address 192.168.10.1

Correct Answer: D

https://www.examtopics.com/exams/cisco/200-301/custom-view/ 30/60
25/08/23, 13:15 200-301 Exam – Free Actual Q&As, Page 1 | ExamTopics

Question #948 Topic 1

Refer to the exhibit. Which command set configures ROUTER-1 to allow Internet access for users on the 192.168.1.0/24 subnet while using
209.165.202.129 for Port Address Translation?

A. ip nat pool CCNA 192.168.0.0 192.168.1.255 netmask 255.255.255.0

access-list 10 permit 192.168.0.0 0.0.0.255

ip nat inside source list 10 pool CCNA overload

B. ip nat pool CCNA 209.165.202.129 209.165.202.129 netmask 255.255.255.255

access-list 10 permit 192.168.1.0 255.255.255.0

ip nat inside source list 10 pool CCNA overload

C. ip nat pool CCNA 192.168.0.0 192.168.1.255 netmask 255.255.255.0

access-list 10 permit 192.168.0.0 255.255.255.0

ip nat inside source list 10 pool CCNA overload

D. ip nat pool CCNA 209.165.202.129 209.165.202.129 netmask 255.255.255.255

access-list 10 permit 192.168.1.0 0.0.0.255

ip nat inside source list 10 pool CCNA overload

Correct Answer: A

https://www.examtopics.com/exams/cisco/200-301/custom-view/ 31/60
25/08/23, 13:15 200-301 Exam – Free Actual Q&As, Page 1 | ExamTopics

Question #949 Topic 1

Which IP header field is changed by a Cisco device when QoS marking is enabled?

A. ECN

B. Header Checksum

C. Type of Service

D. DSCP

Correct Answer: B

Question #950 Topic 1

DRAG DROP
-

Drag and drop the SNMP components from the left onto the descriptions on the right.

Correct Answer:

https://www.examtopics.com/exams/cisco/200-301/custom-view/ 32/60
25/08/23, 13:15 200-301 Exam – Free Actual Q&As, Page 1 | ExamTopics

Question #951 Topic 1

Which DSCP per-hop forwarding behavior is divided into subclasses based on drop probability?

A. expedited

B. default

C. assured

D. class-selector

Correct Answer: A

Question #952 Topic 1

What are two features of the DHCP relay agent? (Choose two.)

A. assigns DNS locally and then forwards request to DHCP server

B. minimizes the necessary number of DHCP servers

C. permits one IP helper command under an individual Layer 3 interface

D. is configured under the Layer 3 interface of a router on the client subnet

E. allows only MAC-to-IP reservations to determine the local subnet of a client

Correct Answer: AB

Question #953 Topic 1

A DHCP pool has been created with the name CONTROL. The pool uses the next to last usable IP address as the default gateway for the DHCP
clients. The server is located at 172.16.32.15. What is the next step in the process for clients on the 192.168.52.0/24 subnet to reach the DHCP
server?

A. ip helper-address 172.16.32.15

B. ip default-gateway 192.168.52.253

C. ip forward-protocol udp 137

D. ip detault-network 192.168.52.253

Correct Answer: B

https://www.examtopics.com/exams/cisco/200-301/custom-view/ 33/60
25/08/23, 13:15 200-301 Exam – Free Actual Q&As, Page 1 | ExamTopics

Question #954 Topic 1

Which two transport layer protocols carry syslog messages? (Choose two.)

A. IP

B. RTP

C. TCP

D. UDP

E. ARP

Correct Answer: CD

Question #955 Topic 1

What is the purpose of classifying network traffic in QoS?

A. configures traffic-matching rules on network devices

B. services traffic according to its class

C. identifies the type of traffic that will receive a particular treatment

D. writes the class identifier of a packet to a dedicated field in the packet header

Correct Answer: C

https://www.examtopics.com/exams/cisco/200-301/custom-view/ 34/60
25/08/23, 13:15 200-301 Exam – Free Actual Q&As, Page 1 | ExamTopics

Question #956 Topic 1

DRAG DROP
-

Drag and drop the Qos features from the left onto the corresponding statements on the right.

Correct Answer:

https://www.examtopics.com/exams/cisco/200-301/custom-view/ 35/60
25/08/23, 13:15 200-301 Exam – Free Actual Q&As, Page 1 | ExamTopics

Question #957 Topic 1

Refer to the exhibit. Which configuration enables DHCP addressing for hosts connected to interface FastEthernet0/1 on router R3?

A. interface FastEthernet0/1
ip helper-address 10.0.1.1
!
access-list 100 permit tcp host 10.0.1.1 eq 67 host 10.148.2.1

B. interface FastEthernet0/1
ip helper-address 10.0.1.1
!
access-list 100 permit udp host 10.0.1.1 eq 67 host 10.148.2.1

C. interface FastEthernet0/0
ip helper-address 10.0.1.1
!
access-list 100 permit host 10.0.1.1 host 10.148.2.1 eq bootps

D. interface FastEthernet0/1
ip helper-address 10.0.1.1
!
access-list 100 permit udp host 10.0.1.1 eq bootps host 10.148.2.1

Correct Answer: B

https://www.examtopics.com/exams/cisco/200-301/custom-view/ 36/60
25/08/23, 13:15 200-301 Exam – Free Actual Q&As, Page 1 | ExamTopics

Question #958 Topic 1

DRAG DROP
-

Drag and drop the steps in a standard DNS lookup operation from the left into the order on the right.

Correct Answer:

Question #959 Topic 1

Which two features introduced in SNMPv2 provide the ability to retrieve large amounts of data in one request and acknowledge a trap using PDUs?
(Choose two.)

A. Get

B. GetNext

C. Set

D. GetBulk

E. Inform

Correct Answer: DE

https://www.examtopics.com/exams/cisco/200-301/custom-view/ 37/60
25/08/23, 13:15 200-301 Exam – Free Actual Q&As, Page 1 | ExamTopics

Question #960 Topic 1

DRAG DROP
-

Drag and drop the DNS commands from the left onto their effects on the right.

Correct Answer:

Question #961 Topic 1

What is the purpose of configuring different levels of syslog for different devices on the network?

A. to set the severity of syslog messages from each device

B. to control the number of syslog messages from different devices that are stored locally

C. to identify the source from which each syslog message originated

D. to rate-limit messages for different severity levels from each device

Correct Answer: A

https://www.examtopics.com/exams/cisco/200-301/custom-view/ 38/60
25/08/23, 13:15 200-301 Exam – Free Actual Q&As, Page 1 | ExamTopics

Question #962 Topic 1

Refer to the exhibit. The DHCP server is configured with a DHCP pool for each of the subnets represented. Which command must be configured on
switch SW1 to allow DHCP clients on VLAN 10 to receive dynamic IP addresses from the DHCP server?

A. SW1(config-if)#ip helper-address 192.168.10.1

B. SW1(config-if)#ip helper-address 192.168.20.1

C. SW1(config-if)#ip helper-address 192.168.20.2

D. SW1(config-if)#ip helper-address 192.168.10.2

Correct Answer: C

https://www.examtopics.com/exams/cisco/200-301/custom-view/ 39/60
25/08/23, 13:15 200-301 Exam – Free Actual Q&As, Page 1 | ExamTopics

Question #963 Topic 1

DRAG DROP
-

Drag and drop the DNS lookup commands from the left onto the functions on the right.

Correct Answer:

https://www.examtopics.com/exams/cisco/200-301/custom-view/ 40/60
25/08/23, 13:15 200-301 Exam – Free Actual Q&As, Page 1 | ExamTopics

Question #964 Topic 1

Refer to the exhibit. Which minimum configuration items are needed to enable Secure Shell version 2 access to R15?

A. Router(config)#hostname R15 -
R15(config)#ip domain-name cisco.com
R15(config)#crypto key generate rsa general-keys modulus 1024

R15(config)#ip ssh version 2 -

R15(config-line)#line vty 0 15 -
R15(config-line)# transport input ssh

B. Router(config)#crypto key generate rsa general-keys modulus 1024

Router(config)#ip ssh version 2 -

Router(config-line)#line vty 015
Router(config-line)# transport input ssh
Router(contig)#ip ssh logging events
R15(config)#ip ssh stricthostkeycheck

C. Router(config)#hostname R15 -
R15(config)#crypto key generate rsa general-keys modulus 1024

R15(config-line)#line vty 0 15 -
R15(config-line)# transport input ssh
R15(config)#ip ssh source-interface Fa0/0
R15(config)#ip ssh stricthostkeycheck

D. Router(config)#ip domain-name cisco.com

Router(config)#crypto key generate rsa general-keys modulus 1024

Router(contig)#ip ssh version 2 -

Router(config-line)#line vty 0 15
Router(config-line)# transport input all
Router(config)#ip ssh logging events

Correct Answer: A

https://www.examtopics.com/exams/cisco/200-301/custom-view/ 41/60
25/08/23, 13:15 200-301 Exam – Free Actual Q&As, Page 1 | ExamTopics

Question #965 Topic 1

hostname CPE
service password-encryption

ip domain name ccna.cisco.com

ip name-server 198.51.100.210

crypto key generate rsa modulus 1024

username admin privilege 15 secret s0m3s3cr3t

line vty 0 4
transport input ssh
login local

Refer to the exhibit. An engineer executed the script and added commands that were not necessary for SSH and now must remove the commands.
Which two commands must be executed to correct the configuration? (Choose two.)

A. no ip name-serveer 198.51.100.210

B. no login local

C. no service password-encryption

D. no ip domain mame ccna.cisco.com

E. no hostname CPE

Correct Answer: AB

Question #966 Topic 1

Which two actions are taken as the result of traffic policing? (Choose two.)

A. bursting

B. dropping

C. remarking

D. fragmentation

E. buffering

Correct Answer: AE

https://www.examtopics.com/exams/cisco/200-301/custom-view/ 42/60
25/08/23, 13:15 200-301 Exam – Free Actual Q&As, Page 1 | ExamTopics

Question #967 Topic 1

Which two server types support domain name to IP address resolution? (Choose two.)

A. authoritative

B. web

C. file transfer

D. resolver

E. ESX host

Correct Answer: BD

Question #968 Topic 1

What is a purpose of traffic shaping?

A. It enables policy-based routing.

B. It enables dynamic flow identification.

C. It provides best-effort service.

D. It limits bandwidth usage.

Correct Answer: D

Question #969 Topic 1

An engineering team asks an implementer to configure syslog for warning conditions and error conditions. Which command does the implementer
configure to achieve the desired result?

A. logging trap 5

B. logging trap 2

C. logging trap 3

D. logging trap 4

Correct Answer: D

https://www.examtopics.com/exams/cisco/200-301/custom-view/ 43/60
25/08/23, 13:15 200-301 Exam – Free Actual Q&As, Page 1 | ExamTopics

Question #970 Topic 1

DRAG DROP
-

Drag and drop the attack-mitigation techniques from the left onto the types of attack that they mitigate on the right.

Correct Answer:

Question #971 Topic 1

Which WLC management connection type is vulnerable to man-in-the-middle attacks?

A. console

B. Telnet

C. SSH

D. HTTPS

Correct Answer: B

https://www.examtopics.com/exams/cisco/200-301/custom-view/ 44/60
25/08/23, 13:15 200-301 Exam – Free Actual Q&As, Page 1 | ExamTopics

Question #972 Topic 1

Refer to the exhibit. An engineer booted a new switch and applied this configuration via the console port. Which additional configuration must be
applied to allow administrators to authenticate directly to global configuration mode via Telnet using a local username and password?

A. R1(config)#username admin -

R1(config-if)#line vty 0 4 -
R1(config-line)#password p@ss1234
R1(config-line)#transport input telnet

B. R1(config)#username admin privilege 15 secret p@ss1234

R1(config-if)#line vty 0 4 -
R1(config-line)#login local

C. R1(config)#username admin secret p@ss1234

R1(config-if)#line vty 0 4 -

R1(config-line)#login local -
R1(config)#enable secret p@ss1234

D. R1(config)#username admin -

R1(config-if)#line vty 0 4 -
R1(config-line)#password p@ss1234

Correct Answer: B

Question #973 Topic 1

Which type of encryption does WPA1 use for data protection?

A. PEAP

B. TKIP

C. AES

D. EAP

Correct Answer: C

https://www.examtopics.com/exams/cisco/200-301/custom-view/ 45/60
25/08/23, 13:15 200-301 Exam – Free Actual Q&As, Page 1 | ExamTopics

Question #974 Topic 1

Refer to the exhibit. A network administrator must permit traffic from the 10.10.0.0/24 subnet to the WAN on interface Serial0. What is the effect
of the configuration as the administrator applies the command?

A. The router accepts all incoming traffic to Serial0 with the last octet of the source IP set to 0.

B. The permit command fails and returns an error code.

C. The router fails to apply the access list to the interface.

D. The sourced traffic from IP range 10.0.0.0 - 10.0.0.255 is allowed on Serial0.

Correct Answer: B

https://www.examtopics.com/exams/cisco/200-301/custom-view/ 46/60
25/08/23, 13:15 200-301 Exam – Free Actual Q&As, Page 1 | ExamTopics

Question #975 Topic 1

DRAG DROP
-

Drag and drop the statements about AAA services from the left to the corresponding AAA services on the right. Not all options are used.

Correct Answer:

https://www.examtopics.com/exams/cisco/200-301/custom-view/ 47/60
25/08/23, 13:15 200-301 Exam – Free Actual Q&As, Page 1 | ExamTopics

Question #976 Topic 1

A network engineer must configure an access list on a new Cisco IOS router. The access list must deny HTTP traffic to network 10.125.128.32/27
from the 192.168.240.0/20 network, but it must allow the 192.168.240.0/20 network to reach the rest of the 10.0.0.0/8 network. Which
configuration must the engineer apply?

A. ip access-list extended deny_outbound

10 permit ip 192.168.240.0 255.255.240.0 10.0.0.0 255.0.0.0
20 deny tcp 192.168.240.0 255.255.240.0 10.125.128.32 255.255.255.224 eq 443
30 permit ip any any

B. ip access-list extended deny_outbound

10 deny tcp 192.168.240.0 0.0.15.255 10.125.128.32 0.0.0.31 eq 80
20 permit ip 192.168.240.0 0.0.15.255 10.0.0.0 0.255.255.255
30 deny ip any any log

C. ip access-list extended deny_outbound

10 deny tcp 10.125.128.32 255.255.255.224 192.168.240.0 255.255.240.0 eq 443
20 deny tcp 192.168.240.0 255.255.240.0 10.125.128.32 255.255.255.224 eq 443
30 permit ip 192.168.240.0 255.255.240.0 10.0.0.0 255.0.0.0

D. ip access-list extended deny_outbound

10 deny tcp 192.168.240.0 0.0.15.255 any eq 80
20 deny tcp 192.168.240.0 0.0.15.255 10.125.128.32 0.0.0.31 eq 80
30 permit ip 192.168.240.0 0.0.15.255 10.0.0.0 0.255.255.255

Correct Answer: B

Question #977 Topic 1

What is the definition of backdoor malware?

A. malicious code that is installed onto a computer to allow access by an unauthorized user

B. malicious program that is used to launch other malicious programs

C. malicious code that infects a user machine and then uses that machine to send spam

D. malicious code with the main purpose of downloading other malicious code

Correct Answer: C

Question #978 Topic 1

What does WPA3 provide in wireless networking?

A. backward compatibility with WPA and WPA2

B. safeguards against brute force attacks with SAE

C. increased security and requirement of a complex configuration

D. optional Protected Management Frame negotiation

Correct Answer: B

https://www.examtopics.com/exams/cisco/200-301/custom-view/ 48/60
25/08/23, 13:15 200-301 Exam – Free Actual Q&As, Page 1 | ExamTopics

Question #979 Topic 1

Which global command encrypts all passwords in the running configuration?

A. service password-encryption

B. enable password-encryption

C. enable secret

D. password-encrypt

Correct Answer: A

Question #980 Topic 1

Refer to the exhibit. A network administrator is configuring a router for user access via SSH. The service-password encryption command has been
issued. The configuration must meet these requirements:

• Create the username as CCUser.

• Create the password as NA!2$cc.
• Encrypt the user password.

What must be configured to meet the requirements?

A. username CCUser privilege 10 password NA!2$cc

B. username CCUser privilege 15 password NA!2$cc

enable secret 0 NA!2$cc

C. username CCUser secret NA!2Sce

D. username CCUser password NA!2$cc

enable password level 5 NA!2$cc

Correct Answer: C

https://www.examtopics.com/exams/cisco/200-301/custom-view/ 49/60
25/08/23, 13:15 200-301 Exam – Free Actual Q&As, Page 1 | ExamTopics

Question #981 Topic 1

Refer to the exhibit. A network engineer started to configure port security on a new switch. These requirements must be met:

• MAC addresses must be learned dynamically.

• Log messages must be generated without disabling the interface when unwanted traffic is seen.

Which two commands must be configured to complete this task? (Choose two.)

A. SW(config-if)#switchport port-security violation restrict

B. SW(config-if)#switchport port-security mac-address 0010.7B84.45E6

C. SW(config-if)#switchport port-security maximum 2

D. SW(config-if)#switchport port-security violation shutdown

E. SW(config-if)#switchport port-security mac-address sticky

Correct Answer: BC

Question #982 Topic 1

Which type of security program is violated when a group of employees enters a building using the ID badge of only one person?

A. intrusion detection

B. network authorization

C. physical access control

D. user awareness

Correct Answer: C

Question #983 Topic 1

What are two protocols within the IPsec suite? (Choose two.)

A. 3DES

B. AES

C. ESP

D. TLS

E. AH

Correct Answer: CE

https://www.examtopics.com/exams/cisco/200-301/custom-view/ 50/60
25/08/23, 13:15 200-301 Exam – Free Actual Q&As, Page 1 | ExamTopics

Question #984 Topic 1

Refer to the exhibit. Local access for R4 must be established and these requirements must be met:
• Only Telnet access is allowed.
• The enable password must be stored securely.
• The enable password must be applied in plain text.
• Full access to R4 must be permitted upon successful login.

Which configuration script meets the requirements?

A. !
conf t
!
username test1 password testpass1
enable secret level 15 0 Test123
!
line vty 0 15
login local
transport input telnet

B. !
config t
!
username test1 password testpass1
enable password level 15 0 Test123
!
line vty 0 15
login local
transport input all

C. !
config t
!
username test1 password testpass1
enable password level 1 7 Test123
!
line vty 0 15
accounting exec default
transport input all

D. !
config t
!
username test1 password testpass1
enable secret level 1 0 Test123
!
line vty 0 15

https://www.examtopics.com/exams/cisco/200-301/custom-view/ 51/60
25/08/23, 13:15 200-301 Exam – Free Actual Q&As, Page 1 | ExamTopics

login authentication
password Test123
transport input telnet

Correct Answer: A

Question #985 Topic 1

What is a characteristic of RSA?

A. It uses preshared keys for encryption.

B. It is an asymmetric encryption algorithm.

C. It is a symmetric decryption algorithm.

D. It requires both sides to have identical keys for encryption.

Correct Answer: D

Question #986 Topic 1

What are two differences between WPA2 and WPA3 wireless security? (Choose two.)

A. WPA2 uses 192-bit key encryption, and WPA3 requires 256-bit key encryption.

B. WPA3 uses AES for stronger protection than WPA2, which uses SAE.

C. WPA2 uses 128-bit key encryption, and WPA3 supports 128-bit and 192-bit key encryption.

D. WPA3 uses SAE for stronger protection than WPA2, which uses AES.

E. WPA3 uses AES for stronger protection than WPA2, which uses TKIP.

Correct Answer: CD

Question #987 Topic 1

What is an enhancement implemented in WPA3?

A. applies 802.1x authentication and AES-128 encryption

B. employs PKI and RADIUS to identify access points

C. uses TKIP and per-packet keying

D. defends against deauthentication and disassociation attacks

Correct Answer: D

https://www.examtopics.com/exams/cisco/200-301/custom-view/ 52/60
25/08/23, 13:15 200-301 Exam – Free Actual Q&As, Page 1 | ExamTopics

Question #988 Topic 1

Which action must be taken when password protection is implemented?

A. Use less than eight characters in length when passwords are complex.

B. Include special characters and make passwords as long as allowed.

C. Share passwords with senior IT management to ensure proper oversight.

D. Store passwords as contacts on a mobile device with single-factor authentication.

Correct Answer: B

Question #989 Topic 1

DRAG DROP
-

Drag and drop the statements about AAA from the left onto the corresponding AAA services on the right. Not all options are used.

Correct Answer:

https://www.examtopics.com/exams/cisco/200-301/custom-view/ 53/60
25/08/23, 13:15 200-301 Exam – Free Actual Q&As, Page 1 | ExamTopics

Question #990 Topic 1

An engineer must configure R1 for a new user account. The account must meet these requirements:
• It must be configured in the local database.
• The username is engineer2.
• It must use the strongest password configurable.

Which command must the engineer configure on the router?

A. R1(config)# username engineer2 privilege 1 password 7 test2021

B. R1(config)# username engineer2 secret 4 $1$b1Ju$kZbBS1Pyh4QzwXyZ

C. R1(config)# username engineer2 algorithm-type scrypt secret test2021

D. R1(config)# username engineer2 secret 5 password $1$b1Ju$kZbBS1Pyh4QzwXyZ

Correct Answer: C

Question #991 Topic 1

Which two VPN technologies are recommended by Cisco for multiple branch offices and large-scale deployments? (Choose two.)

A. GETVPN

B. DMVPN

C. site-to-site VPN

D. clientless VPN

E. IPsec remote access

Correct Answer: AB

https://www.examtopics.com/exams/cisco/200-301/custom-view/ 54/60
25/08/23, 13:15 200-301 Exam – Free Actual Q&As, Page 1 | ExamTopics

Question #992 Topic 1

DRAG DROP
-

Drag and drop the statements about AAA services from the left onto the corresponding AAA services on the right. Not all options are used.

Correct Answer:

Question #993 Topic 1

What is a characteristic of RSA?

A. It uses preshared keys for encryption.

B. It is a public-key cryptosystem.

C. It is a private-key encryption algorithm.

D. It requires both sides to have identical keys.

Correct Answer: B

https://www.examtopics.com/exams/cisco/200-301/custom-view/ 55/60
25/08/23, 13:15 200-301 Exam – Free Actual Q&As, Page 1 | ExamTopics

Question #994 Topic 1

What is used as a solution for protecting an individual network endpoint from attack?

A. antivirus software

B. wireless controller

C. router

D. Cisco DNA Center

Correct Answer: A

Question #995 Topic 1

Which security method is used to prevent man-in-the-middle attacks?

A. authentication

B. anti-replay

C. authorization

D. accounting

Correct Answer: B

Question #996 Topic 1

Which cipher is supported for wireless encryption only with the WPA2 standard?

A. RC4

B. AES

C. SHA

D. AES256

Correct Answer: B

https://www.examtopics.com/exams/cisco/200-301/custom-view/ 56/60
25/08/23, 13:15 200-301 Exam – Free Actual Q&As, Page 1 | ExamTopics

Question #997 Topic 1

Refer to the exhibit. This ACL is configured to allow client access only to HTTP, HTTPS, and DNS services via UDP. The new administrator wants to
add TCP access to the ONS service. Which configuration updates the ACL efficiently?

A. no ip access-list extended Services

ip access-list extended Services
30 permit tcp 10.0.0.0 0.255.255.255 host 198.51.100.11 eq domain

B. ip access-list extended Services

35 permit tcp 10.0.0.0 0.255.255.255 host 198.51.100.11 eq domain

C. ip access-list extended Services

permit tcp 10.0.0.0 0.255.255.255 host 198.51.100.11 eq domain

D. no ip access-list extended Services

ip access-list extended Services
permit udp 10.0.0.0 0.255.255.255 any eq 53
permit tcp 10.0.0.0 0.255.255.255 host 198.51.100.11 eq domain deny ip any any log

Correct Answer: D

Question #998 Topic 1

Which WPA mode uses PSK authenticaton?

A. Local

B. Personal

C. Enterprise

D. Client

Correct Answer: B

https://www.examtopics.com/exams/cisco/200-301/custom-view/ 57/60
25/08/23, 13:15 200-301 Exam – Free Actual Q&As, Page 1 | ExamTopics

Question #999 Topic 1

An engineer is configuring remote access to a router from IP subnet 10.139.58.0/28. The domain name, crypto keys, and SSH have been
configured. Which configuration enables the traffic on the destination router?

A. interface FastEthernet0/0
ip address 10.122.49.1 255.255.255.252
ip access-group 110 in

ip access-list extended 110

permit tcp 10.139.58.0 0.0.0.15 host 10.122.49.1 eq 22

B. interface FastEthernet0/0
ip address 10.122.49.1 255.255.255.240
access-group 120 in

ip access-list extended 120

permit tcp 10.139.58.0 255.255.255.248 any eq 22

C. interface FastEthernet0/0
ip address 10.122.49.1 255.255.255.252
ip access-group 105 in

ip access-list standard 105

permit tcp 10.139.58.0 0.0.0.7 eq 22 host 10.122.49.1

D. interface FastEthernet0/0
ip address 10.122.49.1 255.255.255.248
ip access-group 10 in

ip access-list standard 10
permit udp 10.139.58.0 0.0.0.7 host 10.122.49.1 eq 22

Correct Answer: A

Question #1000 Topic 1

To improve corporate security, an organization is planning to implement badge authentication to limit access to the data center. Which element of
a security program is being deployed?

A. user awareness

B. user training

C. physical access control

D. vulnerability verification

Correct Answer: C

https://www.examtopics.com/exams/cisco/200-301/custom-view/ 58/60
25/08/23, 13:15 200-301 Exam – Free Actual Q&As, Page 1 | ExamTopics

Question #1001 Topic 1

DRAG DROP
-

Drag and drop the characteristics of northbound APIs from the left onto any position on the right. Not all characteristics are used.

Correct Answer:

https://www.examtopics.com/exams/cisco/200-301/custom-view/ 59/60
25/08/23, 13:15 200-301 Exam – Free Actual Q&As, Page 1 | ExamTopics

Question #1002 Topic 1

Which benefit does Cisco DNA Center provide over traditional campus management?

A. Cisco DNA Center automates HTTPS for secure web access, and traditional campus management uses HTTP.

B. Cisco DNA Center leverages SNMPv3 for encrypted management, and traditional campus management uses SNMPv2.

C. Cisco DNA Center leverages APIs, and traditional campus management requires manual data gathering.

D. Cisco DNA Center automates SSH access for encrypted entry, and SSH is absent from traditional campus management.

Correct Answer: C

https://www.examtopics.com/exams/cisco/200-301/custom-view/ 60/60