Cisco 350-401 Exam Practice Questions Answers

Implementing Cisco Enterprise Network Core Technologies (ENCOR) Questions and Answers

Question 1

Refer to the exhibit.

After running the code in the exhibit. Which step reduces the amount of data that NETCONF server returns to the NETCONF client, to only the interface’s configuration?

Options:

Create an XML filter as a string and pass it to get_config() method as an argument

Use the txml library to parse the data returned by the NETCONF server for the interface’s configuration

Create a JSON filter as a string and pass it to the get_config() method as an argument

Use the JSON library to parse the data returned by the NETCONF server for the interface’s configuration

Question 2

What does the LAP send when multiple WLCs respond to the CISCO_CAPWAP-CONTROLLER.localdomain hostname during the CAPWAP discovery and join process?

Options:

broadcast discover request

join request to all the WLCs

unicast discovery request to each WLC

Unicast discovery request to the first WLS that resolves the domain name

Question 3

What are two benefits of implementing a Cisco SD-WAN architecture? (Choose two)

Options:

It provides resilient and effective traffic flow using MPLS.

It improves endpoint protection by integrating embedded and cloud security features.

It allows configuration of application-aware policies with real time enforcement.

It simplifies endpoint provisioning through standalone router management

It enforces a single. scalable. hub-and-spoke topology.

Question 4

Refer to the exhibit.

Which command must be applied to Router 1 to bring the GRE tunnel to an up/up state?

Options:

Routed (config if funnel mode gre multipoint

Router1(config-if)&tunnel source Loopback0

Router1(config-if)#tunnel source GigabitEthernet0/1

Router1 (config)#interface tunnel0

Question 5

Which LISP device is responsible for publishing EID-to-RLOC mappings for a site?

Options:

ETR

ITR

Question 6

In a Cisco StackWise Virtual environment, which planes are virtually combined in the common logical switch?

Options:

management and data

control and management

control, and forwarding

control and data

Question 7

AN engineer is implementing MPLS OAM to monitor traffic within the MPLS domain. Which action must the engineer perform to prevent from being forwarded beyond the service provider domain when the LSP is down?

Options:

Disable IP redirects only on outbound interfaces

Implement the destination address for the LSP echo request packet in the 127.x.y.z/8 network

Disable IP redirects on all ingress interfaces

Configure a private IP address as the destination address of the headend router of Cisco MPLS TE.

Question 8

Refer to the exhibit.

An engineer is troubleshooting an application running on Apple phones. The application Is receiving incorrect QoS markings. The systems administrator confirmed that ail configuration profiles are correct on the Apple devices. Which change on the WLC optimizes QoS for these devices?

Options:

Enable Fastlane

Set WMM to required

Change the QoS level to Platinum

Configure AVC Profiles

Question 9

Refer to the exhibit.

A GRE tunnel has been created between HO and BR routers. What is the tunnel IP on the HQ router?

Options:

10.111.111.1

10.111.111.2

209.165.202.130

209.165.202.134

Question 10

What are two considerations when using SSO as a network redundancy feature? (Choose two)

Options:

both supervisors must be configured separately

the multicast state is preserved during switchover

must be combined with NSF to support uninterrupted Layer 2 operations

must be combined with NSF to support uninterrupted Layer 3 operations

requires synchronization between supervisors in order to guarantee continuous connectivity

Question 11

Drag and drop the descriptions from the left onto the QoS components they describe on the right.

Options:

Question 12

What is the function of cisco DNA center in a cisco SD-access deployment?

Options:

It is responsible for routing decisions inside the fabric

It is responsible for the design, management, deployment, provisioning and assurance of the fabric network devices.

It possesses information about all endpoints, nodes and external networks related to the fabric

It provides integration and automation for all nonfabric nodes and their fabric counterparts.

Question 13

AN engineer is implementing a route map to support redistribution within BGP. The route map must configured to permit all unmatched routes. Which action must the engineer perform to complete this task?

Options:

Include a permit statement as the first entry

Include at least one explicit deny statement

Remove the implicit deny entry

Include a permit statement as the last entry

Question 14

Which antenna type should be used for a site-to-site wireless connection?

Options:

Omnidirectional

dipole

patch

Yagi

Question 15

Why would a log file contain a * next to the date?

Options:

The network device was receiving NTP time when the log messages were recorded.

The network device was unable to reach The NTP server when the log messages were recorded

The network device is not configured to use NTP.

The network device is nor configured to use NTP time stamps for logging

Question 16

An engineer must configure the strongest password authentication to locally authenticate on a router. Which configuration must be used?

Options:

Option A

Option B

Option C

Option D

Question 17

Which Python code snippet must be added to the script to save the returned configuration as a JSON-formatted file?

Options:

Option A

Option B

Option C

Option D

Question 18

What is the function of a control-plane node In a Cisco SD-Access solution?

Options:

to run a mapping system that manages endpoint to network device relationships

to implement policies and communicate with networks outside the fabric

to connect external Layer 3 networks to the SD-Access fabric

to connect APs and wireless endpoints to the SD-Access fabric

Question 19

Refer to the exhibit.

An engineer must configure a SPAN session. What is the effect of the configuration?

Options:

Traffic sent on VLANs 10, 11, and 12 is copied and sent to interface g0/1.

Traffic sent on VLANs 10 and 12 only is copied and sent to interface g0/1.

Traffic received on VLANs 10, 11, and 12 is copied and sent to Interface g0/1.

Traffic received on VLANs 10 and 12 only is copied and sent to interface g0/1.

Question 20

Refer to the exhibit.

What is the result when a technician adds the monitor session 1 destination remote vlan 223 command1?

Options:

The RSPAN VLAN is replaced by VLAN 223.

RSPAN traffic is sent to VLANs 222 and 223

An error is flagged for configuring two destinations.

RSPAN traffic is split between VLANs 222 and 223.

Question 21

Refer to the exhibit. PC-1 must access the web server on port 8080. To allow this traffic, which statement must be added to an access control list that is applied on SW2 port G0/0 in the inbound direction?

Options:

permit host 172.16.0.2 host 192.168.0.5 eq 8080

permit host 192.168.0.5 host 172.16.0.2 eq 8080

permit host 192.168.0.5 eq 8080 host 172.16.0.2

permit host 192.168.0.5 it 8080 host 172.16.0.2

Question 22

Refer to the exhibit. An engineer attempts to configure a router on a stick to route packets between Clients, Servers, and Printers; however, initial tests show that this configuration is not working. Which command set resolves this issue?

Options:

Option A

Option B

Option C

Option D

Question 23

If a client's radio device receives a signal strength of -67 dBm and the noise floor is -85 dBm, what is the SNR value?

Options:

15 dB

16 dB

18 dB

20 dB

Question 24

Which two items are found in YANG data models? (Choose two.)

Options:

HTTP return codes

rpc statements

JSON schema

container statements

XML schema

Question 25

Refer to the exhibit.

What does the output confirm about the switch's spanning tree configuration?

Options:

The spanning-tree mode stp ieee command was entered on this switch

The spanning-tree operation mode for this switch is IEEE.

The spanning-tree operation mode for this switch is PVST+.

The spanning-tree operation mode for this switch is PVST

Question 26

An engineer creates the configuration below. Drag and drop the authentication methods from the left into the order of priority on the right. Not all options are used.

Options:

Question 27

What is the wireless received signal strength indicator?

Options:

The value given to the strength of the wireless signal received compared to the noise level

The value of how strong the wireless signal Is leaving the antenna using transmit power, cable loss, and antenna gain

The value of how much wireless signal is lost over a defined amount of distance

The value of how strong a tireless signal is receded, measured in dBm

Question 28

Refer the exhibit.

Which router is the designated router on the segment 192.168.0.0/24?

Options:

This segment has no designated router because it is a nonbroadcast network type.

This segment has no designated router because it is a p2p network type.

Router Chicago because it has a lower router ID

Router NewYork because it has a higher router ID

Question 29

Refer to the exhibit.

Which command set changes the neighbor state from Idle (Admin) to Active?

Options:

Option A

Option B

Option C

Option D

Question 30

Which action is performed by Link Management Protocol in a Cisco StackWise Virtual domain?

Options:

It rejects any unidirectional link traffic forwarding

It determines if the hardware is compatible to form the StackWise Virtual domain

discovers the StackWise domain and brings up SVL interfaces.

It determines which switch becomes active or standby

Question 31

Refer to the exhibit.

An engineer must configure and validate a CoPP policy that allows the network management server to monitor router R1 via SNMP while protecting the control plane. Which two commands or command sets must be used? (Choose two.)

Options:

Option A

Option B

Option C

Option D

Option E

Option F

Question 32

An engineer must create an EEM script to enable OSPF debugging in the event the OSPF neighborship goes down. Which script must the engineer apply?

Options:

Option A

Option B

Option C

Option D

Question 33

Which OSPF networks types are compatible and allow communication through the two peering devices?

Options:

broadcast to nonbroadcast

point-to-multipoint to nonbroadcast

broadcast to point-to-point

point-to-multipoint to broadcast

Question 34

Which feature does Cisco TrustSec use to provide scalable, secure communication throughout a network?

Options:

security group tag ACL assigned to each port on a switch

security group tag number assigned to each port on a network

security group tag number assigned to each user on a switch

security group tag ACL assigned to each router on a network

Question 35

Refer to the exhibit.

An engineer must add the SNMP interface table to the NetFlow protocol flow records. Where should the SNMP table option be added?

Options:

under the interface

under the flow record

under the flow monitor

under the flow exporter

Question 36

Refer to the exhibit.

After the code is run on a Cisco IOS-XE router, the response code is 204.

What is the result of the script?

Options:

The configuration fails because another interface is already configured with IP address 10.10.10.1/24.

The configuration fails because interface GigabitEthernet2 is missing on the target device.

The configuration is successfully sent to the device in cleartext.

Interface GigabitEthernet2 is configured with IP address 10.10.10.1/24

Question 37

Drag and drop the descriptions from the left onto the routing protocol they describe on the right.

Options:

Question 38

Which solution do laaS service providers use to extend a Layer 2 segment across a Layer 3 network?

Options:

VLAN

VTEP

VXLAN

VRF

Question 39

An engineer must protect their company against ransom ware attacks. Which solution allows the engineer to block the execution stage and prevent file encryption?

Options:

Use Cisco AMP deployment with the Malicious Activity Protection engineer enabled.

Use Cisco AMP deployment with the Exploit Prevention engine enabled.

Use Cisco Firepower and block traffic to TOR networks.

Use Cisco Firepower with Intrusion Policy and snort rules blocking SMB exploitation.

Question 40

A customer wants to provide wireless access to contractors using a guest portal on Cisco ISE. The portal Is also used by employees A solution is implemented, but contractors receive a certificate error when they attempt to access the portal Employees can access the portal without any errors. Which change must be implemented to allow the contractors and employees to access the portal?

Options:

Install a trusted third-party certificate on the Cisco ISE.

Install an Internal CA signed certificate on the contractor devices

Install an internal CA signed certificate on the Cisco ISE

install a trusted third-party certificate on the contractor devices.

Question 41

Which function does a fabric edge node perform in an SD-Access deployment?

Options:

Connects the SD-Access fabric to another fabric or external Layer 3 networks

Connects endpoints to the fabric and forwards their traffic

Provides reachability border nodes in the fabric underlay

Encapsulates end-user data traffic into LISP.

Question 42

When are multicast RPs required?

Options:

RPs are required only when using protocol independent multicast dense mode.

By default, the RP is needed penodically to maintain sessions with sources and receivers.

RPs are required for protocol Independent multicast sparse mode and dense mode.

By default, the RP Is needed only start new sessions with sources and receivers.

Question 43

Refer to the exhibit. Router BRDR-1 is configured to receive the 0.0.0.0/0 and 172.17.1.0/24 network via BGP and advertise them into OSPF are 0. An engineer has noticed that the OSPF domain is receiving only the 172.17.1.0/24 route and default route 0.0.0.0/0 is still missing. Which configurating must engineer apply to resolve the problem?

Options:

Option A

Option B

Option C

Option D

Question 44

Drag and drop the characteristics from the left onto the routing protocols they describe on the right

Options:

Question 45

Refer to the exhibit.

An engineer is designing a guest portal on Cisco ISE using the default configuration. During the testing phase, the engineer receives a warning when displaying the guest portal. Which issue is occurring?

Options:

The server that is providing the portal has an expired certificate

The server that is providing the portal has a self-signed certificate

The connection is using an unsupported protocol

The connection is using an unsupported browser

Question 46

How cloud deployments differ from on-prem deployments?

Options:

Cloud deployments require longer implementation times than on-premises deployments

Cloud deployments are more customizable than on-premises deployments.

Cloud deployments require less frequent upgrades than on-premises deployments.

Cloud deployments have lower upfront costs than on-premises deployments.

Question 47

Which method is used by an AP to join HA controllers and is configured in NVRAM?

Options:

stored WLC information

DNS

IP Helper Addresses

Primary/Secondary/Tertiary/Backup

Question 48

Which technology uses network traffic telemetry, contextual information, and file reputation to provide insight into cyber threats?

Options:

threat defense

security services

security intelligence

segmentation

Question 49

Refer to the exhibit.

An engineer attempts to establish BGP peering between router CORP and two ISP routers. What is the root cause for the failure between CORP and ISP#2?

Options:

Router ISP#2 is configured to use SHA-1 authentication.

There is a password mismatch between router CORP and router ISP#2.

Router CORP is configured with an extended access control list.

MD5 authorization is configured incorrectly on router ISP#2.

Question 50

Which technology is used as the basis for the cisco sd-access data plane?

Options:

IPsec

LISP

VXLAN

802.1Q

Question 51

An engineer configures GigabitEthernet 0/1 for VRRP group 115. The router must assume the primary role when it has the highest priority in the group. Which command set is required to complete this task?

Options:

Option A

Option B

Option C

Option D

Question 52

Refer to the exhibit.

An engineer must create a configuration that prevents R3from receiving the LSA about 172.16.1.4/32.Which configuration set achieves this goal?

Options:

Option A

Option B

Option C

Option D

Question 53

Drag and drop the characteristics from the left onto the infrastructure deployment models on the right.

Options:

Question 54

A network engineer is enabling HTTPS access to the core switch, which requires a certificate to be installed on the switch signed by the corporate certificate authority Which configuration commands are required to issue a certificate signing request from the core switch?

Options:

Option A

Option B

Option C

Option D

Question 55

An engineer is configuring a GRE tunnel interface in the default mode. The engineer has assigned an IPv4 address on the tunnel and sourced the tunnel from an Ethernet interface. Which option also is required on the tunnel interface before it is operational?

Options:

(config-if)#tunnel destination

(config-if)#keepalive

(config-if)#ip mtu

(config-if)#ip tcp adjust-mss

Question 56

In which two ways does TCAM differ from CAM? (Choose two.)

Options:

CAM is used to make Layer 2 forwarding decisions, and TCAM is used for Layer 3 address lookups.

The MAC address table is contained in CAM, and ACL and QoS Information Is stored in TCAM.

CAM Is used by routers for IP address lookups, and TCAM is used to make Layer 2 forwarding decisions.

CAM is used for software switching mechanisms, and TCAM is used for hardware switching mechanisms.

The MAC address table Is contained in TCAM, and ACL and QoS information is stored in CAM.

Question 57

A network engineer must configure a router to send logging messages to a syslog server based on these requirements:

uses syslog IP address: 10.10.10.1
uses a reliable protocol
must not use any well-known TCP/UDP ports

Which configuration must be used?

Options:

logging host 10.10.10.1 transport tcp port 1024

logging origin-id 10.10.10.1

logging host 10.10.10.1 transport udp port 1023

logging host 10.10.10.1 transport udp port 1024

Question 58

Refer to the exhibit.

An engineer must configure static NAT on R1 lo allow users HTTP access to the web server on TCP port 80. The web server must be reachable through ISP 1 and ISP 2. Which command set should be applied to R1 to fulfill these requirements?

Options:

ip nat inside source static tcp 10.1.1.100 80 209.165.200.225 80 extendable

ip nat inside source static tcp 10.1.1.100 80 209.165.201.1 80 extendable

ip nat inside source static tcp 10.1.1.100 80 209.165.200.225 80

ip nat inside source static tcp 10.1.1.100 80 209.165.201.1 80

ip nat inside source static tcp 10.1.1.100 80 209.165.200.225 80

ip nat inside source static tcp 10.1.1.100 8080 209.165.201.1 8080

ip nat inside source static tcp 10.1.1.100 80 209.165.200.225 80 no-alias

ip nat inside source static tcp 10.1.1.100 80 209.165.201.1 80 no-alias

Question 59

Which NGFW mode block flows crossing the firewall?

Options:

Passive

Tap

Inline tap

Inline

Question 60

An engineer must create an EEM applet that sends a syslog message in the event a change happens in the network due to trouble with an OSPF process. Which action should the engineer use?

Options:

action 1 syslog msg "OSPF ROUTING ERROR"

action 1 syslog send "OSPF ROUTING ERROR"

action 1 syslog pattern "OSPF ROUTING ERROR"

action 1syslog write "OSPF ROUTING ERROR"

Question 61

The login method is configured on the VTY lines of a router with these parameters

The first method for authentication it TACACS
If TACACS is unavailable login is allowed without any provided credentials

Which configuration accomplishes this task?

Options:

Option A

Option B

Option C

Option D

Question 62

Refer to the exhibit.

An engineer configures OSPF and wants to verify the configuration Which configuration is applied to this device?

Options:

Option A

Option B

Option C

Option D

Question 63

Refer to the exhibit.

An engineer must establish eBGP peering between router R3 and router R4. Both routers should use their loopback interfaces as the BGP router ID. Which configuration set accomplishes this task?

Options:

R3(config)#router bgp 200

R3(config-router)#neighbor 10.4.4.4 remote-as 100

R3(config-router)# neighbor 10.4.4.4 update-source Loopback0

R4(config)#router bgp 100

R4(config-router)#neighbor 10.3.3.3 remote-as 200

R4(config-router)#network 10.3.3.3 update-source Loopback0

R3(config)#router bgp 200

R3(config-router)#neighbor 10.24.24.4 remote-as 100

R3(config-router)#neighbor 10.24.24.4 update-source Loopback0

R4(config)#router bgp 100

R4(config-router)#neighbor 10.24.24.3 remote-as 200

R4(config-router)#neighbor 10.24.24.3 update-source Loopback0

R3(config)#router bgp 200

R3(config-router)#neighbor 10.4.4.4 remote-as 100

R3(config-router)#bgp router-id 10.3.3.3

R4(config)#router bgp 100

R4(config-router)#neighbor 10.3.3.3 remote-as 200

R4(config-router)#bgp router-id 10.4.4.4

R3(config)#router bgp 200

R3(config-router)#neighbor 10.24.24.4 remote-as 100

R3(config-router)#bgp router-id 10.3.3.3

R4(config)#router bgp 100

R4(config-router)#neighbor 10.24.24.3 remote-as 200

R4(config-router)#bgp router-id 10.4.4.4

Question 64

Drag and drop the snippets onto the blanks within the code to construct a script that advertises the network prefix 192.168.5.0/24 into a BGP session. Not all options are used

Options:

Question 65

How does Cisco Express Forwarding switching differ from process switching on Cisco devices?

Options:

Cisco Express Forwarding switching uses adjacency tables built by the CDP protocol, and process switching uses the routing table.

Cisco Express Forwarding switching uses dedicated hardware processors, and process switching uses the main processor.

Cisco Express Forwarding swithing saves memory by storing adjacency tables in dedicated memory on the line cards, and process switching stores all tables in the main memory.

Cisco Express Forwarding switching uses a proprietary protocol based on IS-IS for MAC address lookup, and process switching uses the MAC address table.

Question 66

In lhe Cisco DNA Center Image Repository, what is a golden image?

Options:

The latest software image that is available for a specific device type

The Cisco recommended software image for a specific device type.

A software image that is compatible with multiple device types.

A software image that meets the compliance requirements of the organization.

Question 67

Refer to the exhibit.

The OSPF neighborship fails between two routers. What is the cause of this issue?

Options:

The OSPF router ID is missing on this router.

The OSPF process is stopped on the neighbor router.

There is an MTU mismatch between the two routers.

The OSPF router ID is missing on the neighbor router.

Question 68

Refer to the exhibit. An engineer must configure an ERSPAN tunnel that mirrors traffic from linux1 on Switch1 to Linux2 on Switch2. Which command must be added to the destination configuration to enable the ERSPAN tunnel?

Options:

(config-mon-erspan-dst-src)# origin ip address 172.16.10.10

(config-mon-erspan-dst-src)# erspan-id 172.16.10.10

(config-mon-erspan-dst-src)# no shut

(config-mon-erspan-dst-src)# erspan-id 110

Question 69

What is stateful switchover?

Options:

mechanism used to prevent routing protocol loops during an RP switchover

mechanism to take control from a failed RP while maintaining connectivity

First Hop Redundancy Protocol for host gateway connectivity

cluster protocol used to facilitate switch faitover

Question 70

Refer to the exhibit. What is the cause of the communication failure between R1 and R4?

Options:

R1 is configured with the no ip unreachables command.

R2 is denying ICMP

R4 is denying ICMP.

R3 is denying ICMP.

Question 71

Which configuration restricts the amount of SSH traffic that a router accepts to 100 kbps?

Options:

Option A

Option B

Option C

Option D

Question 72

Refer to the exhibit. Clients report that they cannot connect to this SSID using the provided PSK. Which action will resolve this issue?

Options:

Apply the correct interface to this WLAN.

Apply the changes this SSID.

Select the PSK under authentication key management.

Define the correct Radio Policy.

Question 73

A customer has 20 stores located throughout a city. Each store has a single Cisco access point managed by a central WLC. The customer wants to gather analysis for users in each store. Which technique supports these requirements?

Options:

angle of arrival

hyperlocation

trilateration

presence

Question 74

Refer to the exhibit Users cannot reach the web server at 192.168 100 1. What is the root cause for the failure?

Options:

The server is attempting to load balance between links 10.100 100.1 and 10 100.200.1.

The server is out of service.

There is a loop in the path to the server.

The gateway cannot translate the server domain name.

Question 75

Which configuration enables a device to be configured via NETCONF over SSHv2?

Options:

Option A

Option B

Option C

Option D

Question 76

What is one method for achieving REST API security?

Options:

using built-in protocols known as Web Services Security

using a combination of XML encryption and XML signatures

using a MD5 hash to verify the integrity

using HTTPS and TLS encryption

Question 77

A customer has a pair of Cisco 5520 WLCs set up in an SSO cluster to manage all APs. Guest traffic is anchored to a Cisco 3504 WLC located in a DMZ. Which action is needed to ensure that the EolP tunnel remains in an UP state in the event of failover on the SSO cluster?

Options:

Configure back-to-back connectivity on the RP ports.

Enable default gateway reachability check.

Use the same mobility domain on all WLCs.

Use the mobility MAC when the mobility peer is configured.

Question 78

A network administrator for a small office is adding a passive IDS to its network switch for the purpose of inspecting network traffic. Which of the following should the administrator use?

Options:

SNMPtrap

Port mirroring

Syslog collection

API integration

Question 79

By default, which virtual MAC address does HSRP group 12 use?

Options:

00 5e0c:07:ac:12

05:44:33:83:68:6c

00:00:0c:07:ac:0c

00:05:5e:00:0c:12

Question 80

What is an advantage of utilizing data models in a multivendor environment?

Options:

lowering CPU load incurred to managed devices

improving communication security with binary encoded protocols

facilitating a unified approach to configuration and management

removing the distinction between configuration and runtime state data

Question 81

Refer to the exhibit. Which configuration is required to summarize the Area 2 networks that are advertised to Area 0?

Options:

Option A

Option B

Option C

Option D

Question 82

What is the function of the fabric control plane node in a Cisco SD-Access deployment?

Options:

It is responsible for policy application and network segmentation in the fabric

It performs traffic encapsulation and security profiles enforcement in the fabric

It holds a comprehensive database that tracks endpoints and networks in the fabric

It provides integration with legacy nonfabric-enabled environments

Question 83

Refer to the exhibit.

An engineer deploys a script to retrieve the running configuration from a NETCONF-capable Cisco IOS XE device that is configured with default settings. The script fails. Which configuration must be applied to retrieve the configurauon using NETCONF?

Options:

Print (netconf_host.get_config('show running'!)

hostkey_verify=True,

device_params={name':'ios-xe'})

port=830

Question 84

What is a characteristics of Cisco SD-WAN?

Options:

operates over DTLS/TLS authenticated and secured tunnels

requires manual secure tunnel configuration

uses unique per-device feature templates

uses control connections between routers

Question 85

When a DNS host record is configured for a new Cisco AireOS WLC, which hostname must be added to allow APs to successfully discover the WLC?

Options:

CONTROLLER-CAPWAP-CISCO

CISCO-CONTROLLER-CAPWAP

CAPWAP-CISCO-CONTROLLER

CISCO-CAPWAP-CONTROLLER

Question 86

An engineer is configuring RADIUS-Based Authentication with EAP. MS-CHAPv2 is configured on a client device. Which outer method protocol must be configured on the ISE to support this authentication type?

Options:

EAP-TLS

EAP-FAST

LDAP

PEAP

Question 87

Refer to the exhibit. Cisco IOS routers R1 and R2 are interconnected using interface Gi0/0. Which configuration allows R1 and R2 to form an OSPF neighborship on interface Gi0/0?

Options:

Option A

Option B

Option C

Option D

Question 88

An engineer is configuring RADIUS-Based Authentication with EAP MS-CHAPv2 is configured on a client device.

Which outer method protocol must be configured on the ISE to support this

authentication type?

Options:

EAP-TLS

PEAP

LDAP

EAP-FAST

Question 89

Which LISP component decapsulates messages and forwards them to the map server responsible for the egress tunnel routers?

Options:

Ingress Tunnel Router

Map Resolver

Proxy ETR

Router Locator

Question 90

A switch is attached to router R1 on its gig 0/0 interface. Fort security reasons, you want to prevent R1 from sending OSPF hellos to the switch. Which command should be enabled to accomplish this?

Options:

R1(config-router)#ip ospf hello disable

R1(config-router)#ip ospf hello-interval 0

R1(config)#passive-interface Gig 0/0

R1(config-router)#passive-interface Gig 0/0

Question 91

Refer to the exhibit. A network engineer configures NAT on R1 and enters me show command to verity me configuration What toes the output confirm?

Options:

The first pocket triggered NAT to add an entry to the NAT table

R1 is configured with NAT overload parameters.

A Telnet session from 160.1.1.1 to 10.1.1.10 has been initiated.

R1 a configured win PAT overload parameters

Question 92

Drag and drop the characteristics from the left onto the orchestration tool classifications on the right.

Options:

Question 93

How does a Type 1 hypervisor function?

Options:

It runs directly on a physical server and depends on a previously installed operating system.

It runs directly on a physical server and includes its own operating system.

It runs on a virtual server and depends on a previously installed operating systems

It runs on a virtual server and includes its own operating system.

Question 94

Which two new security capabilities are introduced by using a next-generation firewall at the Internet edge? (Choose two.)

Options:

DVPN

NAT

stateful packet inspection

application-level inspection

integrated intrusion prevention

Question 95

Which of the following attacks becomes more effective because of global leakages of users' passwords?

Options:

Dictionary

Brute-force

Phishing

Deauthentication

Question 96

Drag and drop the code snippets from the bottom onto the blanks in the script to convert a Python object into a JSON string. Not all options are used.

Options:

Question 97

Which TLV value must be added to Option 43 when DHCP is used to ensure that APs join the WLC?

Options:

0x77

AAA

0xf1

642

Question 98

Refer to the exhibit. An engineer must protect the CPU of the router from high rates of NTP, SNMP, and SSH traffic. Which two configurations must be applied to drop these types of traffic when it continuously exceeds 320 kbps? (Choose two)

Options:

Option A

Option B

Option C

Option D

Option E

Question 99

Drag and drop the characteristics from the left onto the deployment model on the right.

Options:

Question 100

Which device, in a LISP routing architecture, receives and de-encapsulates LISP traffic for endpoints within a LISP-capable site?

Options:

ETR

OMS

ITR

Question 101

Which function does a Cisco SD-Access extended node perform?

Options:

provides fabric extension to nonfabric devices through remote registration and configuration

performs tunneling between fabric and nonfabric devices to route traffic over unknown networks

used to extend the fabric connecting to downstream nonfabric enabled Layer 2 switches

in charge of establishing Layer 3 adjacencies with nonfabric unmanaged node

Question 102

Refer to the exhibit.

An LACP port channel is configured between Switch-1 and Switch-2, but It falls to come up. Which action will resolve the issue?

Options:

Configure Switch-1 with channel-group mode active

Configure Switch-2 with channel-group mode desirable.

Configure Switch-1 with channel-group mode on.

Configure SwKch-2 with channel-group mode auto

Question 103

What is one role of the VTEP in a VXLAN environment?

Options:

to forward packets to non-LISP sites

to encapsulate the tunnel

to maintain VLAN configuration consistency

to provide EID-to-RLOC mapping

Question 104

Drag and drop the characteristics from the left onto the switching architectures on the right.

Options:

Question 105

Refer to the exhibit.

Only administrators from the subnet 10.10.10.0/24 are permitted to have access to the router. A secure protocol must be used for the remote access and management of the router instead of clear-text protocols. Which configuration achieves this goal?

Options:

Option A

Option B

Option C

Option D

Question 106

What does the statement print(format(0.8, '.0%')) display?

Options:

80%

.08%

8.8%

Question 107

What are two characteristics of Cisco SD-Access elements? (Choose two.)

Options:

The border node is required for communication between fabric and nonfabric devices.

Traffic within the fabric always goes through the control plane node.

Fabric endpoints are connected directly to the border node.

The control plane node has the full RLOC-to-EID mapping database.

The border node has the full RLOC-to-EID mapping database.

Question 108

In which way are EIGRP and OSPF similar?

Options:

They both support unequal-cost load balancing

They both support MD5 authentication for routing updates.

They nave similar CPU usage, scalability, and network convergence times.

They both support autosummarization

Question 109

When a wired client connects to an edge switch in a Cisco SD-Access fabric, which component decides whether the client has access to the network?

Options:

control-plane node

edge node

Identity services Engine

RADIUS server

Question 110

Based on the router's API output In JSON format below, which Python code will display the value of the 'role' key?

Options:

Option A

Option B

Option C

Option D

Question 111

Refer to the exhibit.

An engineer configures a new WLAN that will be used for secure communications; however, wireless clients report that they are able to communicate with each other. Which action resolves this issue?

Options:

Enable Client Exclusions.

Disable Aironet IE

Enable Wi-Fi Direct Client Policy

Enable P2P Blocking.

Question 112

What is a characteristics of traffic shaping?

Options:

can be applied in both traffic direction

queues out-of-profile packets until the buffer is full

drops out-of-profile packets

causes TCP retransmits when packet are dropped

Question 113

A network administrator is preparing a Python scrip to configure a Cisco IOS XE-based device on the network. The administrator is worried that colleagues will make changes to the device while the script is running. Which operation of he in client manager prevent colleague making changes to the device while the scrip is running?

Options:

m.lock(config=’running’)

m.lock(target=’running’)

m.freeze(target=’running’)

m.freeze(config=’running’)

Question 114

the following system log message is presented after a network administrator configures a GRE tunnel:

%TUN-5-RECURDOWN Interface Tunnel 0 temporarily disabled due to recursive routing

Why is tunnel 0 disabled?

Options:

Because dynamic routing is not enabled

Because the tunnel cannot reach its tunnel destination

Because the best path to the tunnel destination is through the tunnel itself

Because the router cannot recursively identify its egress forwarding interface

Question 115

Drag and drop the LISP components on the left to the correct description on the right.

Options:

Question 116

An engineer must configure GigabitEthernet 0/0 for VRRP group 65. The rouler must assume the primary rote when it has the highest priority in the group. Which command set must be applied?

Options:

Option A

Option B

Option C

Option D

Question 117

Refer to Ihe exhibit. An engineer must update the existing configuation to achieve these resu ts:

• Only administrators from the 192.168 1.0.'?4 subnet can access the vty lines.

* Access to the vty lines using clear-text protocols is prohibited.

Which command set should be appled?

Options:

Option A

Option B

Option C

Option D

Answer:

Explanation:

Option B is the correct command set to update the existing configuration to achieve the desired results. The configuration steps are as follows12:

Define a standard access list that permits only the administrators from the 192.168.1.0/24 subnet to access the vty lines. In this case, the access list is named ADMIN and it allows any host with an IP address in the range of 192.168.1.1 to 192.168.1.254 to access the vty lines: ip access-list standard ADMIN and permit 192.168.1.0 0.0.0.255.
Apply the access list to the vty lines using the access-class command. This command restricts incoming and outgoing connections between a particular vty and the addresses in the access list. In this case, the access list ADMIN is applied to the vty lines 0 to 15 in the inbound direction, which means that only the hosts that match the access list can initiate a connection to the vty lines: line vty 0 15 and access-class ADMIN in.
Disable the clear-text protocols such as Telnet for the vty lines using the transport input command. This command specifies which protocols are allowed for incoming connections. In this case, only SSH is allowed for the vty lines, which is a secure protocol that encrypts the data between the client and the server: transport input ssh.

Option A is incorrect because it does not apply the access list to the vty lines, which is required to restrict the access to the administrators from the 192.168.1.0/24 subnet. Without the access-class command, any host can attempt to connect to the vty lines12.

Option C is incorrect because it does not disable the clear-text protocols for the vty lines, which is required to prohibit the access to the vty lines using unsecure protocols. Without the transport input ssh command, both Telnet and SSH are allowed for the vty lines by default12.

Option D is incorrect because it uses an extended access list instead of a standard access list, which is not recommended for controlling access to the vty lines. An extended access list requires more configuration and processing than a standard access list, and it cannot be applied directly to the vty lines. It has to be applied to each interface that can be used to access the vty lines, which increases the complexity and the possibility of errors12. References: 1: Controlling Access to a Virtual Terminal Line, 2: Configuring Secure Shell

Question 118

Which JSON script is properly formatted?

Options:

Option A

Option B

Option C

Option D

Question 119

A firewall address of 192 166.1.101 can be pinged from a router but, when running a traceroute to It, this output is received

What is the cause of this issue?

Options:

The firewall blocks ICMP traceroute traffic.

The firewall rule that allows ICMP traffic does not function correctly

The firewall blocks ICMP traffic.

The firewall blocks UDP traffic

Question 120

Company policy restricts VLAN 10 to be allowed only on SW1 and SW2. All other VLANs can be on all three switches. An administrator has noticed that VLAN 10 has propagated to SW3. Which configuration corrects the issue?

Options:

SW1(config)#intgi1/1

SW1(config)#switchport trunk allowed vlan 1-9,11-4094

SW2(config)#intgi1/2

SW2(config)#switchport trunk allowed vlan 10

SW2(config)#int gi1/2

SW2(config)#switchport trunk allowed vlan 1-9,11-4094

SWl(config)#intgi1/1

SW1(config)#switchport trunk allowed vlan 10

Question 121

How does Protocol Independent Multicast function?

Options:

In sparse mode, it establishes neighbor adjacencies and sends hello messages at 5-second intervals.

It uses the multicast routing table to perform the multicast forwarding function.

It uses unicast routing information to perform the multicast forwarding function.

It uses broadcast routing information to perform the multicast forwarding function.

Question 122

Refer to the exhibit. An engineer must allow the FTP traffic from users on 172.16.1.0 /24 to 172.16.2.0 /24 and block all other traffic. Which configuration must be applied?

Options:

Option A

Option B

Option C

Option D

Question 123

What is a characteristics of VXLAN?

Options:

It extends Layer 2 and Layer 3 overlay networks over a Layer 2 underlay.

It has a 12-byt packet header.

It frame encapsulation is performed by MAC-In-UDP

It uses TCP for transport

Question 124

Refer to the exhibit.

Which two commands ensure that DSW1 becomes root bridge for VLAN 10 and 20?

Options:

spanning-tree mst 1 priority 1

spanning-tree mst 1 root primary

spanning-tree mstp vlan 10,20 root primary

spanning-tree mst vlan 10,20 priority root

spanning-tree mst 1 priority 4096

Question 125

Refer to the exhibit. Which two commands ensure that DSW1 becomes root bridge for VLAN 10? (Choose two)

Options:

DSW1(config)#spanning-tree vlan 10 priority 4096 Most Voted

DSW1(config)#spanning-tree vlan 10 priority root

DSW2(config)#spanning-tree vlan 10 priority 61440 Most Voted

DSW1(config)#spanning-tree vlan 10 port-priority 0

DSW2(config)#spanning-tree vlan 20 priority 0

Question 126

Which of the following should a junior security administrator recommend implementing to mitigate malicious network activity?

Options:

Intrusion prevention system

Load balancer

Access logging

Endpoint encryption

Question 127

What does the destination MAC on the outer MAC header identify in a VXLAN packet?

Options:

thee emote spine

the next hop

the leaf switch

the remote switch

Question 128

Which two results occur if Cisco DNA Center loses connectivity to devices in the SD-Access fabric? (Choose two)

Options:

Cisco DNA Center is unable to collect monitoring data in Assurance.

All devices reload after detecting loss of connection to Cisco DNA Center.

Already connected users are unaffected, but new users cannot connect

Users lose connectivity.

User connectivity is unaffected.

Question 129

Drag and drop the Cisco SD-Access solution areas from the left onto the protocols they use on the right.

Options:

Question 130

An engineer must configure a router to leak routes between two VRFs Which configuration must the engineer apply?

Options:

Option A

Option B

Option C

Option D

Question 131

Options:

S2 is configured as LACP. Change the channel group mode to passive

S2 is configured with PAgP. Change the channel group mode to active.

S1 is configured with LACP. Change the channel group mode to on

S1 is configured as PAgP. Change the channel group mode to desirable

Question 132

Refer io me exhibit.

An engineer configures the trunk and proceeds to configure an ESPAN session to monitor VLANs10. 20. and 30. Which command must be added to complete this configuration?

Options:

Device(config.mon.erspan.stc)# no filter vlan 30

Devic(config.mon.erspan.src-dst)# no vrf 1

Devic(config.mon.erspan.src-dst)# erspan id 6

Device(config.mon-erspan.Src-dst)# mtu 1460

Question 133

Refer the exhibit.

Which configuration elects SW4 as the root bridge for VLAN 1 and puts G0/2 on SW2 into a blocking state?

Options:

Option

Question 134

What is the API keys option for REST API authentication?

Options:

a predetermined string that is passed from client to server

a one-time encrypted token

a username that is stored in the local router database

a credential that is transmitted unencrypted

Question 135

Refer to the exhibit.

After configuring the BGP network, an engineer verifies that the path between Servers and Server2 Is functional. Why did RouterSF choose the route from RouterDAL instead of the route from RouterCHI?

Options:

The Router-ID Tor Router DAL is lower than the Roter-ID for RouterCHI.

The route from RouterOAL has a lower MED.

BGP is not running on RouterCHI.

There is a static route in RouterSF for 10.0.0.0/24.

Question 136

A system must validate access rights to all its resources and must not rely on a cached permission matrix. If the access level to a given resource is revoked but is not reflected in the permission matrix, the security is violated. Which term refers to this REST security design principle?

Options:

economy of mechanism

complete mediation

separation of privilege

least common mechanism

Question 137

Which configuration creates a CoPP policy that provides unlimited SSH access from dient 10.0.0.5 and denies access from all other SSH clients'?

Options:

Option A

Option B

Option C

Option D

Question 138

What Is the difference between the MAC address table and TCAM?

Options:

The MAC address table supports partial matches. TCAM requires an exact match.

The MAC address table is contained in TCAM ACL and QoS information is stored in CAM.

Router prefix lookups happen in TCAM. MAC address table lookups happen In CAM.

TCAM is used to make L2 forwarding decisions. CAM is used to build routing tables

Question 139

Which two Cisco SD-WAN components exchange OMP information?

Options:

vAnaiytlcs

vSmart

WAN Edge

vBond

vManage

Question 140

Which VXLAN component is used to encapsulate and decapsulate Ethernet frames?

Options:

VNI

GRE

VTEP

EVPN

Question 141

Which Python snippet should be used to store the devices data structure in a JSON file?

Options:

Option A

Option B

Option C

Option D

Question 142

By default, which virtual MAC address does HSRP group 14 use?

Options:

04.16.19.09.4c.0e

00:05:5e:19:0c:14

00:05:0c:07:ac:14

00:00:0c:07:ac:0e

Question 143

Which method displays text directly into the active console with a synchronous EEM applet policy?

Options:

event manager applet boom

event syslog pattern 'UP'

action 1.0 gets 'logging directly to console'

event manager applet boom

event syslog pattern 'UP'

action 1.0 syslog priority direct msg 'log directly to console'

event manager applet boom

event syslog pattern 'UP'

action 1.0 puts 'logging directly to console'

event manager applet boom

event syslog pattern 'UP'

action 1.0 string 'logging directly to console'

Question 144

An engineer must configure an EXEC authorization list that first checks a AAA server then a local username. If both methods fail, the user is denied. Which configuration should be applied?

Options:

aaa authorization exec default local group tacacs+

aaa authorization exec default local group radius none

aaa authorization exec default group radius local none

aaa authorization exec default group radius local

Question 145

An engineer is configuring Local WebAuth on a Cisco Wireless LAN Controller. According to RFC 5737, WHICH VIRTUAL IP address must be used in this configuration?

Options:

192.0.2.1

172.20.10.1

1.1.1.1

192.168.0.1

Question 146

A network engineer is configuring OSPF on a router. The engineer wants to prevent having a route to 177.16.0.0/16 learned via OSPF. In the routing table and configures a prefix list using the command ip prefix-list OFFICE seq S deny 172.16.0.0/16. Winch two identical configuration commands must be applied to accomplish the goal? (Choose two.)

Options:

distribute-list prefix OFFICE in under the OSPF process

Ip prefix-list OFFICE seq 10 permit 0.0.0.0/0 Ie 32

ip prefix-list OFFICE seq 10 permit 0.0.0.0/0 ge 32

distribute-list OFFICE out under the OSPF process

distribute-list OFFICE in under the OSPF process

Question 147

What is the recommended minimum SNR for data applications on wireless networks?

Options:

Question 148

If the maximum power level assignment for global TPC 802.11a/n/ac is configured to 10 dBm, which power level effectively doubles the transmit power?

Options:

13dBm

14 dBm

17dBm

20 dBm

Question 149

Refer to the exhibit. Which python code parses the response and prints “18:32:21.474 UTC sun Mar 10 2019?

Options:

print(response['resut'][0||'simple_time']}

print(response[result']['body']['simple_time']}

print(response['body']['simple_time']}

print(response[jresult']['body']['simple_time']}

Question 150

Refer to the exhibit.

An engineer entered the command no spanning-tree bpduguard enable on interface Fa 1/0/7. What is the effect of this command on Fa 1/0/7?

Options:

It remains in err-disabled state until the shutdown/no shutdown command is entered in the interface configuration mode.

It remains in err-disabled state until the errdisable recovery cause failed-port-state command is entered in the global configuration mode.

It remains in err-disabled state until the no shutdown command is entered in the interface configuration mode.

It remains in err-disabled state until the spanning-tree portfast bpduguard disable command is entered in the interface configuration mode.

Question 151

Refer to the exhibit.

What are two effect of this configuration? (Choose two.)

Options:

Inside source addresses are translated to the 209.165.201.0/27 subnet.

It establishes a one-to-one NAT translation.

The 10.1.1.0/27 subnet is assigned as the inside global address range.

The 209.165.201.0/27 subnet is assigned as the outside local address range.

The 10.1.1.0/27 subnet is assigned as the inside local addresses.

Question 152

A large campus network has deployed two wireless LAN controllers to manage the wireless network. WLC1 and WLC2 have been configured as mobility peers. A client device roams from AP1 on WLC1 to AP2 on WLC2, but the controller's client interfaces are on different VLANs. How do the wireless LAN controllers handle the inter-subnet roaming?

Options:

WLC1 marks me diem with an anchor entry In Its own database. The database entry is copied to the new controller and marked with a foreign entry on VVLC2.

WLC2 marks the client with an anchor entry In Its own database. The database entry Is copied to the new controller and marked with a foreign entry on WLC1

WLCl marks the client with a foreign entry in its own database. The database entry is copied to the new controller and marked with an anchor entry on WLC2.

WLC2 marks the client with a foreign entry In its own database. The database entry Is copied to the new controller and marked with an anchor entry on WLC1.

Question 153

Refer to the exhibit.

R1 is able to ping the R3 fa0/1 Interface. Why do the extended pings fail?

Options:

The DF bit has been set

The maximum packet size accepted by the command is 147G bytes

R2 and R3 do not have an OSPF adjacency

R3 is missing a return route to 10.99.69.0/30

Question 154

Refer to the exhibit. Which configuration must be implemented to establish EBGP peering between R1 and R2?

Options:

Option A

Option B

Option C

Option D

Question 155

Which protocol is implemented to establish secure control plane adjacencies between Cisco SD-WAN nodes?

Options:

IKF

TLS

IPsec

ESP

Question 156

A Cisco DNA Center REST API sends a PUT to the /dna/intent/api/v1/network-device endpoint A response code of 504 is received What does the code indicate?

Options:

The response timed out based on a configured interval

The user does not have authorization to access this endpoint.

The username and password are not correct

The web server is not available

Question 157

what is a benefit of using a Type 2 hypervisor instead of a Type 1 hypervisor?

Options:

better application performance

Improved security because the underlying OS is eliminated

Improved density and scalability

ability to operate on hardware that is running other OSs

Question 158

Drag and drop the automation characteristics from the left onto the appropriate tools on the right.

Options:

Question 159

Drag and drop the characteristics from the left onto the orchestration tools that they describe on the right.

Options:

Question 160

Which protocol is responsible for data plane forwarding in a Cisco SD-Access deployment?

Options:

VXLAN

IS-IS

OSPF

LISP

Question 161

Refer to the exhibit.

How should the script be completed so that each device configuration is saved into a JSON-formatted file under the device name?

Options:

Option

Question 162

Which Cisco FlexConnect state allows wireless users that are connected to the network to continue working after the connection to the WLC has been lost?

Options:

Authentication Down/Switching Down

Authentication-Central/Switch-Local

Authentication- Down/Switch-Local

Authentication-Central/Switch-Central

Answer:

Explanation:

Operation Modes

There are two modes of operation for the FlexConnect AP.

Connected mode: The WLC is reachable. In this mode the FlexConnect AP has CAPWAP connectivity with its WLC.
Standalone mode: The WLC is unreachable. The FlexConnect has lost or failed to establish CAPWAP connectivity with its WLC. A WAN-link outage between a branch and its central site is a example of such a mode of operation.

FlexConnect States

A FlexConnect WLAN, depending on its configuration and network connectivity, is classified as being in one of the following defined states.

Authentication-Central/Switch-Central: This state represents a WLAN that uses a centralized authentication method such as 802.1X, VPN, or web. User traffic is sent to the WLC via CAPWAP (Central switching). This state is supported only when FlexConnect is in connected mode.
Authentication Down/Switching Down: Central switched WLANs no longer beacon or respond to probe requests when the FlexConnect AP is in standalone mode. Existing clients are disassociated.
Authentication-Central/Switch-Local: This state represents a WLAN that uses centralized authentication, but user traffic is switched locally. This state is supported only when the FlexConnect AP is in connected mode.
Authentication-Down/Switch-Local: A WLAN that requires central authentication rejects new users. Existing authenticated users continue to be switched locally until session time-out if configured. The WLAN continues to beacon and respond to probes until there are no more existing users associated to the WLAN. This state occurs as a result of the AP going into standalone mode.
Authentication-local/switch-local: This state represents a WLAN that uses open, static WEP, shared, or WPA2 PSK security methods. User traffic is switched locally. These are the only security methods supported locally if a FlexConnect goes into standalone mode. The WLAN continues to beacon and respond to probes. Existing users remain connected and new user associations are accepted. If the AP is in connected mode, authentication information for these security types is forwarded to the WLC.

Question 163

What is an OVF?

Options:

a package that is similar to an IMG and that contains an OVA file used to build a virtual machine

an alternative form of an ISO that Is used to install the base operating system of a virtual machine

the third step in a P2V migration

a package of files that is used to describe a virtual machine or virtual appliance

Question 164

Refer to the exhibit. Which command set must be added to permit and log all traffic that comes from 172.20.10.1 in interface GigabitEthernet0/1 without impacting the functionality of the access list?

Options:

Option A

Option B

Option C

Option D

Question 165

An engineer must configure a new loopback Interface on a router and advertise the interface as a fa4 in OSPF. Which command set accomplishes this task?

Options:

Option A

Option B

Option C

Option D

Question 166

Refer to the exhibit. Which EEM script generates a critical-level syslog message and saves a copy of the running configuration to the bootflash when an administrator saves the running configuration to the startup configuration?

Options:

Option A

Option B

Option C

Option D

Question 167

Refer to the exhibit.

Which command set must be applied on R1 to establish a BGP neighborship with R2 and to allow communication from R1 to reach the networks?

Options:

Option A

Option B

Option C

Option D

Question 168

Refer to the exhibit. What is achieved by this code?

Options:

It unshuts the loopback interface

It renames the loopback interface

It deletes the loopback interface

It displays the loopback interface

Question 169

Refer to the exhibit. A network administrator configured RSPAN to troubleshoot an issue between switch1 and switch2. The switches are connected using interface GigabitEthernet 1/1. An external packet capture device is connected is switch2 interface GigabitEthernet 1/2. Which two commands must be added to complete this configuration? (Choose two)

Options:

Option A

Option B

Option C

Option D

Option E

Question 170

What does the number in an NTP stratum level represent?

Options:

The number of hops it takes to reach the master time server.

The number of hops it takes to reach the authoritative time source.

The amount of offset between the device clock and true time.

The amount of drift between the device clock and true time.

Question 171

Refer to the exhibit.

A network engineer must configure the router to use the ISE-Servers group for authentication. If both ISE servers are unavailable, the local username database must be used. If no usernames are defined in the configuration, then the enable password must be the last resort to log in. Which configuration must be applied to achieve this result?

Options:

aaa authentication login default group ISE-Servers local enable

aaa authentication login default group enable local ISE-Servers

aaa authorization exec default group ISE-Servers local enable

aaa authentication login error-enable

aaa authentication login default group enable local ISE-Servers

Question 172

What is a characteristics of traffic policing?

Options:

lacks support for marking or remarking

must be applied only to outgoing traffic

can be applied in both traffic directions

queues out-of-profile packets until the buffer is full

Question 173

Refer to the exhibit. An engineer has configured an IP SLA for UDP echo’s. Which command is needed to start the IP SLA to test every 30 seconds and continue until stopped?

Options:

ip sla schedule 100 start-time now life forever

ip sla schedule 30 start-time now life forever

ip sla schedule 100 start-time now life 30

ip sla schedule 100 life forever

Question 174

What is one benefit of adopting a data modeling language?

Options:

augmenting management process using vendor centric actions around models

refactoring vendor and platform specific configurations with widely compatible configurations

augmenting the use of management protocols like SNMP for status subscriptions

deploying machine-friendly codes to manage a high number of devices

Question 175

Refer to the exhibit.

An engineer configures routing between all routers and must build a configuration to connect R1 to R3 via a GRE tunnel Which configuration must be applied?

Options:

Option

Question 176

Which type of tunnel Is required between two WLCs to enable Intercontroller roaming?

Options:

mobility

LWAPP

CAPWAP

iPsec

Question 177

Which option works with a DHCP server to return at least one WLAN management interface IP address during the discovery phase and is dependent upon the VCI of the AP?

Options:

Option 42

Option 15

Option 125

Option 43

Question 178

Refer to the exhibit.

What is the effect of introducing the sampler feature into the Flexible NetFlow configuration on the router?

Options:

NetFlow updates to the collector are sent 50% less frequently.

Every second IPv4 packet is forwarded to the collector for inspection.

CPU and memory utilization are reduced when compared with what is required for full NetFlow.

The resolution of sampling data increases, but it requires more performance from the router.

Question 179

Refer to the exhibit.

An engineer must configure an ERSPAN session with the remote end of the session 10.10.0.1. Which commands must be added to complete the configuration?

Options:

Option A

Option B

Option C

Option D

Question 180

Which function does a fabric wireless LAN controller perform In a Cisco SD-Access deployment?

Options:

manages fabric-enabled APs and forwards client registration and roaming information to the Control Plane Node

coordinates configuration of autonomous nonfabric access points within the fabric

performs the assurance engine role for both wired and wireless clients

is dedicated to onboard clients in fabric-enabled and nonfabric-enabled APs within the fabric

Question 181

What is a characteristic of a type 2 hypervisor?

Options:

ideal for data center

complicated deployment

ideal for client/end-user system

referred to as bare-metal

Question 182

Refer to the exhibit. What is generated by the script?

Options:

the cdp neighbors

the routing table

the router processes

the running configuration

Question 183

Refer to the exhibit.

Which commands are required to allow SSH connection to the router?

Options:

Option A

Option B

Option C

Option D

Question 184

Which benefit is realized by implementing SSO?

Options:

IP first-hop redundancy

communication between different nodes for cluster setup

physical link redundancy

minimal network downtime following an RP switchover

Question 185

Refer to the exhibit. An attacker can advertise OSPF fake routes from 172.16.20.0 network to the OSPF domain and black hole traffic. Which action must be taken to avoid this attack and still be able to advertise this subnet into OSPF?

Options:

Configure 172.16.20.0 as a stub network.

Apply a policy to filter OSPF packets on R2.

Configure a passive Interface on R2 toward 172.16.20.0.

Configure graceful restart on the 172.16.20.0 interface.

Question 186

Which IPv4 packet field carries the QoS IP classification marking?

Options:

TTL

FCS

ToS

Question 187

Refer to the exhibit.

Which command set is needed to configure and verify router R3 to measure the response time from router R3 to the file server located in the data center?

Options:

Option A

Option B

Option C

Option D

Question 188

What is one characteristic of the Cisco SD-Access control plane?

Options:

It is based on VXLAN technology.

Each router processes every possible destination and route

It allows host mobility only in the wireless network.

It stores remote routes in a centralized database server

Question 189

Refer to the exhibit. A network engineer must block Telnet traffic from hosts in the range of 10.100 2.248 to 10.100.2 255 to the network 10.100.3.0 and permit everything else. Which configuration must the engineer apply'?

Options:

Option A

Option B

Option C

Option D

Question 190

Refer to the exhibit .

Which command must be configured for RESTCONF to operate on port 8888?

Options:

ip http port 8888

restconf port 8888

ip http restconf port 8888

restconf http port 8888

Question 191

What is an emulated machine that has dedicated compute memory, and storage resources and a fully installed operating system?

Options:

Container

Mainframe

Host

virtual machine

Question 192

Drag and drop the characteristics from the left onto the routing protocols they describe on the right.

Options:

Question 193

Refer to the exhibit.

The IP SLA is configured in a router. An engineer must configure an EEM applet to shut down the interface and bring it back up when there is a problem with the IP SLA. Which configuration should the engineer use?

Options:

event manager applet EEM_IP_SLA

event track 10 state down

event manager applet EEM_IP_SLA

event track 10 state unreachable

event manager applet EEM_IP_SLA

event sla 10 state unreachable

event manager applet EEM_IP_SLA

event sla 10 state down

Question 194

Refer to the exhibit. Which action completes the configuration to achieve a dynamic continuous mapped NAT for all users?

Options:

Configure a match-host type NAT pool

Reconfigure the pool to use the 192.168 1 0 address range

Increase the NAT pool size to support 254 usable addresses

Configure a one-to-one type NAT pool

Question 195

Refer to the exhibit. A network engineer configures NAT on R1 and enters the show command to verity the configuration What does the output confirm?

Options:

The first pocket triggered NAT to add on entry to NAT table

R1 is configured with NAT overload parameters

A Telnet from 160.1.1 1 to 10.1.1.10 has been initiated.

R1 to configured with PAT overload parameters

Question 196

Refer to the exhibit. An engineer attempts to configure a trunk between switch sw1 and switch SW2 using DTP, but the trunk does not form. Which command should the engineer apply to switch SW2 to resolve this issue?

Options:

switchport mode dynamic desirable

switchport nonegotiate

no switchport

switchport mode access

Question 197

Refer to the exhibit. An engineer must create a script that appends the output of the show process cpu sorted command to a file.

Options:

action 4.0 syslog command “show process cpu sorted | append flash:high-cpu-file”

action 4.0 publish-event “show process cpu sorted | append flash:high-cpu-file”

action 4.0 ens-event “show process cpu sorted | append flash:high-cpu-file”

action 4.0 cli command “show process cpu sorted | append flash:high-cpu-file”

Question 198

Refer to the exhibit. Communication between London and New York is down. Which command set must be applied to the NewYork switch to resolve the issue?

Options:

Option A

Option B

Option C

Option D

Question 199

Which design principle slates that a user has no access by default to any resource, and unless a resource is explicitly granted, it should be denied?

Options:

least privilege

fail-safe defaults

economy of mechanism

complete mediation

Question 200

How does Cisco Trustsec enable more access controls for dynamic networking

environments and data centers?

Options:

classifies traffic based on advanced application recognition

uses flexible NetFlow

classifies traffic based on the contextual identity of the endpoint rather than its IP

address correct

assigns a VLAN to the endpoint

Question 201

Refer to the exhibit Which single security feature is recommended to provide Network Access Control in the enterprise?

Options:

MAB

802.1X

WebAuth

port security sticky MAC

Question 202

Refer to the exhibit. The connecting between SW1 and SW2 is not operational. Which two actions resolve the issue? (Choose two)

Options:

configure switchport mode access on SW2

configure switchport nonegotiate on SW2

configure switchport mode trunk on SW2

configure switchport nonegotiate on SW1

configure switchport mode dynamic desirable on SW2

Question 203

Wireless users report frequent disconnections from the wireless network. While troubleshooting a network engineer finds that after the user a disconnect, the connection re-establishes automatically without any input required. The engineer also notices these message logs .

Which action reduces the user impact?

Options:

increase the AP heartbeat timeout

increase BandSelect

enable coverage hole detection

increase the dynamic channel assignment interval

Question 204

What is the output of this code?

Options:

username Cisco

get_credentials

username

CISCO

Question 205

Refer to Exhibit.

MTU has been configured on the underlying physical topology, and no MTU command has been configured on the tunnel interfaces. What happens when a 1500-byte IPv4 packet traverses the GRE tunnel from host X to host Y, assuming the DF bit is cleared?

Options:

The packet arrives on router C without fragmentation.

The packet is discarded on router A

The packet is discarded on router B

The packet arrives on router C fragmented.

Question 206

A customer requests a network design that supports these requirements:

Which protocol does the design include?

Options:

HSRP version 2

VRRP version 2

GLBP

VRRP version 3

Question 207

Refer to the exhibit.

An engineer is troubleshooting a connectivity issue and executes a traceoute. What does the result confirm?

Options:

The destination server reported it is too busy

The protocol is unreachable

The destination port is unreachable

The probe timed out

Question 208

At which Layer does Cisco DNA Center support REST controls?

Options:

EEM applets or scripts

Session layer

YMAL output from responses to API calls

Northbound APIs

Question 209

Running the script causes the output in the exhibit. Which change to the first line of the script resolves the error?

Options:

from ncclient import

import manager

from ncclient import*

import ncclient manager

Question 210

Refer to the exhibit. Which two commands are needed to allow for full reachability between AS 1000 and AS 2000? (Choose two)

Options:

R1#network 192.168.0.0 mask 255.255.0.0

R2#no network 10.0.0.0 255.255.255.0

R2#network 192.168.0.0 mask 255.255.0.0

R2#network 209.165.201.0 mask 255.255.192.0

R1#no network 10.0.0.0 255.255.255.0

Question 211

Drag and drop the characteristics from the left onto the orchestration tools they describe on the right.

Options:

Question 212

How is MSDP used to interconnect multiple PIM-SM domains?

Options:

MSDP depends on BGP or multiprotocol BGP for mterdomam operation

MSDP SA request messages are used to request a list of active sources for a specific group

SDP allows a rendezvous point to dynamically discover active sources outside of its domain

MSDP messages are used to advertise active sources in a domain

Question 213

When configuration WPA2 Enterprise on a WLAN, which additional security component configuration is required?

Options:

NTP server

PKI server

RADIUS server

TACACS server

Question 214

Which technology provides a secure communication channel for all traffic at Layer 2 of the OSI model?

Options:

MACsec

IPsec

SSL

Cisco Trustsec

Question 215

Drag and drop the LISP components from the left onto the function they perform on the right. Not all options are used.

Options:

Question 216

While configuring an IOS router for HSRP with a virtual IP of 10 1.1.1. an engineer sees this log message.

Which configuration change must the engineer make?

Options:

Change the HSRP group configuration on the local router to 1.

Change the HSRP virtual address on the local router to 10.1.1.1.

Change the HSRP virtual address on the remote router to 10.1.1.1.

Change the HSRP group configuration on the remote router to 1.

Question 217

Refer to the exhibit.

An engineer must ensure that all traffic leaving AS 200 will choose Link 2 as an entry point. Assuming that all BGP neighbor relationships have been formed and that the attributes have not been changed on any of the routers, which configuration accomplish task?

Options:

Option A

Option B

Option C

Option D

Question 218

Which two operations are valid for RESTCONF? (Choose two.)

Options:

HEAD

REMOVE

PULL

PATCH

ADD

PUSH

Question 219

Which component of the Cisco Cyber Threat Defense solution provides user and flow context analysis?

Options:

Cisco Firepower and FireSIGHT

Cisco Stealth watch system

Advanced Malware Protection

Cisco Web Security Appliance

Question 220

Under which network conditions is an outbound QoS policy that is applied on a router WAN interface most beneficial?

Options:

under interface saturation condition

under network convergence condition

under all network condition

under traffic classification and marking conditions.

Question 221

Which AP mode allows an engineer to scan configured channels for rogue access points?

Options:

sniffer

monitor

bridge

local

Question 222

An engineer has deployed a single Cisco 5520 WLC with a management IP address of 172.16.50.5/24. The engineer must register 50 new Cisco AIR-CAP2802I-E-K9 access points to the WLC using DHCP option 43. The access points are connected to a switch in VLAN 100 that uses the 172.16.100.0/24 subnet. The engineer has configured the DHCP scope on the switch as follows:

The access points are failing to join the wireless LAN controller. Which action resolves the issue?

Options:

configure option 43 Hex F104.AC10.3205

configure option 43 Hex F104.CA10.3205

configure dns-server 172.16.50.5

configure dns-server 172.16.100.1

Question 223

Refer to the exhibit.

SwitchC connects HR and Sales to the Core switch However, business needs require that no traffic from the Finance VLAN traverse this switch Which command meets this requirement?

Options:

Option A

Option B

Option C

Option D

Question 224

Refer to the exhibit Drag and drop the snippets into the RESTCONF request to form the request that returns this response Not all options are used

Options:

Question 225

What is a benefit of data modeling languages like YANG?

Options:

They enable programmers to change or write their own application within the device operating system.

They create more secure and efficient SNMP OIDs.

They make the CLI simpler and more efficient.

They provide a standardized data structure, which results in configuration scalability and consistency.

Question 226

What is a characteristic of MACsec?

Options:

802.1AE provides encryption and authentication services

802.1AE is bult between the host and switch using the MKA protocol, which negotiates encryption keys based on the master session key from a successful 802.1X session

802.1AE is bult between the host and switch using the MKA protocol using keys generated via the Diffie-Hellman algorithm (anonymous encryption mode)

802.1AE is negotiated using Cisco AnyConnect NAM and the SAP protocol

Question 227

Which two threats does AMP4E have the ability to block? (Choose two.)

Options:

DDoS

ransomware

Microsoft Word macro attack

SQL injection

email phishing

Question 228

Refer to the exhibit.

An engineer configures monitoring on SW1 and enters the show command to verify operation. What does the output confirm?

Options:

SPAN session 1 monitors activity on VLAN 50 of a remote switch

SPAN session 2 only monitors egress traffic exiting port FastEthernet 0/14.

SPAN session 2 monitors all traffic entering and exiting port FastEthernet 0/15.

RSPAN session 1 is incompletely configured for monitoring

Question 229

How does the RIB differ from the FIB?

Options:

The RIB is used to create network topologies and routing tables. The FIB is a list of routes to particular network destinations.

The FIB includes many routes a single destination. The RIB is the best route to a single destination.

The RIB includes many routes to the same destination prefix. The FIB contains only the best route

The FIB maintains network topologies and routing tables. The RIB is a Iist of routes to particular network destinations.

Question 230

When is an external antenna used inside a building?

Options:

only when using Mobility Express

when it provides the required coverage

only when using 2 4 GHz

only when using 5 GHz

Question 231

Which two components are supported by LISP? (Choose two.)

Options:

Proxy ETR

egress tunnel router

route reflector

HMAC algorithm

spoke

Question 232

Refer to the exhibit.

An engineer must create a configuration that executes the show run command and then terminates the session when user CCNP legs in. Which configuration change is required?

Options:

Add the access-class keyword to the username command

Add the access-class keyword to the aaa authentication command

Add the autocommand keyword to the username command

Add the autocommand keyword to the aaa authentication command

Question 233

Refer to the exhibit. An engineer configures CoPP and enters the show command to verify the implementation. What is the result of the configuration?

Options:

All traffic will be policed based on access-list 120.

If traffic exceeds the specified rate, it will be transmitted and remarked.

Class-default traffic will be dropped.

ICMP will be denied based on this configuration.

Question 234

Drag and drop the characteristics from the left onto the routing protocols they describe on the right.

Options:

Question 235

What is the centralized control policy in a Cisco SD-WAN deployment?

Options:

list of ordered statements that define user access policies

set of statements that defines how routing is performed

set of rules that governs nodes authentication within the cloud

list of enabled services for all nodes within the cloud

Question 236

Which TCP setting is tuned to minimize the risk of fragmentation on a GRE/IP tunnel?

Options:

MTU

Window size

MRU

MSS

Question 237

A customer has recently implemented a new wireless infrastructure using WLC-5520 at a site directly next to a large commercial airport. Users report that they intermittently lose WI-FI connectivity, and troubleshooting reveals it is due to frequent channel changes. Which two actions fix this issue? (Choose two)

Options:

Remove UNII-2 and Extended UNII-2 channels from the 5 Ghz channel list

Restore the DCA default settings because this automatically avoids channel interference.

Configure channels on the UNIk2 and the Extended UNII-2 sub-bands of the 5 Ghz band only

Enable DFS channels because they are immune to radar interference.

Disable DFS channels to prevent interference with Doppler radar

Question 238

What does the cisco DNA REST response indicate?

Options:

Cisco DNA Center has the Incorrect credentials for cat3850-1

Cisco DNA Center is unable to communicate with cat9000-1

Cisco DNA Center has the incorrect credentials for cat9000-1

Cisco DNA Center has the Incorrect credentials for RouterASR-1

Question 239

Drag and drop the Qos mechanisms from the left to the correct descriptions on the right

Options:

Question 240

An engineer is concerned with the deployment of new application that is sensitive to inter-packet delay variance. Which command configures the router to be the destination of jitter measurements?

Options:

Router(config)# ip sla responder udp-connect 172.29.139.134 5000

Router(config)# ip sla responder tcp-connect 172.29.139.134 5000

Router(config)# ip sla responder udp-echo 172.29.139.134 5000

Router(config)# ip sla responder tcp-echo 172.29.139.134 5000

Question 241

How does an on-premises infrastructure compare to a cloud infrastructure?

Options:

On-premises can increase compute power faster than cloud

On-premises requires less power and cooling resources than cloud

On-premises offers faster deployment than cloud

On-premises offers lower latency for physically adjacent systems than cloud.

Question 242

Which devices does Cisco DNA Center configure when deploying an IP-based access control policy?

Options:

All devices integrating with ISE

selected individual devices

all devices in selected sites

all wired devices

Question 243

Which features does Cisco EDR use to provide threat detection and response protection?

Options:

containment, threat intelligence, and machine learning

firewalling and intrusion prevention

container-based agents

cloud analysis and endpoint firewall controls

Question 244

Which two operational models enable an AP to scan one or more wireless channels for rouge access points and at the same time provide wireless services to clients? (Choose two.)

Options:

Rouge detector

Sniffer

FlexConnect

Local

Monitor

Question 245

Refer to the exhibit. Which configuration change will force BR2 to reach 209 165 201 0/27 via BR1?

Options:

Set the weight attribute to 65.535 on BR1 toward PE1.

Set the local preference to 150 on PE1 toward BR1 outbound

Set the MED to 1 on PE2 toward BR2 outbound.

Set the origin to igp on BR2 toward PE2 inbound.

Question 246

What is one benefit of implementing a VSS architecture?

Options:

It provides multiple points of management for redundancy and improved support

It uses GLBP to balance traffic between gateways.

It provides a single point of management for improved efficiency.

It uses a single database to manage configuration for multiple switches

Question 247

A network administrator has designed a network with two multilayer switches on the distribution layer, which act as default gateways for the end hosts. Which two technologies allow every end host in a VLAN to use both gateways? (Choose two)

Options:

GLBP

HSRP

MHSRP

VSS

VRRP

Question 248

Drag and drop the DHCP messages that are exchanged between a client and an AP into the order they are exchanged on the right.

Options:

Question 249

Refer to the exhibit.

An engineer implemented several configuration changes and receives the logging message on switch1. Which action should the engineer take to resolve this issue?

Options:

Change the VTP domain to match on both switches

Change Switch2 to switch port mode dynamic auto

Change Switch1 to switch port mode dynamic auto

Change Switch1 to switch port mode dynamic desirable

Question 250

Refer to the exhibit. Which configuration must be applied to R to enable R to reach the server at 172.16.0.1?

Options:

Option A

Option B

Option C

Option D

Question 251

In a wireless Cisco SD-Access deployment, which roaming method is used when a user moves from one access point to another on a different access switch using a single WLC?

Options:

Layer 3

inter-xTR

auto anchor

fast roam

Question 252

Refer to the exhibit. Which set of commands on router r R1 Allow deterministic translation of private hosts PC1, PC2, and PC3 to addresses in the public space?

Options:

Option A

Option B

Option C

Option D

Question 253

Refer to the exhibit. An engineer is investigating why guest users are able to access other guest user devices when the users are connected to the customer guest WLAN. What action resolves this issue?

Options:

implement MFP client protection

implement split tunneling

implement P2P blocking

implement Wi-Fi direct policy

Black Friday Sale - Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: top65certs

Cisco 350-401 Dumps

Implementing Cisco Enterprise Network Core Technologies (ENCOR) Questions and Answers

Options:

Answer:

Options:

Answer:

Explanation:

Options:

Answer:

Explanation:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Explanation:

Options:

Answer:

Explanation:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Explanation:

Options:

Answer:

Options:

Answer:

Explanation:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Explanation:

Options:

Answer:

Explanation:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Explanation:

Options:

Answer:

Explanation:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Explanation:

Options:

Answer:

Options:

Answer:

Options:

Answer: