Cisco 350-401 today updated questions - Verified by Cisco Experts

Implementing Cisco Enterprise Network Core Technologies (ENCOR) Questions and Answers

Question 1

Which AP mode allows an engineer to scan configured channels for rogue access points?

Options:

sniffer

monitor

bridge

local

Question 2

A customer requests a network design that supports these requirements:

Which protocol does the design include?

Options:

HSRP version 2

VRRP version 2

GLBP

VRRP version 3

Question 3

Refer to the exhibit.

Assuming the WLC's interfaces are not in the same subnet as the RADIUS server, which interface would the WLC use as the source for all RADIUS-related traffic?

Options:

the interface specified on the WLAN configuration

any interface configured on the WLC

the controller management interface

the controller virtual interface

Question 4

Refer to the exhibit.

SwitchC connects HR and Sales to the Core switch However, business needs require that no traffic from the Finance VLAN traverse this switch Which command meets this requirement?

Options:

Option A

Option B

Option C

Option D

Question 5

Refer to the exhibit.

An engineer must modify the access control list EGRESS to allow all IP traffic from subnet 10.1.10.0/24 to 10.1.2.0/24. The access control list is applied in the outbound direction on router interface GigabitEthemet 0/1. Which configuration commands can the engineer use to allow this traffic without disrupting existing traffic flows?

Options:

Option A

Option B

Option C

Option D

Question 6

A server running Linux is providing support for virtual machines along with DNS and DHCP services for a small business. Which technology does this represent?

Options:

container

Type 1 hypervisor

hardware pass-thru

Type 2 hypervisor

Question 7

Refer to the exhibit.

What is the Json syntax that is formed from the data?

Options:

{Name: Bob Johnson, Age: 75, Alive: true, Favorite Foods: [Cereal, Mustard, Onions]}

{"Name": "Bob Johnson", "Age": 75, "Alive": true, "Favorite Foods": ["Cereal", "Mustard", "Onions"]}

{"˜Name': "˜Bob Johnson', "˜Age': 75, "˜Alive': True, "˜Favorite Foods': "˜Cereal', "˜Mustard', "˜Onions'}

{"Name": "Bob Johnson", "Age": Seventyfive, "Alive": true, "Favorite Foods": ["Cereal", "Mustard", "Onions"]}

Question 8

When configuration WPA2 Enterprise on a WLAN, which additional security component configuration is required?

Options:

NTP server

PKI server

RADIUS server

TACACS server

Question 9

Refer to the exhibit. External users require HTTP connectivity to an internal company web server that is listening on TCP port 8080. Which command set accomplishes this requirement?

Options:

Option A

Option B

Option C

Option D

Option E

Question 10

After a redundant route processor failure occurs on a Layer 3 device, which mechanism allows for packets to be forwarded from a neighboring router based on the most recent tables?

Options:

BFD

RPVST+

RP failover

NSF

Question 11

How does EIGRP differ from OSPF?

Options:

EIGRP is more prone to routing loops than OSPF

EIGRP supports equal or unequal path cost, and OSPF supports only equal path cost.

EIGRP has a full map of the topology, and OSPF only knows directly connected neighbors

EIGRP uses more CPU and memory than OSPF

Question 12

Under which network conditions is an outbound QoS policy that is applied on a router WAN interface most beneficial?

Options:

under interface saturation condition

under network convergence condition

under all network condition

under traffic classification and marking conditions.

Question 13

Refer to the exhibit.

An engineer must ensure that all traffic leaving AS 200 will choose Link 2 as an entry point. Assuming that all BGP neighbor relationships have been formed and that the attributes have not been changed on any of the routers, which configuration accomplish task?

Options:

Option A

Option B

Option C

Option D

Question 14

Refer to the exhibit. An engineer must create a script that appends the output of the show process cpu sorted command to a file.

Options:

action 4.0 syslog command “show process cpu sorted | append flash:high-cpu-file”

action 4.0 publish-event “show process cpu sorted | append flash:high-cpu-file”

action 4.0 ens-event “show process cpu sorted | append flash:high-cpu-file”

action 4.0 cli command “show process cpu sorted | append flash:high-cpu-file”

Question 15

Which three elements determine Air Time efficiency? (Choose three)

Options:

evert-driven RRM

data rate (modulation density) or QAM

channel bandwidth

number of spatial streams and spatial reuse

RF group leader

dynamic channel assignment

Question 16

Refer to exhibit.

VLANs 50 and 60 exist on the trunk links between all switches All access ports on SW3 are configured for VLAN 50 and SW1 is the VTP server Which command ensures that SW3 receives frames only from VLAN 50?

Options:

SW1 (config)#vtp pruning

SW3(config)#vtp mode transparent

SW2(config)=vtp pruning

SW1 (config >»vtp mode transparent

Question 17

Which line must be added in the Python function to return the JSON object {"cat_9k": “FXS193202SE")?

Options:

Option A

Option B

Option C

Option D

Question 18

Refer to the exhibit. An engineer is configuring an EtherChannel between Switch1 and Switch2 and notices the console message on switch2. Based on the output, which action resolves this issue?

Options:

Configure less member ports on Switch2.

Configure the same port channel interface number on both switches

Configure the same EtherChannel protocol on both switches

Configure more member ports on Switch1.

Question 19

What is the centralized control policy in a Cisco SD-WAN deployment?

Options:

list of ordered statements that define user access policies

set of statements that defines how routing is performed

set of rules that governs nodes authentication within the cloud

list of enabled services for all nodes within the cloud

Question 20

A network engineer configures BGP between R1 and R2. Both routers use BGP peer group CORP and are set up to use MD5 authentication. This message is logged to the console of router R1:

Which two configuration allow peering session to from between R1 and R2? Choose two.)

Options:

R1(config-router)#neighbor 10.10.10.1 peer-group CORP R1(config-router)#neighbor CORP password Cisco

R2(config-router)#neighbor 10.120.10.1 peer-group CORP R2(config-router)#neighbor CORP password Cisco

R2(config-router)#neighbor 10.10.10.1 peer-group CORP R2(config-router)#neighbor PEER password Cisco

R1(config-router)#neighbor 10.120.10.1 peer-group CORP R1(config-router)#neighbor CORP password Cisco

R2(config-router)#neighbor 10.10.10.1 peer-group CORP R2(config-router)#neighbor CORP password Cisco

Question 21

Refer to the exhibit Drag and drop the snippets into the RESTCONF request to form the request that returns this response Not all options are used

Options:

Question 22

An engineer is concerned with the deployment of new application that is sensitive to inter-packet delay variance. Which command configures the router to be the destination of jitter measurements?

Options:

Router(config)# ip sla responder udp-connect 172.29.139.134 5000

Router(config)# ip sla responder tcp-connect 172.29.139.134 5000

Router(config)# ip sla responder udp-echo 172.29.139.134 5000

Router(config)# ip sla responder tcp-echo 172.29.139.134 5000

Question 23

An engineer configures HSRP group 37. The configuration does not modify the default virtual MAC address. Which virtual MAC address does the group use?

Options:

C0:00:00:25:00:00

00:00:0c:07:ac:37

C0:39:83:25:258:5

00:00:0c:07:ac:25

Question 24

Refer to the exhibit.

Which configuration establishes EBGP neighborship between these two directly connected neighbors and exchanges the loopback network of the two routers through BGP?

Options:

Option A

Option B

Option C

Option D

Answer:

Explanation:

With BGP, we must advertise the correct network and subnet mask in the “network” command (in

this case network 10.1.1.0/24 on R1 and network 10.2.2.0/24 on R2). BGP is very strict in the

routing advertisements. In other words, BGP only advertises the network which exists exactly in

the routing table. In this case, if you put the command “network x.x.0.0 mask 255.255.0.0” or

“network x.0.0.0 mask 255.0.0.0” or “network x.x.x.x mask 255.255.255.255” then BGP will not

advertise anything.

It is easy to establish eBGP neighborship via the direct link. But let’s see what are required when

we want to establish eBGP neighborship via their loopback interfaces. We will need two

commands:

+ the command “neighbor 10.1.1.1 ebgp-multihop 2” on R1 and “neighbor 10.2.2.2 ebgpmultihop

2” on R1. This command increases the TTL value to 2 so that BGP updates can reach the

BGP neighbor which is two hops away.

+ Answer ‘R1 (config) #router bgp 1

R1 (config-router) #neighbor 192.168.10.2 remote-as 2

R1 (config-router) #network 10.1.1.0 mask 255.255.255.0

R2 (config) #router bgp 2

R2 (config-router) #neighbor 192.168.10.1 remote-as 1

R2 (config-router) #network 10.2.2.0 mask 255.255.255.0

Quick Wireless Summary

Cisco Access Points (APs) can operate in one of two modes: autonomous or lightweight

+ Autonomous: self-sufficient and standalone. Used for small wireless networks.

+ Lightweight: A Cisco lightweight AP (LAP) has to join a Wireless LAN Controller (WLC) to function.

LAP and WLC communicate with each other via a logical pair of CAPWAP tunnels.

– Control and Provisioning for Wireless Access Point (CAPWAP) is an IETF standard for control

messaging for setup, authentication and operations between APs and WLCs. CAPWAP is similar to

LWAPP except the following differences:

+CAPWAP uses Datagram Transport Layer Security (DTLS) for authentication and encryption to

protect traffic between APs and controllers. LWAPP uses AES.

+ CAPWAP has a dynamic maximum transmission unit (MTU) discovery mechanism.

+ CAPWAP runs on UDP ports 5246 (control messages) and 5247 (data messages)

An LAP operates in one of six different modes:

+ Local mode (default mode): measures noise floor and interference, and scans for intrusion

detection (IDS) events every 180 seconds on unused channels

+ FlexConnect, formerly known as Hybrid Remote Edge AP (H-REAP), mode: allows data traffic

to be switched locally and not go back to the controller. The FlexConnect AP can perform standalone

client authentication and switch VLAN traffic locally even when it’s disconnected to the WLC (Local

Switched). FlexConnect AP can also tunnel (via CAPWAP) both user wireless data and control traffic to

a centralized WLC (Central Switched).

+ Monitor mode: does not handle data traffic between clients and the infrastructure. It acts like a

sensor for location-based services (LBS), rogue AP detection, and IDS

+ Rogue detector mode: monitor for rogue APs. It does not handle data at all.

+ Sniffer mode: run as a sniffer and captures and forwards all the packets on a particular channel to

a remote machine where you can use protocol analysis tool (Wireshark, Airopeek, etc) to review the

packets and diagnose issues. Strictly used for troubleshooting purposes.

+ Bridge mode: bridge together the WLAN and the wired infrastructure together.

Mobility Express is the ability to use an access point (AP) as a controller instead of a real WLAN

controller. But this solution is only suitable for small to midsize, or multi-site branch locations where

you might not want to invest in a dedicated WLC. A Mobility Express WLC can support up to 100 Aps

Question 25

Which three methods does Cisco DNA Centre use to discover devices? (Choose three)

Options:

CDP

SNMP

LLDP

ping

NETCONF

a specified range of IP addresses

Question 26

Drag and drop the characteristics from the left onto the appropriate infrastructure deployment types on the right.

Options:

Question 27

What is the function of the LISP map resolver?

Options:

to send traffic to non-LISP sites when connected to a service provider that does not accept nonroutable ElDs as packet sources

to connect a site to the LISP-capable part of a core network publish the EID-to-RLOC mappings for the site, and respond to map-request messages

to decapsulate map-request messages from ITRs and forward the messages to the MS.

to advertise routable non-LISP traffic from one address family to LISP sites in a different address family

Question 28

A network engineer configures a new GRE tunnel and enters the show run command. What does the output verify?

Options:

The tunnel will be established and work as expected

The tunnel destination will be known via the tunnel interface

The tunnel keepalive is configured incorrectly because they must match on both sites

The default MTU of the tunnel interface is 1500 byte.

Question 29

Refer to the exhibit.

Which action resolves the EtherChannel issue between SW2 and SW3?

Options:

Configure switchport mode trunk on SW2.

Configure switchport nonegotiate on SW3

Configure channel-group 1 mode desirable on both interfaces.

Configure channel-group 1 mode active on both interfaces.

Question 30

Refer to the exhibit.

An engineer must block all traffic from a router to its directly connected subnet 209.165.200.0/24. The engineer applies access control list EGRESS in the outbound direction on the GigabitEthernet0/0 interface of the router However, the router can still ping hosts on the 209.165.200.0/24 subnet. Which explanation of this behavior is true?

Options:

Access control lists that are applied outbound to a router interface do not affect traffic that is sourced from the router.

Only standard access control lists can block traffic from a source IP address.

After an access control list is applied to an interface, that interface must be shut and no shut for the access control list to take effect.

The access control list must contain an explicit deny to block traffic from the router.

Question 31

Refer to the exhibit. A network engineer must configure a password expiry mechanism on the gateway router for all local passwords to expire after 60 days. What is required to complete this task?

Options:

The password expiry mechanism is on the AAA server and must be configured there.

Add the aaa authentication enable default Administrators command.

Add the username admin privilege 15 common-criteria*policy Administrators password 0 Cisco13579! command.

No further action Is required. The configuration is complete.

Question 32

Refer to the exhibit. The connecting between SW1 and SW2 is not operational. Which two actions resolve the issue? (Choose two)

Options:

configure switchport mode access on SW2

configure switchport nonegotiate on SW2

configure switchport mode trunk on SW2

configure switchport nonegotiate on SW1

configure switchport mode dynamic desirable on SW2

Question 33

Refer to the exhibit.

An engineer must deny Telnet traffic from the loopback interface of router R3 to the loopback interface of router R2 during the weekend hours. All other traffic between the loopback interfaces of routers R3 and R2 must be allowed at all times. Which command accomplish this task?

Options:

Option A

Option B

Option C

Option D

Question 34

Which entity is responsible for maintaining Layer 2 isolation between segments In a VXLAN environment?

Options:

switch fabric

VTEP

VNID

host switch

Question 35

Refer to the exhibit. What does the error message relay to the administrator who is trying to configure a Cisco IOS device?

Options:

A NETCONF request was made for a data model that does not exist.

The device received a valid NETCONF request and serviced it without error.

A NETCONF message with valid content based on the YANG data models was made, but the request failed.

The NETCONF running datastore is currently locked.

Question 36

Which two threats does AMP4E have the ability to block? (Choose two.)

Options:

DDoS

ransomware

Microsoft Word macro attack

SQL injection

email phishing

Question 37

Refer to the exhibit.

Which type of antenna is show on the radiation patterns?

Options:

Dipole

Yagi

Patch

Omnidirectional

Question 38

Wireless users report frequent disconnections from the wireless network. While troubleshooting a network engineer finds that after the user a disconnect, the connection re-establishes automatically without any input required. The engineer also notices these message logs .

Which action reduces the user impact?

Options:

increase the AP heartbeat timeout

increase BandSelect

enable coverage hole detection

increase the dynamic channel assignment interval

Question 39

Which encryption hashing algorithm does NTP use for authentication?

Options:

SSL

MD5

AES128

AES256

Question 40

Drag and drop the Qos mechanisms from the left to the correct descriptions on the right

Options:

Question 41

Refer to the exhibit. A network engineer configures NAT on R1 and enters the show command to verity the configuration What does the output confirm?

Options:

The first pocket triggered NAT to add on entry to NAT table

R1 is configured with NAT overload parameters

A Telnet from 160.1.1 1 to 10.1.1.10 has been initiated.

R1 to configured with PAT overload parameters

Question 42

Refer to the exhibit. An engineer attempts to create a configuration to allow the Blue VRF to leak into the global routing table, but the configuration does not function as expected. Which action resolves this issue?

Options:

Change the access-list destination mask to a wildcard.

Change the source network that Is specified in access-list 101.

Change the route-map configuration to VRF_BLUE.

Change the access-list number in the route map

Question 43

Which TCP setting is tuned to minimize the risk of fragmentation on a GRE/IP tunnel?

Options:

MTU

Window size

MRU

MSS

Question 44

Refer to the exhibit. An engineer is investigating why guest users are able to access other guest user devices when the users are connected to the customer guest WLAN. What action resolves this issue?

Options:

implement MFP client protection

implement split tunneling

implement P2P blocking

implement Wi-Fi direct policy

Question 45

Refer to the exhibit. Which two commands are needed to allow for full reachability between AS 1000 and AS 2000? (Choose two)

Options:

R1#network 192.168.0.0 mask 255.255.0.0

R2#no network 10.0.0.0 255.255.255.0

R2#network 192.168.0.0 mask 255.255.0.0

R2#network 209.165.201.0 mask 255.255.192.0

R1#no network 10.0.0.0 255.255.255.0

Question 46

Which method should an engineer use to deal with a long-standing contention issue between any two VMs on the same host?

Options:

Adjust the resource reservation limits

Live migrate the VM to another host

Reset the VM

Reset the host

Question 47

Which method of account authentication does OAuth 2.0 within REST APIs?

Options:

username/role combination

access tokens

cookie authentication

basic signature workflow

Question 48

Which configuration restricts the amount of SSH that a router accepts 100 kbps?

Options:

Option A

Option B

Option C

Option D

Question 49

How are the different versions of IGMP compatible?

Options:

IGMPv2 is compatible only with IGMPv1.

IGMPv2 is compatible only with IGMPv2.

IGMPv3 is compatible only with IGMPv3.

IGMPv3 is compatible only with IGMPv1

Question 50

When using TLS for syslog, which configuration allows for secure and reliable transportation of messages to its default port?

Options:

logging host 10.2.3.4 vrf mgmt transport tcp port 6514

logging host 10.2.3.4 vrf mgmt transport udp port 6514

logging host 10.2.3.4 vrf mgmt transport tcp port 514

logging host 10.2.3.4 vrf mgmt transport udp port 514

Question 51

Which two operations are valid for RESTCONF? (Choose two.)

Options:

HEAD

REMOVE

PULL

PATCH

ADD

PUSH

Question 52

Refer to the exhibit.

A network engineer configures a GRE tunnel and enters the show Interface tunnel command. What does the output confirm about the configuration?

Options:

The keepalive value is modified from the default value.

Interface tracking is configured.

The tunnel mode is set to the default.

The physical interface MTU is 1476 bytes.

Question 53

What is the function of a fabric border node in a Cisco SD-Access environment?

Options:

To collect traffic flow information toward external networks

To connect the Cisco SD-Access fabric to another fabric or external Layer 3 networks

To attach and register clients to the fabric

To handle an ordered list of IP addresses and locations for endpoints in the fabric.

Question 54

Drag and drop the wireless elements on the left to their definitions on the right.

Options:

Question 55

Which two operational models enable an AP to scan one or more wireless channels for rouge access points and at the same time provide wireless services to clients? (Choose two.)

Options:

Rouge detector

Sniffer

FlexConnect

Local

Monitor

Question 56

What is one fact about Cisco SD-Access wireless network deployments?

Options:

The access point is part of the fabric underlay

The WLC is part of the fabric underlay

The access point is part the fabric overlay

The wireless client is part of the fabric overlay

Question 57

Refer to the exhibit.

An engineer implemented several configuration changes and receives the logging message on switch1. Which action should the engineer take to resolve this issue?

Options:

Change the VTP domain to match on both switches

Change Switch2 to switch port mode dynamic auto

Change Switch1 to switch port mode dynamic auto

Change Switch1 to switch port mode dynamic desirable

Question 58

Refer to the exhibit.

An engineer must deny HTTP traffic from host A to host B while allowing all other communication between the hosts, drag and drop the commands into the configuration to achieve these results. Some commands may be used more than once. Not all commands are used.

Options:

Question 59

What is one difference between saltstack and ansible?

Options:

SaltStack uses an API proxy agent to program Cisco boxes on agent mode, whereas Ansible uses a Telnet connection

SaltStack uses the Ansible agent on the box, whereas Ansible uses a Telnet server on the box

SaltStack is constructed with minion, whereas Ansible is constructed with YAML

SaltStack uses SSH to interact with Cisco devices, whereas Ansible uses an event bus

Question 60

What is the difference between CEF and process switching?

Options:

CEF processes packets that are too complex for process switching to manage.

CEF is more CPU-intensive than process switching.

CEF uses the FIB and the adjacency table to make forwarding decisions, whereas process switching punts each packet.

Process switching is faster than CEF.

Question 61

Drag and drop the DHCP messages that are exchanged between a client and an AP into the order they are exchanged on the right.

Options:

Question 62

What does the cisco DNA REST response indicate?

Options:

Cisco DNA Center has the Incorrect credentials for cat3850-1

Cisco DNA Center is unable to communicate with cat9000-1

Cisco DNA Center has the incorrect credentials for cat9000-1

Cisco DNA Center has the Incorrect credentials for RouterASR-1

Question 63

How does the RIB differ from the FIB?

Options:

The RIB is used to create network topologies and routing tables. The FIB is a list of routes to particular network destinations.

The FIB includes many routes a single destination. The RIB is the best route to a single destination.

The RIB includes many routes to the same destination prefix. The FIB contains only the best route

The FIB maintains network topologies and routing tables. The RIB is a Iist of routes to particular network destinations.

Question 64

What is a characteristics of Cisco SD-WAN?

Options:

operates over DTLS/TLS authenticated and secured tunnels

requires manual secure tunnel configuration

uses unique per-device feature templates

uses control connections between routers

Question 65

By default, which virtual MAC address does HSRP group 41 use?

Options:

0c:5e:ac:07:0c:29

00:05:0c:07:ac:41

004:41:73:18:84:29

00:00:0c:07:ac:29

Question 66

Refer to the exhibit.

Which antenna emits this radiation pattern?

Options:

omnidirectional

Yagi

RP-TNC

dish

Question 67

Drag and drop the characteristics from the left onto the orchestration tool classifications on the right.

Options:

Question 68

Which router is elected the IGMP Querier when more than one router is in the same LAN segment?

Options:

The router with the shortest uptime

The router with the lowest IP address

The router with the highest IP address

The router with the longest uptime

Question 69

Refer to the exhibit.

Both controllers are in the same mobility group. Which result occurs when client 1 roams between APs that are registered to different controllers in the same WLAN?

Options:

Client 1 contact controller B by using an EoIP tunnel.

CAPWAP tunnel is created between controller A and controller B.

Client 1 users an EoIP tunnel to contact controller A.

The client database entry moves from controller A to controller B.

Question 70

In a Cisco SD-Access environment, which function is performed by the border node?

Options:

Connect uteri and devices to the fabric domain.

Group endpoints into IP pools.

Provide reachability information to fabric endpoints.

Provide connectivity to traditional layer 3 networks.

Question 71

Which Cisco DNA Center application is responsible for group-based access control permissions?

Options:

Provision

Design

Policy

Assurance

Question 72

A technician is assisting a user who cannot connect to a website. The technician attempts to ping the default gateway and DNS server of the workstation. According to troubleshooting methodology, this is an example of:

Options:

a divide-and-conquer approach.

a bottom-up approach.

a top-to-bottom approach.

implementing a solution.

Question 73

An engineer must configure a new WLAN that allows a user to enter a passphrase and provides forward secrecy as a security measure. Which Layer 2 WLAN configuration is required on the Cisco WLC?

Options:

WPA2 Personal

WPA3 Enterprise

WPA3 Personal

WPA2 Enterprise

Question 74

Which JSON script is properly formatted?

Options:

Option A

Option B

Option C

Option D

Question 75

An engineer is configuring RADIUS-Based Authentication with EAP. MS-CHAPv2 is configured on a client device. Which outer method protocol must be configured on the ISE to support this authentication type?

Options:

EAP-TLS

EAP-FAST

LDAP

PEAP

Question 76

Refer to the exhibit.

The server in DC2 is expecting traffic from the database in DC1 to use the source network of 10.50.250.0/24. The server sends the initial request. The inside global IP is configured for 10.50.250.1. What is the result of this configuration?

Options:

Only the server can initiate communication.

The server and the database cannot communicate.

The server and the database can initiate communication.

Only the database can initiate communication

Question 77

What is the function of vBond in a Cisco SD-WAN deployment?

Options:

initiating connections with SD-WAN routers automatically

pushing of configuration toward SD-WAN routers

onboarding of SD-WAN routers into the SD-WAN overlay

gathering telemetry data from SD-WAN routers

Question 78

Refer to the exhibit.

What happens to access interfaces where VLAN 222 is assigned?

Options:

STP BPDU guard is enabled

A description "RSPAN" is added.

They are placed into an inactive state.

They cannot provide PoE.

Question 79

Which collection contains the resources to obtain a list of fabric nodes through the vManage API?

Options:

device management

administration

device inventory

monitoring

Question 80

Simulation 04

Options:

Question 81

Refer to the exhibit.

An engineer must assign an IP address of 192.168.1.1/24 to the GigabitEtherenet1 interface. Which two commands must be added to the existing configuration to accomplish this task? (Choose two.)

Options:

Router(config-vrf)#ip address 192.168.1.1 255.255.255.0

Router(config-vrf)#address-family ipv4

Router(config-if)#address-family ipv4

Router(config-vrf)#address-family ipv6

Router(config-if)#ip address 192.168.1.1 255.255.255.0

Question 82

Drag and drop the LISP components on the left to the correct description on the right.

Options:

Question 83

Refer to the exhibit. Which two configurations enable R1 and R2 to advertise routes into OSPF? (Choose two)

Options:

Option A

Option B

Option C

Option D

E) Option E

Question 84

Which element is unique to a Type 2 hypervisor?

Options:

memory

VM OS

host OS

host hardware

Question 85

Refer to the exhibit. A network engineer Is troubleshooting an Issue with the file server based on reports of slow file transmissions. Which two commands or command sets are required. In switch SW1 to analyze the traffic from the file server with a packet analyzer? (Choose two.)

Options:

Option A

Option B

Option C

Option D

Question 86

Refer to the exhibit.

Which GRE tunnel configuration command is missing on R2?

Options:

tunnel source 192.181.2

tunnel source 172.16.1.0

tunnel source 200.1.1.1

tunnel destination 200.1.1.1

Question 87

Refer to the exhibit.

R1 has a BGP neighborship with a directly connected router on interface Gi0/0.

Which command set is applied between the iterations of show ip bgp 2.2.2.2?

Options:

R1(config)#router bgp 65001

R1(config-router)#neighbor 192.168.50.2 shutdown

R1(config)#router bgp 65002

R1(config-router)#neighbor 192.168.50.2 shutdown

R1(config)#no ip route 192.168.50.2 255.255.255.255 Gi0/0

R1(config)#ip route 2.2.2.2 255.255.255.255 192.168.50.2

Question 88

What is one being of implementing a data modetag language?

Options:

accuracy of the operations performed

uses XML style of data formatting

machine-oriented logic and language-facilitated processing.

conceptual representation to simplify interpretation.

Question 89

Simulation 09

Options:

Question 90

Which LISP infrastructure device provides connectivity between non-sites and LISP sites by receiving non-LISP traffic with a LISP site destination?

Options:

PETR

PITR

map resolver

map server

Question 91

Which behavior can be expected when the HSRP versions is changed from 1 to 2?

Options:

Each HSRP group reinitializes because the virtual MAC address has changed.

No changes occur because version 1 and 2 use the same virtual MAC OUI.

Each HSRP group reinitializes because the multicast address has changed.

No changes occur because the standby router is upgraded before the active router.

Question 92

Refer to the exhibit.

Which action results from executing the Python script?

Options:

display the output of a command that is entered on that device in a single line

SSH to the IP address that is manually entered on that device

display the output of a command that is entered on that device

display the unformatted output of a command that is entered on that device

Question 93

Refer to the exhibit. Which configuration must be applied to ensure that the preferred path for traffic from AS 65010 toward AS 65020 uses the R2 to R4 path?

Options:

Option A

Option B

Option C

Option D

Question 94

What is the function of the fabric control plane node in a Cisco SD-Access deployment?

Options:

It is responsible for policy application and network segmentation in the fabric

It performs traffic encapsulation and security profiles enforcement in the fabric

It holds a comprehensive database that tracks endpoints and networks in the fabric

It provides integration with legacy nonfabric-enabled environments

Question 95

Which Python library is used to work with YANG data models via NETCONF?

Options:

Postman

requests

nccllent

cURL

Question 96

Which function does a Cisco SD-Access extended node perform?

Options:

provides fabric extension to nonfabric devices through remote registration and configuration

performs tunneling between fabric and nonfabric devices to route traffic over unknown networks

used to extend the fabric connecting to downstream nonfabric enabled Layer 2 switches

in charge of establishing Layer 3 adjacencies with nonfabric unmanaged node

Question 97

Simulation 06

Options:

Question 98

What is one role of the VTEP in a VXLAN environment?

Options:

to forward packets to non-LISP sites

to encapsulate the tunnel

to maintain VLAN configuration consistency

to provide EID-to-RLOC mapping

Question 99

Refer to the exhibit.

An engineer applies this configuration to R1:

ip nat inside source static 192.168.10.17 192.168.27.42

Which command set should be added to complete the configuration?

Options:

Option A

Option B

Option C

Option D

Answer:

Explanation:

Option C is the correct set of commands to complete the configuration of NAT on R1. The configuration steps are as follows12:

Define the inside and outside interfaces for NAT using the ip nat inside and ip nat outside commands. In this case, the inside interface is GigabitEthernet0/0 and the outside interface is GigabitEthernet0/1: interface GigabitEthernet0/0 and ip nat inside, interface GigabitEthernet0/1 and ip nat outside.
Configure a static NAT entry that maps the inside local address 192.168.10.17 to the inside global address 192.168.27.42 using the ip nat inside source static command: ip nat inside source static 192.168.10.17 192.168.27.42.
Verify the NAT configuration using the show ip nat translations and show ip nat statistics commands: show ip nat translations and show ip nat statistics.

Option A is incorrect because it does not define the inside and outside interfaces for NAT, which is required for NAT to function properly1.

Option B is incorrect because it uses the ip nat outside source static command, which is used to translate the source address of packets that travel from outside to inside, and the destination address of packets that travel from inside to outside. This is not the desired behavior for this scenario, where the inside local address 192.168.10.17 should be translated to the inside global address 192.168.27.42 in both directions1.

Option D is incorrect because it uses the ip nat pool and ip nat inside source list commands, which are used to configure dynamic NAT or PAT, not static NAT. These commands create a pool of inside global addresses and an access list to define which inside local addresses are eligible for translation. However, in this scenario, there is only one inside local address and one inside global address, so a static NAT entry is sufficient1. References: 1: Configure Network Address Translation, 2: Static NAT

Question 100

What does the destination MAC on the outer MAC header identify in a VXLAN packet?

Options:

thee emote spine

the next hop

the leaf switch

the remote switch

Question 101

: 194

Refer to the exhibit.

Which type of antenna is shown on the radiation patterns?

Options:

Yagi

dipole

patch

omnidirectional

Question 102

An engineer must create a script to append and modify device entries in a JSON-formatted file. The script must work as follows:

Until interrupted from the keyboard, the script reads in the hostname of a device, its management IP address, operating system type, and CLI remote access protocol.
After being interrupted, the script displays the entered entries and adds them to the JSON-formatted file, replacing existing entries whose hostname matches.

The contents of the JSON-formatted file are as follows:

Drag and drop the statements onto the blanks within the code to complete the script. Not all options are used.

Options:

Question 103

Which two results occur if Cisco DNA center loses connectivity to devices in the SD-ACCESS fabric? (Choose two)

Options:

All devices reload after detecting loss of connection to Cisco DNA Center

Already connected users are unaffected, but new users cannot connect

User connectivity is unaffected

Cisco DNA Center is unable to collect monitoring data in Assurance

Users lose connectivity

Question 104

Which two results occur if Cisco DNA Center loses connectivity to devices in the SD-Access fabric? (Choose two)

Options:

Cisco DNA Center is unable to collect monitoring data in Assurance.

All devices reload after detecting loss of connection to Cisco DNA Center.

Already connected users are unaffected, but new users cannot connect

Users lose connectivity.

User connectivity is unaffected.

Question 105

What mechanism does PIM use to forward multicast traffic?

Options:

PIM sparse mode uses a pull model to deliver multicast traffic.

PIM dense mode uses a pull model to deliver multicast traffic.

PIM sparse mode uses receivers to register with the RP.

PIM sparse mode uses a flood and prune model to deliver multicast traffic.

Question 106

When is GLBP preferred over HSRP?

Options:

When encrypted helm are required between gateways h a single group.

When the traffic load needs to be shared between multiple gateways using a single virtual IP.

When the gateway routers are a mix of Cisco and non-Cisco routers

When clients need the gateway MAC address lo Be the same between multiple gateways

Question 107

Refer to the exhibit. Which configuration set implements Control plane Policing for SSH and Telnet?

Options:

Option A

Option B

Option C

Option D

Question 108

Which of the following attacks becomes more effective because of global leakages of users' passwords?

Options:

Dictionary

Brute-force

Phishing

Deauthentication

Question 109

Which security measure mitigates a man-in-the-middle attack of a REST API?

Options:

SSL certificates

biometric authentication

password hash

non repudiotion feature

Question 110

Refer to the exhibit.

Extended access-list 100 is configured on interface GigabitEthernet 0/0 in an inbound direction, but it does not have the expected behavior of allowing only packets to or from 192.168.0.0/16. Which command set properly configures the access list?

Options:

R1(config)#no access-list 100 seq 10

R1(config)#access-list 100 seq 40 deny ip any any

R1(config)#ip access-list extended 100

R1(config-ext-nacl)#no 10

R1(config)#no access-list 100 deny ip any any

R1(config)#ip access-list extended 100

R1(config-ext-nacl)#5 permit to any any

Question 111

What is the purpose of the weight attribute in an EID-lo-RLOC mapping?

Options:

it indicates the preference for using LISP over native IP connectivity.

it determines the administrative distance of LISP generated routes in the RIB

It identifies the preferred RLOC address family.

it indicates the load-balancing ratio between CTRs of 9m earns priority.

Question 112

Drag and drop the characteristics from the left onto the corresponding infrastructure deployment models on the right.

Options:

Question 113

Drag the drop the description from the left onto the routing protocol they describe on the right.

Options:

Question 114

Which component handles the orchestration plane of the Cisco SD-WAN?

Options:

vBond

cSmart

vManage

WAN Edge

Question 115

Refer to the exhibit.

The traceroute fails from R1 to R3. What is the cause of the failure?

Options:

The loopback on R3 Is in a shutdown stale.

An ACL applied Inbound on loopback0 of R2 Is dropping the traffic.

An ACL applied Inbound on fa0/1 of R3 is dropping the traffic.

Redistribution of connected routes into OSPF is not configured.

Question 116

What is a benefit of YANG modules?

Options:

tightly coupled models with encoding to improve performance

easier multivendor interoperability provided by common or industry models

avoidance of ecosystem fragmentation by having fixed that cannot be changed

single protocol and model couple to simplify maintenance and supported

Question 117

A network engineer must configure a switch to allow remote access for all feasible protocols. Only a password must be requested for device authentication and all idle sessions must be terminated in 30 minutes. Which configuration must be applied?

Options:

Option A

Option B

Option C

Option D

Question 118

A customer has a pair of Cisco 5520 WLCs set up in an SSO cluster to manage all APs. Guest traffic is anchored to a Cisco 3504 WLC located in a DMZ. Which action is needed to ensure that the EolP tunnel remains in an UP state in the event of failover on the SSO cluster?

Options:

Configure back-to-back connectivity on the RP ports.

Enable default gateway reachability check.

Use the same mobility domain on all WLCs.

Use the mobility MAC when the mobility peer is configured.

Question 119

Which NTP mode must be activated when using a Cisco router as an NTP authoritative server?

Options:

primary

server

broadcast client

peer

Question 120

Drag and drop the automation characteristics from the left onto the corresponding tools on the right.

Options:

Question 121

Refer to the exhibit.

Which HTTP request produced the REST API response that was returned by Cisco DNA Center?

Options:

fetch /network-device?macAddress=ac:4a:56:6c:7c:00

POST/network-device?macAddress=ac:4a:56:6c:7c:00

GET/network-device?macAddress=ac:4a:56:6c:7c:00

Question 122

Refer to the exhibit.

Clients are reporting an issue with the voice traffic from the branch site to the central site. What is the cause of this issue?

Options:

The voice traffic is using the link with less available bandwidth.

There is a routing loop on the network.

Traffic is load-balancing over both links, causing packets to arrive out of order.

There is a high delay on the WAN links.

Question 123

Refer to the exhibit. Which command set completes the ERSPAN session configuration?

Options:

Option A

Option B

Option C

Option D

Question 124

What is one characteristic of Cisco DNA Center and vManage northbound APIs?

Options:

They push configuration changes down to devices.

They implement the RESTCONF protocol.

They exchange XML-formatted content.

They implement the NETCONF protocol.

Question 125

What is one characteristic of VXLAN?

Options:

It supports a maximum of 4096 VLANs.

It supports multitenant segments.

It uses STP to prevent loops in the underlay network.

It uses the Layer 2 header to transfer packets through the network underlay.

Question 126

Which two steps are required for a complete Cisco DNA Center upgrade? (Choose two.)

Options:

golden image selection

automation backup

proxy configuration

application updates

system update

Question 127

The Gig0/0 interface of two routers is directly connected with a 1G Ethernet link. Which configuration must be applied to the interface of both routers to establish an OSPF adjacency without maintaining a DR/BDR relationship?

Options:

Option A

Option B

Option C

Option D

Question 128

Refer to the exhibit.

What is the effect of introducing the sampler feature into the Flexible NetFlow configuration on the router?

Options:

NetFlow updates to the collector are sent 50% less frequently.

Every second IPv4 packet is forwarded to the collector for inspection.

CPU and memory utilization are reduced when compared with what is required for full NetFlow.

The resolution of sampling data increases, but it requires more performance from the router.

Question 129

What is the JSON syntax that is formed the data?

Options:

{'Name'';''Bob johnon';''Age': Sevenfive,''Alive'': true,''FavoriteFoods';[''Cereal';''Mustard';''Onions'}}

{'Name'':''Bob johnon':''Age': 75 ''Alive'': true,''Favorite Foods';[''Cereal';''Mustard';''Onions'}}

{'Name'':''Bob johnon':''Age: 75,''Alive: true, FavoriteFoods;[Cereal, Mustard';''Onions}}

{'Name'': 'Bob johnon','Age': 75,'Alive': true,''FavoriteFoods': 'Cereal';'Mustard','Onions'}}

Question 130

How do EIGRP metrics compare to OSPF metrics?

Options:

EIGRP metrics are based on a combination of bandwidth and packet loss, and OSPF metrics are based on interface bandwidth.

EIGRP uses the Dijkstra algorithm, and OSPF uses The DUAL algorithm

The EIGRP administrative distance for external routes is 170. and the OSPF administrative distance for external routes is undefined

The EIGRP administrative distance for external routes is 170. and the OSPF administrative distance for external routes is 110

Question 131

What does the number in an NTP stratum level represent?

Options:

The number of hops it takes to reach the master time server.

The number of hops it takes to reach the authoritative time source.

The amount of offset between the device clock and true time.

The amount of drift between the device clock and true time.

Question 132

Refer to the exhibit. A network engineer must load balance traffic that comes from the NAT Router and is destined to 10.10.110.10, to several FTP servers. Which two commands sets should be applied? (Choose two).

Options:

Option A

Option B

Option C

Option D

Option E

Question 133

Refer to the exhibit .

Which command must be configured for RESTCONF to operate on port 8888?

Options:

ip http port 8888

restconf port 8888

ip http restconf port 8888

restconf http port 8888

Question 134

Drag and drop the automation characteristics from the left onto the appropriate tools on the right.

Options:

Question 135

Drag and drop the characteristics from the left onto the technology types on the right.

Options:

Question 136

What is an emulated machine that has dedicated compute memory, and storage resources and a fully installed operating system?

Options:

Container

Mainframe

Host

virtual machine

Question 137

Which benefit is realized by implementing SSO?

Options:

IP first-hop redundancy

communication between different nodes for cluster setup

physical link redundancy

minimal network downtime following an RP switchover

Question 138

Refer to the exhibit.

How should the script be completed so that each device configuration is saved into a JSON-formatted file under the device name?

Options:

Option

Question 139

Which protocol is responsible for data plane forwarding in a Cisco SD-Access deployment?

Options:

VXLAN

IS-IS

OSPF

LISP

Question 140

Which component transports data plane traffic across a Cisco SD-WAN network?

Options:

vSmart

vManage

cEdge

vBond

Question 141

Refer to the exhibit. An engineer tries to log in to router R1. Which configuration enables a successful login?

Options:

Option A

Option B

Option C

Option D

Question 142

Refer to the exhibit. Which EEM script generates a critical-level syslog message and saves a copy of the running configuration to the bootflash when an administrator saves the running configuration to the startup configuration?

Options:

Option A

Option B

Option C

Option D

Question 143

What is one characteristic of the Cisco SD-Access control plane?

Options:

It is based on VXLAN technology.

Each router processes every possible destination and route

It allows host mobility only in the wireless network.

It stores remote routes in a centralized database server

Question 144

What is one main REST security design principle?

Options:

separation of privilege

password hashing

confidential algorithms

OAuth

Question 145

Refer io me exhibit.

An engineer configures the trunk and proceeds to configure an ESPAN session to monitor VLANs10. 20. and 30. Which command must be added to complete this configuration?

Options:

Device(config.mon.erspan.stc)# no filter vlan 30

Devic(config.mon.erspan.src-dst)# no vrf 1

Devic(config.mon.erspan.src-dst)# erspan id 6

Device(config.mon-erspan.Src-dst)# mtu 1460

Question 146

A large campus network has deployed two wireless LAN controllers to manage the wireless network. WLC1 and WLC2 have been configured as mobility peers. A client device roams from AP1 on WLC1 to AP2 on WLC2, but the controller's client interfaces are on different VLANs. How do the wireless LAN controllers handle the inter-subnet roaming?

Options:

WLC1 marks me diem with an anchor entry In Its own database. The database entry is copied to the new controller and marked with a foreign entry on VVLC2.

WLC2 marks the client with an anchor entry In Its own database. The database entry Is copied to the new controller and marked with a foreign entry on WLC1

WLCl marks the client with a foreign entry in its own database. The database entry is copied to the new controller and marked with an anchor entry on WLC2.

WLC2 marks the client with a foreign entry In its own database. The database entry Is copied to the new controller and marked with an anchor entry on WLC1.

Question 147

Refer to the exhibit.

An engineer entered the command no spanning-tree bpduguard enable on interface Fa 1/0/7. What is the effect of this command on Fa 1/0/7?

Options:

It remains in err-disabled state until the shutdown/no shutdown command is entered in the interface configuration mode.

It remains in err-disabled state until the errdisable recovery cause failed-port-state command is entered in the global configuration mode.

It remains in err-disabled state until the no shutdown command is entered in the interface configuration mode.

It remains in err-disabled state until the spanning-tree portfast bpduguard disable command is entered in the interface configuration mode.

Question 148

What is a characteristics of a vSwitch?

Options:

supports advanced Layer 3 routing protocols that are not offered by a hardware switch

enables VMs to communicate with each other within a virtualized server

has higher performance than a hardware switch

operates as a hub and broadcasts the traffic toward all the vPorts

Question 149

Which option must be used to support a WLC with an IPv6 management address and 100 Cisco Aironet 2800 Series access points that will use DHCP to register?

Options:

Question 150

Which resource is able to be shared among virtual machines deployed on the same physical server?

Options:

applications

disk

VM configuration file

operating system

Question 151

What Is the difference between the MAC address table and TCAM?

Options:

The MAC address table supports partial matches. TCAM requires an exact match.

The MAC address table is contained in TCAM ACL and QoS information is stored in CAM.

Router prefix lookups happen in TCAM. MAC address table lookups happen In CAM.

TCAM is used to make L2 forwarding decisions. CAM is used to build routing tables

Question 152

Refer to the exhibit.

An engineer must allow all users in the 10.2.2.0/24 subnet to access the Internet. To conserve address space the public Interface address of 209 165 201.1 must be used for all external communication. Which command set accomplishes these requirements?

Options:

Option A

Option B

Option C

Option D

Question 153

Refer to the exhibit.

A network engineer must configure the router to use the ISE-Servers group for authentication. If both ISE servers are unavailable, the local username database must be used. If no usernames are defined in the configuration, then the enable password must be the last resort to log in. Which configuration must be applied to achieve this result?

Options:

aaa authentication login default group ISE-Servers local enable

aaa authentication login default group enable local ISE-Servers

aaa authorization exec default group ISE-Servers local enable

aaa authentication login error-enable

aaa authentication login default group enable local ISE-Servers

Question 154

Refer to the exhibit.

Which commands are required to allow SSH connection to the router?

Options:

Option A

Option B

Option C

Option D

Question 155

By default, which virtual MAC address does HSRP group 32 use?

Options:

00:5e:0c:07:ac:20

04:18:20:83:2e:32

05:5e:5c:ac:0c:32

00:00:0c:07:ac:20

Question 156

Refer to the exhibit. An engineer has configured an IP SLA for UDP echo’s. Which command is needed to start the IP SLA to test every 30 seconds and continue until stopped?

Options:

ip sla schedule 100 start-time now life forever

ip sla schedule 30 start-time now life forever

ip sla schedule 100 start-time now life 30

ip sla schedule 100 life forever

Question 157

Which VXLAN component is used to encapsulate and decapsulate Ethernet frames?

Options:

VNI

GRE

VTEP

EVPN

Question 158

What are the main components of Cisco TrustSec?

Options:

Cisco ISE and Enterprise Directory Services

Cisco ISE. network switches, firewalls, and routers

Cisco ISE and TACACS+

Cisco ASA and Cisco Firepower Threat Defense

Question 159

Drag and drop the Cisco SD-Access solution areas from the left onto the protocols they use on the right.

Options:

Question 160

Refer to the exhibit.

What are two effect of this configuration? (Choose two.)

Options:

Inside source addresses are translated to the 209.165.201.0/27 subnet.

It establishes a one-to-one NAT translation.

The 10.1.1.0/27 subnet is assigned as the inside global address range.

The 209.165.201.0/27 subnet is assigned as the outside local address range.

The 10.1.1.0/27 subnet is assigned as the inside local addresses.

Question 161

What is used to validate the authenticity of the client and is sent in HTTP requests as a JSON object?

Options:

SSH

HTTPS

JWT

TLS

Question 162

A system must validate access rights to all its resources and must not rely on a cached permission matrix. If the access level to a given resource is revoked but is not reflected in the permission matrix, the security is violated. Which term refers to this REST security design principle?

Options:

economy of mechanism

complete mediation

separation of privilege

least common mechanism

Question 163

What is the recommended minimum SNR for data applications on wireless networks?

Options:

Question 164

Refer to the exhibit. A network engineer checks connectivity between two routers. The engineer can ping the remote endpoint but cannot see an ARP entry. Why is there no ARP entry?

Options:

The ping command must be executed in the global routing table.

Interface FastEthernet0/0 Is configured in VRF CUST-A, so the ARP entry is also in that VRF.

When VRFs are used. ARP protocol must be enabled In each VRF.

When VRFs are used. ARP protocol is disabled in the global routing table.

Question 165

An engineer must configure a new loopback Interface on a router and advertise the interface as a fa4 in OSPF. Which command set accomplishes this task?

Options:

Option A

Option B

Option C

Option D

Question 166

Drag and drop the characteristics from the left to the table types on the right.

Options:

Question 167

Refer to the exhibit.

An engineer must allow R1 to advertise the 192 168.1 0/24 network to R2 R1 must perform this action without sending OSPF packets to SW1 Which command set should be applied?

Options:

Option A

Option B

Option C

Option D

Question 168

Refer to the exhibit. What is generated by the script?

Options:

the cdp neighbors

the routing table

the router processes

the running configuration

Question 169

An administrator is configuring NETCONF using the following XML string. What must the administrator end the request with?

Options:

]]>]]>

Question 170

Which two Cisco SD-WAN components exchange OMP information?

Options:

vAnaiytlcs

vSmart

WAN Edge

vBond

vManage

Question 171

Refer to the exhibit. A network engineer must be notified when a user switches to configuration mode. Which script should be applied to receive an SNMP trap and a critical-level log message?

Options:

Option

Question 172

In a Cisco Catalyst switch equipped with two supervisor modules an administrator must temporally remove the active supervisor from the chassis to perform hardware maintenance on it. Which mechanism ensure that the active supervisor removal is not disruptive to the network operation?

Options:

NSF/NSR

SSO

HSRP

VRRP

Question 173

Which Python snippet should be used to store the devices data structure in a JSON file?

Options:

Option A

Option B

Option C

Option D

Question 174

Which configuration creates a CoPP policy that provides unlimited SSH access from dient 10.0.0.5 and denies access from all other SSH clients'?

Options:

Option A

Option B

Option C

Option D

Question 175

What is the API keys option for REST API authentication?

Options:

a predetermined string that is passed from client to server

a one-time encrypted token

a username that is stored in the local router database

a credential that is transmitted unencrypted

Question 176

Which Cisco FlexConnect state allows wireless users that are connected to the network to continue working after the connection to the WLC has been lost?

Options:

Authentication Down/Switching Down

Authentication-Central/Switch-Local

Authentication- Down/Switch-Local

Authentication-Central/Switch-Central

Answer:

Explanation:

Operation Modes

There are two modes of operation for the FlexConnect AP.

Connected mode: The WLC is reachable. In this mode the FlexConnect AP has CAPWAP connectivity with its WLC.
Standalone mode: The WLC is unreachable. The FlexConnect has lost or failed to establish CAPWAP connectivity with its WLC. A WAN-link outage between a branch and its central site is a example of such a mode of operation.

FlexConnect States

A FlexConnect WLAN, depending on its configuration and network connectivity, is classified as being in one of the following defined states.

Authentication-Central/Switch-Central: This state represents a WLAN that uses a centralized authentication method such as 802.1X, VPN, or web. User traffic is sent to the WLC via CAPWAP (Central switching). This state is supported only when FlexConnect is in connected mode.
Authentication Down/Switching Down: Central switched WLANs no longer beacon or respond to probe requests when the FlexConnect AP is in standalone mode. Existing clients are disassociated.
Authentication-Central/Switch-Local: This state represents a WLAN that uses centralized authentication, but user traffic is switched locally. This state is supported only when the FlexConnect AP is in connected mode.
Authentication-Down/Switch-Local: A WLAN that requires central authentication rejects new users. Existing authenticated users continue to be switched locally until session time-out if configured. The WLAN continues to beacon and respond to probes until there are no more existing users associated to the WLAN. This state occurs as a result of the AP going into standalone mode.
Authentication-local/switch-local: This state represents a WLAN that uses open, static WEP, shared, or WPA2 PSK security methods. User traffic is switched locally. These are the only security methods supported locally if a FlexConnect goes into standalone mode. The WLAN continues to beacon and respond to probes. Existing users remain connected and new user associations are accepted. If the AP is in connected mode, authentication information for these security types is forwarded to the WLC.

Question 177

What is a characteristics of traffic policing?

Options:

lacks support for marking or remarking

must be applied only to outgoing traffic

can be applied in both traffic directions

queues out-of-profile packets until the buffer is full

Question 178

What is the purpose of an RP in PIM?

Options:

send join messages toward a multicast source SPT

ensure the shortest path from the multicast source to the receiver

receive IGMP joins from multicast receivers

secure the communication channel between the multicast sender and receiver

Question 179

Drag and drop the LIPS components on the left to the correct description on the right.

Options:

Question 180

Drag and drop the characteristics from the left onto the routing protocols they describe on the right.

Options:

Question 181

Which function does a fabric wireless LAN controller perform In a Cisco SD-Access deployment?

Options:

manages fabric-enabled APs and forwards client registration and roaming information to the Control Plane Node

coordinates configuration of autonomous nonfabric access points within the fabric

performs the assurance engine role for both wired and wireless clients

is dedicated to onboard clients in fabric-enabled and nonfabric-enabled APs within the fabric

Question 182

Refer to the exhibit. Which command set must be added to permit and log all traffic that comes from 172.20.10.1 in interface GigabitEthernet0/1 without impacting the functionality of the access list?

Options:

Option A

Option B

Option C

Option D

Question 183

Refer to the exhibit. A network administrator configured RSPAN to troubleshoot an issue between switch1 and switch2. The switches are connected using interface GigabitEthernet 1/1. An external packet capture device is connected is switch2 interface GigabitEthernet 1/2. Which two commands must be added to complete this configuration? (Choose two)

Options:

Option A

Option B

Option C

Option D

Option E

Question 184

what is a benefit of using a Type 2 hypervisor instead of a Type 1 hypervisor?

Options:

better application performance

Improved security because the underlying OS is eliminated

Improved density and scalability

ability to operate on hardware that is running other OSs

Question 185

Which protocol is implemented to establish secure control plane adjacencies between Cisco SD-WAN nodes?

Options:

IKF

TLS

IPsec

ESP

Question 186

By default, which virtual MAC address Goes HSRP group 25 use?

Options:

05:5c:5e:ac:0c:25

04:16:6S:96:1C:19

00:00:0c:07:ac:19

00:00:0c:07:ac:25

Question 187

Refer to the exhibit.

Which command set must be applied on R1 to establish a BGP neighborship with R2 and to allow communication from R1 to reach the networks?

Options:

Option A

Option B

Option C

Option D

Question 188

What is a characteristic of a type 2 hypervisor?

Options:

ideal for data center

complicated deployment

ideal for client/end-user system

referred to as bare-metal

Question 189

Refer to the exhibit.

A network engineer must log in to the router via the console, but the RADIUS servers are not reachable Which credentials allow console access1?

Options:

the username "cisco" and the password "Cisco"

no username and only the password "test123"

no username and only the password "cisco123"

the username "cisco" and the password “cisco123"

Question 190

An engineer is implementing a Cisco MPLS TE tunnel to improve the streaming experience for the clients of a video-on-demand server. Which action must the engineer perform to configure extended discovery to support the MPLS LDP session between the headend and tailend routers?

Options:

Configure the interface bandwidth to handle TCP and UDP traffic between the LDP peers

Configure a Cisco MPLS TE tunnel on both ends of the session

Configure an access list on the interface to permit TCP and UDP traffic

Configure a targeted neighbor session.

Question 191

A network administrator is implementing a routing configuration change and enables routing debugs to track routing behavior during the change. The logging output on the terminal is interrupting the command typing process. Which two actions can the network administrator take to minimize the possibility of typing commands incorrectly? (Choose two.)

Options:

Configure the logging synchronous global configuration command

Configure the logging delimiter feature

Configure the logging synchronous command under the vty

Press the TAB key to reprint the command in a new line

increase the number of lines on the screen using the terminal length command

Question 192

An engineer must configure the strongest password authentication to locally authenticate on a router. Which configuration must be used?

Options:

Option A

Option B

Option C

Option D

Question 193

Drag and drop the snippets onto the blanks within the code to construct a script that adds a prefix list to a route map and sets the local preference. Not all options are used

Options:

Question 194

Refer to the exhibit.

An engineer configures the BGP adjacency between R1 and R2, however, it fails to establish Which action resolves the issue?

Options:

Change the network statement on R1 to 172.16 10.0

Change the remote-as number for 192 168.100.11.

Enable synchronization on R1 and R2

Change the remote-as number on R1 to 6500.

Question 195

Refer to the exhibit.

What is the result when a switch that is running PVST+ is added to this network?

Options:

DSW2 operates in Rapid PVST+ and the new switch operates in PVST+

Both switches operate in the PVST+ mode

Spanning tree is disabled automatically on the network

Both switches operate in the Rapid PVST+ mode.

Question 196

A network engineer is enabling HTTPS access to the core switch, which requires a certificate to be installed on the switch signed by the corporate certificate authority Which configuration commands are required to issue a certificate signing request from the core switch?

Options:

Option A

Option B

Option C

Option D

Question 197

Refer to the exhibit.

An engineer must add the SNMP interface table to the NetFlow protocol flow records. Where should the SNMP table option be added?

Options:

under the interface

under the flow record

under the flow monitor

under the flow exporter

Question 198

Which antenna type should be used for a site-to-site wireless connection?

Options:

Omnidirectional

dipole

patch

Yagi

Question 199

How does the EIGRP metric differ from the OSPF metric?

Options:

The EIGRP metric is calculated based on bandwidth only. The OSPF metric is calculated on delay only.

The EIGRP metric is calculated based on delay only. The OSPF metric is calculated on bandwidth and delay.

The EIGRP metric Is calculated based on bandwidth and delay. The OSPF metric is calculated on bandwidth only.

The EIGRP metric Is calculated based on hop count and bandwidth. The OSPF metric is calculated on bandwidth and delay.

Question 200

Refer to the exhibit.

Cisco DNA Center has obtained the username of the client and the multiple devices that the client is using on the network. How is Cisco DNA Center getting these context details?

Options:

The administrator had to assign the username to the IP address manually in the user database tool on Cisco DNA Center.

Those details are provided to Cisco DNA Center by the Identity Services Engine

Cisco DNA Center pulled those details directly from the edge node where the user connected.

User entered those details in the Assurance app available on iOS and Android devices

Question 201

Drag and drop the descriptions from the left onto the QoS components they describe on the right.

Options:

Question 202

When are multicast RPs required?

Options:

RPs are required only when using protocol independent multicast dense mode.

By default, the RP is needed penodically to maintain sessions with sources and receivers.

RPs are required for protocol Independent multicast sparse mode and dense mode.

By default, the RP Is needed only start new sessions with sources and receivers.

Question 203

Refer to the exhibit.

Which command set must be added to the configuration to analyze 50 packets out of every 100?

Options:

Option A

Option B

Option C

Option D

Question 204

Which solution do laaS service providers use to extend a Layer 2 segment across a Layer 3 network?

Options:

VLAN

VTEP

VXLAN

VRF

Question 205

Refer to the exhibit. Which command is required to verify NETCONF capability reply messages?

Options:

show netconf | section rpc-reply

show netconf rpc-reply

show netconf xml rpc-reply

show netconf schema | section rpc-reply

Question 206

Refer to the exhibit.

An engineer configures OSPF and wants to verify the configuration Which configuration is applied to this device?

Options:

Option A

Option B

Option C

Option D

Question 207

What occurs when a high bandwidth multicast stream is sent over an MVPN using Cisco hardware?

Options:

The traffic uses the default MDT to transmit the data only if it isa (S,G) multicast route entry

A data MDT is created to if it is a (*, G) multicast route entries

A data and default MDT are created to flood the multicast stream out of all PIM-SM neighbors.

A data MDT is created to allow for the best transmission through the core for (S, G) multicast route entries.

Question 208

Drag and drop the descriptions of the VSS technology from the left to the right. Not all options are used.

Options:

Question 209

An engineer creates the configuration below. Drag and drop the authentication methods from the left into the order of priority on the right. Not all options are used.

Options:

Question 210

Which function does a fabric edge node perform in an SD-Access deployment?

Options:

Connects the SD-Access fabric to another fabric or external Layer 3 networks

Connects endpoints to the fabric and forwards their traffic

Provides reachability border nodes in the fabric underlay

Encapsulates end-user data traffic into LISP.

Question 211

Drag and drop the characteristics from the left onto the orchestration tools that they describe on the right.

Options:

Question 212

A client device roams between wireless LAN controllers that are mobility peers, Both controllers have dynamic interface on the same client VLAN which type of roam is described?

Options:

intra-VLAN

inter-controller

intra-controller

inter-subnet

Question 213

Refer to the exhibit.

An engineer attempts to establish BGP peering between router CORP and two ISP routers. What is the root cause for the failure between CORP and ISP#2?

Options:

Router ISP#2 is configured to use SHA-1 authentication.

There is a password mismatch between router CORP and router ISP#2.

Router CORP is configured with an extended access control list.

MD5 authorization is configured incorrectly on router ISP#2.

Question 214

Refer to the exhibit.

An engineer must configure static NAT on R1 lo allow users HTTP access to the web server on TCP port 80. The web server must be reachable through ISP 1 and ISP 2. Which command set should be applied to R1 to fulfill these requirements?

Options:

ip nat inside source static tcp 10.1.1.100 80 209.165.200.225 80 extendable

ip nat inside source static tcp 10.1.1.100 80 209.165.201.1 80 extendable

ip nat inside source static tcp 10.1.1.100 80 209.165.200.225 80

ip nat inside source static tcp 10.1.1.100 80 209.165.201.1 80

ip nat inside source static tcp 10.1.1.100 80 209.165.200.225 80

ip nat inside source static tcp 10.1.1.100 8080 209.165.201.1 8080

ip nat inside source static tcp 10.1.1.100 80 209.165.200.225 80 no-alias

ip nat inside source static tcp 10.1.1.100 80 209.165.201.1 80 no-alias

Question 215

Refer to the exhibit.

On which interfaces should VRRP commands be applied to provide first hop redundancy to PC-01 and PC-02?

Options:

G0/0 and G0/1 on Core

G0/0 on Edge-01 and G0/0 on Edge-02

G0/1on Edge-01 and G0/1 on Edge-02

G0/0 and G0/1 on ASW-01

Question 216

What is the function of cisco DNA center in a cisco SD-access deployment?

Options:

It is responsible for routing decisions inside the fabric

It is responsible for the design, management, deployment, provisioning and assurance of the fabric network devices.

It possesses information about all endpoints, nodes and external networks related to the fabric

It provides integration and automation for all nonfabric nodes and their fabric counterparts.

Question 217

A customer wants to use a single SSID to authenticate loT devices using different passwords. Which Layer 2 security type must be configured in conjunction with Cisco ISE to achieve this requirement?

Options:

Fast Transition

Central Web Authentication

Cisco Centralized Key Management

Identity PSK

Question 218

How is a data modeling language used?

Options:

To enable data lo be easily structured, grouped, validated, and replicated

To represent finite and well-defined network elements that cannot be changed

To model the flows of unstructured data within the infrastructure

To provide human readability to scripting languages

Question 219

When firewall capabilities are considered, which feature is found only in Cisco next-generation firewalls?

Options:

malware protection

stateful inspection

traffic filtering

active/standby high availability

Question 220

Refer to the exhibit.

An engineer attempts to bundle interface Gi0/0 into the port channel, but it does not function as expected. Which action resolves the issue?

Options:

Configure channel-group 1 mode active on interface Gi0/0.

Configure no shutdown on interface Gi0/0

Enable fast LACP PDUs on interface Gi0/0.

Set LACP max-bundle to 2 on interface Port-channeM

Question 221

Refer to the Exhibit.

An engineer is installing a new pair of routers in a redundant configuration. When checking on the standby status of each router the engineer notices that the routers are not functioning as expected. Which action will resolve the configuration error?

Options:

configure matching hold and delay timers

configure matching key-strings

configure matching priority values

configure unique virtual IP addresses

Question 222

What is required for intercontroller Layer 3 roaming?

Options:

Mobility groups are established between wireless controllers.

The management VLAN is present as a dynamic VLAN on the second WLC.

WLCs use separate DHCP servers.

WLCs have the same IP addresses configured on their interfaces.

Question 223

In a Cisco SD-Access solution, which protocol is used by an extended node to connect to a single edge node?

Options:

VXLAN

IS-IS

802 1Q

CTS

Question 224

AN engineer is implementing a route map to support redistribution within BGP. The route map must configured to permit all unmatched routes. Which action must the engineer perform to complete this task?

Options:

Include a permit statement as the first entry

Include at least one explicit deny statement

Remove the implicit deny entry

Include a permit statement as the last entry

Question 225

How cloud deployments differ from on-prem deployments?

Options:

Cloud deployments require longer implementation times than on-premises deployments

Cloud deployments are more customizable than on-premises deployments.

Cloud deployments require less frequent upgrades than on-premises deployments.

Cloud deployments have lower upfront costs than on-premises deployments.

Question 226

A vulnerability assessment highlighted that remote access to the switches is permitted using unsecure and unencrypted protocols Which configuration must be applied to allow only secure and reliable remote access for device administration?

Options:

line vty 0 15

transport input none

line vty 0 15

transport input telnet ssh

line vty 0 15

transport input ssh

line vty 0 15

transport input all

Question 227

Refer to the exhibit. An engineer attempts to configure a router on a stick to route packets between Clients, Servers, and Printers; however, initial tests show that this configuration is not working. Which command set resolves this issue?

Options:

Option A

Option B

Option C

Option D

Question 228

Refer to the exhibit. Router BRDR-1 is configured to receive the 0.0.0.0/0 and 172.17.1.0/24 network via BGP and advertise them into OSPF are 0. An engineer has noticed that the OSPF domain is receiving only the 172.17.1.0/24 route and default route 0.0.0.0/0 is still missing. Which configurating must engineer apply to resolve the problem?

Options:

Option A

Option B

Option C

Option D

Question 229

Refer to the exhibit.

Which type of antenna does the radiation pattern represent?

Options:

Yagi

multidirectional

directional patch

omnidirectional

Question 230

Which feature does Cisco TrustSec use to provide scalable, secure communication throughout a network?

Options:

security group tag ACL assigned to each port on a switch

security group tag number assigned to each port on a network

security group tag number assigned to each user on a switch

security group tag ACL assigned to each router on a network

Question 231

Which network devices secure API platform?

Options:

next-generation intrusion detection systems

Layer 3 transit network devices

content switches

web application firewalls

Question 232

Which technology uses network traffic telemetry, contextual information, and file reputation to provide insight into cyber threats?

Options:

threat defense

security services

security intelligence

segmentation

Question 233

Refer to the exhibit.

After the code is run on a Cisco IOS-XE router, the response code is 204.

What is the result of the script?

Options:

The configuration fails because another interface is already configured with IP address 10.10.10.1/24.

The configuration fails because interface GigabitEthernet2 is missing on the target device.

The configuration is successfully sent to the device in cleartext.

Interface GigabitEthernet2 is configured with IP address 10.10.10.1/24

Question 234

Drag and drop the tools from the left onto the agent types on the right.

Options:

Question 235

What is one primary REST security design principle?

Options:

fail-safe defaults

password hash

adding a timestamp in requests

OAuth

Question 236

An engineer configures GigabitEthernet 0/1 for VRRP group 115. The router must assume the primary role when it has the highest priority in the group. Which command set is required to complete this task?

Options:

Option A

Option B

Option C

Option D

Question 237

Refer to the exhibit.

How does the router handle traffic after the CoPP policy is configured on the router?

Options:

Traffic coming to R1 that does not match access list SNMP is dropped.

Traffic coming to R1 that matches access list SNMP is policed.

Traffic passing through R1 that matches access list SNMP is policed.

Traffic generated by R1 that matches access list SNMP is policed.

Question 238

How does Cisco Trustsec enable more flexible access controls for dynamic networking environments and data centers?

Options:

uses flexible NetFlow

assigns a VLAN to the endpoint

classifies traffic based an the contextual identity of the endpoint rather than its IP address

classifies traffic based on advanced application recognition

Question 239

Refer to the exhibit.

R2 is the neighboring router of R1. R2 receives an advertisement for network 192 168.10.50/32. Which configuration should be applied for the subnet to be advertised with the original /24 netmask?

Options:

Option A

Option B

Option C

Option D

Question 240

Refer to the exhibit.

Which Python code snippet prints the descriptions of disabled interfaces only?

Options:

Option A

Option B

Option C

Option D

Question 241

Refer to the exhibit.

VPN-A sends point-to-point traffic to VPN-B and receives traffic only from VPN-C VPN-B sends point-to-point traffic to VPN-C and receives traffic only from VPN-A Which configuration is applied?

Options:

Option A

Option B

Option C

Option D

Question 242

When is the Design workflow used In Cisco DNA Center?

Options:

in a greenfield deployment, with no existing infrastructure

in a greenfield or brownfield deployment, to wipe out existing data

in a brownfield deployment, to modify configuration of existing devices in the network

in a brownfield deployment, to provision and onboard new network devices

Question 243

Which technology is used as the basis for the cisco sd-access data plane?

Options:

IPsec

LISP

VXLAN

802.1Q

Question 244

Refer to the exhibit.

Which IP address becomes the active next hop for 192.168.102 0/24 when 192.168.101.2 fails?

Options:

192.168.101.18

192.168.101.6

192.168.101.10

192.168.101.14

Question 245

Refer to the exhibit.

A company requires that all wireless users authenticate using dynamic key generation. Which configuration must be applied?

Options:

AP(config-if-ssid)# authentication open wep wep_methods

AP(config-if-ssid)# authentication dynamic wep wep_methods

AP(config-if-ssid)# authentication dynamic open wep_dynamic

AP(config-if-ssid)# authentication open eap eap_methods

Question 246

Drag and drop the characteristics from the left onto the routing protocols they describe on the right.

Options:

Question 247

Refer the exhibit.

Which router is the designated router on the segment 192.168.0.0/24?

Options:

This segment has no designated router because it is a nonbroadcast network type.

This segment has no designated router because it is a p2p network type.

Router Chicago because it has a lower router ID

Router NewYork because it has a higher router ID

Question 248

What is the role of the RP in PIM sparse mode?

Options:

The RP responds to the PIM join messages with the source of requested multicast group

The RP maintains default aging timeouts for all multicast streams requested by the receivers.

The RP acts as a control-plane node and does not receive or forward multicast packets.

The RP is the multicast that is the root of the PIM-SM shared multicast distribution tree.

Question 249

An engineer is working with the Cisco DNA Center API Drag and drop the methods from the left onto the actions that they are used for on the right.

Options:

Question 250

Refer to the exhibit.

After configuring HSRP an engineer enters the show standby command. Which two facts are derived from the output? (Choose two.)

Options:

The router with IP 10.10 1.3 is active because it has a higher IP address

If Fa0/0 is shut down, the HSRP priority on R2 becomes 80

R2 Fa1/0 regains the primary role when the link comes back up

R2 becomes the active router after the hold time expires.

R2 is using the default HSRP hello and hold timers.

Question 251

Which two actions, when applied in the LAN network segment, will facilitate Layer 3 CAPWAP discovery for lightweight AP? (Choose two.)

Options:

Utilize DHCP option 17.

Configure WLC IP address on LAN switch.

Utilize DHCP option 43.

Configure an ip helper-address on the router interface

Enable port security on the switch port

Question 252

By default, which virtual MAC address does HSRP group 16 use?

Options:

c0:41:43:64:13:10

00:00:0c 07:ac:10

00:05:5c:07:0c:16

05:00:0c:07:ac:16

Load More 350-401 Questions

Labour Day Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 70percent

Cisco 350-401 Implementing Cisco Enterprise Network Core Technologies (ENCOR) Exam Practice Test

Implementing Cisco Enterprise Network Core Technologies (ENCOR) Questions and Answers

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Explanation:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Explanation:

Options:

Answer:

Options:

Answer:

Explanation:

Options:

Answer:

Explanation:

Options:

Answer:

Options:

Answer:

Explanation:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Explanation:

Options:

Answer:

Options:

Answer:

Explanation:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Explanation:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Explanation:

Options:

Answer:

Options:

Answer:

Explanation:

Options: