2025/November Latest Braindump2go 200-301 Exam Dumps with PDF and VCE Free Updated Today! Following are some new Braindump2go 200-301 Real Exam Questions!
QUESTION 1560
Refer to the exhibit. Which switch in this configuration will be elected as the root bridge?
SW1: 0С:0А:05:22:05:97
SW2: 0C:0A:A8:1A:3C:9D
SW3: 0С:0А:18:81:ВЗ:19
SW4: 0С:4А:82:56:35:78
A. SW1
B. SW2
C. SW3
D. SW4
Answer: C
Explanation:
You can manipulate the Root Bridge Election by setting Bridge priority on your switches. The default value is 32768, and the lowest number is preferred. In the case of a tie, the switch with the lowest MAC address will be selected.
QUESTION 1561
Which alternative to password authentication is implemented to allow enterprise devices to log in to the corporate network?
A. 90-day renewal policies
B. magic links
C. one-time passwords
D. digital certificates
Answer: D
QUESTION 1562
Refer to the exhibit. The user has connectivity to devices on network 192.168.3.0/24 but cannot reach users on the network 10.10.1.0/24. What is the first step to verify connectivity?
A. Is the internet reachable?
B. Is the default gateway reachable?
C. Is the DNS server reachable?
D. Is the IPv4 address reachable?
Answer: D
Explanation:
Based on the provided configuration, the user is on the network 192.168.3.0/24 and can communicate with other devices on that network but is unable to reach users on the 10.10.1.0/24 network.
The first step in troubleshooting this connectivity issue would be to check if the default gateway is reachable. The default gateway serves as the path to other networks, and without this communication, the user would be unable to access devices on different subnets such as 10.10.1.0/24.
QUESTION 1563
Which CRUD operation corresponds to me HTTP GET method?
A. delete
B. create
C. update
D. read
Answer: D
QUESTION 1564
What is the main difference between traditional networks and controller-based networking?
A. Controller-based networks increase TCO for the company, and traditional networks require less investment.
B. Controller-based networks provide a framework for Innovation, and traditional networks create efficiency.
C. Controller-based networks are open for application requests, and traditional networks operate manually.
D. Controller-based networks are a closed ecosystem, and traditional networks take advantage of programmability.
Answer: C
Explanation:
Controller-based networks are programmable, meaning they can interact with applications via APIs to automate and optimize network behavior dynamically.
Traditional networks, on the other hand, require manual configuration and intervention for most tasks, lacking the flexibility and responsiveness of controller-based systems.
QUESTION 1565
Which solution is appropriate when mitigating password attacks where the attacker was able to sniff the clear-text password of the system administrator?
A. next-generation firewall to keep stateful packet inspection
B. multifactor authentication using two separate authentication sources
C. ACL to restrict incoming Telnet sessions “admin” accounts
D. IPS with a btock list of known attack vectors
Answer: B
Explanation:
Multifactor authentication (MFA) adds an additional layer of security beyond just a username and password. By requiring a second form of authentication (such as a temporary code sent to a mobile device, a fingerprint scan, or a hardware token), even if an attacker has obtained the clear-text password, they would still need access to the second authentication factor to gain entry. This significantly reduces the risk of unauthorized access.
QUESTION 1566
Drag and Drop Question
Drag and drop the TCP and UDP characteristics from the left onto the supporting protocols on the right. Not all options are used.
Answer:
QUESTION 1567
How does machine learning improve the detection of unauthorized network access?
A. It monitors for outdated software.
B. It dictates security policy updates.
C. It identifies patterns indicating intrusions.
D. It assigns security clearance levels.
Answer: C
Explanation:
Machine learning helps in detecting unauthorized network access by analyzing vast amounts of network traffic data and recognizing unusual patterns or anomalies that may indicate an intrusion. It can adapt over time as it learns new threat signatures and behaviors, making detection faster and more accurate than static rule-based systems.
QUESTION 1568
Which authentication method requires the user to provide a physical attribute to authenticate successfully?
A. password
B. muftifactor
C. biometric
D. certificate
Answer: C
Explanation:
Biometric authentication requires the user to provide a physical attribute, such as a fingerprint, facial recognition, or an iris scan, to authenticate successfully.
QUESTION 1569
Refer to the exhibit. An engineer is using the Cisco WLC GUI to configure a WLAN for WPA2 encryption with AES and preshared key Cisc0123456. After the engineer selects the WPA + WPA2 option from the Layer 2 Security drop-down list, which two tasks must they perform to complete the process? (Choose two.)
A. Select the WPA2 Policy, AES, and TKIP check boxes.
B. Select ASCII from the PSK Format drop-down list, enter the key, and leave the Auth Key Mgmt setting blank.
C. Select PSK from the Auth Key Mgmt drop-down list, set the PSK Format to ASCII, and enter the key.
D. Select the WPA2 Policy and AES check boxes.
E. Select CCKM from the Auth Key Mgmt drop-down list, set the PSK Format to Hex, and enter the key
Answer: CD
QUESTION 1570
Which AP feature provides a captive portal for users to authenticate register and accept terms before accessing the internet?
A. One-Click
B. Hotspot
C. Enhanced Bluetooth
D. Whole Home
Answer: B
QUESTION 1571
Which advantage does machine learning offer for network security?
A. It improves real-time threat detection.
B. It manages firewall rule sets.
C. It enforces password complexity requirements.
D. It controls VPN access permissions.
Answer: A
Explanation:
Machine learning (ML) is a subset of artificial intelligence (AI) that enables systems to learn and improve from data without being explicitly programmed. In the context of network security, ML has several advantages, particularly in real-time threat detection, due to the following reasons:
Analyzing Large Volumes of Data: ML algorithms can process massive amounts of network traffic data quickly and detect patterns indicative of potential threats, such as unusual behavior or anomalous activities.
Dynamic Threat Identification: Unlike static rule-based systems, ML models evolve over time by learning from new data, enabling them to identify and adapt to novel and emerging threats.
Automating Threat Response: ML can reduce the time needed to respond to security incidents by identifying threats in real time and even suggesting or implementing automated responses.
Reducing False Positives: Traditional security systems can generate numerous alerts, many of which may be false positives. ML improves the accuracy of threat detection by identifying genuine threats more effectively, thus reducing noise.
QUESTION 1572
Refer to the exhibit. Which interface does a packet take to reach the destination address of 10.10.10.6?
A. FastEthernet 0/0
B. Serial 0/0
C. FastEthernet 0/1
D. FastEthernet 0/2
Answer: D
QUESTION 1573
What does the term “spirt MAC” refer to in a wireless architecture?
A. divides data link layer functions between the AP and WLC
B. combines the management and control functions from the data-forwarding functions
C. uses different MAC addresses for 2.4 GHz and 5 GHz bands on the same AP
D. leverages two APs to handle control and data traffic
Answer: A
Explanation:
In a split MAC architecture, the functions of the MAC layer (Media Access Control layer, part of the data link layer) are divided between the Access Point (AP) and the Wireless LAN Controller (WLC).
The AP handles real-time functions like beaconing, responding to probe requests, and packet encryption.
The WLC manages higher-level control functions like authentication, association, and mobility management.
This division allows for more efficient management of wireless networks, where the WLC can centralize control and the AP focuses on fast, real-time operations.
QUESTION 1574
Refer to the exhibit. An engineer executed the script and added commands that were not necessary for SSH and must now remove the commands. Which two commands must be executed to correct the configuration? (Choose two.)
A. no ip domain name ccna.cisco.com
B. no login local
C. no service password-encryption
D. no ip name-server 198.51.100.210
E. no hostname CPE
Answer: CD
QUESTION 1575
Refer to the exhibit. Company A wants to use a RADIUS server to service all user and device authentication attempts with a more secure and granular authentication approach. Not all client devices support dot1x authentication. Which two configuration changes must be made to accomplish the task? (Choose two.)
A. Enable AutoConfig IPSK under the Layer 2 tab.
B. Select Authentication server under the AAA servers tab.
C. Configure Enterprise Security type under the Layer 2 tab.
D. Set Authentication under the Layer 3 tab.
E. Enable WPA2 Policy under the Layer 2 tab.
Answer: BC
QUESTION 1576
Refer to the exhibit. Four load-balancing servers are reachable through this router; however, the company is removing all static and default routes on the router.
Server 1 – 10.12.14.14
Server 2 – 192.168.4.4
Server 3 – 209.165.200.5
Server 4 – 209.165.201.26
Which server will handle all traffic after the policy changes take effect?
A. Server 1 – 10.12.14.14
B. Server 2 – 192.168.4.4
C. Server 3 – 209.165.200.5
D. Server 4 – 209.165.201.26
Answer: D
Explanation:
When all static and default routes are removed from the router, only directly connected and dynamically learned routes remain in the routing table. The router will forward traffic only to destinations that match these remaining routes.
– Server 1 (10.12.14.14) is on the 10.12.14.0/24 subnet, but there is no connected or dynamic route for this subnet in the table, so it will become unreachable once static/default routes are removed.
– Server 2 (192.168.4.4) is on 192.168.4.0/24, but there is no connected or dynamic route for this subnet in the table, so it will become unreachable once static/default routes are removed.
– Server 3 (209.165.200.5) is within the 209.165.200.0/27 subnet, which is dynamically learned via EIGRP and will remain reachable.
– Server 4 (209.165.201.26) is within 209.165.201.16/28, also dynamically learned via EIGRP and will remain reachable.
Server 3 – 209.165.200.5
There is a dynamic EIGRP route for 209.165.200.224/27, but 209.165.200.5 is NOT in this range (209.165.200.224 – 209.165.200.255).
So Server 3 (209.165.200.5) is NOT reachable via this route.
Server 4 – 209.165.201.26
209.165.201.26 falls within 209.165.201.16/28 (which covers 209.165.201.16 – 209.165.201.31).
So Server 4 is reachable via 209.165.201.16/28 dynamic route.
QUESTION 1577
What is the difference between SNMP traps and SNMP polling?
A. SNMP traps are used for proactive monitoring, and SNMP polling is used for reactive monitoring.
B. SNMP traps send periodic updates via the MIB, and SNMP polling sends data on demand.
C. SNMP traps are initiated by the network management system, and network devices initiate SNMP polling.
D. SNMP traps are initiated using a push model at the network device, and SNMP polling is initiated at the server.
Answer: D
Explanation:
SNMP traps are initiated by the network devices themselves using a push model, sending unsolicited notifications (traps) to the network management system when specific events or thresholds occur. This means the device proactively alerts the management system about important changes or issues.
SNMP polling is initiated by the network management system (server), which actively requests (polls) status information from devices at regular intervals. This is a pull model, where the management system reactively gathers data on demand to maintain an up-to-date view of the network’s health.
QUESTION 1578
A network architect planning a new Wi-Fi network must decide between autonomous, cloud-based, and split MAC architectures. Which two facts should the architect consider? (Choose two.)
A. Lightweight access points are solely used by split MAC architectures.
B. Cloud-based architectures uniquely use the CAPWAP protocol to communicate between access points and clients.
C. Each of the three architectures must use WLCs to manage their access points.
D. All three architectures use access points to manage the wireless devices connected to the wired infrastructure.
E. Autonomous architectures exclusively use tunneling protocols to manage access points remotely.
Answer: AD
Explanation:
The two facts a network architect should consider when deciding between autonomous, cloud-based, and split MAC Wi-Fi architectures are:
Option A – In split MAC architecture, the access points are lightweight and rely on a central wireless LAN controller (WLC) for management and control functions, while handling real-time functions locally. This architecture involves tunneling protocols such as CAPWAP for communication between the APs and the controller.
Option D – Regardless of the architecture, access points serve as the connection point for wireless clients to the wired network infrastructure, managing client connections and data forwarding.
QUESTION 1579
Refer to the exhibit. Which functionalities will this SSID have while being used by wireless clients?
A. decreases network security against offline dictionary attacks and encourages easy access to the network
B. increases network security against offline dictionary attacks and discourages time-consuming brute force attacks
C. increases network security against man in the middle attacks and discourages denial of service attacks
D. decreases network security against air sniffing attacks and discourages the use of complex passwords
Answer: B
Explanation:
Based on the configuration shown in the image, several key settings are visible that will impact the security and behavior of the WLAN:
1. WPA2 + WPA3 Encryption: The WLAN is configured to use both WPA2 and WPA3, which strengthens the security. WPA3 includes enhancements like Simultaneous Authentication of Equals (SAE) to defend against offline dictionary attacks and makes brute-force attacks more difficult, especially with features like forward secrecy.
2. Protected Management Frame (PMF) Required: This protects against man-in-the-middle attacks by ensuring the integrity and authenticity of management frames. This setting helps defend against deauthentication attacks.
3. Fast Transition (802.11r): This allows seamless handoff between access points, ensuring that wireless clients can roam quickly and securely without re-authentication delays.
4. AES (CCMP128) and GCMP256: These encryption protocols enhance data security over the air. AES is widely regarded as highly secure, while GCMP provides even stronger encryption.
5. Authentication Key Management (AKM) Options: SAE (Simultaneous Authentication of Equals) is selected, which is the key management method in WPA3, designed to defend against brute-force password attacks. It also includes features to protect against offline dictionary attacks.
QUESTION 1580
Which IPsec mode encapsulates the entire IP packet?
A. tunnel
B. Q-in-Q
C. SSL VPN
D. transport
Answer: A
Explanation:
In IPsec tunnel mode, the entire original IP packet, including the IP header and payload, is encapsulated and protected by a new IPsec header. This new packet is then transmitted between the IPsec endpoints (typically security gateways). Tunnel mode is typically used in site-to-site VPNs.
QUESTION 1581
Drag and Drop Question
Drag and drop the common functions from the left onto the conresponding network topology architecture layer on the right. Not all common functions are used.
Answer:
QUESTION 1582
Which cable type must be used to interconnect one switch using 1000 BASE-SX GBIC modules and another switch using 1000 BASE-SX SFP modules?
A. LC to SC
B. SC to SC
C. LC to LC
D. SC to ST
Answer: A
Explanation:
SFP is LC:
All SFP and SFP+ optics require LC connectors so the question becomes when you need single mode fiber or multi mode fiber but the connector type is clear. SC square connectors are too big to fit in a SFP or SFP+.
GBIC is SC:
GBIC is commonly used with Gigabit Ethernet and Fibre Channel. But its applications are not limited to these two types. There is also Fast Ethernet (FE) GBIC, BIDI GBIC, CWDM GBIC, DWDM GBIC, etc.
QUESTION 1583
Drag and Drop Question
Drag and drop the characteristics from the left onto the corresponding protocol types on the right. Not all characteristics are used.
Answer:
Explanation:
TCP:
Uses a three-way handshake
TCP establishes a connection using a three-step process (SYN, SYN-ACK, ACK) before transmitting data.
Provides a reliable connection
TCP ensures data is delivered reliably through acknowledgment and retransmissions if packets are lost.
Preferred for web browsing
Web browsing relies on TCP because it ensures complete and accurate delivery of HTTP/HTTPS traffic.
UDP:
Faster data transmission
UDP is faster than TCP because it does not establish a connection or require acknowledgments.
Used for streaming and VoIP
UDP is ideal for applications like streaming and VoIP, where speed is more critical than perfect accuracy.
Connectionless protocol
UDP is a stateless protocol that sends packets without establishing a connection.
QUESTION 1584
Drag and Drop Question
Drag and drop the TCP and UDP characteristics from the left onto the supporting protocols on the right.
Answer:
Explanation:
TCP:
Sends data in a specific order
TCP ensures data is delivered in sequence, maintaining the correct order.
Requires an established connection
TCP establishes a connection using the three-way handshake before transmitting data.
Supports web browsing
Web browsing uses HTTP/HTTPS, which relies on TCP for reliable delivery of web content.
UDP:
Suited for live streaming
UDP is ideal for real-time applications like live streaming and gaming, where speed is more important than reliability.
Retransmission is unsupported
UDP does not retransmit lost packets, making it faster but less reliable than TCP.
Tolerates packet loss
UDP tolerates occasional packet loss, as it is designed for applications where timely delivery is more important than perfect data integrity.
QUESTION 1585
What is the difference between the TCP and UDP protocols?
A. TCP has an inherent order for packet assembly, and UDP reassembles packets in a specific order.
B. TCP has a 20-byte minimal header size, and UDP has an 8-byte header size.
C. TCP requires five packets to set up a connection, and UDP requires only three packets.
D. TCP uses only a checksum, and UDP has an acknowledgment mechanism.
Answer: B
Explanation:
TCP (Transmission Control Protocol) and UDP (User Datagram Protocol) are both transport layer protocols. TCP has a minimum header size of 20 bytes, which includes fields for sequencing, acknowledgments, and flow control, ensuring reliable communication. UDP has a smaller 8-byte header, making it more efficient for time-sensitive applications like streaming and VoIP, but it does not guarantee delivery or ordering.
QUESTION 1598
Under what condition would a FlexConnect wireless architecture be preferable over other architectural choices?
A. when the connection latency to several remote offices is anticipated to surpass 300 milliseconds
B. when there is a need for high-precision location-based services at various remote offices
C. when centralized management is needed for several remote offices that lack individual WLCs
D. when each remote office necessitates its own local WLC for network management
Answer: C
Explanation:
The FlexConnect wireless architecture (formerly known as H-REAP) is designed to address scenarios where there are remote branch offices or locations with limited IT infrastructure. It allows Access Points (APs) to operate in two modes: connected mode (when connected to a centralized Wireless LAN Controller, or WLC) and standalone mode (when the connection to the WLC is disrupted).
QUESTION 1599
What is the primary purpose of the FlexConnect AP Mode?
A. to enable central switching per SSID basis via 802.6Q trunking
B. to enable local authentication only for a locally switched SSID
C. to enable local switching between VLAN and SSID
D. to enable fast transition for the authenticated clients
Answer: C
Explanation:
FlexConnect is a Cisco wireless access point (AP) mode that allows an AP to switch client traffic locally between a VLAN and SSID instead of tunneling it back to the controller. This is useful in branch or remote office deployments where connectivity to the central controller is limited or intermittent. When in connected mode, the AP can still communicate with the controller, but in standalone mode, it can continue to function with local switching.
QUESTION 1600
Lab Simulation 41
Guidelines
This is a lab item in which tasks will be performed on virtual devices.
– Refer to the Tasks tab to view the tasks for this lab item.
– Refer to the Topology tab to access the device console(s) and perform the tasks.
– Console access is available for all required devices by clicking the device icon or using the tab(s) above the console window.
– All necessary preconfigurations have been applied.
– Do not change the enable password or hostname for any device.
– Save your configurations to NVRAM before moving to the next item.
– Click Next at the bottom of the screen to submit this lab and move to the next question.
– When Next is clicked, the lab doses and cannot be reopened.
Topology
Tasks
Task 1:
Configure trunks between Sw1 and Sw2 on ports E0/0 and E0/1 using the IEEE standard frame tagging method.
– Add the IT_User_VLAN as the untagged VLAN to the trunk.
– Allow only the untagged VLAN and VLANs 20 and 40 on trunks.
– Verify that PC1 pings PC2 and PC3 pings PC4.
Task 2:
On Sw1 and Sw2, use IEEE 802.3ad link aggregation.
– Assign number 10 to the link.
– Combine E0/0 and E0/1 into a single logical link.
– Ensure Sw2 does not negotiate but responds to negotiation requests.
Answer: See the below explanation
Explanation:
Task 1: Configure Trunks
1. Set up trunking on interfaces E0/0 and E0/1 using IEEE 802.1Q:
interface range e0/0 – 1
switchport mode trunk
switchport trunk encapsulation dot1q
switchport trunk native vlan <IT_User_VLAN_ID>
switchport trunk allowed vlan <IT_User_VLAN_ID>,20,40
2. Verify trunk configuration:
show interfaces trunk
3. Verify connectivity:
ping 10.2.2.20 (From PC1 to PC2)
ping 10.3.3.20 (From PC3 to PC4)
Task 2: Configure Link Aggregation (EtherChannel)
1. On Sw1:
interface range e0/0 – 1
channel-group 10 mode active
exit
interface port-channel 10
switchport mode trunk
switchport trunk encapsulation dot1q
switchport trunk native vlan <IT_User_VLAN_ID>
switchport trunk allowed vlan <IT_User_VLAN_ID>,20,40
2. On Sw2:
interface range e0/0 – 1
channel-group 10 mode passive
exit
interface port-channel 10
switchport mode trunk
switchport trunk encapsulation dot1q
switchport trunk native vlan <IT_User_VLAN_ID>
switchport trunk allowed vlan <IT_User_VLAN_ID>,20,40
3. Verify EtherChannel:
show etherchannel summary
This setup ensures trunking, correct VLAN allowance, and EtherChannel link aggregation with Sw1 in active mode and Sw2 in passive mode, fulfilling the IEEE 802.3ad (LACP) requirement.
QUESTION 1601
Which architecture is best for Small offices with minimal wireless needs and no central management?
A. split MAC
B. mesh network
C. autonomous AP
D. cloud-based AP
Answer: C
Explanation:
An autonomous AP (Access Point) operates independently without requiring a central controller. This architecture is ideal for small offices with minimal wireless needs because each AP functions as a standalone device, handling authentication, encryption, and traffic forwarding on its own. Unlike split MAC, mesh networks, or cloud-based APs, an autonomous AP does not depend on external controllers or cloud management, making it a cost-effective and simple solution for small environments.
QUESTION 1602
Which AP mode wirelessly connects two separate network segments each set up within a different campus building?
A. point-to-point
B. local
C. mesh
D. bridge
Answer: D
Explanation:
In bridge mode, an access point (AP) acts as a wireless bridge to connect two separate network segments, typically located in different buildings or remote locations. This mode allows APs to establish a point-to-point or point-to-multipoint wireless link between network segments, eliminating the need for physical cabling. It is commonly used for campus environments where running fiber or Ethernet cables is impractical.
QUESTION 1603
Which architecture supports centralized firmware updates and configuration for APs in different branch locations?
A. autonomous
B. point-to-multipoint
C. ad-hoc
D. cloud-based
Answer: D
Explanation:
A cloud-based architecture enables centralized management of APs across multiple branch locations. This approach allows administrators to push firmware updates, configuration changes, and security policies from a cloud-based dashboard to all connected APs, ensuring consistency and reducing manual effort. Unlike autonomous APs, which require individual configuration, cloud-based solutions streamline network management, making them ideal for enterprises with distributed sites.
QUESTION 1604
Lab Simulation 42
Guidelines
This is a lab item in which tasks will be performed on virtual devices.
– Refer to the Tasks tab to view the tasks for this lab item.
– Refer to the Topology tab to access the device console(s) and perform the tasks.
– Console access is available for all required devices by clicking the device icon or using the tab(s) above the console window.
– All necessary preconfigurations have been applied.
– Do not change the enable password or hostname for any device.
– Save your configurations to NVRAM before moving to the next item.
– Click Next at the bottom of the screen to submit this lab and move to the next question.
– When Next is clicked, the lab doses and cannot be reopened.
Topology
Tasks
All physical cabling is in place and verified. Connectivity for the Switches on ports E0/1, E0/2, and E0/3 must be configured and available for voice and data capabilities.
1. Configure Sw1 and Sw2 with both VLANS, naming them according to the topology.
2. Configure the E0/1, E0/2, and E0/3 ports on both switches for both VLANS and ensure that Cisco IP phones and PCs pass traffic.
3. Configure Sw1 and Sw2 to allow neighbor discovery via the vendor-neutral protocol and deny the Cisco proprietary neighbor discovery on e0/0.
Answer: See the below explanation
Explanation:
On both Sw1 and Sw2 enter the following configuration
pgsql
Copy
Edit
configure terminal
vlan 100
name Engineering
vlan 102
name Engineering_Voice
lldp run
interface range Ethernet0/1 – 3
switchport mode access
switchport access vlan 100
switchport voice vlan 102
spanning-tree portfast
exit
interface Ethernet0/0
no cdp enable
lldp transmit
lldp receive
exit
write memory
Creating VLANs 100 and 102 (with the correct names) ensures both data and voice VLANs exist. Configuring E0/1–3 as access ports in VLAN 100 with voice VLAN 102 allows PCs and IP phones to work together on the same port. Enabling LLDP globally and on E0/0 and disabling CDP on E0/0 meets the requirement for vendor-neutral neighbor discovery while blocking the Cisco-proprietary protocol on that uplink.
QUESTION 1605
Refer to the exhibit. What must be configured to enable WPA2 with AES encryption and fast roaming with a preshared key length of 64 characters?
A. Enable CCMP256 encryption, PSK format HEX, and enable fast transition with FT PSK management.
B. Enable TKIP encryption, PSK format ASCII, and enable fast transition with FT PSK management.
C. Enable GCMP256 encryption, PSK format HEX, and enable fast transition with CCKM key management.
D. Enable AES encryption, PSK format ASCII, and enable fast transition with FT 802.1x key management.
Answer: A
Explanation:
A 64-character PSK is a 256-bit key and must be entered in HEX, which requires CCMP256 (AES-256) encryption, and fast roaming with a PSK requires FT PSK key management.
QUESTION 1606
Refer to the exhibit. An engineer was asked to update a wireless LAN controller configuration on a newly deployed SSID “Office.” However, the configuration was not well documented or commented. What can the engineer determine about this configuration?
A. There is an additional protection level that helps secure the data frames exchanged between wireless clients and the access points for all wireless devices.
B. There is a seamless transition mechanism used to expedite roaming for compatible devices by authenticating them before potential roaming occurs.
C. There is an extended delay that helps in minimizing the time it takes for client devices to stay connected after roaming activity for Apple and Android devices.
D. There is an advanced secure algorithm put into the service to add an extra level of quality assurance for wireless delivery networks.
Answer: B
Explanation:
The “Fast Transition” feature set to “Adaptive” with 802.1X-SHA1 enabled indicates that 802.11r Fast BSS Transition (FT) is configured. This allows wireless clients to seamlessly roam between access points by pre-authenticating with potential target APs. This reduces roaming delay and is especially beneficial for latency-sensitive applications (e.g., VoIP).
Thus, the configuration enables seamless transition and fast roaming for compatible wireless devices.
QUESTION 1607
How does MAC learning function?
A. protects against denial of service attacks
B. rewrites the source and destination MAC address
C. restricts ports to a maximum of 10 dynamically-learned addresses
D. inserts MAC addresses dynamically into the CAM table
Answer: D
Explanation:
MAC learning works by dynamically inserting learned MAC addresses into the Content Addressable Memory (CAM) table as frames are received on switch ports.
QUESTION 1608
A switch receives a frame with the destination MAC address 3C:5D:7E:9F:1A:2B.
How does the switch handle the frame?
A. It drops the frame to avoid unnecessary network congestion.
B. It floods the frame to all ports except the incoming port.
C. It switches the frame to a predetermined port based on settings.
D. It ages out the frame until the MAC address becomes known.
Answer: B
Explanation:
If the destination MAC address is not in the switch’s MAC address table, the switch floods the frame to all ports except the one on which it was received.
QUESTION 1609
Which AP mode provides a wireless connection between two network segments?
A. bridge
B. FlexConnect
C. local
D. root
Answer: A
Explanation:
Bridge mode allows an AP to connect two separate network segments wirelessly, acting as a wireless bridge.
QUESTION 1610
When a 5 GHz wireless network is implemented using 20 MHz channels with no DFS, how many nonoverlapping channels are available?
A. 6
B. 9
C. 8
D. 4
Answer: A
Explanation:
In the 5 GHz band, using only the UNII-1 and UNII-3 bands (no DFS), there are 6 nonoverlapping 20 MHz channels available.
QUESTION 1611
Which interface configuration type is needed for a FlexConnect AP to support multiple WLANs using local switching?
A. default port
B. trunk port
C. access port
D. LAG port
Answer: B
Explanation:
A trunk port is required for a FlexConnect AP to support multiple WLANs using local switching, as it allows multiple VLANs to be carried to the AP.
QUESTION 1612
Which switch port configuration must be configured when connected to an AP running in FlexConnect mode, and the WLANs use flex local switching?
A. access port with one VLAN
B. trunk port with pruned VLANs
C. Layer 3 port with an IP address
D. tagged port with MAC Filtering enabled
Answer: B
Explanation:
A trunk port is required for FlexConnect APs with flex local switching to carry multiple VLANs, and unused VLANs should be pruned for security and efficiency.
QUESTION 1613
Refer to the exhibit. Considering default routing protocol configurations were used, which routing protocol is used to learn the 10.255.2.2/32 route?
A. OSPF
B. BGP
C. RIP
D. EIGRP
Answer: D
Explanation:
The route is 10.255.2.2/32 [90/130816] via 10.0.24.2, 00:14:46, GigabitEthernet0/1
[90/130816]:
– 90 = Administrative Distance (AD)
– 130816 = Metric
Default ADs:
– EIGRP: 90
– OSPF: 110
– RIP: 120
– BGP: 20 (external), 200 (internal)
Since the AD is 90, this route was learned via EIGRP.
QUESTION 1614
Refer to the exhibit. What is the value of the administrative distance for the default gateway?
A. 110
B. 10
C. 1
D. 0
Answer: C
Resources From:
1.2025 Latest Braindump2go 200-301 Exam Dumps (PDF & VCE) Free Share:
https://www.braindump2go.com/200-301.html
2.2025 Latest Braindump2go 200-301 PDF and 200-301 VCE Dumps Free Share:
https://drive.google.com/drive/folders/1N579lVwFMNcTo1QgOz_B6__zxBTx36ev?usp=sharing
3.2025 Free Braindump2go 200-301 Exam Questions Download:
https://www.braindump2go.com/free-online-pdf/200-301-VCE-Dumps(Q1560-Q1614).pdf
Free Resources from Braindump2go,We Devoted to Helping You 100% Pass All Exams!