Weekend Sale Limited Time 60% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 2493360325

Good News !!! 350-401 Implementing Cisco Enterprise Network Core Technologies (350-401 ENCOR) is now Stable and With Pass Result

350-401 Practice Exam Questions and Answers

Implementing Cisco Enterprise Network Core Technologies (350-401 ENCOR)

Last Update 1 week ago
Total Questions : 843

350-401 is stable now with all latest exam questions are added 1 week ago. Just download our Full package and start your journey with Cisco Implementing Cisco Enterprise Network Core Technologies (350-401 ENCOR) certification. All these Cisco 350-401 practice exam questions are real and verified by our Experts in the related industry fields.

350-401 PDF

350-401 PDF (Printable)
$53.2
$132.99

350-401 Testing Engine

350-401 PDF (Printable)
$58
$144.99

350-401 PDF + Testing Engine

350-401 PDF (Printable)
$72.8
$181.99
Question # 1

An engineer must enable a login authentication method that allows a user to log in by using local authentication if all other defined authentication methods fail Which configuration should be applied?

Options:

A.  

aaa authentication login CONSOLE group radius local-case enable aaa

B.  

authentication login CONSOLE group radius local enable none

C.  

aaa authentication login CONSOLE group radius local enable

D.  

aaa authentication login CONSOLE group tacacs+ local enable

Discussion 0
Question # 2

What is the difference between a RIB and a FIB?

Options:

A.  

The RIB is used to make IP source prefix-based switching decisions

B.  

The FIB is where all IP routing information is stored

C.  

The RIB maintains a mirror image of the FIB

D.  

The FIB is populated based on RIB content

Discussion 0
Question # 3

In a Cisco SD-WAN solution, which two functions are performed by OMP? (Choose two.)

Options:

A.  

advertisement of network prefixes and their attributes

B.  

configuration of control and data policies

C.  

gathering of underlay infrastructure data

D.  

delivery of crypto keys

E.  

segmentation and differentiation of traffic

Discussion 0
Question # 4

Refer to the exhibit.

Question # 4

An engineer configures OSPF and wants to verify the configuration Which configuration is applied to this device?

A)

Question # 4

B)

Question # 4

C)

Question # 4

D)

Question # 4

Options:

A.  

Option A

B.  

Option B

C.  

Option C

D.  

Option D

Discussion 0
Question # 5

What are two considerations when using SSO as a network redundancy feature? (Choose two)

Options:

A.  

both supervisors must be configured separately

B.  

the multicast state is preserved during switchover

C.  

must be combined with NSF to support uninterrupted Layer 2 operations

D.  

must be combined with NSF to support uninterrupted Layer 3 operations

E.  

requires synchronization between supervisors in order to guarantee continuous connectivity

Discussion 0
Question # 6

Refer to the exhibit.

Question # 6

An engineer troubleshoots connectivity issues with an application. Testing is performed from the server gateway, and traffic with the DF bit set is dropped along the path after increasing packet size. Removing the DF bit setting at the gateway prevents the packets from being dropped. What is the cause of this issue?

Options:

A.  

PMTUD does not work due to ICMP Packet Too Big messages being dropped by an ACL

B.  

The remote router drops the traffic due to high CPU load

C.  

The server should not set the DF bit in any type of traffic that is sent toward the network

D.  

There is a CoPP policy in place protecting the WAN router CPU from this type of traffic

Discussion 0
Question # 7

Drag and drop the snippets onto the blanks within the code to construct a script that shows all logging that occurred on the appliance from Sunday until 9:00 p.m Thursday Not all options are used.

Question # 7

Options:

Discussion 0
Question # 8

Refer to the exhibit.

Question # 8

What step resolves the authentication issue?

Options:

A.  

use basic authentication

B.  

change the port to 12446

C.  

target 192 168 100 82 in the URI

D.  

restart the vsmart host

Discussion 0
Question # 9

What are two benefits of implementing a Cisco SD-WAN architecture? (Choose two)

Options:

A.  

It provides resilient and effective traffic flow using MPLS.

B.  

It improves endpoint protection by integrating embedded and cloud security features.

C.  

It allows configuration of application-aware policies with real time enforcement.

D.  

It simplifies endpoint provisioning through standalone router management

E.  

It enforces a single. scalable. hub-and-spoke topology.

Discussion 0
Question # 10

Refer to the exhibit.

Question # 10

Which command when applied to the Atlanta router reduces type 3 LSA flooding into the backbone area and summarizes the inter-area routes on the Dallas router?

Options:

A.  

Atlanta(config-route)#area 0 range 192.168.0.0 255.255.248.0

B.  

Atlanta(config-route)#area 0 range 192.168.0.0 255.255.252.0

C.  

Atlanta(config-route)#area 1 range 192.168.0.0 255.255.252.0

D.  

Atlanta(config-route)#area 1 range 192.168.0.0 255.255.248.0

Discussion 0
Question # 11

Which new enhancement was implemented in Wi-Fi 6?

Options:

A.  

Wi-Fi Protected Access 3

B.  

4096 Quadrature Amplitude Modulation Mode

C.  

Channel bonding

D.  

Uplink and Downlink Orthogonal Frequency Division Multiple Access

Discussion 0
Question # 12

Refer the exhibit.

Question # 12

Which router is the designated router on the segment 192.168.0.0/24?

Options:

A.  

This segment has no designated router because it is a nonbroadcast network type.

B.  

This segment has no designated router because it is a p2p network type.

C.  

Router Chicago because it has a lower router ID

D.  

Router NewYork because it has a higher router ID

Discussion 0
Question # 13

How does CEF switching differ from process switching on Cisco devices?

Options:

A.  

CEF switching saves memory by sorting adjacency tables in dedicate memory on the line cards, and process switching stores all tables in the main memory

B.  

CEF switching uses adjacency tables built by the CDP protocol, and process switching uses the routing table

C.  

CEF switching uses dedicated hardware processors, and process switching uses the main processor

D.  

CEF switching uses proprietary protocol based on IS-IS for MAC address lookup, and process switching uses in MAC address table

Discussion 0
Question # 14

In a three-tier hierarchical campus network design, which action is a design best-practice for the core layer?

Options:

A.  

provide QoS prioritization services such as marking, queueing, and classification for critical network traffic

B.  

provide redundant Layer 3 point-to-point links between the core devices for more predictable and faster convergence

C.  

provide advanced network security features such as 802. IX, DHCP snooping, VACLs, and port security

D.  

provide redundant aggregation for access layer devices and first-hop redundancy protocols such as VRRP

Discussion 0
Question # 15

Refer to the exhibit.

Question # 15

An engineer must create a configuration that prevents R3from receiving the LSA about 172.16.1.4/32.Which configuration set achieves this goal?

Question # 15

Options:

A.  

Option A

B.  

Option B

C.  

Option C

D.  

Option D

Discussion 0
Question # 16

Which two actions, when applied in the LAN network segment, will facilitate Layer 3 CAPWAP discovery for lightweight AP? (Choose two.)

Options:

A.  

Utilize DHCP option 17.

B.  

Configure WLC IP address on LAN switch.

C.  

Utilize DHCP option 43.

D.  

Configure an ip helper-address on the router interface

E.  

Enable port security on the switch port

Discussion 0
Question # 17

Which solution do laaS service providers use to extend a Layer 2 segment across a Layer 3 network?

Options:

A.  

VLAN

B.  

VTEP

C.  

VXLAN

D.  

VRF

Discussion 0
Question # 18

Refer to the exhibit.

Question # 18

An engineer is designing a guest portal on Cisco ISE using the default configuration. During the testing phase, the engineer receives a warning when displaying the guest portal. Which issue is occurring?

Options:

A.  

The server that is providing the portal has an expired certificate

B.  

The server that is providing the portal has a self-signed certificate

C.  

The connection is using an unsupported protocol

D.  

The connection is using an unsupported browser

Discussion 0
Question # 19

Refer to the exhibit.

Question # 19

What is required to configure a second export destination for IP address 192.168.10.1?

Options:

A.  

Specify a VR

F.  

B.  

Specify a different UDP port.

C.  

Specify a different flow ID

D.  

Configure a version 5 flow-export to the same destination.

E.  

Specify a different TCP port.

Discussion 0
Question # 20

Which protocol is used to encrypt control plane traffic between SD-WAN controllers and SD-WAN endpoints?

Options:

A.  

DTLS

B.  

IPsec

C.  

PGP

D.  

HTTPS

Discussion 0
Question # 21

Refer to the exhibit.

Question # 21

After running the code in the exhibit. Which step reduces the amount of data that NETCONF server returns to the NETCONF client, to only the interface’s configuration?

Options:

A.  

Create an XML filter as a string and pass it to get_config() method as an argument

B.  

Use the txml library to parse the data returned by the NETCONF server for the interface’s configuration

C.  

Create a JSON filter as a string and pass it to the get_config() method as an argument

D.  

Use the JSON library to parse the data returned by the NETCONF server for the interface’s configuration

Discussion 0
Question # 22

What is the process for moving a virtual machine from one host machine to another with no downtime?

Options:

A.  

high availability

B.  

disaster recovery

C.  

live migration

D.  

multisite replication

Discussion 0
Question # 23

Question # 23

Refer to the exhibit. A network operator is attempting to configure an IS-IS adjacency between two routers, but the adjacency cannot be established. To troubleshoot the problem, the operator collects this debugging output. Which interfaces are misconfigured on these routers?

Options:

A.  

The peer router interface is configured as Level 1 only, and the R2 interface is configured as Level 2 only

B.  

The R2 interface is configured as Level 1 only, and the Peer router interface is configured as Level 2 only

C.  

The R2 interface is configured as point-to-point, and the peer router interface is configured as multipoint.

D.  

The peer router interface is configured as point-as-point, and the R2 interface is configured as multipoint.

Discussion 0
Question # 24

Which element enables communication between guest VMs within a virtualized environment?

Options:

A.  

hypervisor

B.  

vSwitch

C.  

virtual router

D.  

pNIC

Discussion 0
Question # 25

Which network devices secure API platform?

Options:

A.  

next-generation intrusion detection systems

B.  

Layer 3 transit network devices

C.  

content switches

D.  

web application firewalls

Discussion 0
Question # 26

What is a characteristic of Cisco DNA Northbound APIs?

Options:

A.  

They simplify the management of network infrastructure devices.

B.  

They enable automation of network infrastructure based on intent.

C.  

They utilize RESTCON

F.  

D.  

They utilize multivendor support APIs.

Discussion 0
Question # 27

Refer to the exhibit.

Question # 27

Which command set must be added to the configuration to analyze 50 packets out of every 100?

A)

Question # 27

B)

Question # 27

C)

Question # 27

D)

Question # 27

Options:

A.  

Option A

B.  

Option B

C.  

Option C

D.  

Option D

Discussion 0
Question # 28

Refer to the exhibit.

Question # 28

An engineer must permit traffic from these networks and block all other traffic An informational log message should be triggered when traffic enters from these prefixes Which access list must be used?

Options:

A.  

access-list acl_subnets permit ip 10.0.32.0 0 0.0.255 log

B.  

access-list acl_subnets permit ip 10.0.32.0 0.0.7.255 log

C.  

access-list acl_subnets permit ip 10.0.32.0 0.0.7.255 access-list acl_subnets deny ip any log

D.  

access-list acl_subnets permit ip 10.0.32.0 255.255.248.0 log

Discussion 0
Question # 29

How do cloud deployments compare to on-premises deployments?

Options:

A.  

Cloud deployments provide a better user experience across world regions, whereas on-premises deployments depend upon region-specific conditions

B.  

Cloud deployments are inherently unsecure. whereas a secure architecture is mandatory for on-premises deployments.

C.  

Cloud deployments mandate a secure architecture, whereas on-premises deployments are inherently unsecure.

D.  

Cloud deployments must include automation infrastructure, whereas on-premises deployments often lack the ability for automation.

Discussion 0
Question # 30

What is the rose of the vSmart controller in a Cisco SD-WN environment?

Options:

A.  

it performs authentication and authorization

B.  

it manages the control plane.

C.  

it is the centralized network management system

D.  

it manages the data plane

Discussion 0
Question # 31

Refer to the exhibit.

Question # 31

The traceroute fails from R1 to R3. What is the cause of the failure?

Options:

A.  

The loopback on R3 Is in a shutdown stale.

B.  

An ACL applied Inbound on loopback0 of R2 Is dropping the traffic.

C.  

An ACL applied Inbound on fa0/1 of R3 is dropping the traffic.

D.  

Redistribution of connected routes into OSPF is not configured.

Discussion 0
Question # 32

Drag and drop the characteristics from the left onto the corresponding infrastructure deployment models on the right.

Question # 32

Options:

Discussion 0
Question # 33

Using the EIRP formula,what parameter is subtracted to determine the EIRP value?

Options:

A.  

transmitter power

B.  

antenna cable loss

C.  

antenna again

D.  

signal-to-noise ratio

Discussion 0
Question # 34

Drag and drop the LISP components on the left to the correct description on the right.

Question # 34

Options:

Discussion 0
Question # 35

Question # 35

Refer to the exhibit. R1 and R2 are directly connected, but the BGP session does not establish. Which action must be taken to build an eBGP session?

Options:

A.  

Configure ip route 1.1.1.1 0.0.0.0 192.168.12.1 on R2.

B.  

Configure neighbor 192.168.12.1 activate under R2 BGP process.

C.  

Configure neighbor 2.2.2.2 remote-as 65002 under R1 BGP process.

D.  

Configure no neighbor 192.168.12.1 shutdown under R2 BGP process.

Discussion 0
Question # 36

Question # 36

Refer to the exhibit. Which configuration must be applied to ensure that the preferred path for traffic from AS 65010 toward AS 65020 uses the R2 to R4 path?

A)

Question # 36

B)

Question # 36

C)

Question # 36

D)

Question # 36

Options:

A.  

Option A

B.  

Option B

C.  

Option C

D.  

Option D

Discussion 0
Question # 37

Question # 37

Refer to the exhibit. Traffic is not passing between SW1 and SW2. Which action fixes the issue?

Options:

A.  

Configure LACP mode on S1 to passive.

B.  

Configure switch port mode to ISL on S2.

C.  

Configure PAgP mode on S1 to desirable.

D.  

Configure LACP mode on S1 to active.

Discussion 0
Question # 38

What is a benefit of Cisco TrustSec in a multilayered LAN network design?

Options:

A.  

Policy or ACLS are nor required.

B.  

There is no requirements to run IEEE 802.1X when TrustSec is enabled on a switch port.

C.  

Applications flows between hosts on the LAN to remote destinations can be encrypted.

D.  

Policy can be applied on a hop-by-hop basis.

Discussion 0
Question # 39

Which tool is used in Cisco DNA Center to build generic configurations that are able to be applied on device with similar network settings?

Options:

A.  

Command Runner

B.  

Template Editor

C.  

Application Policies

D.  

Authentication Template

Discussion 0
Question # 40

Question # 40

Refer to the exhibit Which two commands are required on route» R1 to block FTP and allow all other traffic from the Branch 2 network’ (Choose two)

Question # 40

Options:

A.  

Option A

B.  

Option B

C.  

Option C

D.  

Option D

E.  

Option E

Discussion 0
Question # 41

Refer to the exhibit.

Question # 41

What is achieved by this Python script?

Options:

A.  

It counts JSON data from a website.

B.  

It loads JSON data into an HTTP request.

C.  

It reads JSON data into a formatted list.

D.  

It converts JSON data to an HTML document.

Discussion 0
Question # 42

Refer to the exhibit.

Question # 42

Only administrators from the subnet 10.10.10.0/24 are permitted to have access to the router. A secure protocol must be used for the remote access and management of the router instead of clear-text protocols. Which configuration achieves this goal?

Question # 42

Options:

A.  

Option A

B.  

Option B

C.  

Option C

D.  

Option D

Discussion 0
Question # 43

Which JSON script is properly formatted?

A)

Question # 43

B)

Question # 43

C)

Question # 43

D)

Question # 43

Options:

A.  

Option A

B.  

Option B

C.  

Option C

D.  

Option D

Discussion 0
Question # 44

: 264

What is a characteristic of para-virtualization?

Options:

A.  

Para-virtualization allows direct access between the guest OS and the hypervisor.

B.  

Para-virtualization allows the host hardware to be directly accessed.

C.  

Para-virtualization guest servers are unaware of one another.

D.  

Para-virtualization lacks support for containers.

Discussion 0
Question # 45

What does a YANG model provide?

Options:

A.  

standardized data structure independent of the transport protocols

B.  

creation of transport protocols and their interaction with the OS

C.  

user access to interact directly with the CLI of the device to receive or modify network configurations

D.  

standardized data structure that can be used only with NETCONF or RESTCONF transport protocols

Discussion 0
Question # 46

Refer to the exhibit.

Question # 46

Which two commands ensure that DSW1 becomes the root bridge for VLAN 10 and 20? (Choose two.)

Options:

A.  

spanning-tree mst 1 priority 1

B.  

spanning-tree mstp vlan 10.20 root primary

C.  

spanning-tree mil 1 root primary

D.  

spanning-tree mst 1 priority 4096

E.  

spanning-tree mst vlan 10.20 priority root

Discussion 0
Question # 47

A customer wants to connect a device to an autonomous Cisco AP configured as a WG

B.  

The WGB is configured properly: however, it fails to associate to a CAPWAP- enabled AP. Which change must be applied in the advanced WLAN settings to resolve this issue?

Options:

A.  

Enable Aironet I

E.  

B.  

Enable passive client.

C.  

Disable AAA override.

D.  

Disable FlexConnect local switching.

Discussion 0
Question # 48

: 194

Refer to the exhibit.

Question # 48

Which type of antenna is shown on the radiation patterns?

Options:

A.  

Yagi

B.  

dipole

C.  

patch

D.  

omnidirectional

Discussion 0
Question # 49

What are two characteristics of Cisco SD-Access elements? (Choose two.)

Options:

A.  

The border node is required for communication between fabric and nonfabric devices.

B.  

Traffic within the fabric always goes through the control plane node.

C.  

Fabric endpoints are connected directly to the border node.

D.  

The control plane node has the full RLOC-to-EID mapping database.

E.  

The border node has the full RLOC-to-EID mapping database.

Discussion 0
Question # 50

Question # 50

Refer to the exhibit. What is printed to the console when this script is run?

Options:

A.  

a key-value pair in tuple type

B.  

a key-value pair in list type

C.  

a key-value pair in string type

D.  

an error

Discussion 0
Question # 51

By default, which virtual MAC address does HSRP group 15 use?

Options:

A.  

05:5e:ac:07:0c:0f

B.  

c0:42:34:03:73:0f

C.  

00:00:0c:07:ac:0f

D.  

05:af:1c:0f:ac:15

Discussion 0
Question # 52

An engineer must protect the password for the VTY lines against over-the-shoulder attacks. Which configuration should be applied?

Options:

A.  

service password-encryption

B.  

username netadmin secret 9 $9$vFpMf8elb4RVV8$seZ/bDA

C.  

username netadmin secret 7$1$42J36k33008Pyh4QzwXyZ4

D.  

line vty 0 15 p3ssword XD822j

Discussion 0
Question # 53

What does the destination MAC on the outer MAC header identify in a VXLAN packet?

Options:

A.  

thee emote spine

B.  

the next hop

C.  

the leaf switch

D.  

the remote switch

Discussion 0
Question # 54

Question # 54

Refer to the exhibit. A network engineer configures NAT on R1 and enters me show command to verity me configuration What toes the output confirm?

Options:

A.  

The first pocket triggered NAT to add an entry to the NAT table

B.  

R1 is configured with NAT overload parameters.

C.  

A Telnet session from 160.1.1.1 to 10.1.1.10 has been initiated.

D.  

R1 a configured win PAT overload parameters

Discussion 0
Question # 55

Which two features are available only in next-generation firewalls? (Choose two.)

Options:

A.  

virtual private network

B.  

deep packet inspection

C.  

stateful inspection

D.  

application awareness

E.  

packet filtering

Discussion 0
Question # 56

Question # 56

Refer to me exhibit. What is the cause of the log messages?

Options:

A.  

hello packet mismatch

B.  

OSPF area change

C.  

MTU mismatch

D.  

IP address mismatch

Discussion 0
Question # 57

An engineer is configuring RADIUS-Based Authentication with EAP. MS-CHAPv2 is configured on a client device. Which outer method protocol must be configured on the ISE to support this authentication type?

Options:

A.  

EAP-TLS

B.  

EAP-FAST

C.  

LDAP

D.  

PEAP

Discussion 0
Question # 58

Drag and drop the characteristics from the left onto the protocols they apply to on the right?

Question # 58

Options:

Discussion 0
Question # 59

Question # 59

Refer to the exhibit. The connecting between SW1 and SW2 is not operational. Which two actions resolve the issue? (Choose two)

Options:

A.  

configure switchport mode access on SW2

B.  

configure switchport nonegotiate on SW2

C.  

configure switchport mode trunk on SW2

D.  

configure switchport nonegotiate on SW1

E.  

configure switchport mode dynamic desirable on SW2

Discussion 0
Question # 60

While configuring an IOS router for HSRP with a virtual IP of 10 1.1.1. an engineer sees this log message.

Question # 60

Which configuration change must the engineer make?

Options:

A.  

Change the HSRP group configuration on the local router to 1.

B.  

Change the HSRP virtual address on the local router to 10.1.1.1.

C.  

Change the HSRP virtual address on the remote router to 10.1.1.1.

D.  

Change the HSRP group configuration on the remote router to 1.

Discussion 0
Question # 61

Drag and drop the solutions that comprise Cisco Cyber Threat Defense from the left onto the objectives they accomplish on the right.

Question # 61

Options:

Discussion 0
Question # 62

How does an on-premises infrastructure compare to a cloud infrastructure?

Options:

A.  

On-premises can increase compute power faster than cloud

B.  

On-premises requires less power and cooling resources than cloud

C.  

On-premises offers faster deployment than cloud

D.  

On-premises offers lower latency for physically adjacent systems than cloud.

Discussion 0
Question # 63

What is one difference between saltstack and ansible?

Options:

A.  

SaltStack uses an API proxy agent to program Cisco boxes on agent mode, whereas Ansible uses a Telnet connection

B.  

SaltStack uses the Ansible agent on the box, whereas Ansible uses a Telnet server on the box

C.  

SaltStack is constructed with minion, whereas Ansible is constructed with YAML

D.  

SaltStack uses SSH to interact with Cisco devices, whereas Ansible uses an event bus

Discussion 0
Question # 64

Refer to the exhibit.

Question # 64

An engineer implemented several configuration changes and receives the logging message on switch1. Which action should the engineer take to resolve this issue?

Options:

A.  

Change the VTP domain to match on both switches

B.  

Change Switch2 to switch port mode dynamic auto

C.  

Change Switch1 to switch port mode dynamic auto

D.  

Change Switch1 to switch port mode dynamic desirable

Discussion 0
Question # 65

Question # 65

Refer to the exhibit. Which two commands are needed to allow for full reachability between AS 1000 and AS 2000? (Choose two)

Options:

A.  

R1#network 192.168.0.0 mask 255.255.0.0

B.  

R2#no network 10.0.0.0 255.255.255.0

C.  

R2#network 192.168.0.0 mask 255.255.0.0

D.  

R2#network 209.165.201.0 mask 255.255.192.0

E.  

R1#no network 10.0.0.0 255.255.255.0

Discussion 0
Question # 66

Which entity is responsible for maintaining Layer 2 isolation between segments In a VXLAN environment?

Options:

A.  

switch fabric

B.  

VTEP

C.  

VNID

D.  

host switch

Discussion 0
Question # 67

Drag and drop the characteristics from the left onto the routing protocols they describe on the right.

Question # 67

Options:

Discussion 0
Question # 68

Which line must be added in the Python function to return the JSON object {"cat_9k": “FXS193202SE")?

Question # 68

A)

Question # 68

B)

Question # 68

C)

Question # 68

D)

Question # 68

Options:

A.  

Option A

B.  

Option B

C.  

Option C

D.  

Option D

Discussion 0
Question # 69

In a Cisco SD-Access solution, what is the role of the Identity Services Engine?

Options:

A.  

It is leveraged for dynamic endpoint to group mapping and policy definition.

B.  

It provides GUI management and abstraction via apps that share context.

C.  

it is used to analyze endpoint to app flows and monitor fabric status.

D.  

It manages the LISP EID database.

Discussion 0
Question # 70

A server running Linux is providing support for virtual machines along with DNS and DHCP services for a small business. Which technology does this represent?

Options:

A.  

container

B.  

Type 1 hypervisor

C.  

hardware pass-thru

D.  

Type 2 hypervisor

Discussion 0
Question # 71

Question # 71

Refer to the exhibit. Which action completes the configuration to achieve a dynamic continuous mapped NAT for all users?

Options:

A.  

Configure a match-host type NAT pool

B.  

Reconfigure the pool to use the 192.168 1 0 address range

C.  

Increase the NAT pool size to support 254 usable addresses

D.  

Configure a one-to-one type NAT pool

Discussion 0
Question # 72

When configuration WPA2 Enterprise on a WLAN, which additional security component configuration is required?

Options:

A.  

NTP server

B.  

PKI server

C.  

RADIUS server

D.  

TACACS server

Discussion 0
Question # 73

What are two benefits of YANG? (Choose two.)

Options:

A.  

It enforces the use of a specific encoding format for NETCON

F.  

B.  

It collects statistical constraint analysis information.

C.  

It enables multiple leaf statements to exist within a leaf list.

D.  

It enforces configuration semantics.

E.  

It enforces configuration constraints.

Discussion 0
Question # 74

Which DHCP option helps lightweight APs find the IP address of a wireless LAN controller?

Options:

A.  

Option 43

B.  

Option 60

C.  

Option 67

D.  

Option 150

Discussion 0
Question # 75

Refer to the exhibit.

Question # 75

A network engineer is configuring OSPF between router R1 and router R2. The engineer must ensure that a DR/BDR election does not occur on the Gigabit Ethernet interfaces in area 0. Which configuration set accomplishes this goal?

A)

Question # 75

B)

Question # 75

C)

Question # 75

D)

Question # 75

Options:

A.  

Option A

B.  

Option B

C.  

Option C

D.  

Option D

Discussion 0
Question # 76

Which method of account authentication does OAuth 2.0 within REST APIs?

Options:

A.  

username/role combination

B.  

access tokens

C.  

cookie authentication

D.  

basic signature workflow

Discussion 0
Question # 77

A network engineer configures BGP between R1 and R2. Both routers use BGP peer group CORP and are set up to use MD5 authentication. This message is logged to the console of router R1:

Question # 77

Which two configuration allow peering session to from between R1 and R2? Choose two.)

Options:

A.  

R1(config-router)#neighbor 10.10.10.1 peer-group CORP R1(config-router)#neighbor CORP password Cisco

B.  

R2(config-router)#neighbor 10.120.10.1 peer-group CORP R2(config-router)#neighbor CORP password Cisco

C.  

R2(config-router)#neighbor 10.10.10.1 peer-group CORP R2(config-router)#neighbor PEER password Cisco

D.  

R1(config-router)#neighbor 10.120.10.1 peer-group CORP R1(config-router)#neighbor CORP password Cisco

E.  

R2(config-router)#neighbor 10.10.10.1 peer-group CORP R2(config-router)#neighbor CORP password Cisco

Discussion 0
Question # 78

Question # 78

Refer to the exhibit. An engineer attempts to create a configuration to allow the Blue VRF to leak into the global routing table, but the configuration does not function as expected. Which action resolves this issue?

Options:

A.  

Change the access-list destination mask to a wildcard.

B.  

Change the source network that Is specified in access-list 101.

C.  

Change the route-map configuration to VRF_BLU

E.  

D.  

Change the access-list number in the route map

Discussion 0
Question # 79

Which HTTP code must be returned to prevent the script form exiting?

Question # 79

Options:

A.  

200

B.  

201

C.  

300

D.  

301

Discussion 0
Question # 80

What is a fact about Cisco EAP-FAST?

Options:

A.  

It does not require a RADIUS server certificate.

B.  

It requires a client certificate.

C.  

It is an IETF standard.

D.  

It operates in transparent mode.

Discussion 0
Question # 81

Which device makes the decision for a wireless client to roam?

Options:

A.  

wireless client

B.  

wireless LAN controller

C.  

access point

D.  

WCS location server

Discussion 0
Question # 82

Which encryption hashing algorithm does NTP use for authentication?

Options:

A.  

SSL

B.  

MD5

C.  

AES128

D.  

AES256

Discussion 0
Question # 83

Refer to the exhibit.

Question # 83

A network engineer must simplify the IPsec configuration by enabling IPsec over GRE using IPsec profiles. Which two configuration changes accomplish this? (Choose two).

Options:

A.  

Create an IPsec profile, associate the transform-set ACL, and apply the profile to the tunnel interface.

B.  

Apply the crypto map to the tunnel interface and change the tunnel mode to tunnel mode ipsec ipv4.

C.  

Remove all configuration related to crypto map from R1 and R2 and eliminate the ACL.

D.  

Create an IPsec profile, associate the transform-set, and apply the profile to the tunnel interface.

E.  

Remove the crypto map and modify the ACL to allow traffic between 10.10.0.0/24 to 10.20.0.0/24.

Discussion 0
Question # 84

Which devices does Cisco DNA Center configure when deploying an IP-based access control policy?

Options:

A.  

All devices integrating with ISE

B.  

selected individual devices

C.  

all devices in selected sites

D.  

all wired devices

Discussion 0
Question # 85

Refer to the exhibit.

Question # 85

Which command set must be applied on R1 to establish a BGP neighborship with R2 and to allow communication from R1 to reach the networks?

A)

Question # 85

B)

Question # 85

C)

Question # 85

D)

Question # 85

Options:

A.  

Option A

B.  

Option B

C.  

Option C

D.  

Option D

Discussion 0
Question # 86

Drag and drop the characteristics from the left onto the orchestration tools that they describe on the right.

Question # 86

Options:

Discussion 0
Question # 87

By default, which virtual MAC address Goes HSRP group 25 use?

Options:

A.  

05:5c:5e:ac:0c:25

B.  

04:16:6S:96:1C:19

C.  

00:00:0c:07:ac:19

D.  

00:00:0c:07:ac:25

Discussion 0
Question # 88

A large campus network has deployed two wireless LAN controllers to manage the wireless network. WLC1 and WLC2 have been configured as mobility peers. A client device roams from AP1 on WLC1 to AP2 on WLC2, but the controller's client interfaces are on different VLANs. How do the wireless LAN controllers handle the inter-subnet roaming?

Options:

A.  

WLC1 marks me diem with an anchor entry In Its own database. The database entry is copied to the new controller and marked with a foreign entry on VVLC2.

B.  

WLC2 marks the client with an anchor entry In Its own database. The database entry Is copied to the new controller and marked with a foreign entry on WLC1

C.  

WLCl marks the client with a foreign entry in its own database. The database entry is copied to the new controller and marked with an anchor entry on WLC2.

D.  

WLC2 marks the client with a foreign entry In its own database. The database entry Is copied to the new controller and marked with an anchor entry on WLC1.

Discussion 0
Question # 89

An engineer must configure a new loopback Interface on a router and advertise the interface as a fa4 in OSP

F.  

Which command set accomplishes this task?

A)

Question # 89

B)

Question # 89

C)

Question # 89

D)

Question # 89

Options:

A.  

Option A

B.  

Option B

C.  

Option C

D.  

Option D

Discussion 0
Question # 90

ESTION NO: 450

Which two Cisco SD-Access components provide communication between traditional network elements and controller layer? (choose two)

Options:

A.  

network data platform

B.  

network underlay

C.  

fabric overlay

D.  

network control platform

E.  

partner ecosystem

Discussion 0
Question # 91

Refer to the exhibit.

Question # 91

An engineer configures routing between all routers and must build a configuration to connect R1 to R3 via a GRE tunnel Which configuration must be applied?

A)

Question # 91

B)

Question # 91

C)

Question # 91

D)

Question # 91

Options:

A.  

Option

B.  

Option

C.  

Option

D.  

Option

Discussion 0
Question # 92

In a Cisco Catalyst switch equipped with two supervisor modules an administrator must temporally remove the active supervisor from the chassis to perform hardware maintenance on it. Which mechanism ensure that the active supervisor removal is not disruptive to the network operation?

Options:

A.  

NSF/NSR

B.  

SSO

C.  

HSRP

D.  

VRRP

Discussion 0
Question # 93

Drag and drop the LISP components on the left to their descriptions on the right. Not all options are used.

Question # 93

Options:

Discussion 0
Question # 94

A system must validate access rights to all its resources and must not rely on a cached permission matrix. If the access level to a given resource is revoked but is not reflected in the permission matrix, the security is violated. Which term refers to this REST security design principle?

Options:

A.  

economy of mechanism

B.  

complete mediation

C.  

separation of privilege

D.  

least common mechanism

Discussion 0
Question # 95

What is a characteristic of the overlay network in the Cisco SD-Access architecture?

Options:

A.  

It uses a traditional routed access design to provide performance and high availability to the network.

B.  

It consists of a group of physical routers and switches that are used to maintain the network.

C.  

It provides isolation among the virtual networks and independence from the physical network.

D.  

It provides multicast support to enable Layer 2 Hooding capability in the underlay network.

Discussion 0
Question # 96

What is one characteristic of the Cisco SD-Access control plane?

Options:

A.  

It is based on VXLAN technology.

B.  

Each router processes every possible destination and route

C.  

It allows host mobility only in the wireless network.

D.  

It stores remote routes in a centralized database server

Discussion 0
Question # 97

Drag and drop the characteristics from the left onto the infrastructure deployment models on the right.

Question # 97

Options:

Discussion 0
Question # 98

In a Cisco SD-Access wireless architecture which device manages endpoint ID to edge node bindings?

Options:

A.  

fabric control plane node

B.  

fabric wireless controller

C.  

fabric border node

D.  

fabric edge node

Discussion 0
Question # 99

Reter to the exhibit.

Question # 99

An administrator troubleshoots intermittent connectivity from internal hosts to an external public server. Some internal hosts can connect to the server while others receive an ICMP Host Unreachable message and these hosts change over time. What is the cause of this issue?

Options:

A.  

The translator does not use aOdress overloading

B.  

The NAT ACL does not match alt internal hosts

C.  

The NAT ACL and NAT pool share the same name

D.  

The NAT pool netmask rs excessively wide

Discussion 0
Question # 100

Question # 100

Refer to the exhibit. An engineer tries to log in to router R1. Which configuration enables a successful login?

A)

Question # 100

B)

Question # 100

C)

Question # 100

D)

Question # 100

Options:

A.  

Option A

B.  

Option B

C.  

Option C

D.  

Option D

Discussion 0
Question # 101

An engineer is configuring Local WebAuth on a Cisco Wireless LAN Controller. According to RFC 5737, WHICH VIRTUAL IP address must be used in this configuration?

Options:

A.  

192.0.2.1

B.  

172.20.10.1

C.  

1.1.1.1

D.  

192.168.0.1

Discussion 0
Question # 102

Which protocol is implemented to establish secure control plane adjacencies between Cisco SD-WAN nodes?

Options:

A.  

IKF

B.  

TLS

C.  

IPsec

D.  

ESP

Discussion 0
Question # 103

What is one benefit of adopting a data modeling language?

Options:

A.  

augmenting management process using vendor centric actions around models

B.  

refactoring vendor and platform specific configurations with widely compatible configurations

C.  

augmenting the use of management protocols like SNMP for status subscriptions

D.  

deploying machine-friendly codes to manage a high number of devices

Discussion 0
Question # 104

Drag and drop the characteristics from the left to the table types on the right.

Question # 104

Options:

Discussion 0
Question # 105

Question # 105

Refer to the exhibit. An engineer has configured an IP SLA for UDP echo’s. Which command is needed to start the IP SLA to test every 30 seconds and continue until stopped?

Options:

A.  

ip sla schedule 100 start-time now life forever

B.  

ip sla schedule 30 start-time now life forever

C.  

ip sla schedule 100 start-time now life 30

D.  

ip sla schedule 100 life forever

Discussion 0
Question # 106

What is a TLOC in a Cisco SD-WAN deployment?

Options:

A.  

value that identifies a specific tunnel within the Cisco SD-WAN overlay

B.  

identifier that represents a specific service offered by nodes within the Cisco SD-WAN overlay

C.  

attribute that acts as a next hop for network prefixes

D.  

component set by the administrator to differentiate similar nodes that offer a common service

Discussion 0
Question # 107

Which function does a fabric AP perform in a cisco SD-access deployment?

Options:

A.  

It updates wireless clients' locations in the fabric

B.  

It connects wireless clients to the fabric.

C.  

It manages wireless clients' membership information in the fabric

D.  

It configures security policies down to wireless clients in the fabric.

Discussion 0
Question # 108

An administrator is configuring NETCONF using the following XML string. What must the administrator end the request with?

Question # 108

Options:

A.  

]]>]]>

B.  

C.  

D.  

Discussion 0
Question # 109

A network engineer is configuring OSPF on a router. The engineer wants to prevent having a route to 177.16.0.0/16 learned via OSP

F.  

In the routing table and configures a prefix list using the command ip prefix-list OFFICE seq S deny 172.16.0.0/16. Winch two identical configuration commands must be applied to accomplish the goal? (Choose two.)

Options:

A.  

distribute-list prefix OFFICE in under the OSPF process

B.  

Ip prefix-list OFFICE seq 10 permit 0.0.0.0/0 Ie 32

C.  

ip prefix-list OFFICE seq 10 permit 0.0.0.0/0 ge 32

D.  

distribute-list OFFICE out under the OSPF process

E.  

distribute-list OFFICE in under the OSPF process

Discussion 0
Question # 110

How do EIGRP metrics compare to OSPF metrics?

Options:

A.  

EIGRP metrics are based on a combination of bandwidth and packet loss, and OSPF metrics are based on interface bandwidth.

B.  

EIGRP uses the Dijkstra algorithm, and OSPF uses The DUAL algorithm

C.  

The EIGRP administrative distance for external routes is 170. and the OSPF administrative distance for external routes is undefined

D.  

The EIGRP administrative distance for external routes is 170. and the OSPF administrative distance for external routes is 110

Discussion 0
Question # 111

Which definition describes JWT in regard to REST API security?

Options:

A.  

an encrypted JSON token that is used for authentication

B.  

an encrypted JSON token that is used for authorization

C.  

an encoded JSON token that is used to securely exchange information

D.  

an encoded JSON token that is used for authentication

Discussion 0
Question # 112

Question # 112

Refer to the exhibit. A network engineer checks connectivity between two routers. The engineer can ping the remote endpoint but cannot see an ARP entry. Why is there no ARP entry?

Options:

A.  

The ping command must be executed in the global routing table.

B.  

Interface FastEthernet0/0 Is configured in VRF CUST-A, so the ARP entry is also in that VR

F.  

C.  

When VRFs are used. ARP protocol must be enabled In each VR

F.  

D.  

When VRFs are used. ARP protocol is disabled in the global routing table.

Discussion 0
Get 350-401 dumps and pass your exam in 24 hours!

Free Exams Sample Questions