Cisco Certified Network Associate (200-301 CCNA) – Question621

Refer to the exhibit. An extended ACL has been configured and applied to router R2. The configuration failed to work as intended.
Which two changes stop outbound traffic on TCP ports 25 and 80 to 10.0.20.0/26 from the 10.0.10.0/26 subnet while still allowing all other traffic? (Choose two.)

A. Add a "permit ip any any" statement at the end of ACL 101 for allowed traffic.
B. Add a "permit ip any any" statement to the beginning of ACL 101 for allowed traffic.
C. The ACL must be moved to the Gi0/1 interface outbound on R2.
D. The source and destination IPs must be swapped in ACL 101.
E. The ACL must be configured the Gi0/2 interface inbound on R1.

Correct Answer: AD

Cisco Certified Network Associate (200-301 CCNA) – Question620

Which configuration is needed to generate an RSA key for SSH on a router?

A. Configure VTY access.
B. Configure the version of SSH.
C. Assign a DNS domain name.
D. Create a user with a password.

Correct Answer: C

Cisco Certified Network Associate (200-301 CCNA) – Question619

Which set of actions satisfy the requirement for multifactor authentication?

A. The user enters a user name and password, and then re-enters the credentials on a second screen.
B. The user swipes a key fob, then clicks through an email link.
C. The user enters a user name and password, and then clicks a notification in an authentication app on a mobile device.
D. The user enters a PIN into an RSA token, and then enters the displayed RSA key on a login screen.

Correct Answer: C

Explanation:

Explanation:
This is an example of how two-factor authentication (2FA) works:
1. The user logs in to the website or service with their username and password.
2. The password is validated by an authentication server and, if correct, the user becomes eligible for the second factor.
3. The authentication server sends a unique code to the user’s second-factor method (such as a smartphone app).
4. The user confirms their identity by providing the additional authentication for their second-factor method.

Cisco Certified Network Associate (200-301 CCNA) – Question618

Which feature on the Cisco Wireless LAN Controller when enabled restricts management access from specific networks?

A. TACACS
B. CPU ACL
C. Flex ACL
D. RADIUS

Correct Answer: B

Explanation:

Explanation:
Whenever you want to control which devices can talk to the main CPU, a CPU ACL is used.
Note: CPU ACLs only filter traffic towards the CPU, and not any traffic exiting or generated by the CPU.
Reference:
https://www.cisco.com/c/en/us/support/docs/wireless/4400-series-wir…

Cisco Certified Network Associate (200-301 CCNA) – Question617

DRAG DROP
Drag and drop the Cisco Wireless LAN Controller security settings from the left onto the correct security mechanism categories on the right.
Select and Place:

Correct Answer: [img 0617-0001.jpg]

Explanation:

Explanation:
Layer 2 Security Mechanism includes WPA+WPA2, 802.1X, Static WEP, CKIP while Layer 3 Security Mechanisms (for WLAN) includes IPSec, VPN Pass-Through, Web Passthrough …
Reference:
https://www.cisco.com/c/en/us/support/docs/wireless/4400-series-wir…

Cisco Certified Network Associate (200-301 CCNA) – Question616

An email user has been lured into clicking a link in an email sent by their company's security organization. The webpage that opens reports that it was safe, but the link may have contained malicious code.
Which type of security program is in place?

A. user awareness
B. brute force attack
C. physical access control
D. social engineering attack

Correct Answer: A

Explanation:

Explanation:
This is a training program which simulates an attack, not a real attack (as it says “The webpage that opens reports that it was safe”) so we believed it should be called a “user awareness” program. Therefore the best answer here should be “user awareness”. This is the definition of “User awareness” from CCNA 200-301 Offical Cert Guide Book:
“User awareness: All users should be made aware of the need for data confidentiality to protect corporate information, as well as their own credentials and personal information. They should also be made aware of potential threats, schemes to mislead, and proper procedures to report security incidents. ”
Note: Physical access control means infrastructure locations, such as network closets and data centers, should remain securely locked.

Cisco Certified Network Associate (200-301 CCNA) – Question615

An engineer is asked to protect unused ports that are configured in the default VLAN on a switch. Which two steps will fulfill the request? (Choose two.)

A. Configure the ports as trunk ports.
B. Enable the Cisco Discovery Protocol.
C. Configure the port type as access and place in VLAN 99.
D. Administratively shut down the ports.
E. Configure the ports in an EtherChannel.

Correct Answer: CD

Cisco Certified Network Associate (200-301 CCNA) – Question614

DRAG DROP
Drag and drop the AAA functions from the left onto the correct AAA services on the right.
Select and Place:

Correct Answer: [img 0614-0001.jpg]

Cisco Certified Network Associate (200-301 CCNA) – Question613

When configuring a WLAN with WPA2 PSK in the Cisco Wireless LAN Controller GUI, which two formats are available to select? (Choose two.)

A. decimal
B. ASCII
C. hexadecimal
D. binary
E. base64

Correct Answer: BC

Explanation:

Reference:
https://www.cisco.com/c/en/us/td/docs/wireless/controller/9800/conf…

Cisco Certified Network Associate (200-301 CCNA) – Question612

What is the difference between AAA authentication and authorization?

A. Authentication identifies and verifies a user who is attempting to access a system, and authorization controls the tasks the user performs.
B. Authentication controls the system processes a user accesses, and authorization logs the activities the user initiates.
C. Authentication verifies a username and password, and authorization handles the communication between the authentication agent and the user database.
D. Authentication identifies a user who is attempting to access a system, and authorization validates the user's password.

Correct Answer: A

Explanation:

Explanation:
AAA stands for Authentication, Authorization and Accounting.
* Authentication: Specify who you are (usually via login username & password)
* Authorization: Specify what actions you can do, what resource you can access
* Accounting: Monitor what you do, how long you do it (can be used for billing and auditing)
An example of AAA is shown below:
* Authentication: “I am a normal user. My username/password is user_tom/learnforever”
* Authorization: “user_tom can access LearnCCNA server via HTTP and FTP”
* Accounting: “user_tom accessed LearnCCNA server for 2 hours”. This user only uses “show” commands.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.