Cisco Certified Network Associate (200-301 CCNA) – Question711

How do traditional campus device management and Cisco DNA Center device management differ in regards to deployment?

A. Traditional campus device management allows a network to scale more quickly than with Cisco DNA Center device management.
B. Cisco DNA Center device management can deploy a network more quickly than traditional campus device management.
C. Cisco DNA Center device management can be implemented at a lower cost than most traditional campus device management options.
D. Traditional campus device management schemes can typically deploy patches and updates more quickly than Cisco DNA Center device management.

Correct Answer: B

Cisco Certified Network Associate (200-301 CCNA) – Question710

An organization has decided to start using cloud-provided services. Which cloud service allows the organization to install its own operating system on a virtual machine?

A. platform-as-a-service
B. network-as-a-service
C. software-as-a-service
D. infrastructure-as-a-service

Correct Answer: D

Explanation:

Explanation:
Below are the 3 cloud supporting services cloud providers provide to customer:
* SaaS (Software as a Service): SaaS uses the web to deliver applications that are managed by a third-party vendor and whose interface is accessed on the clients’ side. Most SaaS applications can be run directly from a web browser without any downloads or installations required, although some require plugins.
* PaaS (Platform as a Service): are used for applications, and other development, while providing cloud components to software. What developers gain with PaaS is a framework they can build upon to develop or customize applications. PaaS makes the development, testing, and deployment of applications quick, simple, and cost-effective. With this technology, enterprise operations, or a third-party provider, can manage OSes, virtualization, servers, storage, networking, and the PaaS software itself. Developers, however, manage the applications.
* IaaS (Infrastructure as a Service): self-service models for accessing, monitoring, and managing remote datacenter infrastructures, such as compute (virtualized or bare metal), storage, networking, and networking services (e.g. firewalls). Instead of having to purchase hardware outright, users can purchase IaaS based on consumption, similar to electricity or other utility billing.
In general, IaaS provides hardware so that an organization can install their own operating system.

Cisco Certified Network Associate (200-301 CCNA) – Question709

An administrator must use the password complexity not manufacturer-name command to prevent users from adding "Cisco" as a password. Which command must be issued before this command?

A. login authentication my-auth-list
B. service password-encryption
C. password complexity enable
D. confreg 0x2142

Correct Answer: C

Cisco Certified Network Associate (200-301 CCNA) – Question708

What is a practice that protects a network from VLAN hopping attacks?

A. Implement port security on internet-facing VLANs
B. Enable dynamic ARP inspection
C. Assign all access ports to VLANs other than the native VLAN
D. Configure an ACL to prevent traffic from changing VLANs

Correct Answer: C

Cisco Certified Network Associate (200-301 CCNA) – Question707

A network engineer is implementing a corporate SSID for WPA3-Personal security with a PSK. Which encryption cipher must be configured?

A. CCMP128
B. GCMP256
C. CCMP256
D. GCMP128

Correct Answer: A

Cisco Certified Network Associate (200-301 CCNA) – Question706

Which two wireless security standards use counter mode cipher block chaining Message Authentication Code Protocol for encryption and data integrity? (Choose two.)

A. Wi-Fi 6
B. WPA3
C. WEP
D. WPA2
E. WPA

Correct Answer: BC

Cisco Certified Network Associate (200-301 CCNA) – Question705

A customer wants to provide wireless access to contractors using a guest portal on Cisco ISE. The portal is also used by employees. A solution is implemented, but contractors receive a certificate error when they attempt to access the portal. Employees can access the portal without any errors. Which change must be implemented to allow the contractors and employees to access the portal?

A. Install an Internal CA signed certificate on the Cisco ISE.
B. Install a trusted third-party certificate on the Cisco ISE.
C. Install an internal CA signed certificate on the contractor devices.
D. Install a trusted third-party certificate on the contractor devices.

Correct Answer: B

Explanation:

Reference: https://www.cisco.com/c/en/us/support/docs/security/identity-servic…

Cisco Certified Network Associate (200-301 CCNA) – Question704

Which port security violation mode allows from valid MAC addresses to pass but blocks traffic from invalid MAC addresses?

A. restrict
B. shutdown
C. protect
D. shutdown VLAN

Correct Answer: C

Cisco Certified Network Associate (200-301 CCNA) – Question703

Refer to the exhibit. An engineer is updating the management access configuration of switch SW1 to allow secured, encrypted remote configuration. Which two commands or command sequences must the engineer apply to the switch? (Choose two.)

A. SW1(config)#enable secret ccnaTest123
B. SW1(config)#username NEW secret R3mote123
C. SW1(config)#line vty 0 15
SW1(config-line)#transport input ssh
D. SW1(config)# crypto key generate rsa
E. SW1(config)# interface f0/1
SW1(confif-if)# switchport mode trunk

Correct Answer: CD

Cisco Certified Network Associate (200-301 CCNA) – Question702

SW1 supports connectivity for a lobby conference room and must be secured. The engineer must limit the connectivity from PC1 to the SW1 and SW2 network. The MAC addresses allowed must be limited to two.
Which configuration secures the conference room connectivity?

A. interface gi1/0/15
switchport port-security
switchport port-security maximum 2
B. interface gi1/0/15
switchport port-security
switchport port-security mac-address 0000.abcd.0004vlan 100
C. interface gi1/0/15
switchport port-security mac-address 0000.abcd.0004 vlan 100
D. interface gi1/0/15
switchport port-security mac-address 0000.abcd.0004 vlan 100
interface switchport secure-mac limit 2

Correct Answer: A

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.