Cisco CCNA Practice Test (200-301)

Access points operating in FlexConnect mode can locally switch client data traffic even when they lose connectivity to the network controller. This allows the wireless network to maintain functionality during network disruptions between the access points and the controller.

The underlay network provides the physical infrastructure that transports data packets across routers and switches using physical links. It is responsible for forwarding packets based on standard routing protocols. The overlay network, in contrast, creates virtual network paths over the underlay for logical segmentation and advanced networking features. Managing network policies through a centralized controller pertains to the control plane, not the underlay network. Offering application-level services is beyond the scope of the underlay network's responsibilities.

True. Regular security training enhances employee awareness of potential threats such as phishing, social engineering, and malware. By educating employees on how to recognize and respond to these threats, organizations can reduce the risk of security breaches caused by human error.

A trunk port is configured to carry traffic for multiple VLANs across a single physical link. It uses tagging protocols like IEEE 802.1Q (dot1q) to differentiate between VLANs. Access ports are assigned to a single VLAN and can only carry traffic for that VLAN. Port channels are aggregated links that combine multiple physical interfaces for increased bandwidth and redundancy, but they can carry either trunk or access port configurations. Routed ports are switch ports configured as Layer 3 interfaces for routing traffic between networks.

Configuring dynamic address translation with a pool of external addresses allows multiple internal private IP addresses to be translated to a range of public IP addresses. This meets the requirement of utilizing a specified range of public IPs for multiple hosts. Setting up static address translation would require a one-to-one mapping for each host, which is not efficient for a large internal network. Implementing port address translation (PAT) uses a single public IP address to translate multiple internal addresses by differentiating them using port numbers, which does not meet the requirement of utilizing a range of public IPs. Enabling address translation overload using the router's interface address also uses a single IP address and is not suitable in this scenario.

WPA3 provides the highest level of security among the listed protocols by introducing stronger encryption algorithms and improved authentication methods, such as Simultaneous Authentication of Equals (SAE). WPA2, while still widely used, does not include these enhancements. WPA and WEP are older protocols with known vulnerabilities.

Configuring the switch port as a trunk port is the best choice because it allows the port to carry traffic for multiple VLANs simultaneously. This is necessary when the connected device, such as an access point, needs to handle multiple wireless networks (SSIDs) that are mapped to different VLANs. Trunk ports enable the transmission of frames tagged with different VLAN identifiers, facilitating proper VLAN segregation and traffic handling.

An access port in the native VLAN would only carry untagged traffic for a single VLAN, which is insufficient for supporting multiple VLANs. Configuring the port as a port-channel with LACP focuses on link aggregation for increased bandwidth and redundancy, which does not address the need for multiple VLAN support in this context. A routed port operates at Layer 3 and disables Layer 2 switching capabilities, making it unsuitable for VLAN tagging and switching required by multiple SSIDs.

On an access port with a voice VLAN configured, data traffic is sent untagged, belonging to the port's access VLAN, while voice traffic is sent tagged with the voice VLAN ID using IEEE 802.1Q tagging. This tagging mechanism allows switches to distinguish between data and voice traffic, enabling appropriate Quality of Service (QoS) for voice communications. Therefore, it's incorrect to say that both data and voice traffic are sent untagged.

The value of "enabled" is true, which is a Boolean data type in JSON. Booleans in JSON represent logical true or false values. The other options are incorrect: "true" in quotes would be a String, null represents the absence of a value, and 1500 is a Number.

DHCP (Dynamic Host Configuration Protocol) is the network service responsible for automatically supplying devices with configuration parameters such as IP address, subnet mask, default gateway, and DNS server addresses. This enables devices to join and communicate on the network without manual configuration. Other protocols like DNS resolve hostnames to IP addresses, ARP resolves IP addresses to MAC addresses, and ICMP is used for sending error messages and operational information.

Configuring both interfaces to use the 'active' port mode ensures that both switches actively initiate LACP (Link Aggregation Control Protocol) negotiation, forming the EtherChannel automatically as desired. When both ends are set to 'active', they send LACP packets to each other, initiating and establishing the EtherChannel. If one end is 'active' and the other is 'passive', the EtherChannel will still form, but only the 'active' end initiates the negotiation, which doesn't meet the requirement of both switches initiating the process. If both ends are set to 'passive', neither switch initiates negotiation, and the EtherChannel will not form. Setting both ends to 'on' mode forces the channel without using LACP, which does not meet the requirement of using a dynamic protocol.

When a switch receives a frame with a destination MAC address that is not in its MAC address table, it floods the frame out of all other ports to locate the destination device. This is standard behavior for switch learning. Other options like a full MAC address table or hardware failure could cause issues, but they would typically result in dropped frames or system errors rather than frame flooding.

Power over Ethernet (PoE) allows devices to receive electrical power and data over standard Ethernet cables. This eliminates the need for separate power sources or electrical outlets near the devices. VLAN Trunking Protocol, Link Aggregation, and Spanning Tree Protocol are network protocols that manage data flow but do not provide power over network cables.

TFTP (Trivial File Transfer Protocol) uses UDP as its transport protocol and does not require user authentication, making it suitable for simple file transfers like network booting of devices. FTP (File Transfer Protocol), in contrast, uses TCP and typically requires user authentication for secure file transfers. SMTP is used for email transmission, and SNMP is used for network management, neither of which are designed for file transfers over UDP without authentication.

The spine-leaf architecture connects every leaf (access) switch to each spine (aggregation) switch. This setup ensures consistent latency and high availability by providing multiple equal-cost paths for data traffic. It's ideal for data centers that require scalable and efficient network performance. The three-tier architecture includes separate core, distribution, and access layers, adding more complexity. Ring topology connects devices in a circular fashion, which doesn't provide the same level of redundancy and latency consistency. Bus topology connects all devices along a single communication line, leading to potential bottlenecks and lack of redundancy.