Cisco CCNA 200-301 Questions & Answers

• Question 1251:

  Refer to the exhibit.

  

  access-list 10 permit 192.168.0.0 0.0.0.255

  ip nat inside source list 10 pool CCNA overload

  Which command set configures ROUTER-1 to allow Internet access for users on the 192.168.1.0/24 subnet while using 209.165.202.129 for Port Address Translation?

  A. ip nat pool CCNA 192.168.0.0 192.168.1.255 netmask 255.255.255.0

  B. ip nat pool CCNA 209.165.202.129 209.165.202.129 netmask 255.255.255.255

  access-list 10 permit 192.168.1.0 255.255.255.0

  ip nat inside source list 10 pool CCNA overload

  C. ip nat pool CCNA 192.168.0.0 192.168.1.255 netmask 255.255.255.0

  access-list 10 permit 192.168.0.0 255.255.255.0

  ip nat inside source list 10 pool CCNA overload

  D. ip nat pool CCNA 209.165.202.129 209.165.202.129 netmask 255.255.255.255 access-list 10 permit 192.168.1.0 0.0.0.255 ip nat inside source list 10 pool CCNA overload

  Correct Answer: D

  NAT policies perform address translation by translating internal IP addresses to the addresses in a NAT pool.

  The Pool indicates the public addresses you will use to go out the internet. The access list includes the private subnet you will be NATing.

• Question 1252:

  Which WPA mode uses PSK authenticaton?

  A. Local

  B. Personal

  C. Enterprise

  D. Client

  Correct Answer: B

  The WPA mode that uses PSK (Pre-Shared Key) authentication is the Personal mode.

  WPA (Wi-Fi Protected Access) is a security protocol used in wireless networks to protect the communication between devices. WPA has two modes of operation: Personal mode and Enterprise mode.

  Personal mode, also known as WPA-PSK (Pre-Shared Key), uses a shared secret key (PSK) to authenticate wireless clients and encrypt network traffic. The PSK is a passphrase or password that is shared between the access point and wireless clients.

  Enterprise mode, also known as WPA-EAP (Extensible Authentication Protocol), uses a RADIUS (Remote Authentication Dial-In User Service) server to authenticate wireless clients. Enterprise mode provides stronger security than Personal mode, but it requires more setup and infrastructure.

  In summary, WPA-Personal mode uses PSK authentication, while WPA-Enterprise mode uses RADIUS server authentication.

• Question 1253:

  What is a characteristic of RSA?

  A. It uses preshared keys for encryption.

  B. It is a public-key cryptosystem.

  C. It is a private-key encryption algorithm.

  D. It requires both sides to have identical keys.

  Correct Answer: B

  RSA is a public-key cryptosystem. This means that it uses a pair of keys, one of which is kept private and the other of which is made public. The public key can be distributed to anyone who wants to send encrypted messages to the owner of the private key, while the private key is kept secret and is used by the owner to decrypt messages.

• Question 1254:

  What is used as a solution for protecting an individual network endpoint from attack?

  A. antivirus software

  B. wireless controller

  C. router

  D. Cisco DNA Center

  Correct Answer: A

• Question 1255:

  Refer to the exhibit.

  

  This ACL is configured to allow client access only to HTTP, HTTPS, and DNS services via UDP. The new administrator wants to add TCP access to the ONS service. Which configuration updates the ACL efficiently?

  A. no ip access-list extended Services

  ip access-list extended Services

  30 permit tcp 10.0.0.0 0.255.255.255 host 198.51.100.11 eq domain

  B. ip access-list extended Services 35 permit tcp 10.0.0.0 0.255.255.255 host 198.51.100.11 eq domain

  C. ip access-list extended Services permit tcp 10.0.0.0 0.255.255.255 host 198.51.100.11 eq domain

  D. no ip access-list extended Services

  ip access-list extended Services

  permit udp 10.0.0.0 0.255.255.255 any eq 53

  permit tcp 10.0.0.0 0.255.255.255 host 198.51.100.11 eq domain

  deny ip any any log

  Correct Answer: B

• Question 1256:

  What is a characteristic of RSA?

  A. It uses preshared keys for encryption.

  B. It is an asymmetric encryption algorithm.

  C. It is a symmetric decryption algorithm.

  D. It requires both sides to have identical keys for encryption.

  Correct Answer: B

  RSA (Rivest-Shamir-Adleman) is an asymmetric encryption algorithm, which is a type of public-key cryptography. In asymmetric encryption, a public key is used for encryption, and a private key is used for decryption. The two keys are mathematically related, but it is computationally infeasible to derive the private key from the public key.

• Question 1257:

  Which action must be taken when password protection is implemented?

  A. Use less than eight characters in length when passwords are complex.

  B. Include special characters and make passwords as long as allowed.

  C. Share passwords with senior IT management to ensure proper oversight.

  D. Store passwords as contacts on a mobile device with single-factor authentication.

  Correct Answer: B

• Question 1258:

  Which two VPN technologies are recommended by Cisco for multiple branch offices and large-scale deployments? (Choose two.)

  A. GETVPN

  B. DMVPN

  C. site-to-site VPN

  D. clientless VPN

  E. IPsec remote access

  Correct Answer: AB

  A. GETVPN (Group Encrypted Transport VPN): GETVPN is a Cisco VPN technology that provides secure and scalable VPN connectivity for multiple branch offices and large-scale deployments. It uses a group-based encryption mechanism to encrypt traffic between sites, allowing for efficient and scalable encryption across the network. GETVPN is particularly suitable for deployments with high bandwidth requirements and complex routing environments.

  B. DMVPN (Dynamic Multipoint VPN): DMVPN is another Cisco VPN technology designed for scalable and dynamic VPN deployments. It allows for the creation of secure overlay networks over public or private WAN connections. DMVPN provides efficient and scalable connectivity between multiple branch offices by using a combination of IPsec, GRE (Generic Routing Encapsulation), and NHRP (Next Hop Resolution Protocol). It simplifies the configuration and management of VPN connections, making it well-suited for large-scale deployments.

• Question 1259:

  What are two differences between WPA2 and WPA3 wireless security? (Choose two.)

  A. WPA2 uses 192-bit key encryption, and WPA3 requires 256-bit key encryption.

  B. WPA3 uses AES for stronger protection than WPA2, which uses SAE.

  C. WPA2 uses 128-bit key encryption, and WPA3 supports 128-bit and 192-bit key encryption.

  D. WPA3 uses SAE for stronger protection than WPA2, which uses AES.

  E. WPA3 uses AES for stronger protection than WPA2, which uses TKIP.

  Correct Answer: CD

• Question 1260:

  What is an enhancement implemented in WPA3?

  A. applies 802.1x authentication and AES-128 encryption

  B. employs PKI and RADIUS to identify access points

  C. uses TKIP and per-packet keying

  D. defends against deauthentication and disassociation attacks

  Correct Answer: D

  Additionally, WPA3 personal and enterprise connections requires PMF (Protected Management Frame) negotiation mandatorily. PMF provides an additional layer of protection from de-authentication and disassociation attacks.