350-401 Questions and Answers

Option A

Option B

Option C

Option D

Cisco United Wireless Network

Cisco DNA Spaces

Cisco Catalyst switch with embedded controller

Cisco Mobility Express

software-defined segmentation

private VLANs

SD-WAN

modular QoS

identity services

SSH

HTTPS

JWT

TLS

a package that is similar to an IMG and that contains an OVA file used to build a virtual machine

an alternative form of an ISO that Is used to install the base operating system of a virtual machine

the third step in a P2V migration

a package of files that is used to describe a virtual machine or virtual appliance

The "params" variable sends data fields to the network appliance.

The native interface information is read from the network appliance.

The Information for all interfaces is read from the network appliance.

The "params" variable reads data fields from the network appliance

Option A

Option B

Option C

Option D

Option E

Option A

Option B

Option C

Option D

It remains in err-disabled state until the shutdown/no shutdown command is entered in the interface configuration mode.

It remains in err-disabled state until the errdisable recovery cause failed-port-state command is entered in the global configuration mode.

It remains in err-disabled state until the no shutdown command is entered in the interface configuration mode.

It remains in err-disabled state until the spanning-tree portfast bpduguard disable command is entered in the interface configuration mode.

Option

Option

Option

Option

NFS share

non-linux server

local server

remote server

bare metal server

manages fabric-enabled APs and forwards client registration and roaming information to the Control Plane Node

coordinates configuration of autonomous nonfabric access points within the fabric

performs the assurance engine role for both wired and wireless clients

is dedicated to onboard clients in fabric-enabled and nonfabric-enabled APs within the fabric

Allow all VLANs on the trunk links

Disable Spanning Tree for the native VLAN.

Configure the correct native VLAN on the remote interface

Change both interfaces to access ports.

vAnaiytlcs

vSmart

WAN Edge

vBond

vManage

Inside source addresses are translated to the 209.165.201.0/27 subnet.

It establishes a one-to-one NAT translation.

The 10.1.1.0/27 subnet is assigned as the inside global address range.

The 209.165.201.0/27 subnet is assigned as the outside local address range.

The 10.1.1.0/27 subnet is assigned as the inside local addresses.

Option A

Option B

Option C

Option D

It uses a traditional routed access design to provide performance and high availability to the network.

It consists of a group of physical routers and switches that are used to maintain the network.

It provides isolation among the virtual networks and independence from the physical network.

It provides multicast support to enable Layer 2 Hooding capability in the underlay network.

All controller-dependent activities stop working except the DFS.

All client roaming continues to work

Only clients on central switching WLANs stay connected.

All clients on an WLANs are disconnected

WLC1 marks me diem with an anchor entry In Its own database. The database entry is copied to the new controller and marked with a foreign entry on VVLC2.

WLC2 marks the client with an anchor entry In Its own database. The database entry Is copied to the new controller and marked with a foreign entry on WLC1

WLCl marks the client with a foreign entry in its own database. The database entry is copied to the new controller and marked with an anchor entry on WLC2.

WLC2 marks the client with a foreign entry In its own database. The database entry Is copied to the new controller and marked with an anchor entry on WLC1.

Option A

Option B

Option C

Option D

print(response['resut'][0||'simple_time']}

print(response[result']['body']['simple_time']}

print(response['body']['simple_time']}

print(response[jresult']['body']['simple_time']}

Native Fabric Multicast

Layer 2 Flooding

SOA Transit

Multisite Fabric

Option A

Option B

Option C

Option D

Option E

Option A

Option B

Option C

Option D

network data platform

network underlay

fabric overlay

network control platform

partner ecosystem

{'Name'';''Bob johnon';''Age': Sevenfive,''Alive'': true,''FavoriteFoods';[''Cereal';''Mustard';''Onions'}}

{'Name'':''Bob johnon':''Age': 75 ''Alive'': true,''Favorite Foods';[''Cereal';''Mustard';''Onions'}}

{'Name'':''Bob johnon':''Age: 75,''Alive: true, FavoriteFoods;[Cereal, Mustard';''Onions}}

{'Name'': 'Bob johnon','Age': 75,'Alive': true,''FavoriteFoods': 'Cereal';'Mustard','Onions'}}

aaa new-model

aaa authentication login default enable

aaa new-model

aaa authentication login console local

aaa new-model aaa authentication login console group radius

aaa new-model

aaa authentication enable default

192.0.2.1

172.20.10.1

1.1.1.1

192.168.0.1

Option A

Option B

Option C

Option D

S2 is configured as LACP. Change the channel group mode to passive

S2 is configured with PAgP. Change the channel group mode to active.

S1 is configured with LACP. Change the channel group mode to on

S1 is configured as PAgP. Change the channel group mode to desirable

distribute-list prefix OFFICE in under the OSPF process

Ip prefix-list OFFICE seq 10 permit 0.0.0.0/0 Ie 32

ip prefix-list OFFICE seq 10 permit 0.0.0.0/0 ge 32

distribute-list OFFICE out under the OSPF process

distribute-list OFFICE in under the OSPF process

value that identifies a specific tunnel within the Cisco SD-WAN overlay

identifier that represents a specific service offered by nodes within the Cisco SD-WAN overlay

attribute that acts as a next hop for network prefixes

component set by the administrator to differentiate similar nodes that offer a common service

Option A

Option B

Option C

Option D

15

20

25

10

The DF bit has been set

The maximum packet size accepted by the command is 147G bytes

R2 and R3 do not have an OSPF adjacency

R3 is missing a return route to 10.99.69.0/30

aaa authorization exec default local group tacacs+

aaa authorization exec default local group radius none

aaa authorization exec default group radius local none

aaa authorization exec default group radius local

Option A

Option B

Option C

Option D

Option A

Option B

Option C

Option D

memory

bandwidth

IP address

processor

storage

secure access

Option A

Option B

Option C

Option D

Device(config.mon.erspan.stc)# no filter vlan 30

Devic(config.mon.erspan.src-dst)# no vrf 1

Devic(config.mon.erspan.src-dst)# erspan id 6

Device(config.mon-erspan.Src-dst)# mtu 1460

Option A

Option B

Option C

Option D

vSmart

vManage

cEdge

vBond

an encrypted JSON token that is used for authentication

an encrypted JSON token that is used for authorization

an encoded JSON token that is used to securely exchange information

an encoded JSON token that is used for authentication

VRF VFN_A

VRF VPN_B

management VRF

default VRF

list of global issues that are logged in Cisco DNA Center

access token to make calls to Cisco DNA Center

list of VLAN names

dent health status

as strict data structures denned by RFC 6020

in an XML tree format

in an HTML format

as modules within a tree

provides improved network security

inventories network devices

aids In the deployment network configurations

improves the user experience

augmenting management process using vendor centric actions around models

refactoring vendor and platform specific configurations with widely compatible configurations

augmenting the use of management protocols like SNMP for status subscriptions

deploying machine-friendly codes to manage a high number of devices

Option

Option

Option

Option

Configure 172.16.20.0 as a stub network.

Apply a policy to filter OSPF packets on R2.

Configure a passive Interface on R2 toward 172.16.20.0.

Configure graceful restart on the 172.16.20.0 interface.

Authentication Down/Switching Down

Authentication-Central/Switch-Local

Authentication- Down/Switch-Local

Authentication-Central/Switch-Central

native

bare metal

type 1

type 2

ip http port 8888

restconf port 8888

ip http restconf port 8888

restconf http port 8888

The ping command must be executed in the global routing table.

Interface FastEthernet0/0 Is configured in VRF CUST-A, so the ARP entry is also in that VRF.

When VRFs are used. ARP protocol must be enabled In each VRF.

When VRFs are used. ARP protocol is disabled in the global routing table.

signal strength -67 dBm, noise 91 dBm

signal strength -69 dBm, noise 94 dBm

signal strength -68 dBm, noise 89 dBm

signal strength -66 dBm, noise 90 dBm

Option A

Option B

Option C

Option D

WPA2 Personal

WPA3 Enterprise

WPA3 Personal

WPA2 Enterprise

It is responsible for policy application and network segmentation in the fabric

It performs traffic encapsulation and security profiles enforcement in the fabric

It holds a comprehensive database that tracks endpoints and networks in the fabric

It provides integration with legacy nonfabric-enabled environments

Router(config)# aaa authentication login default local Router(config)# aaa authorization exec default local

Router(config)# aaa authentication login default group tacacs+ local Router(config)# aaa authorization exec default group tacacs+ local

Router(config)# aaa fallback local

Router(config)# aaa authentication login FALLBACK local Router(config)# aaa authorization exec FALLBACK local

FIB contains routes learned through a dynamic routing protocol, and the RIB contains routes that are static or directly connected.

RIB contains the interface for a destination, and the FIB contains the next hop information.

FIB is derived from the control plane, and the RIB is derived from the data plane.

RIB is derived from the control plane, and the FIB is derived from the RIB.

Configure back-to-back connectivity on the RP ports.

Enable default gateway reachability check.

Use the same mobility domain on all WLCs.

Use the mobility MAC when the mobility peer is configured.

BGP peer 10 255 255 3 is not configured for peenng wth R1

Mandatory BOP parameters between R1 and 10 255 255 3 are mismatched

A firewall is blocking access to TCP port 179 on the BGP peer 10 255 255.3

Both BGP pern are configured for passive TCP transport

Option A

Option B

Option C

Option D

Option A

Option B

Option C

Option D

to forward packets to non-LISP sites

to encapsulate the tunnel

to maintain VLAN configuration consistency

to provide EID-to-RLOC mapping

comprehensive configuration standardization

lower control plane abstraction

simplify troubleshooting

faster fault detection

lower data plane overhead

underlay network

VPN routing/forwarding

easy virtual network

overlay network

modular QoS

policy routing

web authentication

DHCP

IEEE 802.1x

authentication mismatch

interface MTU mismatch

area mismatch

timers mismatch

Option A

Option B

Option C

Option D

source ip 10.10.10.1

source interface gigabitethernet1 ip 10.10.10.1

filter access-group 10

destination ip 10.10.10.1

Packets with a destination of 200.1.1.1 are translated to 10.1.1.1 or .2. respectively.

A packet that is sent to 200.1.1.1 from 10.1.1.1 is translated to 209.165.201.1 on R1.

R1 looks at the destination IP address of packets entering S0/0 and destined for inside hosts.

R1 processes packets entering E0/0 and S0/0 by examining the source IP address.

R1 is performing NAT for inside addresses and outside address.

R1 is configured with the no ip unreachables command.

R2 is denying ICMP

R4 is denying ICMP.

R3 is denying ICMP.

On-premises Offers greater compliance for government regulations than cloud

On-premises offers greater scalability than cloud.

On-premises oilers shorter deployment time than cloud.

On-premises is more secure man cloud.

transmitter power

antenna cable loss

antenna again

signal-to-noise ratio

standardized data structure independent of the transport protocols

creation of transport protocols and their interaction with the OS

user access to interact directly with the CLI of the device to receive or modify network configurations

standardized data structure that can be used only with NETCONF or RESTCONF transport protocols

Cloud deployments provide a better user experience across world regions, whereas on-premises deployments depend upon region-specific conditions

Cloud deployments are inherently unsecure. whereas a secure architecture is mandatory for on-premises deployments.

Cloud deployments mandate a secure architecture, whereas on-premises deployments are inherently unsecure.

Cloud deployments must include automation infrastructure, whereas on-premises deployments often lack the ability for automation.

CISCO-DNA-CONTROLLER local

CAPWAP-CONTROLLER local

CISCO-CONTROLLER local

CISCO-CAPWAP-CONTROLLER local

R1(config)#router bgp 65001

R1(config-router)#neighbor 192.168.50.2 shutdown

R1(config)#router bgp 65002

R1(config-router)#neighbor 192.168.50.2 shutdown

R1(config)#no ip route 192.168.50.2 255.255.255.255 Gi0/0

R1(config)#ip route 2.2.2.2 255.255.255.255 192.168.50.2

virtual private network

deep packet inspection

stateful inspection

application awareness

packet filtering

The resource was unreachable

Access was denied based on the user permissions.

The resource 15 no longer available on the server.

There Is a conflict in the current stale of the resource.

It enables HSRP to elect another switch in the group as the active HSRP switch.

It ensures fast failover in the case of link failure.

It enables data forwarding along known routes following a switchover, white the routing protocol reconverges.

It enables HSRP to failover to the standby RP on the same device.

can be applied in both traffic direction

queues out-of-profile packets until the buffer is full

drops out-of-profile packets

causes TCP retransmits when packet are dropped

Cisco DNA Center is unable to collect monitoring data in Assurance.

All devices reload after detecting loss of connection to Cisco DNA Center.

Already connected users are unaffected, but new users cannot connect

Users lose connectivity.

User connectivity is unaffected.

OSPF supports an unlimited number of hops. EIGRP supports a maximum of 255 hops.

OSPF provides shorter convergence time than EIGRP.

OSPF is distance vector protocol. EIGRP is a link-state protocol.

OSPF supports only equal-cost load balancing. EIGRP supports unequal-cost load balancing.

OSPF supports unequal-cost load balancing. EIGRP supports only equal-cost load balancing.

Cisco Discovery Protocol neighbour

broadcasting on the local subnet

DNS lookup cisco-DNA-PRIMARY.localdomain

DHCP Option 43

querying other APs

DSW1(config)#spanning-tree vlan 10 priority 4096 Most Voted

DSW1(config)#spanning-tree vlan 10 priority root

DSW2(config)#spanning-tree vlan 10 priority 61440 Most Voted

DSW1(config)#spanning-tree vlan 10 port-priority 0

DSW2(config)#spanning-tree vlan 20 priority 0

fusion router

control plane node

fabric border node

fabric edge node

R1(config)#no access-list 100 seq 10

R1(config)#access-list 100 seq 40 deny ip any any

R1(config)#ip access-list extended 100

R1(config-ext-nacl)#no 10

R1(config)#no access-list 100 deny ip any any

R1(config)#ip access-list extended 100

R1(config-ext-nacl)#5 permit to any any

Command Runner

Template Editor

Application Policies

Authentication Template

When encrypted helm are required between gateways h a single group.

When the traffic load needs to be shared between multiple gateways using a single virtual IP.

When the gateway routers are a mix of Cisco and non-Cisco routers

When clients need the gateway MAC address lo Be the same between multiple gateways

They rely on a declarative approach.

They rely on a procedural approach.

They use YAML as their primary configuration syntax.

They are clientless architectures.

Policy or ACLS are nor required.

There is no requirements to run IEEE 802.1X when TrustSec is enabled on a switch port.

Applications flows between hosts on the LAN to remote destinations can be encrypted.

Policy can be applied on a hop-by-hop basis.

username admin secret 7 6j809j23kpp43883500N7%e$

service password-encryption

line vty 04 password $25$FpM7182!

line vty 0 15

password $25$FpM71f82!

Stratum 1 devices are connected directly to an authoritative time source.

Stratum 15 devices are connected directly to an authoritative time source

Stratum 0 devices are connected directly to an authoritative time source.

Stratum 15 devices are an authoritative time source.

VSS

VXLAN

VPC

VLAN

To enable data to be easily structured, grouped, validated, and replicated.

To represent finite and well-defined network elements that cannot be changed.

To model the flows of unstructured data within the infrastructure

To provide human readability to scripting languages

05:5e:ac:07:0c:0f

c0:42:34:03:73:0f

00:00:0c:07:ac:0f

05:af:1c:0f:ac:15

Option A

Option B

Option C

Option D

ETR

MR

ITR

MS

Option A

Option B

Option C

Option D

E) Option E

as delay-sensitive traffic in a low latency queue

using minimal bandwidth guarantee

using the same marking as IP routing

as best effort

json.repr(Devices)

json.dumps(Devices)

json.prints(Devices)

json.loads(Devices)

The value given to the strength of the wireless signal received compared to the noise level

The value of how strong the wireless signal Is leaving the antenna using transmit power, cable loss, and antenna gain

The value of how much wireless signal is lost over a defined amount of distance

The value of how strong a tireless signal is receded, measured in dBm

43

66

69

150

Cloud deployments require longer implementation times than on-premises deployments

Cloud deployments are more customizable than on-premises deployments.

Cloud deployments require less frequent upgrades than on-premises deployments.

Cloud deployments have lower upfront costs than on-premises deployments.

logging host 10.10.10.1 transport tcp port 1024

logging origin-id 10.10.10.1

logging host 10.10.10.1 transport udp port 1023

logging host 10.10.10.1 transport udp port 1024

Disable JavaScript on the web browser

Disable Adobe Flash Player

Use a browser that supports 128-bit or larger ciphers.

Use a private or incognito session.

Option A

Option B

Option C

Option D

The tunnel line protocol goes down when the keepalive counter reaches 6

The keepalives are sent every 5 seconds and 3 retries

The keepalives are sent every 3 seconds and 5 retries

The tunnel line protocol goes down when the keepalive counter reaches 5

tap

clustering

inline tap

high availability

uses flexible NetFlow

assigns a VLAN to the endpoint

classifies traffic based an the contextual identity of the endpoint rather than its IP address

classifies traffic based on advanced application recognition

Fast Transition

Central Web Authentication

Cisco Centralized Key Management

Identity PSK

DSW2(config-if)#spanning-tree port-priority 16

DSW2(config)#interface gi1/3

DSW1(config-if)#spanning-tree port-priority 0

DSW1(config) #interface gi1/3

DSW2(config-if)#spanning-tree port-priority 128

The WLC is running a different software version.

The API is joining a primed WLC

The AP multicast traffic unable to reach the WLC through Layer 3.

The APs broadcast traffic is unable to reach the WLC through Layer 2.

Wi-Fi Protected Access 3

4096 Quadrature Amplitude Modulation Mode

Channel bonding

Uplink and Downlink Orthogonal Frequency Division Multiple Access

access-list acl_subnets permit ip 10.0.32.0 0 0.0.255 log

access-list acl_subnets permit ip 10.0.32.0 0.0.7.255 log

access-list acl_subnets permit ip 10.0.32.0 0.0.7.255 access-list acl_subnets deny ip any log

access-list acl_subnets permit ip 10.0.32.0 255.255.248.0 log

line vty 0 15

login local

transport input none

line vty 0 15

login local

transport input telnet ssh

line vty 0 15

login local

transport input ssh

line vty 0 15

login local

transport input all

Option

Option

Option

Option

Option A

Option B

Option C

Option D

Option A

Option B

Option C

Option D

Option A

Option B

Option C

Option D

to transport data between a controller and a network device

to access data using SNMP

to model data for NETCONF

to translate JSON into an equivalent XML syntax

provide QoS prioritization services such as marking, queueing, and classification for critical network traffic

provide redundant Layer 3 point-to-point links between the core devices for more predictable and faster convergence

provide advanced network security features such as 802. IX, DHCP snooping, VACLs, and port security

provide redundant aggregation for access layer devices and first-hop redundancy protocols such as VRRP

inter-controller

inter-subnet

intra-VLAN

intra-controller

to run a mapping system that manages endpoint to network device relationships

to implement policies and communicate with networks outside the fabric

to connect external Layer 3 networks to the SD-Access fabric

to connect APs and wireless endpoints to the SD-Access fabric

Utilize DHCP option 17.

Configure WLC IP address on LAN switch.

Utilize DHCP option 43.

Configure an ip helper-address on the router interface

Enable port security on the switch port

DTLS

IPsec

PGP

HTTPS

PMTUD does not work due to ICMP Packet Too Big messages being dropped by an ACL

The remote router drops the traffic due to high CPU load

The server should not set the DF bit in any type of traffic that is sent toward the network

There is a CoPP policy in place protecting the WAN router CPU from this type of traffic

TCP MSS

PMTUD

DF bit Clear

MTU ignore

IP MTU

TCP window size

permit host 172.16.0.2 host 192.168.0.5 eq 8080

permit host 192.168.0.5 host 172.16.0.2 eq 8080

permit host 192.168.0.5 eq 8080 host 172.16.0.2

permit host 192.168.0.5 it 8080 host 172.16.0.2

Option A

Option B

Option C

Option D

real-time threat management to stop DDoS attacks to the core and access networks

real-time awareness of users, devices and traffic on the network

malware control

dynamic threat control for web traffic

hypervisor

vSwitch

virtual router

pNIC

programmatic control of abstracted network resources through a centralized controller

access to controlled network resources from a centralized node

communication between SDN controllers and physical switches

controlled access to switches from automated security applications

Mobility groups are established between wireless controllers.

The management VLAN is present as a dynamic VLAN on the second WLC.

WLCs use separate DHCP servers.

WLCs have the same IP addresses configured on their interfaces.

HTTP return codes

rpc statements

JSON schema

container statements

XML schema

Enable Fastlane

Set WMM to required

Change the QoS level to Platinum

Configure AVC Profiles

Include a permit statement as the first entry

Include at least one explicit deny statement

Remove the implicit deny entry

Include a permit statement as the last entry

use basic authentication

change the port to 12446

target 192 168 100 82 in the URI

restart the vsmart host

intrusion prevention

stateful inspection

sandbox

SSL decryption

HSRPv1

GLBP

VRRP

HSRPv2

Specify a VRF.

Specify a different UDP port.

Specify a different flow ID

Configure a version 5 flow-export to the same destination.

Specify a different TCP port.

Routed (config if funnel mode gre multipoint

Router1(config-if)&tunnel source Loopback0

Router1(config-if)#tunnel source GigabitEthernet0/1

Router1 (config)#interface tunnel0

Configure channel-group 1 mode active on interface Gi0/0.

Configure no shutdown on interface Gi0/0

Enable fast LACP PDUs on interface Gi0/0.

Set LACP max-bundle to 2 on interface Port-channeM

The configuration fails because another interface is already configured with IP address 10.10.10.1/24.

The configuration fails because interface GigabitEthernet2 is missing on the target device.

The configuration is successfully sent to the device in cleartext.

Interface GigabitEthernet2 is configured with IP address 10.10.10.1/24

R1#sh run | include aaa

aaa new-model

aaa authentication login VTY group tacacs+ none

aaa session-id common

R1#sh run | section vty

line vty 0 4

password 7 0202039485748

R1#sh run | include username

R1#

R1#sh run | include aaa

aaa new-model

aaa authentication login telnet group tacacs+ none

aaa session-id common

R1#sh run | section vty

line vty 0 4

R1#sh run | include username

R1#

R1#sh run | include aaa

aaa new-model

aaa authentication login default group tacacs+ none

aaa session-id common

R1#sh run | section vty

line vty 0 4

password 7 0202039485748

R1#sh run | include aaa

aaa new-model

aaa authentication login default group tacacs+

aaa session-id common

R1#sh run | section vty

line vty 0 4

transport input none

R1#

egress tunnel routers to map resolvers to determine the appropriate egress tunnel router

ingress tunnel routers to map servers to determine the appropriate egress tunnel router

egress tunnel routers to map servers to determine the appropriate egress tunnel router

ingress tunnel routers to map resolvers to determine the appropnate egress tunnel router

aaa authentication login CONSOLE group radius local-case enable aaa

authentication login CONSOLE group radius local enable none

aaa authentication login CONSOLE group radius local enable

aaa authentication login CONSOLE group tacacs+ local enable

The device sends unicast messages to its peers

The device's HSRP group uses the virtual IP address 10.0.3.242

The standby device is configured with the default HSRP priority.

The device is using the default HSRP hello timer

The device is configured with the default HSRP priority

{Name: Bob Johnson, Age: 75, Alive: true, Favorite Foods: [Cereal, Mustard, Onions]}

{"Name": "Bob Johnson", "Age": 75, "Alive": true, "Favorite Foods": ["Cereal", "Mustard", "Onions"]}

{"˜Name': "˜Bob Johnson', "˜Age': 75, "˜Alive': True, "˜Favorite Foods': "˜Cereal', "˜Mustard', "˜Onions'}

{"Name": "Bob Johnson", "Age": Seventyfive, "Alive": true, "Favorite Foods": ["Cereal", "Mustard", "Onions"]}

only required at the network perimeter

required in each layer of the network

filters traffic using Layer 3 and Layer 4 information only

provides intrusion prevention

The code encrypts a base64 decrypted password.

The code converts time to the "year/month/day" time format.

The code converts time to the yyyymmdd representation.

The code converts time to the Epoch LINUX time format.

mobility MAC on the 5520 cluster

mobility MAC on the 9800 WLC

new mobility on the 5520 cluster

new mobility on the 9800 WLC

The tunnel will be established and work as expected

The tunnel destination will be known via the tunnel interface

The tunnel keepalive is configured incorrectly because they must match on both sites

The default MTU of the tunnel interface is 1500 byte.

The access point is part of the fabric underlay

The WLC is part of the fabric underlay

The access point is part the fabric overlay

The wireless client is part of the fabric overlay

Create an IPsec profile, associate the transform-set ACL, and apply the profile to the tunnel interface.

Apply the crypto map to the tunnel interface and change the tunnel mode to tunnel mode ipsec ipv4.

Remove all configuration related to crypto map from R1 and R2 and eliminate the ACL.

Create an IPsec profile, associate the transform-set, and apply the profile to the tunnel interface.

Remove the crypto map and modify the ACL to allow traffic between 10.10.0.0/24 to 10.20.0.0/24.

The same virtual IP address has been configured for two HSRP groups

The HSRP configuration has caused a spanning-tree loop

The HSRP configuration has caused a routing loop

A PC is on the network using the IP address 10.10.1.1

SaltStack uses an API proxy agent to program Cisco boxes on agent mode, whereas Ansible uses a Telnet connection

SaltStack uses the Ansible agent on the box, whereas Ansible uses a Telnet server on the box

SaltStack is constructed with minion, whereas Ansible is constructed with YAML

SaltStack uses SSH to interact with Cisco devices, whereas Ansible uses an event bus

Set the weight attribute to 65.535 on BR1 toward PE1.

Set the local preference to 150 on PE1 toward BR1 outbound

Set the MED to 1 on PE2 toward BR2 outbound.

Set the origin to igp on BR2 toward PE2 inbound.

The source-interface is configured incorrectly.

The destination must be 172.30.30.2 for icmp-echo

The default route is missing the track feature

The threshold value is wrong.

A NETCONF request was made for a data model that does not exist.

The device received a valid NETCONF request and serviced it without error.

A NETCONF message with valid content based on the YANG data models was made, but the request failed.

The NETCONF running datastore is currently locked.

Autonomous

Mobility Express

SD-Access wireless

Local mode

SW1 (config)#vtp pruning

SW3(config)#vtp mode transparent

SW2(config)=vtp pruning

SW1 (config >»vtp mode transparent

R1#network 192.168.0.0 mask 255.255.0.0

R2#no network 10.0.0.0 255.255.255.0

R2#network 192.168.0.0 mask 255.255.0.0

R2#network 209.165.201.0 mask 255.255.192.0

R1#no network 10.0.0.0 255.255.255.0

network 20.1.1.2.0.0.0.0 area 0

network 20.1.1.2 255.255.0.0. area 0

network 20.1.1.2.0.0.255.255 area 0

network 20.1.1.2 255.255.255 area 0

It enforces the use of a specific encoding format for NETCONF.

It collects statistical constraint analysis information.

It enables multiple leaf statements to exist within a leaf list.

It enforces configuration semantics.

It enforces configuration constraints.

It is leveraged for dynamic endpoint to group mapping and policy definition.

It provides GUI management and abstraction via apps that share context.

it is used to analyze endpoint to app flows and monitor fabric status.

It manages the LISP EID database.

802.1AE provides encryption and authentication services

802.1AE is bult between the host and switch using the MKA protocol, which negotiates encryption keys based on the master session key from a successful 802.1X session

802.1AE is bult between the host and switch using the MKA protocol using keys generated via the Diffie-Hellman algorithm (anonymous encryption mode)

802.1AE is negotiated using Cisco AnyConnect NAM and the SAP protocol

the Options field in the Layer 3 header

the Type field in the Layer 2 frame

the Flags field in the Layer 3 header

the TOS field in the Layer 3 header

MACsec

IPsec

SSL

Cisco Trustsec

Dipole

Yagi

Patch

Omnidirectional

Option A

Option B

Option C

Option D

ip route vrf Customerl 172.16.1.0 255.255.255.0 172.16.1.1 global

ip route vrf Customer 192.168.1.200 255.255.255.255 192.168.1.1 global

ip route 192.168.1.0 255.255.255.0 VlanlO

ip route 172.16.1.0 255.255.255.0 Vlan20

ip route vrf Customerl 172.16.1.0 255.255.255.0 172.16.1.1 Customer2

ip route vrf Customer 192.168.1.200 255.255.255.255 192.168.1.1 Customerl

ip route vrf Customerl 172.16.1.0 255.255.255.0 172.16.1.1 Customerl

ip route vrf Customer 192.168.1.200 255.255.255.255 192.168.1.1 Customer2

ip route vrf Customerl 172.16.1.1 255.255.255.255 172.16.1.1 global

ip route vrf Customer 192.168.1.200 255.255.255.0 192.168.1.1 global

ip route 192.168.1.0 255.255.255.0 VlanlO

ip route 172.16.1.0 255.255.255.0 Vlan20

Access control lists that are applied outbound to a router interface do not affect traffic that is sourced from the router.

Only standard access control lists can block traffic from a source IP address.

After an access control list is applied to an interface, that interface must be shut and no shut for the access control list to take effect.

The access control list must contain an explicit deny to block traffic from the router.

switch fabric

VTEP

VNID

host switch

efficient scalability

virtualization

storage capacity

supported systems

TCP

HTTPS

SSH

HTTP

When users attempt to connect to vty lines 0 through 4, the device will authenticate them against TACACS+ if local authentication fails

The device will authenticate all users connecting to vty lines 0 through 4 against TACACS+

The device will allow users at 192.168.0.202 to connect to vty lines 0 through 4 using the password ciscotestkey

The device will allow only users at 192.166.0.202 to connect to vty lines 0 through 4

standby 2 priority

standby 2 preempt

standby 2 track

standby 2 timers

latency

hop count

time zone

stratum

line vty 0 15

absolute-timeout 600

line vty 0 15

exec-timeout

line vty 01 5

exec-timeout 10 0

line vty 0 4

exec-timeout 600

R1 becomes the active router.

R1 becomes the standby router.

If R2 goes down, R1 becomes active but reverts to standby when R2 comes back online.

If R1 goes down. R2 becomes active and remains the active device when R1 comes back online.

If R1 goes down, R2 becomes active but reverts to standby when R1 comes back online.

IP prefix list-based

IPsec

TACACS-based authentication

IP access list-based

Encrypted authentication

container

Type 1 hypervisor

hardware pass-thru

Type 2 hypervisor

NTP server

PKI server

RADIUS server

TACACS server

DNA Center

control plane node

wireless controller

Cisco CMX

IGMPv2 is compatible only with IGMPv1.

IGMPv2 is compatible only with IGMPv2.

IGMPv3 is compatible only with IGMPv3.

IGMPv3 is compatible only with IGMPv1

Not all of the controllers in the mobility group are using the same mobility group name.

Not all of the controllers within the mobility group are using the same virtual interface IP address.

All of the controllers within the mobility group are using the same virtual interface IP address.

All of the controllers in the mobility group are using the same mobility group name.

It requires certificates for authentication

It is provided using NGINX acting as a proxy web server

It is used for HTTP and HTTPS requests

It is not supported on Cisco devices

Proxy ETR

egress tunnel router

route reflector

HMAC algorithm

spoke

Option 43

Option 60

Option 67

Option 150

SHA-512 and SHA-384

MD5 algorithm-128 and SHA-384

SHA-1, SHA-256, and SHA-512

PBKDF2, BCrypt, and SCrypt

R4(config-router)bgp default local-preference 200

R3(config-router)neighbor 10.1.1.1 weight 200

R3(config-router)bgp default local-preference 200

R4(config-router)nighbor 10.2.2.2 weight 200

containment, threat intelligence, and machine learning

firewalling and intrusion prevention

container-based agents

cloud analysis and endpoint firewall controls

Configure a match-host type NAT pool

Reconfigure the pool to use the 192.168 1 0 address range

Increase the NAT pool size to support 254 usable addresses

Configure a one-to-one type NAT pool

Change the access-list destination mask to a wildcard.

Change the source network that Is specified in access-list 101.

Change the route-map configuration to VRF_BLUE.

Change the access-list number in the route map

It creates two entries for each network node, one for Its identity and another for its location on the network.

It allows LISP to be applied as a network visualization overlay though encapsulation.

It allows multiple Instances of a routing table to co-exist within the same router.

It creates head-end replication used to deliver broadcast and multicast frames to the entire network.

Option A

Option B

Option C

Option D

logging host 10.2.3.4 vrf mgmt transport tcp port 6514

logging host 10.2.3.4 vrf mgmt transport udp port 6514

logging host 10.2.3.4 vrf mgmt transport tcp port 514

logging host 10.2.3.4 vrf mgmt transport udp port 514

classifies traffic based on advanced application recognition

uses flexible NetFlow

classifies traffic based on the contextual identity of the endpoint rather than its IP

address correct

assigns a VLAN to the endpoint

CEF processes packets that are too complex for process switching to manage.

CEF is more CPU-intensive than process switching.

CEF uses the FIB and the adjacency table to make forwarding decisions, whereas process switching punts each packet.

Process switching is faster than CEF.

wlcbostname.domain.com

cisco-capwap-controller.domain.com

ap-manager.domain.com

primary-wlc.domain.com

list of ordered statements that define user access policies

set of statements that defines how routing is performed

set of rules that governs nodes authentication within the cloud

list of enabled services for all nodes within the cloud