Cisco 350-401 Exam Practice Questions Answers

Implementing Cisco Enterprise Network Core Technologies (ENCOR) Questions and Answers

Question 1

Which two parameters are examples of a QoS traffic descriptor? (Choose two)

Options:

MPLS EXP bits

bandwidth

DSCP

ToS

packet size

Question 2

Refer to the exhibit.

An engineer must permit traffic from these networks and block all other traffic An informational log message should be triggered when traffic enters from these prefixes Which access list must be used?

Options:

access-list acl_subnets permit ip 10.0.32.0 0 0.0.255 log

access-list acl_subnets permit ip 10.0.32.0 0.0.7.255 log

access-list acl_subnets permit ip 10.0.32.0 0.0.7.255 access-list acl_subnets deny ip any log

access-list acl_subnets permit ip 10.0.32.0 255.255.248.0 log

Question 3

How must network management traffic be treated when defining QoS policies?

Options:

as delay-sensitive traffic in a low latency queue

using minimal bandwidth guarantee

using the same marking as IP routing

as best effort

Question 4

A client device roams between wireless LAN controllers that are mobility peers, Both controllers have dynamic interface on the same client VLAN which type of roam is described?

Options:

intra-VLAN

inter-controller

intra-controller

inter-subnet

Question 5

AN engineer is implementing a route map to support redistribution within BGP. The route map must configured to permit all unmatched routes. Which action must the engineer perform to complete this task?

Options:

Include a permit statement as the first entry

Include at least one explicit deny statement

Remove the implicit deny entry

Include a permit statement as the last entry

Question 6

Drag and drop the characteristics from the left onto the routing protocols they describe on the right.

Options:

Question 7

Refer to the exhibit.

Which JSON syntax is derived from this data?

Options:

Option A

Option B

Option C

Option D

Question 8

When is the Design workflow used In Cisco DNA Center?

Options:

in a greenfield deployment, with no existing infrastructure

in a greenfield or brownfield deployment, to wipe out existing data

in a brownfield deployment, to modify configuration of existing devices in the network

in a brownfield deployment, to provision and onboard new network devices

Question 9

How is a data modeling language used?

Options:

To enable data lo be easily structured, grouped, validated, and replicated

To represent finite and well-defined network elements that cannot be changed

To model the flows of unstructured data within the infrastructure

To provide human readability to scripting languages

Question 10

Refer to the exhibit.

What is the result when a switch that is running PVST+ is added to this network?

Options:

DSW2 operates in Rapid PVST+ and the new switch operates in PVST+

Both switches operate in the PVST+ mode

Spanning tree is disabled automatically on the network

Both switches operate in the Rapid PVST+ mode.

Question 11

What occurs when a high bandwidth multicast stream is sent over an MVPN using Cisco hardware?

Options:

The traffic uses the default MDT to transmit the data only if it isa (S,G) multicast route entry

A data MDT is created to if it is a (*, G) multicast route entries

A data and default MDT are created to flood the multicast stream out of all PIM-SM neighbors.

A data MDT is created to allow for the best transmission through the core for (S, G) multicast route entries.

Question 12

Refer to the exhibit.

A company requires that all wireless users authenticate using dynamic key generation. Which configuration must be applied?

Options:

AP(config-if-ssid)# authentication open wep wep_methods

AP(config-if-ssid)# authentication dynamic wep wep_methods

AP(config-if-ssid)# authentication dynamic open wep_dynamic

AP(config-if-ssid)# authentication open eap eap_methods

Question 13

An engineer configures GigabitEthernet 0/1 for VRRP group 115. The router must assume the primary role when it has the highest priority in the group. Which command set is required to complete this task?

Options:

Option A

Option B

Option C

Option D

Question 14

Refer to the exhibit.

The network administrator must be able to perform configuration changes when all the RADIUS servers are unreachable. Which configuration allows all commands to be authorized if the user has successfully authenticated?

Options:

aaa authorization exec default group radius none

aaa authentication login default group radius local none

aaa authorization exec default group radius if-authenticated

aaa authorization exec default group radius

Question 15

Drag and drop the REST API authentication methods from the left onto their descriptions on the right.

Options:

Question 16

What is YANG used for?

Options:

scraping data via CLI

processing SNMP read-only polls

describing data models

providing a transport for network configuration data between client and server

Question 17

How are map-register messages sent in a LISP deployment?

Options:

egress tunnel routers to map resolvers to determine the appropriate egress tunnel router

ingress tunnel routers to map servers to determine the appropriate egress tunnel router

egress tunnel routers to map servers to determine the appropriate egress tunnel router

ingress tunnel routers to map resolvers to determine the appropnate egress tunnel router

Question 18

Refer to the exhibit.

A network architect has partially configured static NAT. which commands should be asked to complete the configuration?

Options:

R1(config)#interface GigabitEthernet0/0 R1(config)#ip pat outside

R1(config)#interface GigabitEthernet0/1 R1(config)#ip pat inside

R1(config)#interface GigabitEthernet0/0 R1(config)#ip nat outside

R1(config)#interface GigabitEthernet0/1 R1(config)#ip nat inside

R1(config)#interface GigabitEthernet0/0 R1(config)#ip nat inside

R1(config)#interface GigabitEthernet0/1 R1(config)#ip nat outside

R1(config)#interface GigabitEthernet0/0 R1(config)#ip pat inside

R1(config)#interface GigabitEthernet0/1 R1(config)#ip pat outside

Question 19

Refer to the exhibit.

An engineer troubleshoots connectivity issues with an application. Testing is performed from the server gateway, and traffic with the DF bit set is dropped along the path after increasing packet size. Removing the DF bit setting at the gateway prevents the packets from being dropped. What is the cause of this issue?

Options:

PMTUD does not work due to ICMP Packet Too Big messages being dropped by an ACL

The remote router drops the traffic due to high CPU load

The server should not set the DF bit in any type of traffic that is sent toward the network

There is a CoPP policy in place protecting the WAN router CPU from this type of traffic

Question 20

By default, which virtual MAC address does HSRP group 16 use?

Options:

c0:41:43:64:13:10

00:00:0c 07:ac:10

00:05:5c:07:0c:16

05:00:0c:07:ac:16

Question 21

Refer to the exhibit.

CR2 and CR3 ate configured with OSPF. Which configuration, when applied to CR1. allows CR1 to exchange OSPF Information with CR2 and CR3 but not with other network devices or on new Interfaces that are added to CR1?

Options:

Option A

Option B

Option C

Option D

Question 22

Refer to the exhibit. An engineer attempts to configure a router on a stick to route packets between Clients, Servers, and Printers; however, initial tests show that this configuration is not working. Which command set resolves this issue?

Options:

Option A

Option B

Option C

Option D

Question 23

Which access point mode allows a supported AP to function like a WLAN client would, associating and identifying client connectivity issues?

Options:

client mode

SE-connect mode

sensor mode

sniffer mode

Question 24

Refer to the exhibit.

Which configuration change ensures that R1 is the active gateway whenever it is in a functional state for the 172.30.110.0724 network?

Options:

Option A

Option B

Option C

Option D

Question 25

Which cisco DNA center application is responsible for group-based accesss control permissions?

Options:

Design

Provision

Assurance

Policy

Question 26

A network administrator is implementing a routing configuration change and enables routing debugs to track routing behavior during the change. The logging output on the terminal is interrupting the command typing process. Which two actions can the network administrator take to minimize the possibility of typing commands incorrectly? (Choose two.)

Options:

Configure the logging synchronous global configuration command

Configure the logging delimiter feature

Configure the logging synchronous command under the vty

Press the TAB key to reprint the command in a new line

increase the number of lines on the screen using the terminal length command

Question 27

A customer requests a design that includes GLBP as the FHRP The network architect discovers that the members of the GLBP group have different throughput capabilities Which GLBP load balancing method supports this environment?

Options:

host dependent

least connection

round robin

weighted

Question 28

What is a characteristic of Cisco StackWise technology?

Options:

It uses proprietary cabling

It supports devices that are geographically separated

lt combines exactly two devices

It is supported on the Cisco 4500 series.

Question 29

An engineer is configuring a GRE tunnel interface in the default mode. The engineer has assigned an IPv4 address on the tunnel and sourced the tunnel from an Ethernet interface. Which option also is required on the tunnel interface before it is operational?

Options:

(config-if)#tunnel destination

(config-if)#keepalive

(config-if)#ip mtu

(config-if)#ip tcp adjust-mss

Question 30

Refer to the exhibit.

VPN-A sends point-to-point traffic to VPN-B and receives traffic only from VPN-C VPN-B sends point-to-point traffic to VPN-C and receives traffic only from VPN-A Which configuration is applied?

Options:

Option A

Option B

Option C

Option D

Question 31

Refer to the exhibit.

How does the router handle traffic after the CoPP policy is configured on the router?

Options:

Traffic coming to R1 that does not match access list SNMP is dropped.

Traffic coming to R1 that matches access list SNMP is policed.

Traffic passing through R1 that matches access list SNMP is policed.

Traffic generated by R1 that matches access list SNMP is policed.

Question 32

Which action is performed by Link Management Protocol in a Cisco StackWise Virtual domain?

Options:

It rejects any unidirectional link traffic forwarding

It determines if the hardware is compatible to form the StackWise Virtual domain

discovers the StackWise domain and brings up SVL interfaces.

It determines which switch becomes active or standby

Question 33

Which LISP device is responsible for publishing EID-to-RLOC mappings for a site?

Options:

ETR

ITR

Question 34

Refer to the exhibit.

Which command set changes the neighbor state from Idle (Admin) to Active?

Options:

Option A

Option B

Option C

Option D

Question 35

Refer to the exhibit.

An engineer must configure a SPAN session. What is the effect of the configuration?

Options:

Traffic sent on VLANs 10, 11, and 12 is copied and sent to interface g0/1.

Traffic sent on VLANs 10 and 12 only is copied and sent to interface g0/1.

Traffic received on VLANs 10, 11, and 12 is copied and sent to Interface g0/1.

Traffic received on VLANs 10 and 12 only is copied and sent to interface g0/1.

Question 36

AN engineer is implementing MPLS OAM to monitor traffic within the MPLS domain. Which action must the engineer perform to prevent from being forwarded beyond the service provider domain when the LSP is down?

Options:

Disable IP redirects only on outbound interfaces

Implement the destination address for the LSP echo request packet in the 127.x.y.z/8 network

Disable IP redirects on all ingress interfaces

Configure a private IP address as the destination address of the headend router of Cisco MPLS TE.

Question 37

What is required for intercontroller Layer 3 roaming?

Options:

Mobility groups are established between wireless controllers.

The management VLAN is present as a dynamic VLAN on the second WLC.

WLCs use separate DHCP servers.

WLCs have the same IP addresses configured on their interfaces.

Question 38

Why would a log file contain a * next to the date?

Options:

The network device was receiving NTP time when the log messages were recorded.

The network device was unable to reach The NTP server when the log messages were recorded

The network device is not configured to use NTP.

The network device is nor configured to use NTP time stamps for logging

Question 39

A client device roams between access points located on different floors in an atrium. The access points are Joined to the same controller and configured in local mode. The access points are in different AP groups and have different IP addresses, but the client VLAN in the groups is the same. Which type of roam occurs?

Options:

inter-controller

inter-subnet

intra-VLAN

intra-controller

Question 40

Refer to the exhibit.

An engineer attempts to bundle interface Gi0/0 into the port channel, but it does not function as expected. Which action resolves the issue?

Options:

Configure channel-group 1 mode active on interface Gi0/0.

Configure no shutdown on interface Gi0/0

Enable fast LACP PDUs on interface Gi0/0.

Set LACP max-bundle to 2 on interface Port-channeM

Question 41

Drag and drop the characteristics from the left onto the deployment models on the right.

Options:

Question 42

What is a characteristic of Cisco DNA Northbound APIs?

Options:

They simplify the management of network infrastructure devices.

They enable automation of network infrastructure based on intent.

They utilize RESTCONF.

They utilize multivendor support APIs.

Question 43

In a Cisco SD-Access solution, which protocol is used by an extended node to connect to a single edge node?

Options:

VXLAN

IS-IS

802 1Q

CTS

Question 44

What is required for a virtual machine to run?

Options:

a Type 1 hypervisor and a host operating system

a hypervisor and physical server hardware

only a Type 1 hypervisor

only a Type 2 hypervisor

Question 45

Drag and drop the characteristics from the left onto the infrastructure deployment models on the right.

Options:

Question 46

Refer to the exhibit.

An engineer configures OSPF and wants to verify the configuration Which configuration is applied to this device?

Options:

Option A

Option B

Option C

Option D

Question 47

Which protocol infers that a YANG data model is being used?

Options:

SNMP

NX-API

REST

RESTCONF

Question 48

Refer to the exhibit.

An engineer must configure HSRP for VLAN 1000 on SW2. The secondary switch must immediately take over the role of active router If the interlink with the primary switch fails. Which command set completes this task?

Options:

Option A

Option B

Option C

Option D

Question 49

Refer to the exhibit. PC-1 must access the web server on port 8080. To allow this traffic, which statement must be added to an access control list that is applied on SW2 port G0/0 in the inbound direction?

Options:

permit host 172.16.0.2 host 192.168.0.5 eq 8080

permit host 192.168.0.5 host 172.16.0.2 eq 8080

permit host 192.168.0.5 eq 8080 host 172.16.0.2

permit host 192.168.0.5 it 8080 host 172.16.0.2

Question 50

Which NGFW mode block flows crossing the firewall?

Options:

Passive

Tap

Inline tap

Inline

Question 51

Why would an engineer use YANG?

Options:

to transport data between a controller and a network device

to access data using SNMP

to model data for NETCONF

to translate JSON into an equivalent XML syntax

Question 52

When firewall capabilities are considered, which feature is found only in Cisco next-generation firewalls?

Options:

malware protection

stateful inspection

traffic filtering

active/standby high availability

Question 53

Which feature does Cisco TrustSec use to provide scalable, secure communication throughout a network?

Options:

security group tag ACL assigned to each port on a switch

security group tag number assigned to each port on a network

security group tag number assigned to each user on a switch

security group tag ACL assigned to each router on a network

Question 54

A customer transitions a wired environment to a Cisco SD-Access solution. The customer does not want to integrate the wireless network with the fabric. Which wireless deployment approach enables the two systems to coexist and meets the customer requirement?

Options:

Deploy the APs in autonomous mode

Deploy the wireless network over the top of the fabric

Deploy a separate network for the wireless environment

Implement a Cisco DNA Center to manage the two networks

Question 55

What do Cisco DNA southbound APIs provide?

Options:

Interface between the controller and the network devices

NETCONF API interface for orchestration communication

RESful API interface for orchestrator communication

Interface between the controller and the consumer

Question 56

Drag and drop the characteristics from the left onto the routing protocols they describe on the right.

Options:

Question 57

In a Cisco SD-WAN solution, which two functions are performed by OMP? (Choose two.)

Options:

advertisement of network prefixes and their attributes

configuration of control and data policies

gathering of underlay infrastructure data

delivery of crypto keys

segmentation and differentiation of traffic

Question 58

Drag and drop the snippets onto the blanks within the code to construct a script that adds a prefix list to a route map and sets the local preference. Not all options are used

Options:

Question 59

Refer to the exhibit.

Which command set must be added to the configuration to analyze 50 packets out of every 100?

Options:

Option A

Option B

Option C

Option D

Question 60

Which two items are found in YANG data models? (Choose two.)

Options:

HTTP return codes

rpc statements

JSON schema

container statements

XML schema

Question 61

An engineer must create an EEM applet that sends a syslog message in the event a change happens in the network due to trouble with an OSPF process. Which action should the engineer use?

Options:

action 1 syslog msg "OSPF ROUTING ERROR"

action 1 syslog send "OSPF ROUTING ERROR"

action 1 syslog pattern "OSPF ROUTING ERROR"

action 1syslog write "OSPF ROUTING ERROR"

Question 62

An engineer must configure AAA on a Cisco 9800 WLC for central web authentication Which two commands are needed to accomplish this task? (Choose two.)

Options:

Option A

Option B

Option C

Option D

Option E

Question 63

Refer to the Exhibit.

An engineer is installing a new pair of routers in a redundant configuration. When checking on the standby status of each router the engineer notices that the routers are not functioning as expected. Which action will resolve the configuration error?

Options:

configure matching hold and delay timers

configure matching key-strings

configure matching priority values

configure unique virtual IP addresses

Question 64

What is the function of vBond in a Cisco SD-WAN deployment?

Options:

initiating connections with SD-WAN routers automatically

pushing of configuration toward SD-WAN routers

onboarding of SD-WAN routers into the SD-WAN overlay

gathering telemetry data from SD-WAN routers

Question 65

Which mobility role is assigned to a client in the client table of the new controller after a Layer 3 roam?

Options:

anchor

foreign

mobility

transparent

Question 66

How is a data modelling language used?

Options:

To enable data to be easily structured, grouped, validated, and replicated.

To represent finite and well-defined network elements that cannot be changed.

To model the flows of unstructured data within the infrastructure

To provide human readability to scripting languages

Question 67

What are two characteristics of vManage APIs? (Choose two.)

Options:

Southbound API is based on OMP and DTLS.

Northbound API is RESTful, using JSON.

Northbound API is based on RESTCONF and JSON.

Southbound API is based on NETCONF and XML.

Southbound API is based on RESTCONF and JSON.

Question 68

Which function does a Cisco SD-Access extended node perform?

Options:

provides fabric extension to nonfabric devices through remote registration and configuration

performs tunneling between fabric and nonfabric devices to route traffic over unknown networks

used to extend the fabric connecting to downstream nonfabric enabled Layer 2 switches

in charge of establishing Layer 3 adjacencies with nonfabric unmanaged node

Question 69

Drag and drop the characteristics from the left onto the orchestration tools that they describe on the right.

Options:

Question 70

Why would a customer implement an on-premises solution instead of a cloud solution?

Options:

On-premises Offers greater compliance for government regulations than cloud

On-premises offers greater scalability than cloud.

On-premises oilers shorter deployment time than cloud.

On-premises is more secure man cloud.

Question 71

Refer to the exhibit An engineer is troubleshooting a newly configured BGP peering that does not establish What is the reason for the failure?

Options:

BGP peer 10 255 255 3 is not configured for peenng wth R1

Mandatory BOP parameters between R1 and 10 255 255 3 are mismatched

A firewall is blocking access to TCP port 179 on the BGP peer 10 255 255.3

Both BGP pern are configured for passive TCP transport

Question 72

In a Cisco StackWise Virtual environment, which planes are virtually combined in the common logical switch?

Options:

control, and forwarding

management and data

control and management

control and data

Question 73

Refer to Ihe exhibit. An engineer must update the existing configuation to achieve these resu ts:

• Only administrators from the 192.168 1.0.'?4 subnet can access the vty lines.

* Access to the vty lines using clear-text protocols is prohibited.

Which command set should be appled?

Options:

Option A

Option B

Option C

Option D

Answer:

Explanation:

Option B is the correct command set to update the existing configuration to achieve the desired results. The configuration steps are as follows12:

Define a standard access list that permits only the administrators from the 192.168.1.0/24 subnet to access the vty lines. In this case, the access list is named ADMIN and it allows any host with an IP address in the range of 192.168.1.1 to 192.168.1.254 to access the vty lines: ip access-list standard ADMIN and permit 192.168.1.0 0.0.0.255.
Apply the access list to the vty lines using the access-class command. This command restricts incoming and outgoing connections between a particular vty and the addresses in the access list. In this case, the access list ADMIN is applied to the vty lines 0 to 15 in the inbound direction, which means that only the hosts that match the access list can initiate a connection to the vty lines: line vty 0 15 and access-class ADMIN in.
Disable the clear-text protocols such as Telnet for the vty lines using the transport input command. This command specifies which protocols are allowed for incoming connections. In this case, only SSH is allowed for the vty lines, which is a secure protocol that encrypts the data between the client and the server: transport input ssh.

Option A is incorrect because it does not apply the access list to the vty lines, which is required to restrict the access to the administrators from the 192.168.1.0/24 subnet. Without the access-class command, any host can attempt to connect to the vty lines12.

Option C is incorrect because it does not disable the clear-text protocols for the vty lines, which is required to prohibit the access to the vty lines using unsecure protocols. Without the transport input ssh command, both Telnet and SSH are allowed for the vty lines by default12.

Option D is incorrect because it uses an extended access list instead of a standard access list, which is not recommended for controlling access to the vty lines. An extended access list requires more configuration and processing than a standard access list, and it cannot be applied directly to the vty lines. It has to be applied to each interface that can be used to access the vty lines, which increases the complexity and the possibility of errors12. References: 1: Controlling Access to a Virtual Terminal Line, 2: Configuring Secure Shell

Question 74

Which Python code snippet must be added to the script to store the changed interface configuration to a local JSON-formatted file?

Options:

Option A

Option B

Option C

Option D

Question 75

A company recently rearranged some users' workspaces and moved several users to different desks. The network administrator receives a report that all of the users who were moved are having connectivity issues. Which of the following is the most likely reason?

Options:

Ports are error disabled.

Ports are administratively down.

Ports are having an MDIX issue.

Ports are trunk ports.

Question 76

Which there application has the ability to make REST calls against Cisco DNA Center?

Options:

API Explorer

REST Explorer

Postman

Mozilla

Question 77

Refer to the exhibit Users cannot reach the web server at 192.168 100 1. What is the root cause for the failure?

Options:

The server is attempting to load balance between links 10.100 100.1 and 10 100.200.1.

The server is out of service.

There is a loop in the path to the server.

The gateway cannot translate the server domain name.

Question 78

Simulation 01

BGP connectivity exists between Headquarters and both remote sites; however, Remote Site 1 cannot communicate with Remote Site 2. Configure BGP according to the topology to

goals:

1. Configure R1 and R3 under the BGP process to provide reachability between Remote Site 1 and Remote Site 2. No configuration changes are permitted on R2.

2. Ensure that the /32 networks at Remote Site 1 and Remote Site 2 can ping each other.

Options:

Question 79

A customer has a pair of Cisco 5520 WLCs set up in an SSO cluster to manage all APs. Guest traffic is anchored to a Cisco 3504 WLC located in a DMZ. Which action is needed to ensure that the EolP tunnel remains in an UP state in the event of failover on the SSO cluster?

Options:

Configure back-to-back connectivity on the RP ports.

Enable default gateway reachability check.

Use the same mobility domain on all WLCs.

Use the mobility MAC when the mobility peer is configured.

Question 80

Refer to the exhibit. An engineer attempts to configure standby group 512 on interface GigabitEthernet0/1, but the configuration is not accepted. Which command resolves this problem?

Options:

standby version 2

standby 512 preempt

standby redirects

standby 512 priority 100

Question 81

Which action limits the total amount of memory and CPU that is used by a collection of VMs?

Options:

Place the collection of VMs in a resource pool.

Place the collection of VMs in a vApp.

Limit the amount of memory and CPU that is available to the cluster.

Limit the amount of memory and CPU that is available to the individual VMs.

Question 82

What is a benefit of Cisco TrustSec in a multilayered LAN network design?

Options:

Policy or ACLS are nor required.

There is no requirements to run IEEE 802.1X when TrustSec is enabled on a switch port.

Applications flows between hosts on the LAN to remote destinations can be encrypted.

Policy can be applied on a hop-by-hop basis.

Question 83

A VoIP phone is plugged in to a port but cannot receive calls. Which of the following needs to be done on the port to address the issue?

Options:

Trunk all VLANs on the port.

Configure the native VLAN.

Tag the traffic to voice VLAN.

Disable VLANs.

Question 84

A customer has a wireless network deployed within a multi-tenant building. The network provides client access, location-based services, and is monitored using Cisco DNA Center. The security department wants to locate and track malicious devices based on threat signatures. Which feature is required for this solution?

Options:

Cisco aWIPS policies on the WLC

Cisco aWIPS policies on Cisco DNA Center

malicious rogue rules on the WLC

malicious rogue rules on Cisco DNA Center

Question 85

An engineer must configure GigabitEthernet 0/0 for VRRP group 65. The rouler must assume the primary rote when it has the highest priority in the group. Which command set must be applied?

Options:

Option A

Option B

Option C

Option D

Question 86

A customer deploys a new wireless network to perform location-based services using Cisco DNA Spaces The customer has a single WLC located on-premises in a secure data center. The security team does not want to expose the WLC to the public Internet. Which solution allows the customer to securely send RSSI updates to Cisco DNA Spaces?

Options:

Implement Cisco Mobility Services Engine

Replace the WLC with a cloud-based controller.

Perform tethering with Cisco DNA Center.

Deploy a Cisco DNA Spaces connector as a VM.

Question 87

An engineer is configuring RADIUS-Based Authentication with EAP MS-CHAPv2 is configured on a client device.

Which outer method protocol must be configured on the ISE to support this

authentication type?

Options:

EAP-TLS

PEAP

LDAP

EAP-FAST

Question 88

Refer to the exhibit.

Extended access-list 100 is configured on interface GigabitEthernet 0/0 in an inbound direction, but it does not have the expected behavior of allowing only packets to or from 192.168.0.0/16. Which command set properly configures the access list?

Options:

R1(config)#no access-list 100 seq 10

R1(config)#access-list 100 seq 40 deny ip any any

R1(config)#ip access-list extended 100

R1(config-ext-nacl)#no 10

R1(config)#no access-list 100 deny ip any any

R1(config)#ip access-list extended 100

R1(config-ext-nacl)#5 permit to any any

Question 89

Which of the following are examples of Type 2 hypervisors? (Choose three.)

Options:

VMware ESXi

Oracle VirtualBox

Oracle Solaris Zones

Microsoft Hyper-V

Microsoft Virtual PC

Question 90

What is a characteristics of VXLAN?

Options:

It extends Layer 2 and Layer 3 overlay networks over a Layer 2 underlay.

It has a 12-byt packet header.

It frame encapsulation is performed by MAC-In-UDP

It uses TCP for transport

Question 91

Refer to the exhibit. Cisco IOS routers R1 and R2 are interconnected using interface Gi0/0. Which configuration allows R1 and R2 to form an OSPF neighborship on interface Gi0/0?

Options:

Option A

Option B

Option C

Option D

Question 92

Which two pieces of information are necessary to compute SNR? (Choose two.)

Options:

transmit power

noise floor

EIRP

antenna gain

RSSI

Question 93

Which Cisco WLC feature allows a wireless device to perform a Layer 3 roam between two separate controllers without changing the client IP address?

Options:

mobile IP

mobility tunnel

LWAPP tunnel

GRE tunnel

Question 94

Which language defines the structure or modelling of data for NETCONF and RESTCONF?

Options:

YAM

YANG

JSON

XML

Question 95

In Cisco DNA Center, what is the integration API?

Options:

southbound consumer-facing RESTful API. which enables network discovery and configuration management

westbound interface, which allows the exchange of data to be used by ITSM. IPAM and reporting

an interface between the controller and the network devices, which enables network discovery and configuration management

northbound consumer-facing RESTful API, which enables network discovery and configuration management

Question 96

What is the purpose of the weight attribute in an EID-lo-RLOC mapping?

Options:

it indicates the preference for using LISP over native IP connectivity.

it determines the administrative distance of LISP generated routes in the RIB

It identifies the preferred RLOC address family.

it indicates the load-balancing ratio between CTRs of 9m earns priority.

Question 97

In which way are EIGRP and OSPF similar?

Options:

They both support unequal-cost load balancing

They both support MD5 authentication for routing updates.

They nave similar CPU usage, scalability, and network convergence times.

They both support autosummarization

Question 98

Refer to the exhibit. Which command set enables router R2 to be configured via NETCONF?

Options:

Option A

Option B

Option C

Option D

Question 99

Refer to the exhibit.

An engineer must create a manually triggered EEM applet to enable the R2 router interface and assign an IP address to it. What is required to complete this configuration?

Options:

R2(config-applel)# event oir

R2(config-apple)#action 4 cli command "ip add 172.16.1.1 0.0.0.255"

R2(config)# event manager session cli username

R2(config-apple)# event none sync yes

Question 100

An engineer applies this EEM applet to a router:

What does the applet accomplish?

Options:

It generates a syslog message every 600 seconds on the status of the specified MAC address.

It checks the MAC address table every 600 seconds to see if the specified address has been learned.

It compares syslog output to the MAC address table every 600 seconds and generates an event when there is a match.

It compares syslog output to the MAC address table every 600 seconds and generates an event when no match is found.

Question 101

Refer to the exhibit. An engineer configures HSRP and enters the show standby command. Which two facts about the network environment are derived from the output? (Choose two.)

Options:

The local device has a higher priority selling than the active router

The virtual IP address of the HSRP group is 10.1.1.1.

If the local device fails to receive a hello from the active router for more than 5 seconds, it becomes the active router.

The hello and hold timers are set to custom values.

If a router with a higher IP address and same HSRP priority as the active router becomes available, that router becomes the new active router 5 seconds later.

Question 102

When a DNS host record is configured for a new Cisco AireOS WLC, which hostname must be added to allow APs to successfully discover the WLC?

Options:

CONTROLLER-CAPWAP-CISCO

CISCO-CONTROLLER-CAPWAP

CAPWAP-CISCO-CONTROLLER

CISCO-CAPWAP-CONTROLLER

Question 103

What is one characteristic of VXLAN?

Options:

It supports a maximum of 4096 VLANs.

It supports multitenant segments.

It uses STP to prevent loops in the underlay network.

It uses the Layer 2 header to transfer packets through the network underlay.

Question 104

Which DNS lookup does an access point perform when attempting CAPWAP discovery?

Options:

CISCO-DNA-CONTROLLER local

CAPWAP-CONTROLLER local

CISCO-CONTROLLER local

CISCO-CAPWAP-CONTROLLER local

Question 105

: 194

Refer to the exhibit.

Which type of antenna is shown on the radiation patterns?

Options:

Yagi

dipole

patch

omnidirectional

Question 106

Which hypervisor requires a host OS to run and is not allowed to directly access the hosts hardware and resources?

Options:

native

bare metal

type 1

type 2

Question 107

Company policy restricts VLAN 10 to be allowed only on SW1 and SW2. All other VLANs can be on all three switches. An administrator has noticed that VLAN 10 has propagated to SW3. Which configuration corrects the issue?

Options:

SW1(config)#intgi1/1

SW1(config)#switchport trunk allowed vlan 1-9,11-4094

SW2(config)#intgi1/2

SW2(config)#switchport trunk allowed vlan 10

SW2(config)#int gi1/2

SW2(config)#switchport trunk allowed vlan 1-9,11-4094

SWl(config)#intgi1/1

SW1(config)#switchport trunk allowed vlan 10

Question 108

Refer to the exhibit What does this Python script do?

Options:

enters the RAOIUS username for a specific IP address

writes the username for a specific IP address into a light database

enters the TACACS* username for a specific IP address

reads the username for a specific IP address from a light database

Question 109

An engineer must configure router R1 to validate user logins via RADIUS and fall back to the local user database if the RADIUS server is not available. Which configuration must be applied?

Options:

aaa authorization exec default radius local

aaa authorization exec default radius

aaa authentication exec default radius local

aaa authentication exec default radius

Question 110

Which device is responsible for finding EID-to-RLOC mappings when traffic is sent to a LISP-capable site?

Options:

map server

map resolver

ingress tunnel router

egress tunnel router

Question 111

Which method ensures the confidentiality ot data exchanged over a REST API?

Options:

Use the POST method instead of URL-encoded GET to pass parameters.

Encode sensitive data using Base64 encoding.

Deploy digest-based authentication to protect the access to the API.

Use TLS to secure the underlying HTTP session.

Question 112

Drag and drop the tools from the left onto the agent types on the right.

Options:

Question 113

What does the statement print(format(0.8, '.0%')) display?

Options:

80%

.08%

8.8%

Question 114

An engineer must use flexible NetFlow on a group of switches. To prevent overloading of the flow collector, if the flow is idle for 20 seconds, the flow sample should be exported. Which command set should be applied?

Options:

Option A

Option B

Option C

Option D

Answer:

Explanation:

Option C is the correct set of commands to apply flexible NetFlow on a group of switches with the given requirement. The configuration steps are as follows12:

Define a flow record that specifies the fields to be collected and exported for the flows. In this case, the flow record is named FNF-RECORD and it collects the source and destination IP addresses, the input and output interfaces, the transport protocol, and the source and destination port numbers: flow record FNF-RECORD and match ipv4 source address, match ipv4 destination address, match interface input, match interface output, match transport protocol, match transport source-port, match transport destination-port.
Define a flow exporter that specifies the destination and transport protocol for sending the flow data. In this case, the flow exporter is named FNF-EXPORTER and it uses UDP port 9996 to send the flow data to the IP address 10.10.10.10: flow exporter FNF-EXPORTER and destination 10.10.10.10, transport udp 9996.
Define a flow monitor that applies the flow record and the flow exporter to the monitored traffic. In this case, the flow monitor is named FNF-MONITOR and it uses the flow record FNF-RECORD and the flow exporter FNF-EXPORTER. It also sets the cache timeout for inactive flows to 20 seconds, which means that the flow sample will be exported if the flow is idle for 20 seconds: flow monitor FNF-MONITOR and record FNF-RECORD, exporter FNF-EXPORTER, cache timeout inactive 20.
Apply the flow monitor to the interfaces that need to be monitored. In this case, the flow monitor FNF-MONITOR is applied to the input and output direction of the interface GigabitEthernet0/1: interface GigabitEthernet0/1 and ip flow monitor FNF-MONITOR input, ip flow monitor FNF-MONITOR output.

Option A is incorrect because it does not set the cache timeout for inactive flows to 20 seconds, which is required by the question. The default cache timeout for inactive flows is 15 seconds1.

Option B is incorrect because it does not apply the flow monitor to the output direction of the interface, which is required to capture both incoming and outgoing traffic on the interface1.

Option D is incorrect because it does not use a flow record to specify the fields to be collected and exported for the flows, which is required to customize the flow data according to the user’s needs1. References: 1: Configuring Flexible NetFlow, 2: Flexible NetFlow Configuration Guide

Question 115

A company hires a network architect to design a new OTT wireless solution within a Cisco SD-Access Fabric wired network. The architect wants to register access points to the WLC to centrally switch the traffic. Which AP mode must the design include?

Options:

Bridge

Fabric

FlexConnect

local

Question 116

Drag and drop the characteristics from the left onto the switching mechanisms they describe on the right.

Options:

Question 117

Drag and drop the characteristics from the left onto the routing protocol they describe on the right

Options:

Question 118

Drag and drop the characteristics from the left onto the architectures on the right.

Options:

Question 119

Refer to the exhibit. What is printed to the console when this script is run?

Options:

a key-value pair in tuple type

a key-value pair in list type

a key-value pair in string type

an error

Question 120

How do the RIB and the FIB differ?

Options:

FIB contains routes learned through a dynamic routing protocol, and the RIB contains routes that are static or directly connected.

RIB contains the interface for a destination, and the FIB contains the next hop information.

FIB is derived from the control plane, and the RIB is derived from the data plane.

RIB is derived from the control plane, and the FIB is derived from the RIB.

Question 121

Where in Cisco DNA Center is documentation of each API call, organized by its functional area?

Options:

Developer Toolkit

platform management

platform bundles

Runtime Dashboard

Question 122

Which Quality of Service (QoS) mechanism allows the network administrator to control the maximum rate of traffic received or sent on a given interface?

Options:

Policing

Marking

Queueing

Classification

Question 123

What does the Cisco DNA Center Authentication API provide?

Options:

list of global issues that are logged in Cisco DNA Center

access token to make calls to Cisco DNA Center

list of VLAN names

dent health status

Question 124

What is a command-line tool for consuming REST APIs?

Options:

Postman

CURL

Firefox

Python requests

Question 125

Refer to the exhibit.

Which configuration must be applied for the TACACS+ server to grant access-level rights to remote users?

Options:

R1(config)# aaa authentication login enable

R1(config)# aaa authorization exec default local if-authenticated

R1(config)# aaa authorization exec default group tacacs+

R1(config)# aaa accounting commands 15 default start-stop group tacacs+

Question 126

Refer to the exhibit.

An LACP port channel is configured between Switch-1 and Switch-2, but It falls to come up. Which action will resolve the issue?

Options:

Configure Switch-1 with channel-group mode active

Configure Switch-2 with channel-group mode desirable.

Configure Switch-1 with channel-group mode on.

Configure SwKch-2 with channel-group mode auto

Question 127

What is the function of a fabric border node in a Cisco SD-Access environment?

Options:

To collect traffic flow information toward external networks

To connect the Cisco SD-Access fabric to another fabric or external Layer 3 networks

To attach and register clients to the fabric

To handle an ordered list of IP addresses and locations for endpoints in the fabric.

Question 128

Drag and drop the characteristics from the left onto the routing protocols they describe on the right.

Options:

Question 129

What is a characteristic of MACsec?

Options:

802.1AE provides encryption and authentication services

802.1AE is bult between the host and switch using the MKA protocol, which negotiates encryption keys based on the master session key from a successful 802.1X session

802.1AE is bult between the host and switch using the MKA protocol using keys generated via the Diffie-Hellman algorithm (anonymous encryption mode)

802.1AE is negotiated using Cisco AnyConnect NAM and the SAP protocol

Question 130

Drag and drop the solutions that comprise Cisco Cyber Threat Defense from the left onto the objectives they accomplish on the right.

Options:

Question 131

An engineer has deployed a single Cisco 5520 WLC with a management IP address of 172.16.50.5/24. The engineer must register 50 new Cisco AIR-CAP2802I-E-K9 access points to the WLC using DHCP option 43. The access points are connected to a switch in VLAN 100 that uses the 172.16.100.0/24 subnet. The engineer has configured the DHCP scope on the switch as follows:

The access points are failing to join the wireless LAN controller. Which action resolves the issue?

Options:

configure option 43 Hex F104.AC10.3205

configure option 43 Hex F104.CA10.3205

configure dns-server 172.16.50.5

configure dns-server 172.16.100.1

Question 132

Which data is properly formatted with JSON?

Options:

Option A

Option B

Option C

Option D

Question 133

Refer to the exhibit. Which two commands are needed to allow for full reachability between AS 1000 and AS 2000? (Choose two)

Options:

R1#network 192.168.0.0 mask 255.255.0.0

R2#no network 10.0.0.0 255.255.255.0

R2#network 192.168.0.0 mask 255.255.0.0

R2#network 209.165.201.0 mask 255.255.192.0

R1#no network 10.0.0.0 255.255.255.0

Question 134

Refer to the exhibit. The connecting between SW1 and SW2 is not operational. Which two actions resolve the issue? (Choose two)

Options:

configure switchport mode access on SW2

configure switchport nonegotiate on SW2

configure switchport mode trunk on SW2

configure switchport nonegotiate on SW1

configure switchport mode dynamic desirable on SW2

Question 135

Refer to the exhibit. Rapid PVST+ is enabled on all switches. Which command set must be configured on switch1 to achieve the following results on port fa0/1?

Options:

Option A

Option B

Option C

Option D

Question 136

Which line must be added in the Python function to return the JSON object {"cat_9k": “FXS193202SE")?

Options:

Option A

Option B

Option C

Option D

Question 137

Which action is the vSmart controller responsible for in an SD-WAN deployment?

Options:

handle, maintain, and gather configuration and status for nodes within the SD-WAN fabric

distribute policies that govern data forwarding performed within the SD-WAN fabric

gather telemetry data from vEdge routers

onboard vEdge nodes into the SD-WAN fabric

Question 138

Refer to the exhibit. An engineer has configured Cisco ISE to assign VLANs to clients based on their method of authentication, but this is not working as expected. Which action will resolve this issue?

Options:

require a DHCP address assignment

utilize RADIUS profiling

set a NAC state

enable AAA override

Question 139

Refer to the exhibit How was spanning-tree configured on this interface?

Options:

By entering the command spanning-tree portfast trunk in the interface configuration mode.

By entering the command spanning-tree portfast in the interface configuration mode

By entering the command spanning-tree mst1 vlan 10,20,30,40 in the global configuration mode

By entering the command spanning-tree vlan 10,20,30,40 root primary in the interface configuration mode

Question 140

A network administrator applies the following configuration to an IOS device.

What is the process of password checks when a login attempt is made to the device?

Options:

A TACACS+server is checked first. If that check fail, a database is checked?

A TACACS+server is checked first. If that check fail, a RADIUS server is checked. If that check fail. a local database is checked.

A local database is checked first. If that fails, a TACACS+server is checked, if that check fails, a RADUIS server is checked.

A local database is checked first. If that check fails, a TACACS+server is checked.

Question 141

Drag and drop the DHCP messages that are exchanged between a client and an AP into the order they are exchanged on the right.

Options:

Question 142

Refer to the exhibit. Which configuration must be applied to R to enable R to reach the server at 172.16.0.1?

Options:

Option A

Option B

Option C

Option D

Question 143

Which measure is used by an NTP server to indicate its closeness to the authoritative time source?

Options:

latency

hop count

time zone

stratum

Question 144

Refer to the exhibit.

An engineer must block all traffic from a router to its directly connected subnet 209.165.200.0/24. The engineer applies access control list EGRESS in the outbound direction on the GigabitEthernet0/0 interface of the router However, the router can still ping hosts on the 209.165.200.0/24 subnet. Which explanation of this behavior is true?

Options:

Access control lists that are applied outbound to a router interface do not affect traffic that is sourced from the router.

Only standard access control lists can block traffic from a source IP address.

After an access control list is applied to an interface, that interface must be shut and no shut for the access control list to take effect.

The access control list must contain an explicit deny to block traffic from the router.

Question 145

How does an on-premises infrastructure compare to a cloud infrastructure?

Options:

On-premises can increase compute power faster than cloud

On-premises requires less power and cooling resources than cloud

On-premises offers faster deployment than cloud

On-premises offers lower latency for physically adjacent systems than cloud.

Question 146

Refer to the exhibit.

An engineer must create a configuration that executes the show run command and then terminates the session when user CCNP legs in. Which configuration change is required?

Options:

Add the access-class keyword to the username command

Add the access-class keyword to the aaa authentication command

Add the autocommand keyword to the username command

Add the autocommand keyword to the aaa authentication command

Question 147

What is the purpose of the LISP routing and addressing architecture?

Options:

It creates two entries for each network node, one for Its identity and another for its location on the network.

It allows LISP to be applied as a network visualization overlay though encapsulation.

It allows multiple Instances of a routing table to co-exist within the same router.

It creates head-end replication used to deliver broadcast and multicast frames to the entire network.

Question 148

Refer to the exhibit. What is the effect of this configuration?

Options:

When users attempt to connect to vty lines 0 through 4, the device will authenticate them against TACACS+ if local authentication fails

The device will authenticate all users connecting to vty lines 0 through 4 against TACACS+

The device will allow users at 192.168.0.202 to connect to vty lines 0 through 4 using the password ciscotestkey

The device will allow only users at 192.166.0.202 to connect to vty lines 0 through 4

Question 149

Which DHCP option helps lightweight APs find the IP address of a wireless LAN controller?

Options:

Option 43

Option 60

Option 67

Option 150

Question 150

In a Cisco SD-Access solution, what is the role of the Identity Services Engine?

Options:

It is leveraged for dynamic endpoint to group mapping and policy definition.

It provides GUI management and abstraction via apps that share context.

it is used to analyze endpoint to app flows and monitor fabric status.

It manages the LISP EID database.

Question 151

Refer to the exhibit.

Which HTTP JSON response does the python code output give?

Options:

NameError: name 'json' is not defined

KeyError 'kickstart_ver_str'

7.61

7.0(3)I7(4)

Question 152

Which protocol does REST API rely on to secure the communication channel?

Options:

TCP

HTTPS

SSH

HTTP

Question 153

Refer to the exhibit.

The IP SLA is configured in a router. An engineer must configure an EEM applet to shut down the interface and bring it back up when there is a problem with the IP SLA. Which configuration should the engineer use?

Options:

event manager applet EEM_IP_SLA

event track 10 state down

event manager applet EEM_IP_SLA

event track 10 state unreachable

event manager applet EEM_IP_SLA

event sla 10 state unreachable

event manager applet EEM_IP_SLA

event sla 10 state down

Question 154

Refer to the exhibit.

Which configuration allows Customer2 hosts to access the FTP server of Customer1 that has the IP address of 192.168.1.200?

Options:

ip route vrf Customerl 172.16.1.0 255.255.255.0 172.16.1.1 global

ip route vrf Customer 192.168.1.200 255.255.255.255 192.168.1.1 global

ip route 192.168.1.0 255.255.255.0 VlanlO

ip route 172.16.1.0 255.255.255.0 Vlan20

ip route vrf Customerl 172.16.1.0 255.255.255.0 172.16.1.1 Customer2

ip route vrf Customer 192.168.1.200 255.255.255.255 192.168.1.1 Customerl

ip route vrf Customerl 172.16.1.0 255.255.255.0 172.16.1.1 Customerl

ip route vrf Customer 192.168.1.200 255.255.255.255 192.168.1.1 Customer2

ip route vrf Customerl 172.16.1.1 255.255.255.255 172.16.1.1 global

ip route vrf Customer 192.168.1.200 255.255.255.0 192.168.1.1 global

ip route 192.168.1.0 255.255.255.0 VlanlO

ip route 172.16.1.0 255.255.255.0 Vlan20

Question 155

Drag and drop the characteristics from the left onto the routing protocols they describe on the right.

Options:

Question 156

Refer to the exhibit. POSTMAN is showing an attempt to retrieve network device information from Cisco DNA Center API. What is the issue?

Options:

The URI string is incorrect

The token has expired.

Authentication has failed

The JSON payload contains the incorrect UUID

Question 157

What is the recommended MTU size for a Cisco SD-Access Fabric?

Options:

1500

9100

4464

17914

Question 158

A network administrator has designed a network with two multilayer switches on the distribution layer, which act as default gateways for the end hosts. Which two technologies allow every end host in a VLAN to use both gateways? (Choose two)

Options:

GLBP

HSRP

MHSRP

VSS

VRRP

Question 159

Drag and drop the characteristics from the left onto the protocols they apply to on the right?

Options:

Question 160

An engineer runs the code against an API of Cisco DMA Center, and the platform returns this output What does the response indicate?

Options:

The authentication credentials are incorrect

The URl string is incorrect.

The Cisco DNA Center API port is incorrect

The HTTP method is incorrect

Question 161

What is the function of a VTEP in VXLAN?

Options:

provide the routing underlay and overlay for VXLAN headers

dynamically discover the location of end hosts in a VXLAN fabric

encapsulate and de-encapsulate traffic into and out of the VXLAN fabric

statically point to end host locations of the VXLAN fabric

Question 162

When using TLS for syslog, which configuration allows for secure and reliable transportation of messages to its default port?

Options:

logging host 10.2.3.4 vrf mgmt transport tcp port 6514

logging host 10.2.3.4 vrf mgmt transport udp port 6514

logging host 10.2.3.4 vrf mgmt transport tcp port 514

logging host 10.2.3.4 vrf mgmt transport udp port 514

Question 163

What is a consideration when designing a Cisco SD-Access underlay network?

Options:

End user subnets and endpoints are part of the underlay network.

The underlay switches provide endpoint physical connectivity for users.

Static routing is a requirement,

It must support IPv4 and IPv6 underlay networks

Question 164

Refer the exhibit.

Which router is the designated router on the segment 192.168.0.0/24?

Options:

This segment has no designated router because it is a nonbroadcast network type.

This segment has no designated router because it is a p2p network type.

Router Chicago because it has a lower router ID

Router NewYork because it has a higher router ID

Question 165

Refer to me exhibit. What is the cause of the log messages?

Options:

hello packet mismatch

OSPF area change

MTU mismatch

IP address mismatch

Question 166

Which congestion queuing method on Cisco IOS based routers uses four static queues?

Options:

Priority

custom

weighted fair

low latency

Question 167

What is a fact about Cisco EAP-FAST?

Options:

It does not require a RADIUS server certificate.

It requires a client certificate.

It is an IETF standard.

It operates in transparent mode.

Question 168

What is the function of the LISP map resolver?

Options:

to send traffic to non-LISP sites when connected to a service provider that does not accept nonroutable ElDs as packet sources

to connect a site to the LISP-capable part of a core network publish the EID-to-RLOC mappings for the site, and respond to map-request messages

to decapsulate map-request messages from ITRs and forward the messages to the MS.

to advertise routable non-LISP traffic from one address family to LISP sites in a different address family

Question 169

Which method of account authentication does OAuth 2.0 within REST APIs?

Options:

username/role combination

access tokens

cookie authentication

basic signature workflow

Question 170

A company plans to implement intent-based networking in its campus infrastructure. Which design facilities a migrate from a traditional campus design to a programmer fabric designer?

Options:

Layer 2 access

three-tier

two-tier

routed access

Question 171

Refer to the exhibit.

Assuming the WLC's interfaces are not in the same subnet as the RADIUS server, which interface would the WLC use as the source for all RADIUS-related traffic?

Options:

the interface specified on the WLAN configuration

any interface configured on the WLC

the controller management interface

the controller virtual interface

Question 172

Refer to the exhibit. After configurating an IPsec VPN, an engineer enters the show command to verify the ISAKMP SA status. What does the status show?

Options:

ISAKMP SA is authenticated and can be used for Quick Mode.

Peers have exchanged keys, but ISAKMP SA remains unauthenticated.

VPN peers agreed on parameters for the ISAKMP SA

ISAKMP SA has been created, but it has not continued to form.

Question 173

How is MSDP used to interconnect multiple PIM-SM domains?

Options:

MSDP depends on BGP or multiprotocol BGP for mterdomam operation

MSDP SA request messages are used to request a list of active sources for a specific group

SDP allows a rendezvous point to dynamically discover active sources outside of its domain

MSDP messages are used to advertise active sources in a domain

Question 174

Refer to the exhibit. An engineer attempts to create a configuration to allow the Blue VRF to leak into the global routing table, but the configuration does not function as expected. Which action resolves this issue?

Options:

Change the access-list destination mask to a wildcard.

Change the source network that Is specified in access-list 101.

Change the route-map configuration to VRF_BLUE.

Change the access-list number in the route map

Question 175

Which benefit is offered by a cloud infrastructure deployment but is lacking in an on-premises deployment?

Options:

efficient scalability

virtualization

storage capacity

supported systems

Question 176

Refer to the exhibit.

An engineer is troubleshooting a connectivity issue and executes a traceoute. What does the result confirm?

Options:

The destination server reported it is too busy

The protocol is unreachable

The destination port is unreachable

The probe timed out

Question 177

Which two operational models enable an AP to scan one or more wireless channels for rouge access points and at the same time provide wireless services to clients? (Choose two.)

Options:

Rouge detector

Sniffer

FlexConnect

Local

Monitor

Question 178

Refer to the exhibit.

Router 1 is currently operating as the HSRP primary with a priority of 110 router1 fails and router2 take over the forwarding role. Which command on router1 causes it to take over the forwarding role when it return to service?

Options:

standby 2 priority

standby 2 preempt

standby 2 track

standby 2 timers

Question 179

Refer to the exhibit.

A network engineer is configuring OSPF between router R1 and router R2. The engineer must ensure that a DR/BDR election does not occur on the Gigabit Ethernet interfaces in area 0. Which configuration set accomplishes this goal?

Options:

Option A

Option B

Option C

Option D

Question 180

Which JSON syntax is valid?

Options:

Option A

Option B

Option C

Option D

Question 181

Refer to the exhibit.

An engineer configures monitoring on SW1 and enters the show command to verify operation. What does the output confirm?

Options:

SPAN session 1 monitors activity on VLAN 50 of a remote switch

SPAN session 2 only monitors egress traffic exiting port FastEthernet 0/14.

SPAN session 2 monitors all traffic entering and exiting port FastEthernet 0/15.

RSPAN session 1 is incompletely configured for monitoring

Question 182

Which device makes the decision for a wireless client to roam?

Options:

wireless client

wireless LAN controller

access point

WCS location server

Question 183

Refer to exhibit.

VLANs 50 and 60 exist on the trunk links between all switches All access ports on SW3 are configured for VLAN 50 and SW1 is the VTP server Which command ensures that SW3 receives frames only from VLAN 50?

Options:

SW1 (config)#vtp pruning

SW3(config)#vtp mode transparent

SW2(config)=vtp pruning

SW1 (config >»vtp mode transparent

Question 184

Refer to the exhibit. An engineer attempts to configure a trunk between switch sw1 and switch SW2 using DTP, but the trunk does not form. Which command should the engineer apply to switch SW2 to resolve this issue?

Options:

switchport mode dynamic desirable

switchport nonegotiate

no switchport

switchport mode access

Question 185

When a wireless client roams between two different wireless controllers, a network connectivity outage is experience for a period of time. Which configuration issue would cause this problem?

Options:

Not all of the controllers in the mobility group are using the same mobility group name.

Not all of the controllers within the mobility group are using the same virtual interface IP address.

All of the controllers within the mobility group are using the same virtual interface IP address.

All of the controllers in the mobility group are using the same mobility group name.

Question 186

An engineer is concerned with the deployment of new application that is sensitive to inter-packet delay variance. Which command configures the router to be the destination of jitter measurements?

Options:

Router(config)# ip sla responder udp-connect 172.29.139.134 5000

Router(config)# ip sla responder tcp-connect 172.29.139.134 5000

Router(config)# ip sla responder udp-echo 172.29.139.134 5000

Router(config)# ip sla responder tcp-echo 172.29.139.134 5000

Question 187

Refer to the exhibit. Communication between London and New York is down. Which command set must be applied to the NewYork switch to resolve the issue?

Options:

Option A

Option B

Option C

Option D

Question 188

A customer requests a network design that supports these requirements:

Which protocol does the design include?

Options:

HSRP version 2

VRRP version 2

GLBP

VRRP version 3

Question 189

Which LISP component is required for a LISP site to communicate with a non-LISP site?

Options:

ETR

ITR

Proxy ETR

Proxy ITR

Question 190

What is a characteristics of a vSwitch?

Options:

supports advanced Layer 3 routing protocols that are not offered by a hardware switch

enables VMs to communicate with each other within a virtualized server

has higher performance than a hardware switch

operates as a hub and broadcasts the traffic toward all the vPorts

Question 191

what is a benefit of using a Type 2 hypervisor instead of a Type 1 hypervisor?

Options:

better application performance

Improved security because the underlying OS is eliminated

Improved density and scalability

ability to operate on hardware that is running other OSs

Question 192

What Is the difference between the MAC address table and TCAM?

Options:

The MAC address table supports partial matches. TCAM requires an exact match.

The MAC address table is contained in TCAM ACL and QoS information is stored in CAM.

Router prefix lookups happen in TCAM. MAC address table lookups happen In CAM.

TCAM is used to make L2 forwarding decisions. CAM is used to build routing tables

Question 193

Refer to the exhibit. An engineer must configure an eBGP neighborship to Router B on Router A. The network that is connected to GO/1 on Router A must be advertised to Router B. Which configuration should be applied?

Options:

Option A

Option B

Option C

Option D

Question 194

Drag and drop the LISP components on the left to their descriptions on the right. Not all options are used.

Options:

Question 195

By default, which virtual MAC address Goes HSRP group 25 use?

Options:

05:5c:5e:ac:0c:25

04:16:6S:96:1C:19

00:00:0c:07:ac:19

00:00:0c:07:ac:25

Question 196

What is a characteristic of the overlay network in the Cisco SD-Access architecture?

Options:

It uses a traditional routed access design to provide performance and high availability to the network.

It consists of a group of physical routers and switches that are used to maintain the network.

It provides isolation among the virtual networks and independence from the physical network.

It provides multicast support to enable Layer 2 Hooding capability in the underlay network.

Question 197

Which function does a fabric AP perform in a cisco SD-access deployment?

Options:

It updates wireless clients' locations in the fabric

It connects wireless clients to the fabric.

It manages wireless clients' membership information in the fabric

It configures security policies down to wireless clients in the fabric.

Question 198

Refer to the exhibit.

An engineer must allow R1 to advertise the 192 168.1 0/24 network to R2 R1 must perform this action without sending OSPF packets to SW1 Which command set should be applied?

Options:

Option A

Option B

Option C

Option D

Question 199

Which benefit is realized by implementing SSO?

Options:

IP first-hop redundancy

communication between different nodes for cluster setup

physical link redundancy

minimal network downtime following an RP switchover

Question 200

Refer to the exhibit.

Which configuration must be applied to the HQ router to set up a GRE tunnel between the HQ and BR routers?

Options:

Option A

Option B

Option C

Option D

Question 201

Refer to the exhibit.

Object tracking has been configured for VRRP-enabled routers Edge-01 and Edge-02 Which commands cause Edge-02 to preempt Edge-01 in the event that interface G0/0 goes down on Edge-01?

Options:

Option A

Option B

Option C

Option D

Question 202

Refer to the exhibit.

An engineer entered the command no spanning-tree bpduguard enable on interface Fa 1/0/7. What is the effect of this command on Fa 1/0/7?

Options:

It remains in err-disabled state until the shutdown/no shutdown command is entered in the interface configuration mode.

It remains in err-disabled state until the errdisable recovery cause failed-port-state command is entered in the global configuration mode.

It remains in err-disabled state until the no shutdown command is entered in the interface configuration mode.

It remains in err-disabled state until the spanning-tree portfast bpduguard disable command is entered in the interface configuration mode.

Question 203

What is one benefit of adopting a data modeling language?

Options:

augmenting management process using vendor centric actions around models

refactoring vendor and platform specific configurations with widely compatible configurations

augmenting the use of management protocols like SNMP for status subscriptions

deploying machine-friendly codes to manage a high number of devices

Question 204

Refer to the exhibit.

Which command set is needed to configure and verify router R3 to measure the response time from router R3 to the file server located in the data center?

Options:

Option A

Option B

Option C

Option D

Question 205

Refer to the exhibit. Which command set must be added to permit and log all traffic that comes from 172.20.10.1 in interface GigabitEthernet0/1 without impacting the functionality of the access list?

Options:

Option A

Option B

Option C

Option D

Question 206

Which protocol is responsible for data plane forwarding in a Cisco SD-Access deployment?

Options:

VXLAN

IS-IS

OSPF

LISP

Question 207

An administrator is configuring NETCONF using the following XML string. What must the administrator end the request with?

Options:

]]>]]>

Question 208

Drag and drop the LIPS components on the left to the correct description on the right.

Options:

Question 209

Refer io me exhibit.

An engineer configures the trunk and proceeds to configure an ESPAN session to monitor VLANs10. 20. and 30. Which command must be added to complete this configuration?

Options:

Device(config.mon.erspan.stc)# no filter vlan 30

Devic(config.mon.erspan.src-dst)# no vrf 1

Devic(config.mon.erspan.src-dst)# erspan id 6

Device(config.mon-erspan.Src-dst)# mtu 1460

Question 210

Drag and drop the characteristics from the left onto the technology types on the right.

Options:

Question 211

Drag and drop the characteristics from the left onto the infrastructure deployment models on the right.

Options:

Question 212

A company requires a wireless solution to support its mam office and multiple branch locations. All sites have local Internet connections and a link to the main office lor corporate connectivity. The branch offices are managed centrally. Which solution should the company choose?

Options:

Cisco United Wireless Network

Cisco DNA Spaces

Cisco Catalyst switch with embedded controller

Cisco Mobility Express

Question 213

What is used to validate the authenticity of the client and is sent in HTTP requests as a JSON object?

Options:

SSH

HTTPS

JWT

TLS

Question 214

Refer to the exhibit.

What is the effect of introducing the sampler feature into the Flexible NetFlow configuration on the router?

Options:

NetFlow updates to the collector are sent 50% less frequently.

Every second IPv4 packet is forwarded to the collector for inspection.

CPU and memory utilization are reduced when compared with what is required for full NetFlow.

The resolution of sampling data increases, but it requires more performance from the router.

Question 215

Refer to the exhibit. A network engineer checks connectivity between two routers. The engineer can ping the remote endpoint but cannot see an ARP entry. Why is there no ARP entry?

Options:

The ping command must be executed in the global routing table.

Interface FastEthernet0/0 Is configured in VRF CUST-A, so the ARP entry is also in that VRF.

When VRFs are used. ARP protocol must be enabled In each VRF.

When VRFs are used. ARP protocol is disabled in the global routing table.

Question 216

Drag and drop the automation characteristics from the left onto the appropriate tools on the right.

Options:

Question 217

Which Python snippet should be used to store the devices data structure in a JSON file?

Options:

Option A

Option B

Option C

Option D

Question 218

Refer to the exhibit.

The port channel between the switches does not work as expected. Which action resolves the issue?

Options:

Interface Gi0/0 on Switch2 must be configured as passive.

Interface Gi0/1 on Switch1 must be configured as desirable.

interface Gi0/1 on Switch2 must be configured as active.

Trucking must be enabled on both Interfaces on Switch2.

Question 219

What Is a characteristic of a WLC that is in master controller mode?

Options:

All wireless LAN controllers are managed by the master controller.

All new APs that join the WLAN are assigned to the master controller.

Configuration on the master controller is executed on all wireless LAN controllers.

The master controller is responsible for load balancing all connecting clients to other controllers

Question 220

Refer to the exhibit. A network administrator configured RSPAN to troubleshoot an issue between switch1 and switch2. The switches are connected using interface GigabitEthernet 1/1. An external packet capture device is connected is switch2 interface GigabitEthernet 1/2. Which two commands must be added to complete this configuration? (Choose two)

Options:

Option A

Option B

Option C

Option D

Option E

Question 221

What is an OVF?

Options:

a package that is similar to an IMG and that contains an OVA file used to build a virtual machine

an alternative form of an ISO that Is used to install the base operating system of a virtual machine

the third step in a P2V migration

a package of files that is used to describe a virtual machine or virtual appliance

Question 222

What is the JSON syntax that is formed the data?

Options:

{'Name'';''Bob johnon';''Age': Sevenfive,''Alive'': true,''FavoriteFoods';[''Cereal';''Mustard';''Onions'}}

{'Name'':''Bob johnon':''Age': 75 ''Alive'': true,''Favorite Foods';[''Cereal';''Mustard';''Onions'}}

{'Name'':''Bob johnon':''Age: 75,''Alive: true, FavoriteFoods;[Cereal, Mustard';''Onions}}

{'Name'': 'Bob johnon','Age': 75,'Alive': true,''FavoriteFoods': 'Cereal';'Mustard','Onions'}}

Question 223

What is a characteristics of traffic policing?

Options:

lacks support for marking or remarking

must be applied only to outgoing traffic

can be applied in both traffic directions

queues out-of-profile packets until the buffer is full

Question 224

Reter to the exhibit.

An administrator troubleshoots intermittent connectivity from internal hosts to an external public server. Some internal hosts can connect to the server while others receive an ICMP Host Unreachable message and these hosts change over time. What is the cause of this issue?

Options:

The translator does not use aOdress overloading

The NAT ACL does not match alt internal hosts

The NAT ACL and NAT pool share the same name

The NAT pool netmask rs excessively wide

Question 225

Which Cisco FlexConnect state allows wireless users that are connected to the network to continue working after the connection to the WLC has been lost?

Options:

Authentication Down/Switching Down

Authentication-Central/Switch-Local

Authentication- Down/Switch-Local

Authentication-Central/Switch-Central

Answer:

Explanation:

Operation Modes

There are two modes of operation for the FlexConnect AP.

Connected mode: The WLC is reachable. In this mode the FlexConnect AP has CAPWAP connectivity with its WLC.
Standalone mode: The WLC is unreachable. The FlexConnect has lost or failed to establish CAPWAP connectivity with its WLC. A WAN-link outage between a branch and its central site is a example of such a mode of operation.

FlexConnect States

A FlexConnect WLAN, depending on its configuration and network connectivity, is classified as being in one of the following defined states.

Authentication-Central/Switch-Central: This state represents a WLAN that uses a centralized authentication method such as 802.1X, VPN, or web. User traffic is sent to the WLC via CAPWAP (Central switching). This state is supported only when FlexConnect is in connected mode.
Authentication Down/Switching Down: Central switched WLANs no longer beacon or respond to probe requests when the FlexConnect AP is in standalone mode. Existing clients are disassociated.
Authentication-Central/Switch-Local: This state represents a WLAN that uses centralized authentication, but user traffic is switched locally. This state is supported only when the FlexConnect AP is in connected mode.
Authentication-Down/Switch-Local: A WLAN that requires central authentication rejects new users. Existing authenticated users continue to be switched locally until session time-out if configured. The WLAN continues to beacon and respond to probes until there are no more existing users associated to the WLAN. This state occurs as a result of the AP going into standalone mode.
Authentication-local/switch-local: This state represents a WLAN that uses open, static WEP, shared, or WPA2 PSK security methods. User traffic is switched locally. These are the only security methods supported locally if a FlexConnect goes into standalone mode. The WLAN continues to beacon and respond to probes. Existing users remain connected and new user associations are accepted. If the AP is in connected mode, authentication information for these security types is forwarded to the WLC.

Question 226

Which option works with a DHCP server to return at least one WLAN management interface IP address during the discovery phase and is dependent upon the VCI of the AP?

Options:

Option 42

Option 15

Option 125

Option 43

Question 227

What is the API keys option for REST API authentication?

Options:

a predetermined string that is passed from client to server

a one-time encrypted token

a username that is stored in the local router database

a credential that is transmitted unencrypted

Question 228

Refer to the exhibit. Which configuration must be added to enable GigabitEthemet 0/1 to participate in OSPF?

Options:

SF_router (config-router)# network 10.10.1.0 0.0.0.255 area 0

SF_rouier (conng)# network 10.10.1.0 0.0.0.255 area 1

SF_router (conflg-routerp) network 10.10.1.0 0.0.0.255 area 1

SF_rouler (contlg-rouler)# network 10.10.1.0 255.255.255.0 area 0

Question 229

Refer to the exhibit.

An engineer must allow all users in the 10.2.2.0/24 subnet to access the Internet. To conserve address space the public Interface address of 209 165 201.1 must be used for all external communication. Which command set accomplishes these requirements?

Options:

Option A

Option B

Option C

Option D

Question 230

Which resource is able to be shared among virtual machines deployed on the same physical server?

Options:

applications

disk

VM configuration file

operating system

Question 231

Which VXLAN component is used to encapsulate and decapsulate Ethernet frames?

Options:

VNI

GRE

VTEP

EVPN

Question 232

Which component transports data plane traffic across a Cisco SD-WAN network?

Options:

vSmart

vManage

cEdge

vBond

Question 233

An engineer must configure a router to leak routes between two VRFs Which configuration must the engineer apply?

Options:

Option A

Option B

Option C

Option D

Question 234

Refer to the exhibit.

The administrator troubleshoots an EtherChannel that keeps moving to err-disabled. Which two actions must be taken to resolve the issue? (Choose two.)

Options:

Reload the switch to force EtherChannel renegotiation

Ensure that interfaces Gi1/0/2 and Gi1/0/3 connect to the same neighboring switch.

Ensure that the switchport parameters of Port channel1 match the parameters of the port channel on the neighbor switch

Ensure that the corresponding port channel interface on the neighbor switch is named Port-channel1.

Ensure that the neighbor interfaces of Gi1/0/2 and Gi/0/3 are configured as members of the same EtherChannel

Question 235

Which definition describes JWT in regard to REST API security?

Options:

an encrypted JSON token that is used for authentication

an encrypted JSON token that is used for authorization

an encoded JSON token that is used to securely exchange information

an encoded JSON token that is used for authentication

Question 236

Drag anti drop the characteristics from the ten onto the configuration models on the right.

Options:

Question 237

Refer to the exhibit. What is generated by the script?

Options:

the cdp neighbors

the routing table

the router processes

the running configuration

Question 238

What is the recommended minimum SNR for data applications on wireless networks?

Options:

Question 239

What happens when a FlexConnect AP changes to standalone mode?

Options:

All controller-dependent activities stop working except the DFS.

All client roaming continues to work

Only clients on central switching WLANs stay connected.

All clients on an WLANs are disconnected

Question 240

What is a characteristic of a Type I hypervisor?

Options:

It is installed on an operating system and supports other operating systems above it.

It is referred to as a hosted hypervisor.

Problems in the base operating system can affect the entire system.

It is completely independent of the operating system.

Question 241

What does the number in an NTP stratum level represent?

Options:

The number of hops it takes to reach the master time server.

The number of hops it takes to reach the authoritative time source.

The amount of offset between the device clock and true time.

The amount of drift between the device clock and true time.

Question 242

A Cisco DNA Center REST API sends a PUT to the /dna/intent/api/v1/network-device endpoint A response code of 504 is received What does the code indicate?

Options:

The response timed out based on a configured interval

The user does not have authorization to access this endpoint.

The username and password are not correct

The web server is not available

Question 243

In a Cisco Catalyst switch equipped with two supervisor modules an administrator must temporally remove the active supervisor from the chassis to perform hardware maintenance on it. Which mechanism ensure that the active supervisor removal is not disruptive to the network operation?

Options:

NSF/NSR

SSO

HSRP

VRRP

Question 244

Refer to the exhibit .

Which command must be configured for RESTCONF to operate on port 8888?

Options:

ip http port 8888

restconf port 8888

ip http restconf port 8888

restconf http port 8888

Question 245

An engineer is configuring Local WebAuth on a Cisco Wireless LAN Controller. According to RFC 5737, WHICH VIRTUAL IP address must be used in this configuration?

Options:

192.0.2.1

172.20.10.1

1.1.1.1

192.168.0.1

Question 246

By default, which virtual MAC address does HSRP group 14 use?

Options:

04.16.19.09.4c.0e

00:05:5e:19:0c:14

00:05:0c:07:ac:14

00:00:0c:07:ac:0e

Question 247

What is the purpose of an RP in PIM?

Options:

send join messages toward a multicast source SPT

ensure the shortest path from the multicast source to the receiver

receive IGMP joins from multicast receivers

secure the communication channel between the multicast sender and receiver

Question 248

Refer to the exhibit. A network engineer must be notified when a user switches to configuration mode. Which script should be applied to receive an SNMP trap and a critical-level log message?

Options:

Option

Question 249

If the maximum power level assignment for global TPC 802.11a/n/ac is configured to 10 dBm, which power level effectively doubles the transmit power?

Options:

13dBm

14 dBm

17dBm

20 dBm

Question 250

What is a TLOC in a Cisco SD-WAN deployment?

Options:

value that identifies a specific tunnel within the Cisco SD-WAN overlay

identifier that represents a specific service offered by nodes within the Cisco SD-WAN overlay

attribute that acts as a next hop for network prefixes

component set by the administrator to differentiate similar nodes that offer a common service

Question 251

What are the main components of Cisco TrustSec?

Options:

Cisco ISE and Enterprise Directory Services

Cisco ISE. network switches, firewalls, and routers

Cisco ISE and TACACS+

Cisco ASA and Cisco Firepower Threat Defense

Question 252

Which function does a fabric wireless LAN controller perform In a Cisco SD-Access deployment?

Options:

manages fabric-enabled APs and forwards client registration and roaming information to the Control Plane Node

coordinates configuration of autonomous nonfabric access points within the fabric

performs the assurance engine role for both wired and wireless clients

is dedicated to onboard clients in fabric-enabled and nonfabric-enabled APs within the fabric

Summer Special Limited Time 60% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 60certs

Cisco 350-401 Dumps

Implementing Cisco Enterprise Network Core Technologies (ENCOR) Questions and Answers

Options:

Answer:

Options:

Answer:

Options:

Answer:

Explanation:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Explanation:

Options:

Answer:

Options:

Answer:

Explanation:

Options:

Answer:

Options:

Answer:

Explanation:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Explanation:

Options:

Answer:

Options:

Answer:

Explanation:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Explanation:

Options:

Answer:

Options:

Answer:

Explanation:

Options:

Answer:

Explanation:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Explanation:

Options:

Answer:

Options:

Answer:

Explanation:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Explanation:

Options: