Summer Sale - 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 70dumps

350-401 Questions and Answers

Question # 6

Refer to the exhibit.

An engineer must deny Telnet traffic from the loopback interface of router R3 to the Loopback interface of router R2 during, the weekend hours. All other traffic between the loopback interfaces of routers R3 and R2 must be allowed at all times Which command set accomplishes this task?

A)

B)

C)

D)

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Full Access
Question # 7

A company requires a wireless solution to support its mam office and multiple branch locations. All sites have local Internet connections and a link to the main office lor corporate connectivity. The branch offices are managed centrally. Which solution should the company choose?

A.

Cisco United Wireless Network

B.

Cisco DNA Spaces

C.

Cisco Catalyst switch with embedded controller

D.

Cisco Mobility Express

Full Access
Question # 8

Which two features does the Cisco SD-Access architecture add to a traditional campus network? (Choose two.)

A.

software-defined segmentation

B.

private VLANs

C.

SD-WAN

D.

modular QoS

E.

identity services

Full Access
Question # 9

What is used to validate the authenticity of the client and is sent in HTTP requests as a JSON object?

A.

SSH

B.

HTTPS

C.

JWT

D.

TLS

Full Access
Question # 10

What is an OVF?

A.

a package that is similar to an IMG and that contains an OVA file used to build a virtual machine

B.

an alternative form of an ISO that Is used to install the base operating system of a virtual machine

C.

the third step in a P2V migration

D.

a package of files that is used to describe a virtual machine or virtual appliance

Full Access
Question # 11

Refer to the exhibit.

What is the result of the API request?

A.

The "params" variable sends data fields to the network appliance.

B.

The native interface information is read from the network appliance.

C.

The Information for all interfaces is read from the network appliance.

D.

The "params" variable reads data fields from the network appliance

Full Access
Question # 12

Drag and drop the characteristics from the left onto the deployment types on the right.

Full Access
Question # 13

Refer to the exhibit. A network administrator configured RSPAN to troubleshoot an issue between switch1 and switch2. The switches are connected using interface GigabitEthernet 1/1. An external packet capture device is connected is switch2 interface GigabitEthernet 1/2. Which two commands must be added to complete this configuration? (Choose two)

A.

Option A

B.

Option B

C.

Option C

D.

Option D

E.

Option E

Full Access
Question # 14

Which configuration creates a CoPP policy that provides unlimited SSH access from dient 10.0.0.5 and denies access from all other SSH clients'?

A)

B)

C)

D)

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Full Access
Question # 15

Refer to the exhibit.

An engineer entered the command no spanning-tree bpduguard enable on interface Fa 1/0/7. What is the effect of this command on Fa 1/0/7?

A.

It remains in err-disabled state until the shutdown/no shutdown command is entered in the interface configuration mode.

B.

It remains in err-disabled state until the errdisable recovery cause failed-port-state command is entered in the global configuration mode.

C.

It remains in err-disabled state until the no shutdown command is entered in the interface configuration mode.

D.

It remains in err-disabled state until the spanning-tree portfast bpduguard disable command is entered in the interface configuration mode.

Full Access
Question # 16

Refer to the exhibit.

How should the script be completed so that each device configuration is saved into a JSON-formatted file under the device name?

A)

B)

C)

D)

A.

Option

B.

Option

C.

Option

D.

Option

Full Access
Question # 17

Which two solutions are used for backing up a Cisco DNA Center Assurance database? (Choose two)

A.

NFS share

B.

non-linux server

C.

local server

D.

remote server

E.

bare metal server

Full Access
Question # 18

Which function does a fabric wireless LAN controller perform In a Cisco SD-Access deployment?

A.

manages fabric-enabled APs and forwards client registration and roaming information to the Control Plane Node

B.

coordinates configuration of autonomous nonfabric access points within the fabric

C.

performs the assurance engine role for both wired and wireless clients

D.

is dedicated to onboard clients in fabric-enabled and nonfabric-enabled APs within the fabric

Full Access
Question # 19

Refer to the exhibit.

An engineer must set up connectivity between a campus aggregation layer and a branch office access layer. The engineer uses dynamic trunking protocol to establish this connection, however, management traffic on VLAN1 is not passing. Which action resolves the issue and allow communication for all configured VLANs?

A.

Allow all VLANs on the trunk links

B.

Disable Spanning Tree for the native VLAN.

C.

Configure the correct native VLAN on the remote interface

D.

Change both interfaces to access ports.

Full Access
Question # 20

Which two Cisco SD-WAN components exchange OMP information?

A.

vAnaiytlcs

B.

vSmart

C.

WAN Edge

D.

vBond

E.

vManage

Full Access
Question # 21

Refer to the exhibit.

What are two effect of this configuration? (Choose two.)

A.

Inside source addresses are translated to the 209.165.201.0/27 subnet.

B.

It establishes a one-to-one NAT translation.

C.

The 10.1.1.0/27 subnet is assigned as the inside global address range.

D.

The 209.165.201.0/27 subnet is assigned as the outside local address range.

E.

The 10.1.1.0/27 subnet is assigned as the inside local addresses.

Full Access
Question # 22

Refer to the exhibit.

Object tracking has been configured for VRRP-enabled routers Edge-01 and Edge-02 Which commands cause Edge-02 to preempt Edge-01 in the event that interface G0/0 goes down on Edge-01?

A)

B)

C)

D)

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Full Access
Question # 23

What is a characteristic of the overlay network in the Cisco SD-Access architecture?

A.

It uses a traditional routed access design to provide performance and high availability to the network.

B.

It consists of a group of physical routers and switches that are used to maintain the network.

C.

It provides isolation among the virtual networks and independence from the physical network.

D.

It provides multicast support to enable Layer 2 Hooding capability in the underlay network.

Full Access
Question # 24

What happens when a FlexConnect AP changes to standalone mode?

A.

All controller-dependent activities stop working except the DFS.

B.

All client roaming continues to work

C.

Only clients on central switching WLANs stay connected.

D.

All clients on an WLANs are disconnected

Full Access
Question # 25

A large campus network has deployed two wireless LAN controllers to manage the wireless network. WLC1 and WLC2 have been configured as mobility peers. A client device roams from AP1 on WLC1 to AP2 on WLC2, but the controller's client interfaces are on different VLANs. How do the wireless LAN controllers handle the inter-subnet roaming?

A.

WLC1 marks me diem with an anchor entry In Its own database. The database entry is copied to the new controller and marked with a foreign entry on VVLC2.

B.

WLC2 marks the client with an anchor entry In Its own database. The database entry Is copied to the new controller and marked with a foreign entry on WLC1

C.

WLCl marks the client with a foreign entry in its own database. The database entry is copied to the new controller and marked with an anchor entry on WLC2.

D.

WLC2 marks the client with a foreign entry In its own database. The database entry Is copied to the new controller and marked with an anchor entry on WLC1.

Full Access
Question # 26

Refer to the exhibit. Which EEM script generates a critical-level syslog message and saves a copy of the running configuration to the bootflash when an administrator saves the running configuration to the startup configuration?

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Full Access
Question # 27

Refer to the exhibit. Which python code parses the response and prints “18:32:21.474 UTC sun Mar 10 2019?

A.

print(response['resut'][0||'simple_time']}

B.

print(response[result']['body']['simple_time']}

C.

print(response['body']['simple_time']}

D.

print(response[jresult']['body']['simple_time']}

Full Access
Question # 28

Which feature Is used to propagate ARP broadcast, and link-local frames across a Cisco SD-Access fabric to address connectivity needs for silent hosts that require reception of traffic to start communicating?

A.

Native Fabric Multicast

B.

Layer 2 Flooding

C.

SOA Transit

D.

Multisite Fabric

Full Access
Question # 29

Refer to the exhibit. A network engineer must load balance traffic that comes from the NAT Router and is destined to 10.10.110.10, to several FTP servers. Which two commands sets should be applied? (Choose two).

A)

B)

C)

D)

E)

A.

Option A

B.

Option B

C.

Option C

D.

Option D

E.

Option E

Full Access
Question # 30

An engineer must configure a new loopback Interface on a router and advertise the interface as a fa4 in OSPF. Which command set accomplishes this task?

A)

B)

C)

D)

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Full Access
Question # 31

Which two Cisco SD-Access components provide communication between traditional network elements and controller layer? (choose two)

A.

network data platform

B.

network underlay

C.

fabric overlay

D.

network control platform

E.

partner ecosystem

Full Access
Question # 32

What is the JSON syntax that is formed the data?

A.

{'Name'';''Bob johnon';''Age': Sevenfive,''Alive'': true,''FavoriteFoods';[''Cereal';''Mustard';''Onions'}}

B.

{'Name'':''Bob johnon':''Age': 75 ''Alive'': true,''Favorite Foods';[''Cereal';''Mustard';''Onions'}}

C.

{'Name'':''Bob johnon':''Age: 75,''Alive: true, FavoriteFoods;[Cereal, Mustard';''Onions}}

D.

{'Name'': 'Bob johnon','Age': 75,'Alive': true,''FavoriteFoods': 'Cereal';'Mustard','Onions'}}

Full Access
Question # 33

An engineer must implement a configuration to allow a network administrator to connect to the console port of a router and authenticate over the network. Which command set should the engineer use?

A.

aaa new-model

aaa authentication login default enable

B.

aaa new-model

aaa authentication login console local

C.

aaa new-model aaa authentication login console group radius

D.

aaa new-model

aaa authentication enable default

Full Access
Question # 34

An engineer is configuring Local WebAuth on a Cisco Wireless LAN Controller. According to RFC 5737, WHICH VIRTUAL IP address must be used in this configuration?

A.

192.0.2.1

B.

172.20.10.1

C.

1.1.1.1

D.

192.168.0.1

Full Access
Question # 35

Refer to the exhibit. An engineer is reaching network 172.16.10.0/24 via the R1-R2-R4 path. Which configuration forces the traffic to fake a path of R1-R3-R4?

A)

B)

C)

D)

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Full Access
Question # 36
A.

S2 is configured as LACP. Change the channel group mode to passive

B.

S2 is configured with PAgP. Change the channel group mode to active.

C.

S1 is configured with LACP. Change the channel group mode to on

D.

S1 is configured as PAgP. Change the channel group mode to desirable

Full Access
Question # 37

A network engineer is configuring OSPF on a router. The engineer wants to prevent having a route to 177.16.0.0/16 learned via OSPF. In the routing table and configures a prefix list using the command ip prefix-list OFFICE seq S deny 172.16.0.0/16. Winch two identical configuration commands must be applied to accomplish the goal? (Choose two.)

A.

distribute-list prefix OFFICE in under the OSPF process

B.

Ip prefix-list OFFICE seq 10 permit 0.0.0.0/0 Ie 32

C.

ip prefix-list OFFICE seq 10 permit 0.0.0.0/0 ge 32

D.

distribute-list OFFICE out under the OSPF process

E.

distribute-list OFFICE in under the OSPF process

Full Access
Question # 38

What is a TLOC in a Cisco SD-WAN deployment?

A.

value that identifies a specific tunnel within the Cisco SD-WAN overlay

B.

identifier that represents a specific service offered by nodes within the Cisco SD-WAN overlay

C.

attribute that acts as a next hop for network prefixes

D.

component set by the administrator to differentiate similar nodes that offer a common service

Full Access
Question # 39

The Gig0/0 interface of two routers is directly connected with a 1G Ethernet link. Which configuration must be applied to the interface of both routers to establish an OSPF adjacency without maintaining a DR/BDR relationship?

A)

B)

C)

D)

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Full Access
Question # 40

What is the recommended minimum SNR for data applications on wireless networks?

A.

15

B.

20

C.

25

D.

10

Full Access
Question # 41

Refer to the exhibit.

R1 is able to ping the R3 fa0/1 Interface. Why do the extended pings fail?

A.

The DF bit has been set

B.

The maximum packet size accepted by the command is 147G bytes

C.

R2 and R3 do not have an OSPF adjacency

D.

R3 is missing a return route to 10.99.69.0/30

Full Access
Question # 42

An engineer must configure an EXEC authorization list that first checks a AAA server then a local username. If both methods fail, the user is denied. Which configuration should be applied?

A.

aaa authorization exec default local group tacacs+

B.

aaa authorization exec default local group radius none

C.

aaa authorization exec default group radius local none

D.

aaa authorization exec default group radius local

Full Access
Question # 43

Refer to the exhibit.

Which command set must be applied on R1 to establish a BGP neighborship with R2 and to allow communication from R1 to reach the networks?

A)

B)

C)

D)

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Full Access
Question # 44

Refer to the exhibit. Which configuration must be implemented to establish EBGP peering between R1 and R2?

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Full Access
Question # 45

Which three resources must the hypervisor make available to the virtual machines? (Choose three)

A.

memory

B.

bandwidth

C.

IP address

D.

processor

E.

storage

F.

secure access

Full Access
Question # 46

Refer to the exhibit. Which command set must be added to permit and log all traffic that comes from 172.20.10.1 in interface GigabitEthernet0/1 without impacting the functionality of the access list?

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Full Access
Question # 47

Refer io me exhibit.

An engineer configures the trunk and proceeds to configure an ESPAN session to monitor VLANs10. 20. and 30. Which command must be added to complete this configuration?

A.

Device(config.mon.erspan.stc)# no filter vlan 30

B.

Devic(config.mon.erspan.src-dst)# no vrf 1

C.

Devic(config.mon.erspan.src-dst)# erspan id 6

D.

Device(config.mon-erspan.Src-dst)# mtu 1460

Full Access
Question # 48

Refer to the exhibit.

An engineer must allow R1 to advertise the 192 168.1 0/24 network to R2 R1 must perform this action without sending OSPF packets to SW1 Which command set should be applied?

A)

B)

C)

D)

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Full Access
Question # 49

Which component transports data plane traffic across a Cisco SD-WAN network?

A.

vSmart

B.

vManage

C.

cEdge

D.

vBond

Full Access
Question # 50

Which definition describes JWT in regard to REST API security?

A.

an encrypted JSON token that is used for authentication

B.

an encrypted JSON token that is used for authorization

C.

an encoded JSON token that is used to securely exchange information

D.

an encoded JSON token that is used for authentication

Full Access
Question # 51

Refer to The exhibit.

Assuming that R1 is a CE router, which VRF is assigned to Gi0/0 on R1?

A.

VRF VFN_A

B.

VRF VPN_B

C.

management VRF

D.

default VRF

Full Access
Question # 52

What does the Cisco DNA Center Authentication API provide?

A.

list of global issues that are logged in Cisco DNA Center

B.

access token to make calls to Cisco DNA Center

C.

list of VLAN names

D.

dent health status

Full Access
Question # 53

How does NETCONF YANG represent data structures?

A.

as strict data structures denned by RFC 6020

B.

in an XML tree format

C.

in an HTML format

D.

as modules within a tree

Full Access
Question # 54

Which benefit is provided by the Cisco DNA Center telemetry feature?

A.

provides improved network security

B.

inventories network devices

C.

aids In the deployment network configurations

D.

improves the user experience

Full Access
Question # 55

What is one benefit of adopting a data modeling language?

A.

augmenting management process using vendor centric actions around models

B.

refactoring vendor and platform specific configurations with widely compatible configurations

C.

augmenting the use of management protocols like SNMP for status subscriptions

D.

deploying machine-friendly codes to manage a high number of devices

Full Access
Question # 56

Refer the exhibit.

Which configuration elects SW4 as the root bridge for VLAN 1 and puts G0/2 on SW2 into a blocking state?

A)

B)

C)

D)

A.

Option

B.

Option

C.

Option

D.

Option

Full Access
Question # 57

Refer to the exhibit. An attacker can advertise OSPF fake routes from 172.16.20.0 network to the OSPF domain and black hole traffic. Which action must be taken to avoid this attack and still be able to advertise this subnet into OSPF?

A.

Configure 172.16.20.0 as a stub network.

B.

Apply a policy to filter OSPF packets on R2.

C.

Configure a passive Interface on R2 toward 172.16.20.0.

D.

Configure graceful restart on the 172.16.20.0 interface.

Full Access
Question # 58

Drag and drop the characteristics from the left onto the routing protocols they describe on the right.

Full Access
Question # 59

Which Cisco FlexConnect state allows wireless users that are connected to the network to continue working after the connection to the WLC has been lost?

A.

Authentication Down/Switching Down

B.

Authentication-Central/Switch-Local

C.

Authentication- Down/Switch-Local

D.

Authentication-Central/Switch-Central

Full Access
Question # 60

Which hypervisor requires a host OS to run and is not allowed to directly access the hosts hardware and resources?

A.

native

B.

bare metal

C.

type 1

D.

type 2

Full Access
Question # 61

Refer to the exhibit .

Which command must be configured for RESTCONF to operate on port 8888?

A.

ip http port 8888

B.

restconf port 8888

C.

ip http restconf port 8888

D.

restconf http port 8888

Full Access
Question # 62

Refer to the exhibit. A network engineer checks connectivity between two routers. The engineer can ping the remote endpoint but cannot see an ARP entry. Why is there no ARP entry?

A.

The ping command must be executed in the global routing table.

B.

Interface FastEthernet0/0 Is configured in VRF CUST-A, so the ARP entry is also in that VRF.

C.

When VRFs are used. ARP protocol must be enabled In each VRF.

D.

When VRFs are used. ARP protocol is disabled in the global routing table.

Full Access
Question # 63

Which signal strength and noise values meet the minimum SNR for voice networks?

A.

signal strength -67 dBm, noise 91 dBm

B.

signal strength -69 dBm, noise 94 dBm

C.

signal strength -68 dBm, noise 89 dBm

D.

signal strength -66 dBm, noise 90 dBm

Full Access
Question # 64

Drag and drop the characteristics from the left onto the deployment model on the right.

Full Access
Question # 65

Refer to the exhibit. Which command set enables router R2 to be configured via NETCONF?

A)

B)

C)

D)

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Full Access
Question # 66

An engineer must configure a new WLAN that allows a user to enter a passphrase and provides forward secrecy as a security measure. Which Layer 2 WLAN configuration is required on the Cisco WLC?

A.

WPA2 Personal

B.

WPA3 Enterprise

C.

WPA3 Personal

D.

WPA2 Enterprise

Full Access
Question # 67

What is the function of the fabric control plane node in a Cisco SD-Access deployment?

A.

It is responsible for policy application and network segmentation in the fabric

B.

It performs traffic encapsulation and security profiles enforcement in the fabric

C.

It holds a comprehensive database that tracks endpoints and networks in the fabric

D.

It provides integration with legacy nonfabric-enabled environments

Full Access
Question # 68

Refer to the exhibit.

Which configuration enables fallback to local authentication and authorization when no TACACS+ server is available?

A.

Router(config)# aaa authentication login default local Router(config)# aaa authorization exec default local

B.

Router(config)# aaa authentication login default group tacacs+ local Router(config)# aaa authorization exec default group tacacs+ local

C.

Router(config)# aaa fallback local

D.

Router(config)# aaa authentication login FALLBACK local Router(config)# aaa authorization exec FALLBACK local

Full Access
Question # 69

How do the RIB and the FIB differ?

A.

FIB contains routes learned through a dynamic routing protocol, and the RIB contains routes that are static or directly connected.

B.

RIB contains the interface for a destination, and the FIB contains the next hop information.

C.

FIB is derived from the control plane, and the RIB is derived from the data plane.

D.

RIB is derived from the control plane, and the FIB is derived from the RIB.

Full Access
Question # 70

A customer has a pair of Cisco 5520 WLCs set up in an SSO cluster to manage all APs. Guest traffic is anchored to a Cisco 3504 WLC located in a DMZ. Which action is needed to ensure that the EolP tunnel remains in an UP state in the event of failover on the SSO cluster?

A.

Configure back-to-back connectivity on the RP ports.

B.

Enable default gateway reachability check.

C.

Use the same mobility domain on all WLCs.

D.

Use the mobility MAC when the mobility peer is configured.

Full Access
Question # 71

Refer to the exhibit An engineer is troubleshooting a newly configured BGP peering that does not establish What is the reason for the failure?

A.

BGP peer 10 255 255 3 is not configured for peenng wth R1

B.

Mandatory BOP parameters between R1 and 10 255 255 3 are mismatched

C.

A firewall is blocking access to TCP port 179 on the BGP peer 10 255 255.3

D.

Both BGP pern are configured for passive TCP transport

Full Access
Question # 72

Refer to the exhibit Remote users cannot access the Internet but can upload files to the storage server Which configuration must be applied to allow Internet access?

A)

B)

C)

D)

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Full Access
Question # 73

Refer to the exhibit. Cisco IOS routers R1 and R2 are interconnected using interface Gi0/0. Which configuration allows R1 and R2 to form an OSPF neighborship on interface Gi0/0?

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Full Access
Question # 74

What is one role of the VTEP in a VXLAN environment?

A.

to forward packets to non-LISP sites

B.

to encapsulate the tunnel

C.

to maintain VLAN configuration consistency

D.

to provide EID-to-RLOC mapping

Full Access
Question # 75

What are two benefits of implementing a traditional WAN instead of an SD-WAN solution? (Choose two.)

A.

comprehensive configuration standardization

B.

lower control plane abstraction

C.

simplify troubleshooting

D.

faster fault detection

E.

lower data plane overhead

Full Access
Question # 76

: 262 DRAG DROP

Drag and drop the snippets onto the blanks within the code to construct a script that brings up the failover Ethernet port if the primary port goes down and also shuts down the failover port when the primary returns to service. Not all options are used.

Full Access
Question # 77

Which technology is used to provide Layer 2 and Layer 3 logical networks in the Cisco SD-Access architecture?

A.

underlay network

B.

VPN routing/forwarding

C.

easy virtual network

D.

overlay network

Full Access
Question # 78

Which two methods are used to assign security group tags to the user in a Cisco Trust Sec architecture? (Choose two )

A.

modular QoS

B.

policy routing

C.

web authentication

D.

DHCP

E.

IEEE 802.1x

Full Access
Question # 79

Refer to the exhibit.

Why does OSPF fail to establish an adjacency between R1 and R2?

A.

authentication mismatch

B.

interface MTU mismatch

C.

area mismatch

D.

timers mismatch

Full Access
Question # 80

Drag and drop the LISP components on the left to the correct description on the right.

Full Access
Question # 81

Drag and drop the characteristics from the left onto the switching architectures on the right.

Full Access
Question # 82

Refer to the exhibit. Which command set completes the ERSPAN session configuration?

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Full Access
Question # 83

Refer to the exhibit. Which command filters the ERSPAN session packets only to interface GigabitEthernet1?

A.

source ip 10.10.10.1

B.

source interface gigabitethernet1 ip 10.10.10.1

C.

filter access-group 10

D.

destination ip 10.10.10.1

Full Access
Question # 84

Refer to the exhibit. What are two results of the NAT configuration? (Choose two.)

A.

Packets with a destination of 200.1.1.1 are translated to 10.1.1.1 or .2. respectively.

B.

A packet that is sent to 200.1.1.1 from 10.1.1.1 is translated to 209.165.201.1 on R1.

C.

R1 looks at the destination IP address of packets entering S0/0 and destined for inside hosts.

D.

R1 processes packets entering E0/0 and S0/0 by examining the source IP address.

E.

R1 is performing NAT for inside addresses and outside address.

Full Access
Question # 85

Refer to the exhibit. What is the cause of the communication failure between R1 and R4?

A.

R1 is configured with the no ip unreachables command.

B.

R2 is denying ICMP

C.

R4 is denying ICMP.

D.

R3 is denying ICMP.

Full Access
Question # 86

Why would a customer implement an on-premises solution instead of a cloud solution?

A.

On-premises Offers greater compliance for government regulations than cloud

B.

On-premises offers greater scalability than cloud.

C.

On-premises oilers shorter deployment time than cloud.

D.

On-premises is more secure man cloud.

Full Access
Question # 87

Using the EIRP formula,what parameter is subtracted to determine the EIRP value?

A.

transmitter power

B.

antenna cable loss

C.

antenna again

D.

signal-to-noise ratio

Full Access
Question # 88

What does a YANG model provide?

A.

standardized data structure independent of the transport protocols

B.

creation of transport protocols and their interaction with the OS

C.

user access to interact directly with the CLI of the device to receive or modify network configurations

D.

standardized data structure that can be used only with NETCONF or RESTCONF transport protocols

Full Access
Question # 89

How do cloud deployments compare to on-premises deployments?

A.

Cloud deployments provide a better user experience across world regions, whereas on-premises deployments depend upon region-specific conditions

B.

Cloud deployments are inherently unsecure. whereas a secure architecture is mandatory for on-premises deployments.

C.

Cloud deployments mandate a secure architecture, whereas on-premises deployments are inherently unsecure.

D.

Cloud deployments must include automation infrastructure, whereas on-premises deployments often lack the ability for automation.

Full Access
Question # 90

Which DNS lookup does an access point perform when attempting CAPWAP discovery?

A.

CISCO-DNA-CONTROLLER local

B.

CAPWAP-CONTROLLER local

C.

CISCO-CONTROLLER local

D.

CISCO-CAPWAP-CONTROLLER local

Full Access
Question # 91

Refer to the exhibit.

R1 has a BGP neighborship with a directly connected router on interface Gi0/0.

Which command set is applied between the iterations of show ip bgp 2.2.2.2?

A.

R1(config)#router bgp 65001

R1(config-router)#neighbor 192.168.50.2 shutdown

B.

R1(config)#router bgp 65002

R1(config-router)#neighbor 192.168.50.2 shutdown

C.

R1(config)#no ip route 192.168.50.2 255.255.255.255 Gi0/0

D.

R1(config)#ip route 2.2.2.2 255.255.255.255 192.168.50.2

Full Access
Question # 92

Which two features are available only in next-generation firewalls? (Choose two.)

A.

virtual private network

B.

deep packet inspection

C.

stateful inspection

D.

application awareness

E.

packet filtering

Full Access
Question # 93

Refer to the exhibit. Why was the response code generated?

A.

The resource was unreachable

B.

Access was denied based on the user permissions.

C.

The resource 15 no longer available on the server.

D.

There Is a conflict in the current stale of the resource.

Full Access
Question # 94

Simulation 05

Full Access
Question # 95

How does SSO work with HSRP to minimize network disruptions?

A.

It enables HSRP to elect another switch in the group as the active HSRP switch.

B.

It ensures fast failover in the case of link failure.

C.

It enables data forwarding along known routes following a switchover, white the routing protocol reconverges.

D.

It enables HSRP to failover to the standby RP on the same device.

Full Access
Question # 96

What is a characteristics of traffic shaping?

A.

can be applied in both traffic direction

B.

queues out-of-profile packets until the buffer is full

C.

drops out-of-profile packets

D.

causes TCP retransmits when packet are dropped

Full Access
Question # 97

Which two results occur if Cisco DNA Center loses connectivity to devices in the SD-Access fabric? (Choose two)

A.

Cisco DNA Center is unable to collect monitoring data in Assurance.

B.

All devices reload after detecting loss of connection to Cisco DNA Center.

C.

Already connected users are unaffected, but new users cannot connect

D.

Users lose connectivity.

E.

User connectivity is unaffected.

Full Access
Question # 98

In which two ways does the routing protocol OSPF differ from EIGRP? (Choose two.)

A.

OSPF supports an unlimited number of hops. EIGRP supports a maximum of 255 hops.

B.

OSPF provides shorter convergence time than EIGRP.

C.

OSPF is distance vector protocol. EIGRP is a link-state protocol.

D.

OSPF supports only equal-cost load balancing. EIGRP supports unequal-cost load balancing.

E.

OSPF supports unequal-cost load balancing. EIGRP supports only equal-cost load balancing.

Full Access
Question # 99

Which two methods are used by an AP that is typing to discover a wireless LAN controller? (Choose two.)

A.

Cisco Discovery Protocol neighbour

B.

broadcasting on the local subnet

C.

DNS lookup cisco-DNA-PRIMARY.localdomain

D.

DHCP Option 43

E.

querying other APs

Full Access
Question # 100

Refer to the exhibit. Which two commands ensure that DSW1 becomes root bridge for VLAN 10? (Choose two)

A.

DSW1(config)#spanning-tree vlan 10 priority 4096 Most Voted

B.

DSW1(config)#spanning-tree vlan 10 priority root

C.

DSW2(config)#spanning-tree vlan 10 priority 61440 Most Voted

D.

DSW1(config)#spanning-tree vlan 10 port-priority 0

E.

DSW2(config)#spanning-tree vlan 20 priority 0

Full Access
Question # 101

Drag and drop the characteristics from the left onto the corresponding infrastructure deployment models on the right.

Full Access
Question # 102

In a Cisco SD-Access wireless environment, which device is responsible for hosting the anycast gateway?

A.

fusion router

B.

control plane node

C.

fabric border node

D.

fabric edge node

Full Access
Question # 103

Simulation 04

Configure OSPF on both routers according to the topology to achieve these goals:

Full Access
Question # 104

Refer to the exhibit.

Extended access-list 100 is configured on interface GigabitEthernet 0/0 in an inbound direction, but it does not have the expected behavior of allowing only packets to or from 192.168.0.0/16. Which command set properly configures the access list?

A.

R1(config)#no access-list 100 seq 10

R1(config)#access-list 100 seq 40 deny ip any any

B.

R1(config)#ip access-list extended 100

R1(config-ext-nacl)#no 10

C.

R1(config)#no access-list 100 deny ip any any

D.

R1(config)#ip access-list extended 100

R1(config-ext-nacl)#5 permit to any any

Full Access
Question # 105

Which tool is used in Cisco DNA Center to build generic configurations that are able to be applied on device with similar network settings?

A.

Command Runner

B.

Template Editor

C.

Application Policies

D.

Authentication Template

Full Access
Question # 106

When is GLBP preferred over HSRP?

A.

When encrypted helm are required between gateways h a single group.

B.

When the traffic load needs to be shared between multiple gateways using a single virtual IP.

C.

When the gateway routers are a mix of Cisco and non-Cisco routers

D.

When clients need the gateway MAC address lo Be the same between multiple gateways

Full Access
Question # 107

What do Chef and Ansible have in common?

A.

They rely on a declarative approach.

B.

They rely on a procedural approach.

C.

They use YAML as their primary configuration syntax.

D.

They are clientless architectures.

Full Access
Question # 108

What is a benefit of Cisco TrustSec in a multilayered LAN network design?

A.

Policy or ACLS are nor required.

B.

There is no requirements to run IEEE 802.1X when TrustSec is enabled on a switch port.

C.

Applications flows between hosts on the LAN to remote destinations can be encrypted.

D.

Policy can be applied on a hop-by-hop basis.

Full Access
Question # 109

Which configuration protects the password for the VTY lines against over-the-shoulder attacks?

A.

username admin secret 7 6j809j23kpp43883500N7%e$

B.

service password-encryption

C.

line vty 04 password $25$FpM7182!

D.

line vty 0 15

password $25$FpM71f82!

Full Access
Question # 110

Simulation 02

Configure HSRP between DISTRO-SW1 and DISTRO-SW2 on VLAN 100 for hosts connected to ACCESS-SW1 to achieve these goals:

1. Configure group number 1 using the virtual IP address of 192.168.1.1/24.

2. Configure DlSTRO-SW1 as the active router using a priority value of 110 and DISTRO-SW2 as the standby router.

3. Ensure that DISTRO-SW2 will take over the active role when DISTRO-SW1 goes down, and when DISTRO-SW1 recovers, it automatically resumes the active role.

DISTRO-SW2

Full Access
Question # 111

How do stratum levels relate to the distance from a time source?

A.

Stratum 1 devices are connected directly to an authoritative time source.

B.

Stratum 15 devices are connected directly to an authoritative time source

C.

Stratum 0 devices are connected directly to an authoritative time source.

D.

Stratum 15 devices are an authoritative time source.

Full Access
Question # 112

Which technology reduces the implementation of STP and leverages both unicast and multicast?

A.

VSS

B.

VXLAN

C.

VPC

D.

VLAN

Full Access
Question # 113

How is a data modelling language used?

A.

To enable data to be easily structured, grouped, validated, and replicated.

B.

To represent finite and well-defined network elements that cannot be changed.

C.

To model the flows of unstructured data within the infrastructure

D.

To provide human readability to scripting languages

Full Access
Question # 114

By default, which virtual MAC address does HSRP group 15 use?

A.

05:5e:ac:07:0c:0f

B.

c0:42:34:03:73:0f

C.

00:00:0c:07:ac:0f

D.

05:af:1c:0f:ac:15

Full Access
Question # 115

Which Python code snippet must be added to the script to store the changed interface configuration to a local JSON-formatted file?

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Full Access
Question # 116

Which LISP device is responsible for publishing EID-to-RLOC mappings for a site?

A.

ETR

B.

MR

C.

ITR

D.

MS

Full Access
Question # 117

Refer to the exhibit. Which two configurations enable R1 and R2 to advertise routes into OSPF? (Choose two)

A)

B)

C)

D)

E)

A.

Option A

B.

Option B

C.

Option C

D.

Option D

E) Option E

Full Access
Question # 118

How must network management traffic be treated when defining QoS policies?

A.

as delay-sensitive traffic in a low latency queue

B.

using minimal bandwidth guarantee

C.

using the same marking as IP routing

D.

as best effort

Full Access
Question # 119

An engineer must export the contents of the devices object in JSON format. Which statement must be used?

A.

json.repr(Devices)

B.

json.dumps(Devices)

C.

json.prints(Devices)

D.

json.loads(Devices)

Full Access
Question # 120

What is the wireless received signal strength indicator?

A.

The value given to the strength of the wireless signal received compared to the noise level

B.

The value of how strong the wireless signal Is leaving the antenna using transmit power, cable loss, and antenna gain

C.

The value of how much wireless signal is lost over a defined amount of distance

D.

The value of how strong a tireless signal is receded, measured in dBm

Full Access
Question # 121

Which DHCP option provides the CAPWAP APs with the address of the wireless controller(s)?

A.

43

B.

66

C.

69

D.

150

Full Access
Question # 122

How cloud deployments differ from on-prem deployments?

A.

Cloud deployments require longer implementation times than on-premises deployments

B.

Cloud deployments are more customizable than on-premises deployments.

C.

Cloud deployments require less frequent upgrades than on-premises deployments.

D.

Cloud deployments have lower upfront costs than on-premises deployments.

Full Access
Question # 123

A network engineer must configure a router to send logging messages to a syslog server based on these requirements:

  • uses syslog IP address: 10.10.10.1
  • uses a reliable protocol
  • must not use any well-known TCP/UDP ports

Which configuration must be used?

A.

logging host 10.10.10.1 transport tcp port 1024

B.

logging origin-id 10.10.10.1

C.

logging host 10.10.10.1 transport udp port 1023

D.

logging host 10.10.10.1 transport udp port 1024

Full Access
Question # 124

A network engineer configures a WLAN controller with increased security for web access. There is IP connectivity with the WLAN controller, but the engineer cannot start a management session from a web browser. Which action resolves the issued

A.

Disable JavaScript on the web browser

B.

Disable Adobe Flash Player

C.

Use a browser that supports 128-bit or larger ciphers.

D.

Use a private or incognito session.

Full Access
Question # 125

Drag and drop characteristics of PIM dense mode from the left to the right.

Full Access
Question # 126

Drag and drop the characteristics from the left onto the routing protocols they describe on the right.

Full Access
Question # 127

An administrator must enable Telnet access to Router X using the router username and password database for authentication. Which configuration should be applied?

A)

B)

C)

D)

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Full Access
Question # 128

Refer to the exhibit.

What is the effect of these commands on the BR and HQ tunnel interfaces?

A.

The tunnel line protocol goes down when the keepalive counter reaches 6

B.

The keepalives are sent every 5 seconds and 3 retries

C.

The keepalives are sent every 3 seconds and 5 retries

D.

The tunnel line protocol goes down when the keepalive counter reaches 5

Full Access
Question # 129

Which deployment option of Cisco NGFW provides scalability?

A.

tap

B.

clustering

C.

inline tap

D.

high availability

Full Access
Question # 130

How does Cisco Trustsec enable more flexible access controls for dynamic networking environments and data centers?

A.

uses flexible NetFlow

B.

assigns a VLAN to the endpoint

C.

classifies traffic based an the contextual identity of the endpoint rather than its IP address

D.

classifies traffic based on advanced application recognition

Full Access
Question # 131

A customer wants to use a single SSID to authenticate loT devices using different passwords. Which Layer 2 security type must be configured in conjunction with Cisco ISE to achieve this requirement?

A.

Fast Transition

B.

Central Web Authentication

C.

Cisco Centralized Key Management

D.

Identity PSK

Full Access
Question # 132

Refer to the exhibit.

All switches are configured with the default port priority value. Which two commands ensure that traffic from PC1 is forwarded over Gi1/3 trunk port between DWS1 and DSW2? (Choose two)

A.

DSW2(config-if)#spanning-tree port-priority 16

B.

DSW2(config)#interface gi1/3

C.

DSW1(config-if)#spanning-tree port-priority 0

D.

DSW1(config) #interface gi1/3

E.

DSW2(config-if)#spanning-tree port-priority 128

Full Access
Question # 133

Drag and drop the characteristics from the left onto the routing protocols they describe on the right

Full Access
Question # 134

Why is an AP joining a different WLC than the one specified through option 43?

A.

The WLC is running a different software version.

B.

The API is joining a primed WLC

C.

The AP multicast traffic unable to reach the WLC through Layer 3.

D.

The APs broadcast traffic is unable to reach the WLC through Layer 2.

Full Access
Question # 135

Which new enhancement was implemented in Wi-Fi 6?

A.

Wi-Fi Protected Access 3

B.

4096 Quadrature Amplitude Modulation Mode

C.

Channel bonding

D.

Uplink and Downlink Orthogonal Frequency Division Multiple Access

Full Access
Question # 136

An engineer creates the configuration below. Drag and drop the authentication methods from the left into the order of priority on the right. Not all options are used.

Full Access
Question # 137

Refer to the exhibit.

An engineer must permit traffic from these networks and block all other traffic An informational log message should be triggered when traffic enters from these prefixes Which access list must be used?

A.

access-list acl_subnets permit ip 10.0.32.0 0 0.0.255 log

B.

access-list acl_subnets permit ip 10.0.32.0 0.0.7.255 log

C.

access-list acl_subnets permit ip 10.0.32.0 0.0.7.255 access-list acl_subnets deny ip any log

D.

access-list acl_subnets permit ip 10.0.32.0 255.255.248.0 log

Full Access
Question # 138

An engineer is working with the Cisco DNA Center API Drag and drop the methods from the left onto the actions that they are used for on the right.

Full Access
Question # 139

A vulnerability assessment highlighted that remote access to the switches is permitted using unsecure and unencrypted protocols Which configuration must be applied to allow only secure and reliable remote access for device administration?

A.

line vty 0 15

login local

transport input none

B.

line vty 0 15

login local

transport input telnet ssh

C.

line vty 0 15

login local

transport input ssh

D.

line vty 0 15

login local

transport input all

Full Access
Question # 140

Based on the router's API output in JSON format below, which Python code will display the value of the "hostname" key?

A)

B)

C)

D)

A.

Option

B.

Option

C.

Option

D.

Option

Full Access
Question # 141

An engineer configures GigabitEthernet 0/1 for VRRP group 115. The router must assume the primary role when it has the highest priority in the group. Which command set is required to complete this task?

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Full Access
Question # 142

Refer to the exhibit.

Which JSON syntax is derived from this data?

A)

B)

C)

D)

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Full Access
Question # 143

Refer to the exhibit.

Which command set changes the neighbor state from Idle (Admin) to Active?

A)

B)

C)

D)

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Full Access
Question # 144

Why would an engineer use YANG?

A.

to transport data between a controller and a network device

B.

to access data using SNMP

C.

to model data for NETCONF

D.

to translate JSON into an equivalent XML syntax

Full Access
Question # 145

In a three-tier hierarchical campus network design, which action is a design best-practice for the core layer?

A.

provide QoS prioritization services such as marking, queueing, and classification for critical network traffic

B.

provide redundant Layer 3 point-to-point links between the core devices for more predictable and faster convergence

C.

provide advanced network security features such as 802. IX, DHCP snooping, VACLs, and port security

D.

provide redundant aggregation for access layer devices and first-hop redundancy protocols such as VRRP

Full Access
Question # 146

A client device roams between access points located on different floors in an atrium. The access points are Joined to the same controller and configured in local mode. The access points are in different AP groups and have different IP addresses, but the client VLAN in the groups is the same. Which type of roam occurs?

A.

inter-controller

B.

inter-subnet

C.

intra-VLAN

D.

intra-controller

Full Access
Question # 147

What is the function of a control-plane node In a Cisco SD-Access solution?

A.

to run a mapping system that manages endpoint to network device relationships

B.

to implement policies and communicate with networks outside the fabric

C.

to connect external Layer 3 networks to the SD-Access fabric

D.

to connect APs and wireless endpoints to the SD-Access fabric

Full Access
Question # 148

Which two actions, when applied in the LAN network segment, will facilitate Layer 3 CAPWAP discovery for lightweight AP? (Choose two.)

A.

Utilize DHCP option 17.

B.

Configure WLC IP address on LAN switch.

C.

Utilize DHCP option 43.

D.

Configure an ip helper-address on the router interface

E.

Enable port security on the switch port

Full Access
Question # 149

Which protocol is used to encrypt control plane traffic between SD-WAN controllers and SD-WAN endpoints?

A.

DTLS

B.

IPsec

C.

PGP

D.

HTTPS

Full Access
Question # 150

Refer to the exhibit.

An engineer troubleshoots connectivity issues with an application. Testing is performed from the server gateway, and traffic with the DF bit set is dropped along the path after increasing packet size. Removing the DF bit setting at the gateway prevents the packets from being dropped. What is the cause of this issue?

A.

PMTUD does not work due to ICMP Packet Too Big messages being dropped by an ACL

B.

The remote router drops the traffic due to high CPU load

C.

The server should not set the DF bit in any type of traffic that is sent toward the network

D.

There is a CoPP policy in place protecting the WAN router CPU from this type of traffic

Full Access
Question # 151

Drag and drop the descriptions from the left onto the QoS components they describe on the right.

Full Access
Question # 152

Which two GRE features are configured to prevent fragmentation? (Choose two.)

A.

TCP MSS

B.

PMTUD

C.

DF bit Clear

D.

MTU ignore

E.

IP MTU

F.

TCP window size

Full Access
Question # 153

Refer to the exhibit. PC-1 must access the web server on port 8080. To allow this traffic, which statement must be added to an access control list that is applied on SW2 port G0/0 in the inbound direction?

A.

permit host 172.16.0.2 host 192.168.0.5 eq 8080

B.

permit host 192.168.0.5 host 172.16.0.2 eq 8080

C.

permit host 192.168.0.5 eq 8080 host 172.16.0.2

D.

permit host 192.168.0.5 it 8080 host 172.16.0.2

Full Access
Question # 154

Refer to the exhibit. An engineer attempts to configure a router on a stick to route packets between Clients, Servers, and Printers; however, initial tests show that this configuration is not working. Which command set resolves this issue?

A)

B)

C)

D)

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Full Access
Question # 155

What is provided by the Stealthwatch component of the Cisco Cyber Threat Defense solution?

A.

real-time threat management to stop DDoS attacks to the core and access networks

B.

real-time awareness of users, devices and traffic on the network

C.

malware control

D.

dynamic threat control for web traffic

Full Access
Question # 156

Which element enables communication between guest VMs within a virtualized environment?

A.

hypervisor

B.

vSwitch

C.

virtual router

D.

pNIC

Full Access
Question # 157

What does a northbound API accomplish?

A.

programmatic control of abstracted network resources through a centralized controller

B.

access to controlled network resources from a centralized node

C.

communication between SDN controllers and physical switches

D.

controlled access to switches from automated security applications

Full Access
Question # 158

What is required for intercontroller Layer 3 roaming?

A.

Mobility groups are established between wireless controllers.

B.

The management VLAN is present as a dynamic VLAN on the second WLC.

C.

WLCs use separate DHCP servers.

D.

WLCs have the same IP addresses configured on their interfaces.

Full Access
Question # 159

Which two items are found in YANG data models? (Choose two.)

A.

HTTP return codes

B.

rpc statements

C.

JSON schema

D.

container statements

E.

XML schema

Full Access
Question # 160

Refer to the exhibit.

An engineer is troubleshooting an application running on Apple phones. The application Is receiving incorrect QoS markings. The systems administrator confirmed that ail configuration profiles are correct on the Apple devices. Which change on the WLC optimizes QoS for these devices?

A.

Enable Fastlane

B.

Set WMM to required

C.

Change the QoS level to Platinum

D.

Configure AVC Profiles

Full Access
Question # 161

Drag and drop the REST API authentication methods from the left onto their descriptions on the right.

Full Access
Question # 162

AN engineer is implementing a route map to support redistribution within BGP. The route map must configured to permit all unmatched routes. Which action must the engineer perform to complete this task?

A.

Include a permit statement as the first entry

B.

Include at least one explicit deny statement

C.

Remove the implicit deny entry

D.

Include a permit statement as the last entry

Full Access
Question # 163

Refer to the exhibit.

What step resolves the authentication issue?

A.

use basic authentication

B.

change the port to 12446

C.

target 192 168 100 82 in the URI

D.

restart the vsmart host

Full Access
Question # 164

Which threat defence mechanism, when deployed at the network perimeter, protects against zero-day attacks?

A.

intrusion prevention

B.

stateful inspection

C.

sandbox

D.

SSL decryption

Full Access
Question # 165

Refer to the exhibit.

An engineer is installing a new pair of routers in a redundant configuration. Which protocol ensures that traffic is not disrupted in the event of a hardware failure?

A.

HSRPv1

B.

GLBP

C.

VRRP

D.

HSRPv2

Full Access
Question # 166

Refer to the exhibit.

What is required to configure a second export destination for IP address 192.168.10.1?

A.

Specify a VRF.

B.

Specify a different UDP port.

C.

Specify a different flow ID

D.

Configure a version 5 flow-export to the same destination.

E.

Specify a different TCP port.

Full Access
Question # 167

Refer to the exhibit.

Which command must be applied to Router 1 to bring the GRE tunnel to an up/up state?

A.

Routed (config if funnel mode gre multipoint

B.

Router1(config-if)&tunnel source Loopback0

C.

Router1(config-if)#tunnel source GigabitEthernet0/1

D.

Router1 (config)#interface tunnel0

Full Access
Question # 168

Refer to the exhibit.

An engineer attempts to bundle interface Gi0/0 into the port channel, but it does not function as expected. Which action resolves the issue?

A.

Configure channel-group 1 mode active on interface Gi0/0.

B.

Configure no shutdown on interface Gi0/0

C.

Enable fast LACP PDUs on interface Gi0/0.

D.

Set LACP max-bundle to 2 on interface Port-channeM

Full Access
Question # 169

Refer to the exhibit.

After the code is run on a Cisco IOS-XE router, the response code is 204.

What is the result of the script?

A.

The configuration fails because another interface is already configured with IP address 10.10.10.1/24.

B.

The configuration fails because interface GigabitEthernet2 is missing on the target device.

C.

The configuration is successfully sent to the device in cleartext.

D.

Interface GigabitEthernet2 is configured with IP address 10.10.10.1/24

Full Access
Question # 170

The login method is configured on the VTY lines of a router with these parameters.

  • The first method for authentication is TACACS
  • If TACACS is unavailable, login is allowed without any provided credentials

Which configuration accomplishes this task?

A.

R1#sh run | include aaa

aaa new-model

aaa authentication login VTY group tacacs+ none

aaa session-id common

R1#sh run | section vty

line vty 0 4

password 7 0202039485748

R1#sh run | include username

R1#

B.

R1#sh run | include aaa

aaa new-model

aaa authentication login telnet group tacacs+ none

aaa session-id common

R1#sh run | section vty

line vty 0 4

R1#sh run | include username

R1#

C.

R1#sh run | include aaa

aaa new-model

aaa authentication login default group tacacs+ none

aaa session-id common

R1#sh run | section vty

line vty 0 4

password 7 0202039485748

D.

R1#sh run | include aaa

aaa new-model

aaa authentication login default group tacacs+

aaa session-id common

R1#sh run | section vty

line vty 0 4

transport input none

R1#

Full Access
Question # 171

How are map-register messages sent in a LISP deployment?

A.

egress tunnel routers to map resolvers to determine the appropriate egress tunnel router

B.

ingress tunnel routers to map servers to determine the appropriate egress tunnel router

C.

egress tunnel routers to map servers to determine the appropriate egress tunnel router

D.

ingress tunnel routers to map resolvers to determine the appropnate egress tunnel router

Full Access
Question # 172

An engineer must enable a login authentication method that allows a user to log in by using local authentication if all other defined authentication methods fail Which configuration should be applied?

A.

aaa authentication login CONSOLE group radius local-case enable aaa

B.

authentication login CONSOLE group radius local enable none

C.

aaa authentication login CONSOLE group radius local enable

D.

aaa authentication login CONSOLE group tacacs+ local enable

Full Access
Question # 173

Refer to the exhibit.

Which two facts does the device output confirm? (Choose two.)

A.

The device sends unicast messages to its peers

B.

The device's HSRP group uses the virtual IP address 10.0.3.242

C.

The standby device is configured with the default HSRP priority.

D.

The device is using the default HSRP hello timer

E.

The device is configured with the default HSRP priority

Full Access
Question # 174

Refer to the exhibit.

What is the Json syntax that is formed from the data?

A.

{Name: Bob Johnson, Age: 75, Alive: true, Favorite Foods: [Cereal, Mustard, Onions]}

B.

{"Name": "Bob Johnson", "Age": 75, "Alive": true, "Favorite Foods": ["Cereal", "Mustard", "Onions"]}

C.

{"˜Name': "˜Bob Johnson', "˜Age': 75, "˜Alive': True, "˜Favorite Foods': "˜Cereal', "˜Mustard', "˜Onions'}

D.

{"Name": "Bob Johnson", "Age": Seventyfive, "Alive": true, "Favorite Foods": ["Cereal", "Mustard", "Onions"]}

Full Access
Question # 175

What is a characteristic of a next-generation firewall?

A.

only required at the network perimeter

B.

required in each layer of the network

C.

filters traffic using Layer 3 and Layer 4 information only

D.

provides intrusion prevention

Full Access
Question # 176

Refer to the exhibit. Which result does the python code achieve?

A.

The code encrypts a base64 decrypted password.

B.

The code converts time to the "year/month/day" time format.

C.

The code converts time to the yyyymmdd representation.

D.

The code converts time to the Epoch LINUX time format.

Full Access
Question # 177

A company has an existing Cisco 5520 HA cluster using SSO. An engineer deploys a new single Cisco Catalyst 9800 WLC to test new features. The engineer successfully configures a mobility tunnel between the 5520 cluster and 9800 WLC. Client connected to the corporate WLAN roam seamlessly between access points on the 5520 and 9800 WLC. After a failure on the primary 5520 WLC, all WLAN services remain functional; however, Client roam between the 5520 and 9800 controllers without dropping their connection. Which feature must be configured to remedy the issue?

A.

mobility MAC on the 5520 cluster

B.

mobility MAC on the 9800 WLC

C.

new mobility on the 5520 cluster

D.

new mobility on the 9800 WLC

Full Access
Question # 178

A network engineer configures a new GRE tunnel and enters the show run command. What does the output verify?

A.

The tunnel will be established and work as expected

B.

The tunnel destination will be known via the tunnel interface

C.

The tunnel keepalive is configured incorrectly because they must match on both sites

D.

The default MTU of the tunnel interface is 1500 byte.

Full Access
Question # 179

What is one fact about Cisco SD-Access wireless network deployments?

A.

The access point is part of the fabric underlay

B.

The WLC is part of the fabric underlay

C.

The access point is part the fabric overlay

D.

The wireless client is part of the fabric overlay

Full Access
Question # 180

Refer to the exhibit.

A network engineer must simplify the IPsec configuration by enabling IPsec over GRE using IPsec profiles. Which two configuration changes accomplish this? (Choose two).

A.

Create an IPsec profile, associate the transform-set ACL, and apply the profile to the tunnel interface.

B.

Apply the crypto map to the tunnel interface and change the tunnel mode to tunnel mode ipsec ipv4.

C.

Remove all configuration related to crypto map from R1 and R2 and eliminate the ACL.

D.

Create an IPsec profile, associate the transform-set, and apply the profile to the tunnel interface.

E.

Remove the crypto map and modify the ACL to allow traffic between 10.10.0.0/24 to 10.20.0.0/24.

Full Access
Question # 181

Refer to the exhibit. An engineer configures a new HSRP group. While reviewing the HSRP status, the engineer sees the logging message generated on R2. Which is the cause of the message?

A.

The same virtual IP address has been configured for two HSRP groups

B.

The HSRP configuration has caused a spanning-tree loop

C.

The HSRP configuration has caused a routing loop

D.

A PC is on the network using the IP address 10.10.1.1

Full Access
Question # 182

What is one difference between saltstack and ansible?

A.

SaltStack uses an API proxy agent to program Cisco boxes on agent mode, whereas Ansible uses a Telnet connection

B.

SaltStack uses the Ansible agent on the box, whereas Ansible uses a Telnet server on the box

C.

SaltStack is constructed with minion, whereas Ansible is constructed with YAML

D.

SaltStack uses SSH to interact with Cisco devices, whereas Ansible uses an event bus

Full Access
Question # 183

Drag and drop the Qos mechanisms from the left to the correct descriptions on the right

Full Access
Question # 184

Refer to the exhibit. Which configuration change will force BR2 to reach 209 165 201 0/27 via BR1?

A.

Set the weight attribute to 65.535 on BR1 toward PE1.

B.

Set the local preference to 150 on PE1 toward BR1 outbound

C.

Set the MED to 1 on PE2 toward BR2 outbound.

D.

Set the origin to igp on BR2 toward PE2 inbound.

Full Access
Question # 185

Refer to the exhibit.

After implementing the configuration 172.20.20.2 stops replaying to ICMP echoes, but the default route fails to be removed. What is the reason for this behavior?

A.

The source-interface is configured incorrectly.

B.

The destination must be 172.30.30.2 for icmp-echo

C.

The default route is missing the track feature

D.

The threshold value is wrong.

Full Access
Question # 186

Refer to the exhibit. What does the error message relay to the administrator who is trying to configure a Cisco IOS device?

A.

A NETCONF request was made for a data model that does not exist.

B.

The device received a valid NETCONF request and serviced it without error.

C.

A NETCONF message with valid content based on the YANG data models was made, but the request failed.

D.

The NETCONF running datastore is currently locked.

Full Access
Question # 187

A customer has several small branches and wants to deploy a WI-FI solution with local management using CAPWAP. Which deployment model meets this requirement?

A.

Autonomous

B.

Mobility Express

C.

SD-Access wireless

D.

Local mode

Full Access
Question # 188

Refer to exhibit.

VLANs 50 and 60 exist on the trunk links between all switches All access ports on SW3 are configured for VLAN 50 and SW1 is the VTP server Which command ensures that SW3 receives frames only from VLAN 50?

A.

SW1 (config)#vtp pruning

B.

SW3(config)#vtp mode transparent

C.

SW2(config)=vtp pruning

D.

SW1 (config >»vtp mode transparent

Full Access
Question # 189

Refer to the exhibit. Which two commands are needed to allow for full reachability between AS 1000 and AS 2000? (Choose two)

A.

R1#network 192.168.0.0 mask 255.255.0.0

B.

R2#no network 10.0.0.0 255.255.255.0

C.

R2#network 192.168.0.0 mask 255.255.0.0

D.

R2#network 209.165.201.0 mask 255.255.192.0

E.

R1#no network 10.0.0.0 255.255.255.0

Full Access
Question # 190

Which command must be applied to R2 for an OSPF neighborship to form?

A.

network 20.1.1.2.0.0.0.0 area 0

B.

network 20.1.1.2 255.255.0.0. area 0

C.

network 20.1.1.2.0.0.255.255 area 0

D.

network 20.1.1.2 255.255.255 area 0

Full Access
Question # 191

What are two benefits of YANG? (Choose two.)

A.

It enforces the use of a specific encoding format for NETCONF.

B.

It collects statistical constraint analysis information.

C.

It enables multiple leaf statements to exist within a leaf list.

D.

It enforces configuration semantics.

E.

It enforces configuration constraints.

Full Access
Question # 192

In a Cisco SD-Access solution, what is the role of the Identity Services Engine?

A.

It is leveraged for dynamic endpoint to group mapping and policy definition.

B.

It provides GUI management and abstraction via apps that share context.

C.

it is used to analyze endpoint to app flows and monitor fabric status.

D.

It manages the LISP EID database.

Full Access
Question # 193

What is a characteristic of MACsec?

A.

802.1AE provides encryption and authentication services

B.

802.1AE is bult between the host and switch using the MKA protocol, which negotiates encryption keys based on the master session key from a successful 802.1X session

C.

802.1AE is bult between the host and switch using the MKA protocol using keys generated via the Diffie-Hellman algorithm (anonymous encryption mode)

D.

802.1AE is negotiated using Cisco AnyConnect NAM and the SAP protocol

Full Access
Question # 194

What is used to perform OoS packet classification?

A.

the Options field in the Layer 3 header

B.

the Type field in the Layer 2 frame

C.

the Flags field in the Layer 3 header

D.

the TOS field in the Layer 3 header

Full Access
Question # 195

Which technology provides a secure communication channel for all traffic at Layer 2 of the OSI model?

A.

MACsec

B.

IPsec

C.

SSL

D.

Cisco Trustsec

Full Access
Question # 196

Refer to the exhibit.

Which type of antenna is show on the radiation patterns?

A.

Dipole

B.

Yagi

C.

Patch

D.

Omnidirectional

Full Access
Question # 197

Refer to the exhibit.

A network engineer is configuring OSPF between router R1 and router R2. The engineer must ensure that a DR/BDR election does not occur on the Gigabit Ethernet interfaces in area 0. Which configuration set accomplishes this goal?

A)

B)

C)

D)

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Full Access
Question # 198

Refer to the exhibit Drag and drop the snippets into the RESTCONF request to form the request that returns this response Not all options are used

Full Access
Question # 199

Refer to the exhibit.

Which configuration allows Customer2 hosts to access the FTP server of Customer1 that has the IP address of 192.168.1.200?

A.

ip route vrf Customerl 172.16.1.0 255.255.255.0 172.16.1.1 global

ip route vrf Customer 192.168.1.200 255.255.255.255 192.168.1.1 global

ip route 192.168.1.0 255.255.255.0 VlanlO

ip route 172.16.1.0 255.255.255.0 Vlan20

B.

ip route vrf Customerl 172.16.1.0 255.255.255.0 172.16.1.1 Customer2

ip route vrf Customer 192.168.1.200 255.255.255.255 192.168.1.1 Customerl

C.

ip route vrf Customerl 172.16.1.0 255.255.255.0 172.16.1.1 Customerl

ip route vrf Customer 192.168.1.200 255.255.255.255 192.168.1.1 Customer2

D.

ip route vrf Customerl 172.16.1.1 255.255.255.255 172.16.1.1 global

ip route vrf Customer 192.168.1.200 255.255.255.0 192.168.1.1 global

ip route 192.168.1.0 255.255.255.0 VlanlO

ip route 172.16.1.0 255.255.255.0 Vlan20

Full Access
Question # 200

Refer to the exhibit.

An engineer must block all traffic from a router to its directly connected subnet 209.165.200.0/24. The engineer applies access control list EGRESS in the outbound direction on the GigabitEthernet0/0 interface of the router However, the router can still ping hosts on the 209.165.200.0/24 subnet. Which explanation of this behavior is true?

A.

Access control lists that are applied outbound to a router interface do not affect traffic that is sourced from the router.

B.

Only standard access control lists can block traffic from a source IP address.

C.

After an access control list is applied to an interface, that interface must be shut and no shut for the access control list to take effect.

D.

The access control list must contain an explicit deny to block traffic from the router.

Full Access
Question # 201

Drag and drop the characteristics from the left onto the routing protocols they describe on the right.

Full Access
Question # 202

Drag and drop the virtual components from the left onto their deceptions on the right.

Full Access
Question # 203

Which entity is responsible for maintaining Layer 2 isolation between segments In a VXLAN environment?

A.

switch fabric

B.

VTEP

C.

VNID

D.

host switch

Full Access
Question # 204

Which benefit is offered by a cloud infrastructure deployment but is lacking in an on-premises deployment?

A.

efficient scalability

B.

virtualization

C.

storage capacity

D.

supported systems

Full Access
Question # 205

Which protocol does REST API rely on to secure the communication channel?

A.

TCP

B.

HTTPS

C.

SSH

D.

HTTP

Full Access
Question # 206

Refer to the exhibit. What is the effect of this configuration?

A.

When users attempt to connect to vty lines 0 through 4, the device will authenticate them against TACACS+ if local authentication fails

B.

The device will authenticate all users connecting to vty lines 0 through 4 against TACACS+

C.

The device will allow users at 192.168.0.202 to connect to vty lines 0 through 4 using the password ciscotestkey

D.

The device will allow only users at 192.166.0.202 to connect to vty lines 0 through 4

Full Access
Question # 207

Drag and drop the descriptions from the left onto the QoS components on the right.

Full Access
Question # 208

Refer to the exhibit.

Router 1 is currently operating as the HSRP primary with a priority of 110 router1 fails and router2 take over the forwarding role. Which command on router1 causes it to take over the forwarding role when it return to service?

A.

standby 2 priority

B.

standby 2 preempt

C.

standby 2 track

D.

standby 2 timers

Full Access
Question # 209

Which measure is used by an NTP server to indicate its closeness to the authoritative time source?

A.

latency

B.

hop count

C.

time zone

D.

stratum

Full Access
Question # 210

Refer to the exhibit.

Security policy requires all idle-exec sessions to be terminated in 600 seconds. Which configuration achieves this goal?

A.

line vty 0 15

absolute-timeout 600

B.

line vty 0 15

exec-timeout

C.

line vty 01 5

exec-timeout 10 0

D.

line vty 0 4

exec-timeout 600

Full Access
Question # 211

Refer to the exhibit.

What are two effects of this configuration? (Choose two.)

A.

R1 becomes the active router.

B.

R1 becomes the standby router.

C.

If R2 goes down, R1 becomes active but reverts to standby when R2 comes back online.

D.

If R1 goes down. R2 becomes active and remains the active device when R1 comes back online.

E.

If R1 goes down, R2 becomes active but reverts to standby when R1 comes back online.

Full Access
Question # 212

Which two mechanisms are available to secure NTP? (Choose two.)

A.

IP prefix list-based

B.

IPsec

C.

TACACS-based authentication

D.

IP access list-based

E.

Encrypted authentication

Full Access
Question # 213

A server running Linux is providing support for virtual machines along with DNS and DHCP services for a small business. Which technology does this represent?

A.

container

B.

Type 1 hypervisor

C.

hardware pass-thru

D.

Type 2 hypervisor

Full Access
Question # 214

When configuration WPA2 Enterprise on a WLAN, which additional security component configuration is required?

A.

NTP server

B.

PKI server

C.

RADIUS server

D.

TACACS server

Full Access
Question # 215

Where is radio resource management performed in a cisco SD-access wireless solution?

A.

DNA Center

B.

control plane node

C.

wireless controller

D.

Cisco CMX

Full Access
Question # 216

How are the different versions of IGMP compatible?

A.

IGMPv2 is compatible only with IGMPv1.

B.

IGMPv2 is compatible only with IGMPv2.

C.

IGMPv3 is compatible only with IGMPv3.

D.

IGMPv3 is compatible only with IGMPv1

Full Access
Question # 217

When a wireless client roams between two different wireless controllers, a network connectivity outage is experience for a period of time. Which configuration issue would cause this problem?

A.

Not all of the controllers in the mobility group are using the same mobility group name.

B.

Not all of the controllers within the mobility group are using the same virtual interface IP address.

C.

All of the controllers within the mobility group are using the same virtual interface IP address.

D.

All of the controllers in the mobility group are using the same mobility group name.

Full Access
Question # 218

Which statement about TLS is accurate when using RESTCONF to write configurations on network devices?

A.

It requires certificates for authentication

B.

It is provided using NGINX acting as a proxy web server

C.

It is used for HTTP and HTTPS requests

D.

It is not supported on Cisco devices

Full Access
Question # 219

Which two components are supported by LISP? (Choose two.)

A.

Proxy ETR

B.

egress tunnel router

C.

route reflector

D.

HMAC algorithm

E.

spoke

Full Access
Question # 220

Which DHCP option helps lightweight APs find the IP address of a wireless LAN controller?

A.

Option 43

B.

Option 60

C.

Option 67

D.

Option 150

Full Access
Question # 221

Which algorithms are used to secure REST API from brute attacks and minimize the impact?

A.

SHA-512 and SHA-384

B.

MD5 algorithm-128 and SHA-384

C.

SHA-1, SHA-256, and SHA-512

D.

PBKDF2, BCrypt, and SCrypt

Full Access
Question # 222

Refer to the exhibit.

An engineer must ensure that all traffic leaving AS 200 will choose Link 2 as the exit point. Assuming that all BGP neighbor relationships have been formed and that the attributes have not been changed on any of the routers, which configuration accomplish task?

A.

R4(config-router)bgp default local-preference 200

B.

R3(config-router)neighbor 10.1.1.1 weight 200

C.

R3(config-router)bgp default local-preference 200

D.

R4(config-router)nighbor 10.2.2.2 weight 200

Full Access
Question # 223

Which features does Cisco EDR use to provide threat detection and response protection?

A.

containment, threat intelligence, and machine learning

B.

firewalling and intrusion prevention

C.

container-based agents

D.

cloud analysis and endpoint firewall controls

Full Access
Question # 224

Refer to the exhibit. Which action completes the configuration to achieve a dynamic continuous mapped NAT for all users?

A.

Configure a match-host type NAT pool

B.

Reconfigure the pool to use the 192.168 1 0 address range

C.

Increase the NAT pool size to support 254 usable addresses

D.

Configure a one-to-one type NAT pool

Full Access
Question # 225

Refer to the exhibit. An engineer attempts to create a configuration to allow the Blue VRF to leak into the global routing table, but the configuration does not function as expected. Which action resolves this issue?

A.

Change the access-list destination mask to a wildcard.

B.

Change the source network that Is specified in access-list 101.

C.

Change the route-map configuration to VRF_BLUE.

D.

Change the access-list number in the route map

Full Access
Question # 226

What is the purpose of the LISP routing and addressing architecture?

A.

It creates two entries for each network node, one for Its identity and another for its location on the network.

B.

It allows LISP to be applied as a network visualization overlay though encapsulation.

C.

It allows multiple Instances of a routing table to co-exist within the same router.

D.

It creates head-end replication used to deliver broadcast and multicast frames to the entire network.

Full Access
Question # 227

Which JSON syntax is valid?

A)

B)

C)

D)

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Full Access
Question # 228

When using TLS for syslog, which configuration allows for secure and reliable transportation of messages to its default port?

A.

logging host 10.2.3.4 vrf mgmt transport tcp port 6514

B.

logging host 10.2.3.4 vrf mgmt transport udp port 6514

C.

logging host 10.2.3.4 vrf mgmt transport tcp port 514

D.

logging host 10.2.3.4 vrf mgmt transport udp port 514

Full Access
Question # 229

How does Cisco Trustsec enable more access controls for dynamic networking

environments and data centers?

A.

classifies traffic based on advanced application recognition

B.

uses flexible NetFlow

C.

classifies traffic based on the contextual identity of the endpoint rather than its IP

address correct

D.

assigns a VLAN to the endpoint

Full Access
Question # 230

What is the difference between CEF and process switching?

A.

CEF processes packets that are too complex for process switching to manage.

B.

CEF is more CPU-intensive than process switching.

C.

CEF uses the FIB and the adjacency table to make forwarding decisions, whereas process switching punts each packet.

D.

Process switching is faster than CEF.

Full Access
Question # 231

An engineer is troubleshooting the Ap join process using DNS. Which FQDN must be resolvable on the network for the access points to successfully register to the WLC?

A.

wlcbostname.domain.com

B.

cisco-capwap-controller.domain.com

C.

ap-manager.domain.com

D.

primary-wlc.domain.com

Full Access
Question # 232

What is the centralized control policy in a Cisco SD-WAN deployment?

A.

list of ordered statements that define user access policies

B.

set of statements that defines how routing is performed

C.

set of rules that governs nodes authentication within the cloud

D.

list of enabled services for all nodes within the cloud

Full Access