350-401 Practice Exam Questions and Answers

A.  

aaa authentication login CONSOLE group radius local-case enable aaa

B.  

authentication login CONSOLE group radius local enable none

C.  

aaa authentication login CONSOLE group radius local enable

D.  

aaa authentication login CONSOLE group tacacs+ local enable

A.  

The RIB is used to make IP source prefix-based switching decisions

B.  

The FIB is where all IP routing information is stored

C.  

The RIB maintains a mirror image of the FIB

D.  

The FIB is populated based on RIB content

A.  

advertisement of network prefixes and their attributes

B.  

configuration of control and data policies

C.  

gathering of underlay infrastructure data

D.  

delivery of crypto keys

E.  

segmentation and differentiation of traffic

A.  

Option A

B.  

Option B

C.  

Option C

D.  

Option D

A.  

both supervisors must be configured separately

B.  

the multicast state is preserved during switchover

C.  

must be combined with NSF to support uninterrupted Layer 2 operations

D.  

must be combined with NSF to support uninterrupted Layer 3 operations

E.  

requires synchronization between supervisors in order to guarantee continuous connectivity

A.  

PMTUD does not work due to ICMP Packet Too Big messages being dropped by an ACL

B.  

The remote router drops the traffic due to high CPU load

C.  

The server should not set the DF bit in any type of traffic that is sent toward the network

D.  

There is a CoPP policy in place protecting the WAN router CPU from this type of traffic

A.  

use basic authentication

B.  

change the port to 12446

C.  

target 192 168 100 82 in the URI

D.  

restart the vsmart host

A.  

It provides resilient and effective traffic flow using MPLS.

B.  

It improves endpoint protection by integrating embedded and cloud security features.

C.  

It allows configuration of application-aware policies with real time enforcement.

D.  

It simplifies endpoint provisioning through standalone router management

E.  

It enforces a single. scalable. hub-and-spoke topology.

A.  

Atlanta(config-route)#area 0 range 192.168.0.0 255.255.248.0

B.  

Atlanta(config-route)#area 0 range 192.168.0.0 255.255.252.0

C.  

Atlanta(config-route)#area 1 range 192.168.0.0 255.255.252.0

D.  

Atlanta(config-route)#area 1 range 192.168.0.0 255.255.248.0

A.  

Wi-Fi Protected Access 3

B.  

4096 Quadrature Amplitude Modulation Mode

C.  

Channel bonding

D.  

Uplink and Downlink Orthogonal Frequency Division Multiple Access

A.  

This segment has no designated router because it is a nonbroadcast network type.

B.  

This segment has no designated router because it is a p2p network type.

C.  

Router Chicago because it has a lower router ID

D.  

Router NewYork because it has a higher router ID

A.  

CEF switching saves memory by sorting adjacency tables in dedicate memory on the line cards, and process switching stores all tables in the main memory

B.  

CEF switching uses adjacency tables built by the CDP protocol, and process switching uses the routing table

C.  

CEF switching uses dedicated hardware processors, and process switching uses the main processor

D.  

CEF switching uses proprietary protocol based on IS-IS for MAC address lookup, and process switching uses in MAC address table

A.  

provide QoS prioritization services such as marking, queueing, and classification for critical network traffic

B.  

provide redundant Layer 3 point-to-point links between the core devices for more predictable and faster convergence

C.  

provide advanced network security features such as 802. IX, DHCP snooping, VACLs, and port security

D.  

provide redundant aggregation for access layer devices and first-hop redundancy protocols such as VRRP

A.  

Option A

B.  

Option B

C.  

Option C

D.  

Option D

A.  

Utilize DHCP option 17.

B.  

Configure WLC IP address on LAN switch.

C.  

Utilize DHCP option 43.

D.  

Configure an ip helper-address on the router interface

E.  

Enable port security on the switch port

A.  

VLAN

B.  

VTEP

C.  

VXLAN

D.  

VRF

A.  

The server that is providing the portal has an expired certificate

B.  

The server that is providing the portal has a self-signed certificate

C.  

The connection is using an unsupported protocol

D.  

The connection is using an unsupported browser

A.  

Specify a VR

F.  

B.  

Specify a different UDP port.

C.  

Specify a different flow ID

D.  

Configure a version 5 flow-export to the same destination.

E.  

Specify a different TCP port.

A.  

DTLS

B.  

IPsec

C.  

PGP

D.  

HTTPS

A.  

Create an XML filter as a string and pass it to get_config() method as an argument

B.  

Use the txml library to parse the data returned by the NETCONF server for the interface’s configuration

C.  

Create a JSON filter as a string and pass it to the get_config() method as an argument

D.  

Use the JSON library to parse the data returned by the NETCONF server for the interface’s configuration

A.  

high availability

B.  

disaster recovery

C.  

live migration

D.  

multisite replication

A.  

The peer router interface is configured as Level 1 only, and the R2 interface is configured as Level 2 only

B.  

The R2 interface is configured as Level 1 only, and the Peer router interface is configured as Level 2 only

C.  

The R2 interface is configured as point-to-point, and the peer router interface is configured as multipoint.

D.  

The peer router interface is configured as point-as-point, and the R2 interface is configured as multipoint.

A.  

hypervisor

B.  

vSwitch

C.  

virtual router

D.  

pNIC

A.  

next-generation intrusion detection systems

B.  

Layer 3 transit network devices

C.  

content switches

D.  

web application firewalls

A.  

They simplify the management of network infrastructure devices.

B.  

They enable automation of network infrastructure based on intent.

C.  

They utilize RESTCON

F.  

D.  

They utilize multivendor support APIs.

A.  

Option A

B.  

Option B

C.  

Option C

D.  

Option D

A.  

access-list acl_subnets permit ip 10.0.32.0 0 0.0.255 log

B.  

access-list acl_subnets permit ip 10.0.32.0 0.0.7.255 log

C.  

access-list acl_subnets permit ip 10.0.32.0 0.0.7.255 access-list acl_subnets deny ip any log

D.  

access-list acl_subnets permit ip 10.0.32.0 255.255.248.0 log

A.  

Cloud deployments provide a better user experience across world regions, whereas on-premises deployments depend upon region-specific conditions

B.  

Cloud deployments are inherently unsecure. whereas a secure architecture is mandatory for on-premises deployments.

C.  

Cloud deployments mandate a secure architecture, whereas on-premises deployments are inherently unsecure.

D.  

Cloud deployments must include automation infrastructure, whereas on-premises deployments often lack the ability for automation.

A.  

it performs authentication and authorization

B.  

it manages the control plane.

C.  

it is the centralized network management system

D.  

it manages the data plane

A.  

The loopback on R3 Is in a shutdown stale.

B.  

An ACL applied Inbound on loopback0 of R2 Is dropping the traffic.

C.  

An ACL applied Inbound on fa0/1 of R3 is dropping the traffic.

D.  

Redistribution of connected routes into OSPF is not configured.

A.  

transmitter power

B.  

antenna cable loss

C.  

antenna again

D.  

signal-to-noise ratio

A.  

Configure ip route 1.1.1.1 0.0.0.0 192.168.12.1 on R2.

B.  

Configure neighbor 192.168.12.1 activate under R2 BGP process.

C.  

Configure neighbor 2.2.2.2 remote-as 65002 under R1 BGP process.

D.  

Configure no neighbor 192.168.12.1 shutdown under R2 BGP process.

A.  

Option A

B.  

Option B

C.  

Option C

D.  

Option D

A.  

Configure LACP mode on S1 to passive.

B.  

Configure switch port mode to ISL on S2.

C.  

Configure PAgP mode on S1 to desirable.

D.  

Configure LACP mode on S1 to active.

A.  

Policy or ACLS are nor required.

B.  

There is no requirements to run IEEE 802.1X when TrustSec is enabled on a switch port.

C.  

Applications flows between hosts on the LAN to remote destinations can be encrypted.

D.  

Policy can be applied on a hop-by-hop basis.

A.  

Command Runner

B.  

Template Editor

C.  

Application Policies

D.  

Authentication Template

A.  

Option A

B.  

Option B

C.  

Option C

D.  

Option D

E.  

Option E

A.  

It counts JSON data from a website.

B.  

It loads JSON data into an HTTP request.

C.  

It reads JSON data into a formatted list.

D.  

It converts JSON data to an HTML document.

A.  

Option A

B.  

Option B

C.  

Option C

D.  

Option D

A.  

Option A

B.  

Option B

C.  

Option C

D.  

Option D

A.  

Para-virtualization allows direct access between the guest OS and the hypervisor.

B.  

Para-virtualization allows the host hardware to be directly accessed.

C.  

Para-virtualization guest servers are unaware of one another.

D.  

Para-virtualization lacks support for containers.

A.  

standardized data structure independent of the transport protocols

B.  

creation of transport protocols and their interaction with the OS

C.  

user access to interact directly with the CLI of the device to receive or modify network configurations

D.  

standardized data structure that can be used only with NETCONF or RESTCONF transport protocols

A.  

spanning-tree mst 1 priority 1

B.  

spanning-tree mstp vlan 10.20 root primary

C.  

spanning-tree mil 1 root primary

D.  

spanning-tree mst 1 priority 4096

E.  

spanning-tree mst vlan 10.20 priority root

A.  

Enable Aironet I

E.  

B.  

Enable passive client.

C.  

Disable AAA override.

D.  

Disable FlexConnect local switching.

A.  

Yagi

B.  

dipole

C.  

patch

D.  

omnidirectional

A.  

The border node is required for communication between fabric and nonfabric devices.

B.  

Traffic within the fabric always goes through the control plane node.

C.  

Fabric endpoints are connected directly to the border node.

D.  

The control plane node has the full RLOC-to-EID mapping database.

E.  

The border node has the full RLOC-to-EID mapping database.

A.  

a key-value pair in tuple type

B.  

a key-value pair in list type

C.  

a key-value pair in string type

D.  

an error

A.  

05:5e:ac:07:0c:0f

B.  

c0:42:34:03:73:0f

C.  

00:00:0c:07:ac:0f

D.  

05:af:1c:0f:ac:15

A.  

service password-encryption

B.  

username netadmin secret 9 $9$vFpMf8elb4RVV8$seZ/bDA

C.  

username netadmin secret 7$1$42J36k33008Pyh4QzwXyZ4

D.  

line vty 0 15 p3ssword XD822j

A.  

thee emote spine

B.  

the next hop

C.  

the leaf switch

D.  

the remote switch

A.  

The first pocket triggered NAT to add an entry to the NAT table

B.  

R1 is configured with NAT overload parameters.

C.  

A Telnet session from 160.1.1.1 to 10.1.1.10 has been initiated.

D.  

R1 a configured win PAT overload parameters

A.  

virtual private network

B.  

deep packet inspection

C.  

stateful inspection

D.  

application awareness

E.  

packet filtering

A.  

hello packet mismatch

B.  

OSPF area change

C.  

MTU mismatch

D.  

IP address mismatch

A.  

EAP-TLS

B.  

EAP-FAST

C.  

LDAP

D.  

PEAP

A.  

configure switchport mode access on SW2

B.  

configure switchport nonegotiate on SW2

C.  

configure switchport mode trunk on SW2

D.  

configure switchport nonegotiate on SW1

E.  

configure switchport mode dynamic desirable on SW2

A.  

Change the HSRP group configuration on the local router to 1.

B.  

Change the HSRP virtual address on the local router to 10.1.1.1.

C.  

Change the HSRP virtual address on the remote router to 10.1.1.1.

D.  

Change the HSRP group configuration on the remote router to 1.

A.  

On-premises can increase compute power faster than cloud

B.  

On-premises requires less power and cooling resources than cloud

C.  

On-premises offers faster deployment than cloud

D.  

On-premises offers lower latency for physically adjacent systems than cloud.

A.  

SaltStack uses an API proxy agent to program Cisco boxes on agent mode, whereas Ansible uses a Telnet connection

B.  

SaltStack uses the Ansible agent on the box, whereas Ansible uses a Telnet server on the box

C.  

SaltStack is constructed with minion, whereas Ansible is constructed with YAML

D.  

SaltStack uses SSH to interact with Cisco devices, whereas Ansible uses an event bus

A.  

Change the VTP domain to match on both switches

B.  

Change Switch2 to switch port mode dynamic auto

C.  

Change Switch1 to switch port mode dynamic auto

D.  

Change Switch1 to switch port mode dynamic desirable

A.  

R1#network 192.168.0.0 mask 255.255.0.0

B.  

R2#no network 10.0.0.0 255.255.255.0

C.  

R2#network 192.168.0.0 mask 255.255.0.0

D.  

R2#network 209.165.201.0 mask 255.255.192.0

E.  

R1#no network 10.0.0.0 255.255.255.0

A.  

switch fabric

B.  

VTEP

C.  

VNID

D.  

host switch

A.  

Option A

B.  

Option B

C.  

Option C

D.  

Option D

A.  

It is leveraged for dynamic endpoint to group mapping and policy definition.

B.  

It provides GUI management and abstraction via apps that share context.

C.  

it is used to analyze endpoint to app flows and monitor fabric status.

D.  

It manages the LISP EID database.

A.  

container

B.  

Type 1 hypervisor

C.  

hardware pass-thru

D.  

Type 2 hypervisor

A.  

Configure a match-host type NAT pool

B.  

Reconfigure the pool to use the 192.168 1 0 address range

C.  

Increase the NAT pool size to support 254 usable addresses

D.  

Configure a one-to-one type NAT pool

A.  

NTP server

B.  

PKI server

C.  

RADIUS server

D.  

TACACS server

A.  

It enforces the use of a specific encoding format for NETCON

F.  

B.  

It collects statistical constraint analysis information.

C.  

It enables multiple leaf statements to exist within a leaf list.

D.  

It enforces configuration semantics.

E.  

It enforces configuration constraints.

A.  

Option 43

B.  

Option 60

C.  

Option 67

D.  

Option 150

A.  

Option A

B.  

Option B

C.  

Option C

D.  

Option D

A.  

username/role combination

B.  

access tokens

C.  

cookie authentication

D.  

basic signature workflow

A.  

R1(config-router)#neighbor 10.10.10.1 peer-group CORP R1(config-router)#neighbor CORP password Cisco

B.  

R2(config-router)#neighbor 10.120.10.1 peer-group CORP R2(config-router)#neighbor CORP password Cisco

C.  

R2(config-router)#neighbor 10.10.10.1 peer-group CORP R2(config-router)#neighbor PEER password Cisco

D.  

R1(config-router)#neighbor 10.120.10.1 peer-group CORP R1(config-router)#neighbor CORP password Cisco

E.  

R2(config-router)#neighbor 10.10.10.1 peer-group CORP R2(config-router)#neighbor CORP password Cisco

A.  

Change the access-list destination mask to a wildcard.

B.  

Change the source network that Is specified in access-list 101.

C.  

Change the route-map configuration to VRF_BLU

E.  

D.  

Change the access-list number in the route map

A.  

200

B.  

201

C.  

300

D.  

301

A.  

It does not require a RADIUS server certificate.

B.  

It requires a client certificate.

C.  

It is an IETF standard.

D.  

It operates in transparent mode.

A.  

wireless client

B.  

wireless LAN controller

C.  

access point

D.  

WCS location server

A.  

SSL

B.  

MD5

C.  

AES128

D.  

AES256

A.  

Create an IPsec profile, associate the transform-set ACL, and apply the profile to the tunnel interface.

B.  

Apply the crypto map to the tunnel interface and change the tunnel mode to tunnel mode ipsec ipv4.

C.  

Remove all configuration related to crypto map from R1 and R2 and eliminate the ACL.

D.  

Create an IPsec profile, associate the transform-set, and apply the profile to the tunnel interface.

E.  

Remove the crypto map and modify the ACL to allow traffic between 10.10.0.0/24 to 10.20.0.0/24.

A.  

All devices integrating with ISE

B.  

selected individual devices

C.  

all devices in selected sites

D.  

all wired devices

A.  

Option A

B.  

Option B

C.  

Option C

D.  

Option D

A.  

05:5c:5e:ac:0c:25

B.  

04:16:6S:96:1C:19

C.  

00:00:0c:07:ac:19

D.  

00:00:0c:07:ac:25

A.  

WLC1 marks me diem with an anchor entry In Its own database. The database entry is copied to the new controller and marked with a foreign entry on VVLC2.

B.  

WLC2 marks the client with an anchor entry In Its own database. The database entry Is copied to the new controller and marked with a foreign entry on WLC1

C.  

WLCl marks the client with a foreign entry in its own database. The database entry is copied to the new controller and marked with an anchor entry on WLC2.

D.  

WLC2 marks the client with a foreign entry In its own database. The database entry Is copied to the new controller and marked with an anchor entry on WLC1.

A.  

Option A

B.  

Option B

C.  

Option C

D.  

Option D

A.  

network data platform

B.  

network underlay

C.  

fabric overlay

D.  

network control platform

E.  

partner ecosystem

A.  

Option

B.  

Option

C.  

Option

D.  

Option

A.  

NSF/NSR

B.  

SSO

C.  

HSRP

D.  

VRRP

A.  

economy of mechanism

B.  

complete mediation

C.  

separation of privilege

D.  

least common mechanism

A.  

It uses a traditional routed access design to provide performance and high availability to the network.

B.  

It consists of a group of physical routers and switches that are used to maintain the network.

C.  

It provides isolation among the virtual networks and independence from the physical network.

D.  

It provides multicast support to enable Layer 2 Hooding capability in the underlay network.

A.  

It is based on VXLAN technology.

B.  

Each router processes every possible destination and route

C.  

It allows host mobility only in the wireless network.

D.  

It stores remote routes in a centralized database server

A.  

fabric control plane node

B.  

fabric wireless controller

C.  

fabric border node

D.  

fabric edge node

A.  

The translator does not use aOdress overloading

B.  

The NAT ACL does not match alt internal hosts

C.  

The NAT ACL and NAT pool share the same name

D.  

The NAT pool netmask rs excessively wide

A.  

Option A

B.  

Option B

C.  

Option C

D.  

Option D

A.  

192.0.2.1

B.  

172.20.10.1

C.  

1.1.1.1

D.  

192.168.0.1

A.  

IKF

B.  

TLS

C.  

IPsec

D.  

ESP

A.  

augmenting management process using vendor centric actions around models

B.  

refactoring vendor and platform specific configurations with widely compatible configurations

C.  

augmenting the use of management protocols like SNMP for status subscriptions

D.  

deploying machine-friendly codes to manage a high number of devices

A.  

ip sla schedule 100 start-time now life forever

B.  

ip sla schedule 30 start-time now life forever

C.  

ip sla schedule 100 start-time now life 30

D.  

ip sla schedule 100 life forever

A.  

value that identifies a specific tunnel within the Cisco SD-WAN overlay

B.  

identifier that represents a specific service offered by nodes within the Cisco SD-WAN overlay

C.  

attribute that acts as a next hop for network prefixes

D.  

component set by the administrator to differentiate similar nodes that offer a common service

A.  

It updates wireless clients' locations in the fabric

B.  

It connects wireless clients to the fabric.

C.  

It manages wireless clients' membership information in the fabric

D.  

It configures security policies down to wireless clients in the fabric.

A.  

]]>]]>

B.  

C.  

D.  

A.  

distribute-list prefix OFFICE in under the OSPF process

B.  

Ip prefix-list OFFICE seq 10 permit 0.0.0.0/0 Ie 32

C.  

ip prefix-list OFFICE seq 10 permit 0.0.0.0/0 ge 32

D.  

distribute-list OFFICE out under the OSPF process

E.  

distribute-list OFFICE in under the OSPF process

A.  

EIGRP metrics are based on a combination of bandwidth and packet loss, and OSPF metrics are based on interface bandwidth.

B.  

EIGRP uses the Dijkstra algorithm, and OSPF uses The DUAL algorithm

C.  

The EIGRP administrative distance for external routes is 170. and the OSPF administrative distance for external routes is undefined

D.  

The EIGRP administrative distance for external routes is 170. and the OSPF administrative distance for external routes is 110

A.  

an encrypted JSON token that is used for authentication

B.  

an encrypted JSON token that is used for authorization

C.  

an encoded JSON token that is used to securely exchange information

D.  

an encoded JSON token that is used for authentication

A.  

The ping command must be executed in the global routing table.

B.  

Interface FastEthernet0/0 Is configured in VRF CUST-A, so the ARP entry is also in that VR

F.  

C.  

When VRFs are used. ARP protocol must be enabled In each VR

F.  

D.  

When VRFs are used. ARP protocol is disabled in the global routing table.