« 返回题库列表2026年思科CCNA 200-301最新题库试题与答案
问题 #1
Which WPA3 enhancement protects against hackers viewing traffic on the Wi-Fi network?
A. SAE encryption
B. TKIP encryption
C. scrambled encryption key
D. AES encryption
问题 #2
Which IPv6 address block sends packets to a group address rather than a single address?
A. 2000::/3
B. FC00::/7
C. FE80::/10
D. FF00::/8
问题 #3
Which per-hop traffic-control feature does an ISP implement to mitigate the potential negative effect of a customer exceeding its committed bandwidth?
A. Marking
B. Shaping
C. Queuing
D. Policing
问题 #4
What are two examples of multifactor authentication? (Choose two.)
A. soft tokens
B. passwords that expire
C. shared password repository
D. single sign-on E.unique user knowledge
问题 #5
What are two functions of a firewall within an enterprise? (Choose two.)
A. It serves as an endpoint for a site-to-site VPN in standalone mode.
B. It enables traffic filtering based on URLs.
C. It offers Layer 2 services between hosts.
D. It enables wireless devices to connect to the network. E.It provides support as an endpoint for a remote access VPN in multiple context mode.
问题 #6
In which way does a spine-and-leaf architecture allow for scalability in a network when additional access ports are required?
A. A leaf switch is added with a single connection to a core spine switch.
B. A spine switch and a leaf switch are added with redundant connections between them.
C. A leaf switch is added with connections to every spine switch.
D. A spine switch is added with at least 40 GB uplinks.
问题 #7
Which QoS feature drops traffic that exceeds the committed access rate?
A. Weighted fair queuing
B. shaping
C. policing
D. FIFO
问题 #8
What are two disadvantages of a full-mesh topology? (Choose two.)
A. It needs a high MTU between sites.
B. It has a high implementation cost.
C. It must have point-to-point communication.
D. It requires complex configuration. E.It works only with BGP between sites.
问题 #9
What is the role of nonoverlapping channels in a wireless environment?
A. to increase bandwidth
B. to stabilize the RF environment
C. to reduce interference
D. to allow for channel bonding
问题 #10
In what way does a network supervisor reduce maintenance costs while maintaining network integrity on a traditionally managed network?
A. They install an automated network-monitoring system to provide early warning of network issues.
B. They use automation to centralize network-management tasks.
C. They employ additional network administrators to proactively manage the network.
D. They automate change-management processes that verify issue resolution.
问题 #11
A default route must be configured to use the IP address of 192.168.1.1 until a WAN circuit is installed. The WAN circuit will use a dynamic routing protocol with an Administrative Distance of 20. Which configuration must be applied to allow the dynamic r
A. ip route 0.0.0.0 0.0.0.0 192.168.1.1 20
B. ip route 0.0.0.0 0.0.0.0 192.168.1.1
C. ip route 0.0.0.0 0.0.0.0 192.168.1.1 track 1
D. ip route 0.0.0.0 0.0.0.0 192.168.1.1 25
问题 #12
Which connection type is used when an engineer connects to an AP without a configured IP address or dial-up number to manage the device?
A. AUX
B. console
C. VTY
D. Ethernet
问题 #13
Which two authentication types are used to validate user credentials for connections to a Cisco WLC? (Choose two.)
A. local
B. single sign-on
C. Active Directory
D. LDAP E.RADIUS
问题 #14
What are two benefits of controller-based networking compared to traditional networking? (Choose two.)
A. controller-based increases network bandwidth usage, while traditional lightens the load on the network
B. controller-based inflates software costs, while traditional decreases individual licensing costs
C. controller-based reduces network configuration complexity, while traditional increases the potential for errors
D. controller-based allows for fewer network failures, while traditional increases failure rates E.controller-based provides centralization of key IT functions, while traditional requires distributed management functions
问题 #15
A network engineer must migrate a router loopback interface to the IPv6 address space. If the current IPv4 address of the interface is 10.54.73.1/32, and the engineer configures IPv6 address 0:0:0:0:0:ffff:a00:0000, which prefix length must be used?
A. /64
B. /96
C. /124
D. /128
问题 #16
What event has occurred if a router sends a notice level message to a syslog server?
A. A TCP connection has been torn down.
B. A certificate has expired.
C. An ICMP connection has been built.
D. An interface line has changed status.
问题 #17
What is the definition of backdoor malware?
A. malicious code that infects a user machine and then uses that machine to send spam
B. malicious program that is used to launch other malicious programs
C. malicious code with the main purpose of downloading other malicious code
D. malicious code that is installed onto a computer to allow access by an unauthorized user
问题 #18
In which way does generative AI aid network simulations?
A. It computes optimal data storage solutions.
B. It creates synthetic network configurations.
C. It deploys network firmware updates.
D. It produce a greenfield network design.
问题 #19
How is AI used to identify issues within network traffic?
A. It analyzes patterns for anomaly detection
B. It exclusively predicts device malfunctions.
C. It enhances data packet delivery speeds
D. It simplifies traffic route mapping.
问题 #20
What is the function of a controller in a software-defined network?
A. fragmenting and reassembling packets
B. forwarding packets
C. multicast replication at the hardware level
D. setting packet-handling policies
问题 #21
Which networking function occurs on the data plane?
A. forwarding remote client/server traffic
B. processing inbound SSH management traffic
C. sending and receiving OSPF Hello packets
D. facilitates spanning-tree elections
问题 #22
A network security team noticed that an increasing number of employees are becoming victims of phishing attacks. Which security program should be implemented to mitigate the problem?
A. software firewall enabled on all PCs
B. email system patches
C. user awareness training
D. physical access control
问题 #23
What is a characteristic of a Layer 2 switch?
A. provides a single broadcast domain for all connected devices
B. uses the data link layer for communications
C. filters based on a transport layer protocol
D. tracks the number of active TCP connections
问题 #24
Which type of VPN connection is used when an employee accesses a secure server from a public Wi-Fi?
A. router-to-router
B. open
C. site-to-site
D. remote
问题 #25
What is the primary purpose of the first hop redundancy protocols?
A. to ensure high availability of the network by providing a secondary route on the RIB at the active gateway
B. to ensure high availability of the network by providing a transparent fail-over at the active gateway
C. to ensure high availability of the network by providing a backup route on the CEF in case of a gateway failure
D. to ensure high availability of the network by providing a redundant path via ARP in case of a failure of path failure
问题 #26
Under what condition would a FlexConnect wireless architecture be preferable over other architectural choices?
A. when the connection latency to several remote offices is anticipated to surpass 300 milliseconds
B. when centralized management is needed for several remote offices that lack individual WLCs
C. when each remote office necessitates its own local WLC for network management
D. when there is a need for high-precision location-based services at various remote offices
问题 #27
Which two host addresses are reserved for private use within an enterprise network? (Choose two.)
A. 10.172.76.200
B. 12.17.1.20
C. 172.15.2.250
D. 172.31.255.100 E.192.169.32.10
问题 #28
How are the query parameters for a GET request passed to the REST API?
A. in the URI
B. in the HTTP header
C. in the authorization
D. in the request body
问题 #29
Which interface is used to send traffic to the destination network? O 10.53.11.6/29 [110/6001] via F0/16 O 10.53.11.6/29 [110/28015] via F0/5 R 10.53.11.6/29 [120/6] via F0/19 R 10.53.11.6/29 [120/10] via F0/20
A. F0/5
B. F0/16
C. F0/19
D. F0/20
问题 #30
Which interface IP address serves as the tunnel source for CAPWAP packets from the WLC to an AP?
A. AP-manager
B. trunk
C. service
D. virtual AP connection
问题 #31
How does MAC learning function?
A. enabled by default on all VLANs and interfaces
B. increases security on the management VLAN
C. sends frames with unknown destinations to a multicast group
D. inspects and drops frames from unknown destinations
问题 #32
Which virtualization technology requires a base OS installation but does not require a hypervisor?
A. virtual server
B. container
C. virtual routers
D. Kubernetes
问题 #33
When a WPA2-PSK WLAN is configured in the Wireless LAN Controller, what is the minimum number of characters that is required in ASCII format?
问题 #34
What are two characteristics of a controller-based network? (Choose two.)
A. It uses Telnet to report system issues.
B. The administrator can make configuration updates from the CLI.
C. It uses northbound and southbound APIs to communicate between architectural layers.
D. It decentralizes the control plane, which allows each device to make its own forwarding decisions. E.It moves the control plane to a central point.
问题 #35
Which two encoding methods are supported by REST APIs? (Choose two.)
A. JSON
B. EBCDIC
C. YAML
D. XML E.SGML
问题 #36
Why is a first-hop redundancy protocol implemented?
A. to provide load-sharing for a multilink segment
B. to prevent loops in a network
C. to enable multiple switches to operate as a single unit
D. to protect against default gateway failures
问题 #37
What is the difference between controller-based networks and traditional networks as they relate to control-plane and/or data-plane functions?
A. Traditional networks centralize all important control-plane functions, and controller-based networks distribute control-plane functions.
B. Traditional networks centralize all important data-plane functions, and controller-based networks distribute data-plane functions.
C. Controller-based networks centralize all important control-plane functions, and traditional networks distribute control-plane functions.
D. Controller-based networks centralize all important data-plane functions, and traditional networks distribute data-plane functions.
问题 #38
What is the benefit of using FHRP?
A. higher degree of availability
B. reduced ARP traffic on the network
C. reduced management overhead on network routers
D. balancing traffic across multiple gateways in proportion to their loads
问题 #39
What are two recommendations for protecting network ports from being exploited when located in an office space outside of an IT closet? (Choose two.)
A. configure static ARP entries
B. enable the PortFast feature on ports
C. implement port-based authentication
D. configure ports to a fixed speed E.shut down unused ports
问题 #40
Which two components are needed to create an Ansible script that configures a VLAN on a switch? (Choose two.)
A. Playbook
B. Cookbook
C. Model
D. Recipe E.Task
问题 #41
What is the central role of a hypervisor in a virtualized environment?
A. Present virtualized hardware to a guest operating system.
B. Support many applications to run on a shared guest operating system.
C. Create a single library environment for many operating stems.
D. Allow a single guest operating system to run on the physical server
问题 #42
Which action must be taken to assign a global unicast IPv6 address on an interface that is derived from the MAC address of that interface?
A. explicitly assign a link-local address
B. configure a stateful DHCPv6 server on the network
C. enable SLAAC on an interface
D. disable the EUI-64 bit process
问题 #43
Which mode must be used to configure EtherChannel between two switches without using a negotiation protocol?
A. active
B. desirable
C. on
D. auto
问题 #44
Which cloud provided service allows an organization to install its own operating system on a virtual machine?
A. platform-as-a-service
B. network-as-a-service
C. software-as-a-service
D. infrastructure-as-a-service
问题 #45
What is a characteristic of spine-and-leaf architecture?
A. It provides variable latency.
B. Each device is separated by the same number of hops.
C. Each link between leaf switches allows for higher bandwidth.
D. It provides greater predictability on STP blocked ports.
问题 #46
Which network action occurs within the data plane?
A. reply to an incoming ICMP echo request
B. make a configuration change from an incoming NETCONF RPC
C. run routing protocols (OSPF, EIGRP, RIP, BGP)
D. compare the destination IP address to the IP routing table
问题 #47
What is a feature of WPA?
A. small Wi-Fi application
B. preshared key
C. TKIP/IMC encryption
D. 802.1x authentication
问题 #48
What are two reasons to deploy private addressing on a network? (Choose two.)
A. to hide sensitive data from access users within an enterprise
B. to segment local IP addresses from the global routing table
C. to route protected date securely via an Internet service provider
D. to subnet addresses in an organized hierarchy E.to reduce network maintenance costs
问题 #49
Which two VPN technologies are recommended by Cisco for multiple branch offices and large-scale deployments? (Choose two.)
A. DMVPN
B. site-to-site VPN
C. IPsec remote access
D. clientless VPN E.GETVPN
问题 #50
An application in the network is being scaled up from 300 servers to 600. Each server requires 3 network connections to support production, backup, and management traffic. Each connection resides on a different subnet. The router configuration for the pro
A. ip address 10.10.10.1 255.255.254.0
B. ip address 10.10.10.1 255.255.240.0
C. ip address 10.10.10.1 255.255.252.0
D. ip address 10.10.10.1 255.255.255.240
问题 #51
Which global command encrypts all passwords in the running configuration?
A. enable secret
B. password-encrypt
C. enable password-encryption
D. service password-encryption
问题 #52
Which type of API allows SDN controllers to dynamically make changes to the network?
A. southbound API
B. northbound API
C. REST API
D. SOAP API
问题 #53
Which two principles must be considered when using per-hop behavior in QoS? (Choose two.)
A. Policing is not supported on subinterfaces.
B. Shaping drops excessive traffic without adding traffic delay.
C. Shaping levels out traffic bursts by delaying excess traffic.
D. Shaping and rate limiting have the same effect E.Policing is performed in the inbound and outbound directions.
问题 #54
What is a service that is provided by a wireless controller?
A. It issues IP addresses to wired devices.
B. It provides Layer 3 routing between wired and wireless devices.
C. It manages interference in a dense network.
D. It mitigates threats from the internet.
问题 #55
How does automation affect network management processes?
A. It provides a reactive support model.
B. It performs configuration updates based on user profiles.
C. It improves the efficiency of system lifecycle management.
D. It interoperates with ISE to define and manage patch and update schedules.
问题 #56
How does a network administrator securely manage an AP in lightweight mode?
A. using the CLI via a virtual interface with SSH
B. using the AP GUI via an in-band SSH connection
C. using the CLI via an out-of-band connection
D. using the WLC GUI via HTTPS
问题 #57
What are two advantages of implementing a controller-based architecture instead of a traditional network architecture? (Choose two.)
A. It enables configuration task automation.
B. It increases security against denial-of-service attacks.
C. It provides increased scalability and management options.
D. It supports complex and high-scale IP addressing schemes. E.It allows for seamless connectivity to virtual machines.
问题 #58
Which IPsec mode provides encapsulation and encryption of the entire original IP packet on a site-to-site VPN?
A. IPsec tunnel mode with AH
B. IPsec transport mode with AH
C. IPsec transport mode with ESP
D. IPsec tunnel mode with ESP
问题 #59
Which two outcomes are predictable behaviors for HSRP? (Choose two.)
A. The two routers synchronize configurations to provide consistent packet forwarding.
B. The two routers negotiate one router as the active router and the other as the standby router.
C. The two routers share a virtual IP address that is used as the default gateway for devices on the LAN.
D. The two routers share the same interface IP address, and default gateway traffic is load-balanced between them. E.Each router has a different IP address, both routers act as the default gateway on the LAN, and traffic is load-balanced between them.
问题 #60
A Cisco engineer notices that two OSPF neighbors are connected using a crossover Ethernet cable. The neighbors are taking too long to become fully adjacent. Which command must be issued under the interface configuration on each router to reduce the time r
A. ip ospf priority 0
B. ip ospf network broadcast
C. ip ospf dead-interval 40
D. ip ospf network point-to-point
问题 #61
Which WPA mode uses PSK authentication?
A. Personal
B. Client
C. Enterprise
D. Local
问题 #62
An administrator must secure the WLC from receiving spoofed association requests. Which steps must be taken to configure the WLC to restrict the requests and force the user to wait 10 ms to retry an association request?
A. Enable MAC filtering and set the SA Query timeout to 10.
B. Enable 802.1x Layer 2 security and set the Comeback timer to 10.
C. Enable the Protected Management Frame service and set the Comeback timer to 10.
D. Enable Security Association Teardown Protection and set the SA Query timeout to 10.
问题 #63
Which Cisco proprietary protocol ensures traffic recovers automatically when the active gateway fails?
A. HSRP
B. SLB
C. VRRP
D. FHRP
问题 #64
What is the advantage of separating the control plane from the data plane within an SDN network?
A. reduces cost
B. offloads the creation of virtual machines to the data plane
C. decreases overall network complexity
D. limits data queries to the control plane
问题 #65
An engineer requires a scratch interface to actively attempt to establish a trunk link with a neighbor switch. What command must be configured?
A. switchport mode trunk
B. switchport mode dynamic desirable
C. switchport mode dynamic auto
D. switchport nonegotiate
问题 #66
Which action does the router take as it forwards a packet through the network?
A. The router replaces the source and destination labels with the sending router interface label as a source and the next hop router label as a destination.
B. The router encapsulates the source and destination IP addresses with the sending router IP address as the source and the neighbor IP address as the destination.
C. The router replaces the original source and destination MAC addresses with the sending router MAC address as the source and neighbor MAC address as the destination.
D. The router encapsulates the original packet and then includes a tag that identifies the source router MAC address and transmit transparently to the destination.
问题 #67
A network engineer must implement an IPv6 configuration on the vlan 2000 interface to create a routable locally-unique unicast address that is blocked from being advertised to the internet. Which configuration must the engineer apply?
A. interface vlan 2000 ipv6 address fd00::1234:2343/64
B. interface vlan 2000 ipv6 address fe80:0000:aaaa::1234:2343/64
C. interface vlan 2000 ipv6 address fc00:0000:aaaa:1234:1234:2343:1234/64
D. interface vlan 2000 ipv6 address ff00:0000:aaaa::1234:2343/64
问题 #68
What is a practice that protects a network from VLAN hopping attacks?
A. Implement port security on internet-facing VLANs.
B. Assign all access ports to VLANs other than the native VLAN.
C. Enable dynamic ARP inspection
D. Configure an ACL to prevent traffic from changing VLANs.
问题 #69
What is the difference between 1000BASE-LX/LH and 1000BASE-ZX interfaces?
A. 1000BASE-ZX interoperates with dual-rate 100M/1G 10Km SFP over multimode fiber, and 1000BASE- LX/LH supports only single-rate.
B. 1000BASE-LX/LH is supported on links up to 10km, and 1000BASE-ZX operates over links up to 70 km.
C. 1000BASE-LX/LH interoperates with multimode and single-mode fiber, and 1000BASE-ZX needs a conditioning patch cable with a multimode.
D. 1000BASE-ZX is supported on links up to 1000km, and 1000BASE-LX/LH operates over links up to 70 km.
问题 #70
What is a function of the core and distribution layers in a collapsed-core architecture?
A. The router must use IPv4 and IPv6 addresses at Layer 3.
B. The router can support HSRP for Layer 2 redundancy in an IPv6 network.
C. The core and distribution layers are deployed on two different devices to enable failover.
D. The router operates on a single device or a redundant pair.
问题 #71
Which security program element helps protect against employees unintentionally leaking sensitive information via email?
A. physical access controls
B. user awareness campaigns
C. controlled internet access
D. workstation screen recordings
闽公网安备 35012102500533号
|
闽ICP备18010967号-7