Cisco CCNA 200-301 v2.0: AI, Network Operations and Management

Topic snapshot

Sample questions

These questions are original IT Mastery practice items aligned to this topic area. They are designed for self-assessment and are not official exam questions.

Question 1

Topic: AI, Network Operations and Management

A network operations team uses an agentic AI assistant that can analyze sanitized device output and propose investigation steps, but device changes require engineer approval. A switch begins generating these messages. What is the best next use of the AI assistant?

Exhibit: Syslog excerpt

%SW_MATM-4-MACFLAP_NOTIF: Host 00:50:56:aa:10:22 in VLAN 30
  flapping between Gi1/0/23 and Gi1/0/24
%SPANTREE-5-ROOTCHANGE: Root changed for VLAN0030 on Gi1/0/24
%LINEPROTO-5-UPDOWN: Line protocol on Gi1/0/24 changed state to up

Options:

• A. Summarize the pattern and suggest verification commands

• B. Disable Gi1/0/24 automatically to stop the issue

• C. Declare STP failed and close the incident

• D. Request full configurations and device credentials

Best answer: A

Explanation: A suitable CCNA-level use of agentic AI in network operations is to assist with triage, summarization, and investigation guidance based on verified evidence. The exhibit shows MAC flapping in VLAN 30, a spanning-tree root change, and an interface state change, so the assistant can help correlate the messages and recommend safe next checks such as reviewing STP state, neighbor information, and interface history. It should not be trusted to make unsupervised changes, declare final root cause from limited evidence, or collect sensitive information unnecessarily. The key is to use AI to accelerate analysis while an engineer validates findings and approves actions.

• Automatic shutdown is too aggressive because the exhibit does not prove which interface should be disabled, and changes require approval.
• Final root cause is unsupported because the logs suggest a condition to investigate, not enough evidence to close the incident.
• Credential collection exposes sensitive data unnecessarily and is not needed for summarized triage from sanitized logs.

Question 2

Topic: AI, Network Operations and Management

A network team is reviewing a proposed VLAN change for two access switches. Based on the exhibit, which interpretation best describes the management approach?

Exhibit: Change pipeline excerpt

Repository: net-iac
Branch: change/vlan-30-voice
File: group_vars/access_switches.yml
Change:
  vlans:
    - id: 30
      name: VOICE
Pipeline: plan generated; awaiting approval
Targets: SW1, SW2

Options:

• A. Infrastructure as code using a version-controlled desired state

• B. Syslog-based configuration auditing

• C. Manual CLI configuration with post-change documentation

• D. SNMP-based monitoring of switch configuration state

Best answer: A

Explanation: Infrastructure as code represents infrastructure configuration as files or other artifacts that can be reviewed, version controlled, and applied consistently. In the exhibit, the VLAN is defined in a repository file, the change is on a branch, and a pipeline has generated a plan before approval. Those clues show a desired-state workflow rather than an operator manually typing commands on each switch. The repository artifact becomes the source of truth for the intended configuration, and the pipeline controls how it is deployed to SW1 and SW2. Monitoring and logging may help validate the result, but they are not the management approach shown here.

• SNMP monitoring can collect operational data, but the exhibit shows a planned configuration change stored in a repository.
• Manual CLI does not match the branch, file, and pipeline approval workflow shown in the exhibit.
• Syslog auditing records events after they occur, while the exhibit shows desired configuration being reviewed before deployment.

Question 3

Topic: AI, Network Operations and Management

A network engineer is writing a generative AI prompt to help troubleshoot an OSPFv2 adjacency issue between two Cisco IOS XE routers. The prompt will include this sanitized evidence:

Link R1 Gi0/0 <-> R2 Gi0/0: up/up
Both interfaces: area 0, same IPv4 /30 subnet
R1 show ip ospf neighbor: 2.2.2.2  EXSTART/-
Interface MTU: R1 Gi0/0 = 1500, R2 Gi0/0 = 1400

Which persona should the engineer specify in the prompt?

Options:

• A. Cloud cost optimization analyst reviewing monthly usage trends

• B. Cisco network operations engineer specializing in OSPF troubleshooting

• C. Help desk technician resetting end-user passwords

• D. Application developer debugging REST API authentication failures

Best answer: B

Explanation: The persona in a generative AI prompt should match the operational task and the evidence being provided. This scenario is about interpreting Cisco router output for an OSPFv2 neighbor problem, including adjacency state and interface MTU values. A Cisco network operations engineer with OSPF troubleshooting experience is the best fit because that role would focus on routing adjacency behavior, IOS XE show output, and practical validation commands. The persona does not need to solve unrelated business, application, or end-user support problems.

The key takeaway is to choose a persona that narrows the AI response toward the network technology, vendor context, and troubleshooting goal.

• Cost analyst is unrelated because the evidence is routing and interface state, not cloud billing or usage trends.
• Application developer is a poor fit because the symptom is an OSPF adjacency issue, not an API authentication problem.
• Help desk technician is too broad and user-support focused for interpreting Cisco IOS XE routing evidence.

Question 4

Topic: AI, Network Operations and Management

A network operations team wants to use a generative AI assistant to summarize show interfaces, show log, and show etherchannel summary output during a suspected switch uplink issue. The prompt must ask for practical validation steps without authorizing configuration changes. Which persona is most appropriate to include in the prompt?

Options:

• A. Cisco network operations troubleshooting analyst

• B. Autonomous IOS XE configuration agent

• C. Application database performance engineer

• D. Executive risk and compliance auditor

Best answer: A

Explanation: The persona in a generative AI prompt should match the operational task and the authority being granted. Here, the team needs help interpreting Cisco switch evidence and producing validation steps, not changing device configurations. A Cisco network operations troubleshooting analyst persona encourages outputs such as likely causes, relevant show commands, and safe next checks. It also aligns the response with network operations vocabulary such as interfaces, logs, and EtherChannel status.

A persona that is too broad, business-focused, or authorized to act autonomously can produce responses outside the intended scope. The key is to choose a role that has the right domain expertise and the right level of permission for the task.

• Database focus fails because the issue concerns switch uplinks and Cisco operational evidence, not application or database performance.
• Audit focus is too high-level for interpreting interface counters, logs, and EtherChannel status.
• Autonomous agent exceeds the constraint because the team wants validation guidance without authorizing configuration changes.

Question 5

Topic: AI, Network Operations and Management

Users on access switch SW1 report that VLAN 20 clients are receiving APIPA addresses. The DHCP server is reached through distribution switch DSW1 on uplink Gi1/0/48, and the VLAN 20 SVI on DSW1 already has the correct helper address. A digital network assistant recommends automatically disabling DHCP snooping for VLAN 20.

Exhibit:

SW1# show ip dhcp snooping
DHCP snooping is enabled
DHCP snooping VLANs: 20
Trusted interfaces: Gi1/0/48

SW1# show interfaces trunk
Port        Mode   Status    Allowed vlans
Gi1/0/48    on     trunking  10,30

What is the best next action supported by the evidence?

Options:

• A. Approve disabling DHCP snooping on VLAN 20

• B. Add VLAN 20 to the trunk after validation

• C. Reload SW1 to clear DHCP snooping bindings

• D. Configure a helper address on the VLAN 20 SVI

Best answer: B

Explanation: Agentic AI can assist troubleshooting, but its proposed configuration changes should be validated against network evidence before being applied. Here, DHCP snooping is enabled for VLAN 20, but the uplink to DSW1 is already trusted, so snooping is not the supported root cause. The trunk output shows Gi1/0/48 allows only VLANs 10 and 30, which prevents VLAN 20 DHCP traffic from reaching the distribution switch and its helper address. The evidence supports correcting the trunk allowed VLAN list through normal change control, not blindly accepting the assistant’s autonomous change.

• Disabling snooping is unsupported because the DHCP path uses a trusted uplink and removing snooping weakens security.
• Adding a helper is unnecessary because the stem states the VLAN 20 SVI already has the correct helper address.
• Reloading SW1 is disruptive and does not address the missing VLAN on the trunk.

Question 6

Topic: AI, Network Operations and Management

A campus printer stopped responding after an office move. A digital network assistant recommends changing interface Gi1/0/12 on the access switch to VLAN 30, but the recommendation does not cite any current show output or neighbor evidence. The goal is to restore service without disrupting another endpoint. Which action should the network administrator take?

Options:

• A. Create VLAN 30 on every access switch in the building.

• B. Apply switchport access vlan 30 to Gi1/0/12 immediately.

• C. Enable PortFast on Gi1/0/12 to speed printer connectivity.

• D. Validate interface and VLAN evidence before changing Gi1/0/12.

Best answer: D

Explanation: A digital network assistant can accelerate troubleshooting, but its recommendation should not be treated as verified configuration intent unless it is supported by current network evidence. In this case, the assistant suggests changing an access VLAN without citing interface status, MAC address learning, CDP/LLDP, VLAN membership, or ticket-to-port validation. The safer CCNA-level operational decision is to verify the affected port and VLAN facts first, then apply only the configuration that the evidence supports. This avoids moving the wrong endpoint or creating unnecessary VLAN changes.

• Immediate VLAN change is risky because the assistant did not prove that Gi1/0/12 is the printer port or that VLAN 30 is required.
• Building-wide VLAN creation changes the wrong scope and does not validate the affected access port.
• PortFast change targets spanning-tree convergence, not the unverified VLAN recommendation.

Question 7

Topic: AI, Network Operations and Management

A network operations team is adding monitoring for several IOS XE switches. The NMS must build 5-minute trend graphs for interface octet/error counters and device operational state. Immediate event alerts are already handled by syslog, and the NMS has IP reachability to the switches. Which SNMP configuration decision best meets the goal?

Options:

• A. Configure SNMP informs for all counter collection

• B. Configure SNMPv3 read-only polling from the NMS

• C. Configure only SNMP traps to the NMS

• D. Disable SNMP and rely only on syslog

Best answer: B

Explanation: SNMP polling is used when an NMS needs to periodically query device management information, such as interface counters, error counts, CPU-related objects, or interface operational state. In this scenario, the requirement is scheduled trend collection every 5 minutes, not unsolicited event notification. SNMPv3 read-only access is the best fit because it allows authenticated monitoring while limiting the NMS to retrieval rather than configuration changes. Traps and informs are useful for device-initiated notifications, such as link-up/link-down events; informs add acknowledgment compared with traps. They do not replace polling for regular counter trending. The key distinction is pull-based monitoring for counters versus push-based notification for events.

• Traps only fail because traps are unsolicited alerts and do not provide scheduled counter polling.
• Informs for counters misuse a notification mechanism that is intended for acknowledged event messages.
• Syslog only can report events, but it is not the normal mechanism for querying SNMP MIB counters over time.

Question 8

Topic: AI, Network Operations and Management

A network administrator is reviewing why an NMS shows both periodic interface utilization graphs and immediate link-down alerts for R1.

Exhibit: Packet-capture summary

10:00:00 10.10.10.50:43122 -> 10.10.10.1:161  SNMP GetRequest ifInOctets.2
10:00:00 10.10.10.1:161   -> 10.10.10.50:43122 SNMP Response ifInOctets.2
10:05:17 10.10.10.1:162   -> 10.10.10.50:162   SNMP Trap linkDown Gi0/1

Which interpretation best matches the exhibit?

Options:

• A. SNMP uses only notifications, so polling is not shown.

• B. The NMS polls the agent, and the agent sends notifications.

• C. The traffic is syslog because it reports a link-down event.

• D. R1 polls the NMS, and the NMS sends interface traps.

Best answer: B

Explanation: SNMP monitoring uses a manager-agent model. The NMS is the SNMP manager, and the network device runs the SNMP agent. Polling occurs when the manager sends requests, such as GetRequest messages, to read values from the agent, commonly over UDP 161. Notifications are event-driven messages from the agent to the manager, such as traps or informs, commonly sent to UDP 162. In the exhibit, the utilization graph data comes from polling ifInOctets, while the immediate link-down alert comes from an SNMP trap sent by R1. The key distinction is scheduled manager queries versus event-driven agent notifications.

• Reversed roles fails because the request originates from the NMS, while the device returns the SNMP response.
• Notifications only fails because the exhibit clearly includes a GetRequest and Response before the trap.
• Syslog confusion fails because the packet summary identifies SNMP operations and ports, not syslog messages.

Question 9

Topic: AI, Network Operations and Management

An engineer must verify the same NTP setting on several access switches after a maintenance window. The engineer runs a job from a management workstation and reviews this output.

Exhibit:

TASK [show running-config | include ntp server]
SW1 | SUCCESS => ntp server 10.10.10.20
SW2 | SUCCESS => ntp server 10.10.10.20
SW3 | FAILED  => SSH authentication failed
SW4 | SUCCESS => ntp server 10.10.10.20

What is the best interpretation of this management approach?

Options:

• A. It is automation-based management for a repeatable operation.

• B. It is controller-based management using a centralized control plane.

• C. It is cloud-based management because multiple devices are listed.

• D. It is manual device-based management over the console.

Best answer: A

Explanation: Automation-based management uses scripts or automation tools to perform repeatable network operations consistently across devices. In the exhibit, one task is run against several switches, producing per-device success or failure results. The failed SSH authentication on SW3 is an execution issue for that device, not a change in the management model.

The key takeaway is that repeatable, tool-driven command execution across multiple devices is automation-based management, even when one target fails.

• Controller-based management would imply a controller managing network behavior or policy, which is not shown by this command-execution job.
• Cloud-based management is not indicated merely because several switches appear in one output.
• Manual console management conflicts with the visible tool output that ran one task across multiple devices.

Question 10

Topic: AI, Network Operations and Management

A campus switch is managed by an infrastructure-as-code workflow. A laptop connected to Gi1/0/24 cannot obtain an address from the VLAN 30 DHCP scope after a move request.

Exhibit:

show interfaces status: Gi1/0/24 connected a-full a-1000 10
DHCP server log: no DISCOVER received from VLAN 30
Git repo access-ports.yml: Gi1/0/24 access_vlan: 10
Automation log: last run completed from commit 8f3c2a1, no drift detected

Which corrective action best addresses the root cause?

Options:

• A. Update access-ports.yml for VLAN 30 and deploy through the workflow

• B. Restart the VLAN 30 DHCP service

• C. Clear the MAC address table for Gi1/0/24

• D. Manually configure switchport access vlan 30 on Gi1/0/24

Best answer: A

Explanation: Infrastructure as code manages network configuration from declarative, version-controlled artifacts rather than treating the device CLI as the source of truth. The evidence shows that Gi1/0/24 is connected in VLAN 10, the Git artifact also declares VLAN 10, and the automation system reports no drift because the device matches the stored intent. The DHCP server never sees a VLAN 30 request because the port is not in VLAN 30. The durable fix is to update the intended configuration in the repository and let the automation workflow apply it. A one-time CLI change may be overwritten by the next reconciliation run.

• Manual CLI change may work briefly, but it bypasses the version-controlled source of truth.
• DHCP restart does not address why the client traffic is still in VLAN 10.
• MAC table clearing does not change the access VLAN or the managed intent.

Continue with full practice

Use the Cisco CCNA 200-301 v2.0 Practice Test page for the full IT Mastery practice bank, mixed-topic practice, timed mock exams, explanations, and web/mobile app access.

Try Cisco CCNA 200-301 v2.0 on Web View Cisco CCNA 200-301 v2.0 Practice Test

Related focused pages

• Free Cisco CCNA 200-301 v2.0 Full-Length Practice Exam
• Network Infrastructure and Connectivity
• Switching and Network Access
• IP Routing
• Network Services and Security

Free review resource

Read the Cisco CCNA 200-301 v2.0 Cheat Sheet on Tech Exam Lexicon, then return to IT Mastery for timed practice.