Tag: Cisco Certified Network Associate (200-301 CCNA)

Cisco Certified Network Associate (200-301 CCNA) – Question631

When a site-to-site VPN is used, which protocol is responsible for the transport of user data?

A. IPsec
B. IKEv1
C. MD5
D. IKEv2

Correct Answer: A

Explanation:

Explanation:
A site-to-site VPN allows offices in multiple fixed locations to establish secure connections with each other over a public network such as the Internet. A site-to-site VPN means that two sites create a VPN tunnel by encrypting and sending data between two devices. One set of rules for creating a site-to-site VPN is defined by IPsec.

Cisco Certified Network Associate (200-301 CCNA) – Question630


Refer to the exhibit. What is the effect of this configuration?

A. The switch discards all ingress ARP traffic with invalid MAC-to-IP address bindings.
B. All ARP packets are dropped by the switch.
C. Egress traffic is passed only if the destination is a DHCP server.
D. All ingress and egress traffic is dropped because the interface is untrusted.

Correct Answer: A

Explanation:

Explanation:
Dynamic ARP inspection is an ingress security feature; it does not perform any egress checking.

Cisco Certified Network Associate (200-301 CCNA) – Question629

Refer to the exhibit. An administrator configures four switches for local authentication using passwords that are stored as a cryptographic hash. The four switches must also support SSH access for administrators to manage the network infrastructure. Which switch is configured correctly to meet these requirements?


A. SW1
B. SW2
C. SW3
D. SW4

Correct Answer: C

Cisco Certified Network Associate (200-301 CCNA) – Question626

The service password-encryption command is entered on a router. What is the effect of this configuration?

A. restricts unauthorized users from viewing clear-text passwords in the running configuration
B. prevents network administrators from configuring clear-text passwords
C. protects the VLAN database from unauthorized PC connections on the switch
D. encrypts the password exchange when a VPN tunnel is established

Correct Answer: A

Cisco Certified Network Associate (200-301 CCNA) – Question625

While examining excessive traffic on the network, it is noted that all incoming packets on an interface appear to be allowed even though an IPv4 ACL is applied to the interface. Which two misconfigurations cause this behavior? (Choose two.)

A. The ACL is empty
B. A matching permit statement is too broadly defined
C. The packets fail to match any permit statement
D. A matching deny statement is too high in the access list
E. A matching permit statement is too high in the access list

Correct Answer: BE

Explanation:

Explanation:
Traffic might be permitted if the permit statement is too braid, meaning that you are allowing more traffic than what is specifically needed, or if the matching permit statement is placed ahead of the deny traffic. Routers will look at traffic and compare it to the ACL and once a match is found, the router acts accordingly to that rule.

Cisco Certified Network Associate (200-301 CCNA) – Question622

An engineer must configure a WLAN using the strongest encryption type for WPA2-PSK. Which cipher fulfills the configuration requirement?

A. WEP
B. AES
C. RC4
D. TKIP

Correct Answer: B

Explanation:

Explanation:
Many routers provide WPA2-PSK (TKIP), WPA2-PSK (AES), and WPA2-PSK (TKIP/AES) as options. TKIP is actually an older encryption protocol introduced with WPA to replace the very-insecure WEP encryption at the time. TKIP is actually quite similar to WEP encryption. TKIP is no longer considered secure, and is now deprecated. In other words, you shouldn’t be using it.
AES is a more secure encryption protocol introduced with WPA2 and it is currently the strongest encryption type for WPA2-PSK/.