Summer Special Sale - Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 70dumps

350-401 Questions and Answers

Question # 6

Refer to the exhibit. A network engineer must block Telnet traffic from hosts in the range of 10.100 2.248 to 10.100.2 255 to the network 10.100.3.0 and permit everything else. Which configuration must the engineer apply'?

A)

B)

C)

D)

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Full Access
Question # 7

An administrator is configuring NETCONF using the following XML string. What must the administrator end the request with?

A.

]]>]]>

B.

C.

D.

Full Access
Question # 8

What Is the difference between the MAC address table and TCAM?

A.

The MAC address table supports partial matches. TCAM requires an exact match.

B.

The MAC address table is contained in TCAM ACL and QoS information is stored in CAM.

C.

Router prefix lookups happen in TCAM. MAC address table lookups happen In CAM.

D.

TCAM is used to make L2 forwarding decisions. CAM is used to build routing tables

Full Access
Question # 9
A.

S2 is configured as LACP. Change the channel group mode to passive

B.

S2 is configured with PAgP. Change the channel group mode to active.

C.

S1 is configured with LACP. Change the channel group mode to on

D.

S1 is configured as PAgP. Change the channel group mode to desirable

Full Access
Question # 10

What Is a characteristic of a WLC that is in master controller mode?

A.

All wireless LAN controllers are managed by the master controller.

B.

All new APs that join the WLAN are assigned to the master controller.

C.

Configuration on the master controller is executed on all wireless LAN controllers.

D.

The master controller is responsible for load balancing all connecting clients to other controllers

Full Access
Question # 11

Which two characteristics apply to the endpoint security aspect of the Cisco Threat Defense architecture? (Choose two.)

A.

detect and black ransomware in email attachments

B.

outbound URL analysis and data transfer controls

C.

user context analysis

D.

blocking of fileless malware in real time

E.

cloud-based analysis of threats

Full Access
Question # 12

Reter to the exhibit.

An administrator troubleshoots intermittent connectivity from internal hosts to an external public server. Some internal hosts can connect to the server while others receive an ICMP Host Unreachable message and these hosts change over time. What is the cause of this issue?

A.

The translator does not use aOdress overloading

B.

The NAT ACL does not match alt internal hosts

C.

The NAT ACL and NAT pool share the same name

D.

The NAT pool netmask is excessively wide

Full Access
Question # 13

Which protocol is responsible for data plane forwarding in a Cisco SD-Access deployment?

A.

VXLAN

B.

IS-IS

C.

OSPF

D.

LISP

Full Access
Question # 14

A Cisco DNA Center REST API sends a PUT to the /dna/intent/api/v1/network-device endpoint A response code of 504 is received What does the code indicate?

A.

The response timed out based on a configured interval

B.

The user does not have authorization to access this endpoint.

C.

The username and password are not correct

D.

The web server is not available

Full Access
Question # 15

Drag and drop the LISP components on the left to their descriptions on the right. Not all options are used.

Full Access
Question # 16

Drag and drop the characteristics from the left onto the infrastructure deployment models on the right.

Full Access
Question # 17

In a Cisco Catalyst switch equipped with two supervisor modules an administrator must temporally remove the active supervisor from the chassis to perform hardware maintenance on it. Which mechanism ensure that the active supervisor removal is not disruptive to the network operation?

A.

NSF/NSR

B.

SSO

C.

HSRP

D.

VRRP

Full Access
Question # 18

A company requires a wireless solution to support its mam office and multiple branch locations. All sites have local Internet connections and a link to the main office lor corporate connectivity. The branch offices are managed centrally. Which solution should the company choose?

A.

Cisco United Wireless Network

B.

Cisco DNA Spaces

C.

Cisco Catalyst switch with embedded controller

D.

Cisco Mobility Express

Full Access
Question # 19

What is the calculation that is used to measure the radiated power of a signal after it has gone through the radio, antenna cable, and antenna?

A.

EIRP

B.

mW

C.

dBm

D.

dBi

Full Access
Question # 20

Refer to the exhibit. Which configuration must be added to enable GigabitEthemet 0/1 to participate in OSPF?

A.

SF_router (config-router)# network 10.10.1.0 0.0.0.255 area 0

B.

SF_rouier (conng)# network 10.10.1.0 0.0.0.255 area 1

C.

SF_router (conflg-routerp) network 10.10.1.0 0.0.0.255 area 1

D.

SF_rouler (contlg-rouler)# network 10.10.1.0 255.255.255.0 area 0

Full Access
Question # 21

Refer to the exhibit.

The administrator troubleshoots an EtherChannel that keeps moving to err-disabled. Which two actions must be taken to resolve the issue? (Choose two.)

A.

Reload the switch to force EtherChannel renegotiation

B.

Ensure that interfaces Gi1/0/2 and Gi1/0/3 connect to the same neighboring switch.

C.

Ensure that the switchport parameters of Port channel1 match the parameters of the port channel on the neighbor switch

D.

Ensure that the corresponding port channel interface on the neighbor switch is named Port-channel1.

E.

Ensure that the neighbor interfaces of Gi1/0/2 and Gi/0/3 are configured as members of the same EtherChannel

Full Access
Question # 22

A system must validate access rights to all its resources and must not rely on a cached permission matrix. If the access level to a given resource is revoked but is not reflected in the permission matrix, the security is violated. Which term refers to this REST security design principle?

A.

economy of mechanism

B.

complete mediation

C.

separation of privilege

D.

least common mechanism

Full Access
Question # 23

What is a characteristics of a vSwitch?

A.

supports advanced Layer 3 routing protocols that are not offered by a hardware switch

B.

enables VMs to communicate with each other within a virtualized server

C.

has higher performance than a hardware switch

D.

operates as a hub and broadcasts the traffic toward all the vPorts

Full Access
Question # 24

What happens when a FlexConnect AP changes to standalone mode?

A.

All controller-dependent activities stop working except the DFS.

B.

All client roaming continues to work

C.

Only clients on central switching WLANs stay connected.

D.

All clients on an WLANs are disconnected

Full Access
Question # 25

An engineer must configure a router to leak routes between two VRFs Which configuration must the engineer apply?

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Full Access
Question # 26

An engineer is configuring Local WebAuth on a Cisco Wireless LAN Controller. According to RFC 5737, WHICH VIRTUAL IP address must be used in this configuration?

A.

192.0.2.1

B.

172.20.10.1

C.

1.1.1.1

D.

192.168.0.1

Full Access
Question # 27

What is the JSON syntax that is formed the data?

A.

{'Name'';''Bob johnon';''Age': Sevenfive,''Alive'': true,''FavoriteFoods';[''Cereal';''Mustard';''Onions'}}

B.

{'Name'':''Bob johnon':''Age': 75 ''Alive'': true,''Favorite Foods';[''Cereal';''Mustard';''Onions'}}

C.

{'Name'':''Bob johnon':''Age: 75,''Alive: true, FavoriteFoods;[Cereal, Mustard';''Onions}}

D.

{'Name'': 'Bob johnon','Age': 75,'Alive': true,''FavoriteFoods': 'Cereal';'Mustard','Onions'}}

Full Access
Question # 28

What is an emulated machine that has dedicated compute memory, and storage resources and a fully installed operating system?

A.

Container

B.

Mainframe

C.

Host

D.

virtual machine

Full Access
Question # 29

Refer to the exhibit.

An engineer must set up connectivity between a campus aggregation layer and a branch office access layer. The engineer uses dynamic trunking protocol to establish this connection, however, management traffic on VLAN1 is not passing. Which action resolves the issue and allow communication for all configured VLANs?

A.

Allow all VLANs on the trunk links

B.

Disable Spanning Tree for the native VLAN.

C.

Configure the correct native VLAN on the remote interface

D.

Change both interfaces to access ports.

Full Access
Question # 30

Refer to the exhibit. A network engineer must be notified when a user switches to configuration mode. Which script should be applied to receive an SNMP trap and a critical-level log message?

A)

B)

C)

D)

A.

Option

B.

Option

C.

Option

D.

Option

Full Access
Question # 31

Which IPv4 packet field carries the QoS IP classification marking?

A.

ID

B.

TTL

C.

FCS

D.

ToS

Full Access
Question # 32

Which three resources must the hypervisor make available to the virtual machines? (Choose three)

A.

memory

B.

bandwidth

C.

IP address

D.

processor

E.

storage

F.

secure access

Full Access
Question # 33

Refer to The exhibit.

Assuming that R1 is a CE router, which VRF is assigned to Gi0/0 on R1?

A.

VRF VFN_A

B.

VRF VPN_B

C.

management VRF

D.

default VRF

Full Access
Question # 34

The Gig0/0 interface of two routers is directly connected with a 1G Ethernet link. Which configuration must be applied to the interface of both routers to establish an OSPF adjacency without maintaining a DR/BDR relationship?

A)

B)

C)

D)

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Full Access
Question # 35

Which two Cisco SD-WAN components exchange OMP information?

A.

vAnaiytlcs

B.

vSmart

C.

WAN Edge

D.

vBond

E.

vManage

Full Access
Question # 36

Refer to the exhibit.

A network engineer must log in to the router via the console, but the RADIUS servers are not reachable Which credentials allow console access1?

A.

the username "cisco" and the password "Cisco"

B.

no username and only the password "test123"

C.

no username and only the password "cisco123"

D.

the username "cisco" and the password “cisco123"

Full Access
Question # 37

Refer to the exhibit. Which EEM script generates a critical-level syslog message and saves a copy of the running configuration to the bootflash when an administrator saves the running configuration to the startup configuration?

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Full Access
Question # 38

Which configuration creates a CoPP policy that provides unlimited SSH access from dient 10.0.0.5 and denies access from all other SSH clients'?

A)

B)

C)

D)

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Full Access
Question # 39

By default, which virtual MAC address Goes HSRP group 25 use?

A.

05:5c:5e:ac:0c:25

B.

04:16:6S:96:1C:19

C.

00:00:0c:07:ac:19

D.

00:00:0c:07:ac:25

Full Access
Question # 40

What does the number in an NTP stratum level represent?

A.

The number of hops it takes to reach the master time server.

B.

The number of hops it takes to reach the authoritative time source.

C.

The amount of offset between the device clock and true time.

D.

The amount of drift between the device clock and true time.

Full Access
Question # 41

What is one main REST security design principle?

A.

separation of privilege

B.

password hashing

C.

confidential algorithms

D.

OAuth

Full Access
Question # 42

Refer to the exhibit.

Which commands are required to allow SSH connection to the router?

A)

B)

C)

D)

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Full Access
Question # 43

If the maximum power level assignment for global TPC 802.11a/n/ac is configured to 10 dBm, which power level effectively doubles the transmit power?

A.

13dBm

B.

14 dBm

C.

17dBm

D.

20 dBm

Full Access
Question # 44

Refer to the exhibit. An engineer has configured an IP SLA for UDP echo’s. Which command is needed to start the IP SLA to test every 30 seconds and continue until stopped?

A.

ip sla schedule 100 start-time now life forever

B.

ip sla schedule 30 start-time now life forever

C.

ip sla schedule 100 start-time now life 30

D.

ip sla schedule 100 life forever

Full Access
Question # 45

Which Python snippet should be used to store the devices data structure in a JSON file?

A)

B)

C)

D)

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Full Access
Question # 46

Refer to the exhibit. An engineer must configure an eBGP neighborship to Router B on Router A. The network that is connected to GO/1 on Router A must be advertised to Router B. Which configuration should be applied?

A)

B)

C)

D)

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Full Access
Question # 47

Which type of tunnel Is required between two WLCs to enable Intercontroller roaming?

A.

mobility

B.

LWAPP

C.

CAPWAP

D.

iPsec

Full Access
Question # 48

Refer to the exhibit.

Which command set must be applied on R1 to establish a BGP neighborship with R2 and to allow communication from R1 to reach the networks?

A)

B)

C)

D)

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Full Access
Question # 49

Refer to the exhibit.

What is the result of the API request?

A.

The "params" variable sends data fields to the network appliance.

B.

The native interface information is read from the network appliance.

C.

The Information for all interfaces is read from the network appliance.

D.

The "params" variable reads data fields from the network appliance

Full Access
Question # 50

Refer to the exhibit.

An engineer must deny Telnet traffic from the loopback interface of router R3 to the Loopback interface of router R2 during, the weekend hours. All other traffic between the loopback interfaces of routers R3 and R2 must be allowed at all times Which command set accomplishes this task?

A)

B)

C)

D)

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Full Access
Question # 51

Which benefit is realized by implementing SSO?

A.

IP first-hop redundancy

B.

communication between different nodes for cluster setup

C.

physical link redundancy

D.

minimal network downtime following an RP switchover

Full Access
Question # 52

A large campus network has deployed two wireless LAN controllers to manage the wireless network. WLC1 and WLC2 have been configured as mobility peers. A client device roams from AP1 on WLC1 to AP2 on WLC2, but the controller's client interfaces are on different VLANs. How do the wireless LAN controllers handle the inter-subnet roaming?

A.

WLC1 marks me diem with an anchor entry In Its own database. The database entry is copied to the new controller and marked with a foreign entry on VVLC2.

B.

WLC2 marks the client with an anchor entry In Its own database. The database entry Is copied to the new controller and marked with a foreign entry on WLC1

C.

WLCl marks the client with a foreign entry in its own database. The database entry is copied to the new controller and marked with an anchor entry on WLC2.

D.

WLC2 marks the client with a foreign entry In its own database. The database entry Is copied to the new controller and marked with an anchor entry on WLC1.

Full Access
Question # 53

Which two Cisco SD-Access components provide communication between traditional network elements and controller layer? (choose two)

A.

network data platform

B.

network underlay

C.

fabric overlay

D.

network control platform

E.

partner ecosystem

Full Access
Question # 54

Refer to the exhibit.

An engineer entered the command no spanning-tree bpduguard enable on interface Fa 1/0/7. What is the effect of this command on Fa 1/0/7?

A.

It remains in err-disabled state until the shutdown/no shutdown command is entered in the interface configuration mode.

B.

It remains in err-disabled state until the errdisable recovery cause failed-port-state command is entered in the global configuration mode.

C.

It remains in err-disabled state until the no shutdown command is entered in the interface configuration mode.

D.

It remains in err-disabled state until the spanning-tree portfast bpduguard disable command is entered in the interface configuration mode.

Full Access
Question # 55

Drag and drop the Cisco SD-Access solution areas from the left onto the protocols they use on the right.

Full Access
Question # 56

What are the main components of Cisco TrustSec?

A.

Cisco ISE and Enterprise Directory Services

B.

Cisco ISE. network switches, firewalls, and routers

C.

Cisco ISE and TACACS+

D.

Cisco ASA and Cisco Firepower Threat Defense

Full Access
Question # 57

What is the purpose of an RP in PIM?

A.

send join messages toward a multicast source SPT

B.

ensure the shortest path from the multicast source to the receiver

C.

receive IGMP joins from multicast receivers

D.

secure the communication channel between the multicast sender and receiver

Full Access
Question # 58

What is the process for moving a virtual machine from one host machine to another with no downtime?

A.

high availability

B.

disaster recovery

C.

live migration

D.

multisite replication

Full Access
Question # 59

Drag and drop the tools from the left onto the agent types on the right.

Full Access
Question # 60

A customer transitions a wired environment to a Cisco SD-Access solution. The customer does not want to integrate the wireless network with the fabric. Which wireless deployment approach enables the two systems to coexist and meets the customer requirement?

A.

Deploy the APs in autonomous mode

B.

Deploy the wireless network over the top of the fabric

C.

Deploy a separate network for the wireless environment

D.

Implement a Cisco DNA Center to manage the two networks

Full Access
Question # 61

Refer to the exhibit.

How does the router handle traffic after the CoPP policy is configured on the router?

A.

Traffic coming to R1 that does not match access list SNMP is dropped.

B.

Traffic coming to R1 that matches access list SNMP is policed.

C.

Traffic passing through R1 that matches access list SNMP is policed.

D.

Traffic generated by R1 that matches access list SNMP is policed.

Full Access
Question # 62

What are two benefits of implementing a Cisco SD-WAN architecture? (Choose two)

A.

It provides resilient and effective traffic flow using MPLS.

B.

It improves endpoint protection by integrating embedded and cloud security features.

C.

It allows configuration of application-aware policies with real time enforcement.

D.

It simplifies endpoint provisioning through standalone router management

E.

It enforces a single. scalable. hub-and-spoke topology.

Full Access
Question # 63

AN engineer is implementing MPLS OAM to monitor traffic within the MPLS domain. Which action must the engineer perform to prevent from being forwarded beyond the service provider domain when the LSP is down?

A.

Disable IP redirects only on outbound interfaces

B.

Implement the destination address for the LSP echo request packet in the 127.x.y.z/8 network

C.

Disable IP redirects on all ingress interfaces

D.

Configure a private IP address as the destination address of the headend router of Cisco MPLS TE.

Full Access
Question # 64

Drag and drop the characteristics from the left onto the routing protocols they describe on the right.

Full Access
Question # 65

Based on the router's API output in JSON format below, which Python code will display the value of the "hostname" key?

A)

B)

C)

D)

A.

Option

B.

Option

C.

Option

D.

Option

Full Access
Question # 66

Which network devices secure API platform?

A.

next-generation intrusion detection systems

B.

Layer 3 transit network devices

C.

content switches

D.

web application firewalls

Full Access
Question # 67

An engineer must create an EEM script to enable OSPF debugging in the event the OSPF neighborship goes down. Which script must the engineer apply?

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Full Access
Question # 68

Refer to the exhibit.

Which command set must be added to the configuration to analyze 50 packets out of every 100?

A)

B)

C)

D)

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Full Access
Question # 69

An engineer must enable a login authentication method that allows a user to log in by using local authentication if all other defined authentication methods fail Which configuration should be applied?

A.

aaa authentication login CONSOLE group radius local-case enable aaa

B.

authentication login CONSOLE group radius local enable none

C.

aaa authentication login CONSOLE group radius local enable

D.

aaa authentication login CONSOLE group tacacs+ local enable

Full Access
Question # 70

An administrator must enable Telnet access to Router X using the router username and password database for authentication. Which configuration should be applied?

A)

B)

C)

D)

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Full Access
Question # 71

Which new enhancement was implemented in Wi-Fi 6?

A.

Wi-Fi Protected Access 3

B.

4096 Quadrature Amplitude Modulation Mode

C.

Channel bonding

D.

Uplink and Downlink Orthogonal Frequency Division Multiple Access

Full Access
Question # 72

AN engineer is implementing a route map to support redistribution within BGP. The route map must configured to permit all unmatched routes. Which action must the engineer perform to complete this task?

A.

Include a permit statement as the first entry

B.

Include at least one explicit deny statement

C.

Remove the implicit deny entry

D.

Include a permit statement as the last entry

Full Access
Question # 73

Drag and drop the REST API authentication methods from the left onto their descriptions on the right.

Full Access
Question # 74

Refer to the exhibit.

An engineer must prevent the R6 loopback from getting into Area 2 and Area 3 from Area 0 Which action must the engineer take?

A.

Apply a fitter list inbound on R2 and R9

B.

Apply a filter list outbound on R3 and R7

C.

Apply a filter list outbound on R7 only.

D.

Apply a filter list inbound on R3 and R7

Full Access
Question # 75

Refer to the exhibit.

All switches are configured with the default port priority value. Which two commands ensure that traffic from PC1 is forwarded over Gi1/3 trunk port between DWS1 and DSW2? (Choose two)

A.

DSW2(config-if)#spanning-tree port-priority 16

B.

DSW2(config)#interface gi1/3

C.

DSW1(config-if)#spanning-tree port-priority 0

D.

DSW1(config) #interface gi1/3

E.

DSW2(config-if)#spanning-tree port-priority 128

Full Access
Question # 76

Which deployment option of Cisco NGFW provides scalability?

A.

tap

B.

clustering

C.

inline tap

D.

high availability

Full Access
Question # 77

The login method is configured on the VTY lines of a router with these parameters.

  • The first method for authentication is TACACS
  • If TACACS is unavailable, login is allowed without any provided credentials

Which configuration accomplishes this task?

A.

R1#sh run | include aaa

aaa new-model

aaa authentication login VTY group tacacs+ none

aaa session-id common

R1#sh run | section vty

line vty 0 4

password 7 0202039485748

R1#sh run | include username

R1#

B.

R1#sh run | include aaa

aaa new-model

aaa authentication login telnet group tacacs+ none

aaa session-id common

R1#sh run | section vty

line vty 0 4

R1#sh run | include username

R1#

C.

R1#sh run | include aaa

aaa new-model

aaa authentication login default group tacacs+ none

aaa session-id common

R1#sh run | section vty

line vty 0 4

password 7 0202039485748

D.

R1#sh run | include aaa

aaa new-model

aaa authentication login default group tacacs+

aaa session-id common

R1#sh run | section vty

line vty 0 4

transport input none

R1#

Full Access
Question # 78

Refer to the exhibit.

What step resolves the authentication issue?

A.

use basic authentication

B.

change the port to 12446

C.

target 192 168 100 82 in the URI

D.

restart the vsmart host

Full Access
Question # 79

Refer to the exhibit. PC-1 must access the web server on port 8080. To allow this traffic, which statement must be added to an access control list that is applied on SW2 port G0/0 in the inbound direction?

A.

permit host 172.16.0.2 host 192.168.0.5 eq 8080

B.

permit host 192.168.0.5 host 172.16.0.2 eq 8080

C.

permit host 192.168.0.5 eq 8080 host 172.16.0.2

D.

permit host 192.168.0.5 it 8080 host 172.16.0.2

Full Access
Question # 80

Refer to the exhibit.

Which command must be applied to Router 1 to bring the GRE tunnel to an up/up state?

A.

Routed (config if funnel mode gre multipoint

B.

Router1(config-if)&tunnel source Loopback0

C.

Router1(config-if)#tunnel source GigabitEthernet0/1

D.

Router1 (config)#interface tunnel0

Full Access
Question # 81

An engineer is configuring a GRE tunnel interface in the default mode. The engineer has assigned an IPv4 address on the tunnel and sourced the tunnel from an Ethernet interface. Which option also is required on the tunnel interface before it is operational?

A.

(config-if)#tunnel destination

B.

(config-if)#keepalive

C.

(config-if)#ip mtu

D.

(config-if)#ip tcp adjust-mss

Full Access
Question # 82

Refer to the exhibit.

Which command when applied to the Atlanta router reduces type 3 LSA flooding into the backbone area and summarizes the inter-area routes on the Dallas router?

A.

Atlanta(config-route)#area 0 range 192.168.0.0 255.255.248.0

B.

Atlanta(config-route)#area 0 range 192.168.0.0 255.255.252.0

C.

Atlanta(config-route)#area 1 range 192.168.0.0 255.255.252.0

D.

Atlanta(config-route)#area 1 range 192.168.0.0 255.255.248.0

Full Access
Question # 83

When are multicast RPs required?

A.

RPs are required only when using protocol independent multicast dense mode.

B.

By default, the RP is needed penodically to maintain sessions with sources and receivers.

C.

RPs are required for protocol Independent multicast sparse mode and dense mode.

D.

By default, the RP Is needed only start new sessions with sources and receivers.

Full Access
Question # 84

Which HHTP status code is the correct response for a request with an incorrect password applied to a REST API session?

A.

HTTP Status Code 200

B.

HTTP Status Code 302

C.

HTTP Status Code 401

D.

HTTP Status Code: 504

Full Access
Question # 85

Refer to the exhibit.

An engineer is troubleshooting an application running on Apple phones. The application Is receiving incorrect QoS markings. The systems administrator confirmed that ail configuration profiles are correct on the Apple devices. Which change on the WLC optimizes QoS for these devices?

A.

Enable Fastlane

B.

Set WMM to required

C.

Change the QoS level to Platinum

D.

Configure AVC Profiles

Full Access
Question # 86

Which outcome is achieved with this Python code?

A.

connects to a Cisco device using SSH and exports the routing table information

B.

displays the output of the show command in a formatted way

C.

connects to a Cisco device using SSH and exports the BGP table for the prefix

D.

connects to a Cisco device using Telnet and exports the routing table information

Full Access
Question # 87

How does CEF switching differ from process switching on Cisco devices?

A.

CEF switching saves memory by sorting adjacency tables in dedicate memory on the line cards, and process switching stores all tables in the main memory

B.

CEF switching uses adjacency tables built by the CDP protocol, and process switching uses the routing table

C.

CEF switching uses dedicated hardware processors, and process switching uses the main processor

D.

CEF switching uses proprietary protocol based on IS-IS for MAC address lookup, and process switching uses in MAC address table

Full Access
Question # 88

A client device roams between access points located on different floors in an atrium. The access points are Joined to the same controller and configured in local mode. The access points are in different AP groups and have different IP addresses, but the client VLAN in the groups is the same. Which type of roam occurs?

A.

inter-controller

B.

inter-subnet

C.

intra-VLAN

D.

intra-controller

Full Access
Question # 89

Refer to the exhibit.

An engineer must establish eBGP peering between router R3 and router R4. Both routers should use their loopback interfaces as the BGP router ID. Which configuration set accomplishes this task?

A.

R3(config)#router bgp 200

R3(config-router)#neighbor 10.4.4.4 remote-as 100

R3(config-router)# neighbor 10.4.4.4 update-source Loopback0

R4(config)#router bgp 100

R4(config-router)#neighbor 10.3.3.3 remote-as 200

R4(config-router)#network 10.3.3.3 update-source Loopback0

B.

R3(config)#router bgp 200

R3(config-router)#neighbor 10.24.24.4 remote-as 100

R3(config-router)#neighbor 10.24.24.4 update-source Loopback0

R4(config)#router bgp 100

R4(config-router)#neighbor 10.24.24.3 remote-as 200

R4(config-router)#neighbor 10.24.24.3 update-source Loopback0

C.

R3(config)#router bgp 200

R3(config-router)#neighbor 10.4.4.4 remote-as 100

R3(config-router)#bgp router-id 10.3.3.3

R4(config)#router bgp 100

R4(config-router)#neighbor 10.3.3.3 remote-as 200

R4(config-router)#bgp router-id 10.4.4.4

D.

R3(config)#router bgp 200

R3(config-router)#neighbor 10.24.24.4 remote-as 100

R3(config-router)#bgp router-id 10.3.3.3

R4(config)#router bgp 100

R4(config-router)#neighbor 10.24.24.3 remote-as 200

R4(config-router)#bgp router-id 10.4.4.4

Full Access
Question # 90

How can an engineer prevent basic replay attacks from people who try to brute force a system via REST API?

A.

Add a timestamp to the request In the API header.

B.

Use a password hash

C.

Add OAuth to the request in the API header.

D.

UseHTTPS

Full Access
Question # 91

Refer to the exhibit.

What are two reasons for IP SLA tracking failure? (Choose two )

A.

The destination must be 172 30 30 2 for icmp-echo

B.

A route back to the R1 LAN network is missing in R2.

C.

The source-interface is configured incorrectly.

D.

The default route has the wrong next hop IP address

E.

The threshold value is wrong

Full Access
Question # 92

When firewall capabilities are considered, which feature is found only in Cisco next-generation firewalls?

A.

malware protection

B.

stateful inspection

C.

traffic filtering

D.

active/standby high availability

Full Access
Question # 93

What is the function of cisco DNA center in a cisco SD-access deployment?

A.

It is responsible for routing decisions inside the fabric

B.

It is responsible for the design, management, deployment, provisioning and assurance of the fabric network devices.

C.

It possesses information about all endpoints, nodes and external networks related to the fabric

D.

It provides integration and automation for all nonfabric nodes and their fabric counterparts.

Full Access
Question # 94

Refer to the exhibit.

Which Python code snippet prints the descriptions of disabled interfaces only?

A)

B)

C)

D)

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Full Access
Question # 95

When is the Design workflow used In Cisco DNA Center?

A.

in a greenfield deployment, with no existing infrastructure

B.

in a greenfield or brownfield deployment, to wipe out existing data

C.

in a brownfield deployment, to modify configuration of existing devices in the network

D.

in a brownfield deployment, to provision and onboard new network devices

Full Access
Question # 96

What is the responsibility of a secondary WLC?

A.

It shares the traffic load of the LAPs with the primary controller.

B.

It avoids congestion on the primary controller by sharing the registration load on the LAPs.

C.

It registers the LAPs if the primary controller fails.

D.

It enables Layer 2 and Layer 3 roaming between Itself and the primary controller.

Full Access
Question # 97

What is a characteristic of Cisco StackWise technology?

A.

It uses proprietary cabling

B.

It supports devices that are geographically separated

C.

lt combines exactly two devices

D.

It is supported on the Cisco 4500 series.

Full Access
Question # 98

A network administrator is implementing a routing configuration change and enables routing debugs to track routing behavior during the change. The logging output on the terminal is interrupting the command typing process. Which two actions can the network administrator take to minimize the possibility of typing commands incorrectly? (Choose two.)

A.

Configure the logging synchronous global configuration command

B.

Configure the logging delimiter feature

C.

Configure the logging synchronous command under the vty

D.

Press the TAB key to reprint the command in a new line

E.

increase the number of lines on the screen using the terminal length command

Full Access
Question # 99

Refer to the exhibit.

Which configuration change ensures that R1 is the active gateway whenever it is in a functional state for the 172.30.110.0724 network?

A)

B)

C)

D)

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Full Access
Question # 100

An engineer must configure the strongest password authentication to locally authenticate on a router. Which configuration must be used?

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Full Access
Question # 101

Drag and drop the snippets onto the blanks within the code to construct a script that advertises the network prefix 192.168.5.0/24 into a BGP session. Not all options are used

Full Access
Question # 102

Refer to the exhibit.

The network administrator must be able to perform configuration changes when all the RADIUS servers are unreachable. Which configuration allows all commands to be authorized if the user has successfully authenticated?

A.

aaa authorization exec default group radius none

B.

aaa authentication login default group radius local none

C.

aaa authorization exec default group radius if-authenticated

D.

aaa authorization exec default group radius

Full Access
Question # 103

What are two considerations when using SSO as a network redundancy feature? (Choose two)

A.

both supervisors must be configured separately

B.

the multicast state is preserved during switchover

C.

must be combined with NSF to support uninterrupted Layer 2 operations

D.

must be combined with NSF to support uninterrupted Layer 3 operations

E.

requires synchronization between supervisors in order to guarantee continuous connectivity

Full Access
Question # 104

In a Cisco StackWise Virtual environment, which planes are virtually combined in the common logical switch?

A.

management and data

B.

control and management

C.

control, and forwarding

D.

control and data

Full Access
Question # 105

A client device roams between wireless LAN controllers that are mobility peers, Both controllers have dynamic interface on the same client VLAN which type of roam is described?

A.

intra-VLAN

B.

inter-controller

C.

intra-controller

D.

inter-subnet

Full Access
Question # 106

Which technology is used as the basis for the cisco sd-access data plane?

A.

IPsec

B.

LISP

C.

VXLAN

D.

802.1Q

Full Access
Question # 107

Which threat defence mechanism, when deployed at the network perimeter, protects against zero-day attacks?

A.

intrusion prevention

B.

stateful inspection

C.

sandbox

D.

SSL decryption

Full Access
Question # 108

Which two characteristics define the Intent API provided by Cisco DNA Center? (Choose two.)

A.

northbound API

B.

business outcome oriented

C.

device-oriented

D.

southbound API

E.

procedural

Full Access
Question # 109

Refer to the exhibit. Which command is required to verify NETCONF capability reply messages?

A.

show netconf | section rpc-reply

B.

show netconf rpc-reply

C.

show netconf xml rpc-reply

D.

show netconf schema | section rpc-reply

Full Access
Question # 110

Which element enables communication between guest VMs within a virtualized environment?

A.

hypervisor

B.

vSwitch

C.

virtual router

D.

pNIC

Full Access
Question # 111

Which NGFW mode block flows crossing the firewall?

A.

Passive

B.

Tap

C.

Inline tap

D.

Inline

Full Access
Question # 112

A network is being migrated from IPV4 to IPV6 using a dual-stack approach. Network management is already 100% IPV6 enabled. In a dual-stack network with two dual-stack NetFlow collections, how many flow exporters are needed per network device in the flexible NetFlow configuration?

A.

1

B.

2

C.

4

D.

8

Full Access
Question # 113

Refer to the exhibit.

An engineer must create a configuration that prevents R3from receiving the LSA about 172.16.1.4/32.Which configuration set achieves this goal?

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Full Access
Question # 114

Which two methods are used to interconnect two Cisco SD-Access Fabric sites? (Choose two.)

A.

SD-Access transit

B.

fabric interconnect

C.

wireless transit

D.

IP-based transit

E.

SAN transit

Full Access
Question # 115

In a Cisco SD-Access environment, which function is performed by the border node?

A.

Connect uteri and devices to the fabric domain.

B.

Group endpoints into IP pools.

C.

Provide reachability information to fabric endpoints.

D.

Provide connectivity to traditional layer 3 networks.

Full Access
Question # 116

An engineer is connected to a Cisco router through a Telnet session. Which command must be issued to view the logging messages from the current session as soon as they are generated by the router?

A.

logging buffer

B.

service timestamps log uptime

C.

logging host

D.

terminal monitor

Full Access
Question # 117

Refer to the exhibit.

R1 has a BGP neighborship with a directly connected router on interface Gi0/0.

Which command set is applied between the iterations of show ip bgp 2.2.2.2?

A.

R1(config)#router bgp 65001

R1(config-router)#neighbor 192.168.50.2 shutdown

B.

R1(config)#router bgp 65002

R1(config-router)#neighbor 192.168.50.2 shutdown

C.

R1(config)#no ip route 192.168.50.2 255.255.255.255 Gi0/0

D.

R1(config)#ip route 2.2.2.2 255.255.255.255 192.168.50.2

Full Access
Question # 118

In which two ways does the routing protocol OSPF differ from EIGRP? (Choose two.)

A.

OSPF supports an unlimited number of hops. EIGRP supports a maximum of 255 hops.

B.

OSPF provides shorter convergence time than EIGRP.

C.

OSPF is distance vector protocol. EIGRP is a link-state protocol.

D.

OSPF supports only equal-cost load balancing. EIGRP supports unequal-cost load balancing.

E.

OSPF supports unequal-cost load balancing. EIGRP supports only equal-cost load balancing.

Full Access
Question # 119

Which two pieces of information are necessary to compute SNR? (Choose two.)

A.

transmit power

B.

noise floor

C.

EIRP

D.

antenna gain

E.

RSSI

Full Access
Question # 120

Refer to the exhibit. Which router is elected as the VRRP primary virtual router?

A.

Router B

B.

Router D

C.

Router C

D.

Router A

Full Access
Question # 121

Refer to the exhibit. Which command set completes the ERSPAN session configuration?

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Full Access
Question # 122

Refer to the exhibit.

What is achieved by the XML code?

A.

It reads the access list sequence numbers from the output of the show ip access-list extended flp command into a dictionary list.

B.

It displays the output of the show ip access-list extended flp command on the terminal screen

C.

It displays the access list sequence numbers from the output of the show Ip access-list extended flp command on the terminal screen

D.

It reads the output of the show ip access-list extended flp command into a dictionary list.

Full Access
Question # 123

Refer to the exhibit.

A company has an internal wireless network with a hidden SSID and RADIUS-based client authentication for increased security. An employee attempts to manually add the company network to a laptop, but the laptop does not attempt to connect to the network. The regulatory domains of the access points and the laptop are identical. Which action resolves this issue?

A.

Ensure that the "Connect even if this network is not broadcasting" option is selected.

B.

Limit the enabled wireless channels on the laptop to the maximum channel range that is supported by the access points.

C.

Change the security type to WPA2-Personal AES.

D.

Use the empty string as the hidden SSID network name.

Full Access
Question # 124

Which router is elected the IGMP Querier when more than one router is in the same LAN segment?

A.

The router with the shortest uptime

B.

The router with the lowest IP address

C.

The router with the highest IP address

D.

The router with the longest uptime

Full Access
Question # 125

Which NTP mode must be activated when using a Cisco router as an NTP authoritative server?

A.

primary

B.

server

C.

broadcast client

D.

peer

Full Access
Question # 126

An engineer must implement a configuration to allow a network administrator to connect to the console port of a router and authenticate over the network. Which command set should the engineer use?

A.

aaa new-model

aaa authentication login default enable

B.

aaa new-model

aaa authentication login console local

C.

aaa new-model aaa authentication login console group radius

D.

aaa new-model

aaa authentication enable default

Full Access
Question # 127

Refer to the exhibit Which configuration enables password checking on the console line, using only a password?

A)

B)

C)

D)

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Full Access
Question # 128

Refer to the exhibit.

These commands have been added to the configuration of a switch Which command flags an error if it is added to this configuration?

A.

monitor session 1 source interface port-channel 6

B.

monitor session 1 source vlan 10

C.

monitor session 1 source interface FatEtheret0/1 x

D.

monitor session 1 source interface port-channel 7,port-channel8

Full Access
Question # 129

Which two features are available only in next-generation firewalls? (Choose two.)

A.

virtual private network

B.

deep packet inspection

C.

stateful inspection

D.

application awareness

E.

packet filtering

Full Access
Question # 130

How does Protocol Independent Multicast function?

A.

In sparse mode, it establishes neighbor adjacencies and sends hello messages at 5-second intervals.

B.

It uses the multicast routing table to perform the multicast forwarding function.

C.

It uses unicast routing information to perform the multicast forwarding function.

D.

It uses broadcast routing information to perform the multicast forwarding function.

Full Access
Question # 131

Which configuration restricts the amount of SSH traffic that a router accepts to 100 kbps?

A)

B)

C)

D)

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Full Access
Question # 132

Refer to the exhibit.

Why does OSPF fail to establish an adjacency between R1 and R2?

A.

authentication mismatch

B.

interface MTU mismatch

C.

area mismatch

D.

timers mismatch

Full Access
Question # 133

An engineer applies this EEM applet to a router:

What does the applet accomplish?

A.

It generates a syslog message every 600 seconds on the status of the specified MAC address.

B.

It checks the MAC address table every 600 seconds to see if the specified address has been learned.

C.

It compares syslog output to the MAC address table every 600 seconds and generates an event when there is a match.

D.

It compares syslog output to the MAC address table every 600 seconds and generates an event when no match is found.

Full Access
Question # 134

An engineer must protect the password for the VTY lines against over-the-shoulder attacks. Which configuration should be applied?

A.

service password-encryption

B.

username netadmin secret 9 $9$vFpMf8elb4RVV8$seZ/bDA

C.

username netadmin secret 7$1$42J36k33008Pyh4QzwXyZ4

D.

line vty 0 15 p3ssword XD822j

Full Access
Question # 135

What is the result when an active route processor fails that combines NSF with SSO?

A.

An NSF-capable device immediately updates the standby route processor RIB without churning the network.

B.

The standby route processor immediately takes control and forwards packets along known routes.

C.

An NSF-aware device immediately updates the standby route processor RIB without churning the network.

D.

The standby route processor temporarily forwards packets until route convergence is complete.

Full Access
Question # 136

Refer to the exhibit.

An engineer configures a new WLAN that will be used for secure communications; however, wireless clients report that they are able to communicate with each other. Which action resolves this issue?

A.

Enable Client Exclusions.

B.

Disable Aironet IE

C.

Enable Wi-Fi Direct Client Policy

D.

Enable P2P Blocking.

Full Access
Question # 137

In a Cisco StackWise Virtual environment, which planes are virtually combined in the common logical switch?

A.

control, and forwarding

B.

management and data

C.

control and management

D.

control and data

Full Access
Question # 138

Refer to the exhibit. An engines configured TACACS^ to authenticate remote users but the configuration is not working as expected Which configuration must be applied to enable access?

A)

B)

C)

D)

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Full Access
Question # 139

Refer to the exhibit. Which command filters the ERSPAN session packets only to interface GigabitEthernet1?

A.

source ip 10.10.10.1

B.

source interface gigabitethernet1 ip 10.10.10.1

C.

filter access-group 10

D.

destination ip 10.10.10.1

Full Access
Question # 140

In Cisco DNA Center, what is the integration API?

A.

southbound consumer-facing RESTful API. which enables network discovery and configuration management

B.

westbound interface, which allows the exchange of data to be used by ITSM. IPAM and reporting

C.

an interface between the controller and the network devices, which enables network discovery and configuration management

D.

northbound consumer-facing RESTful API, which enables network discovery and configuration management

Full Access
Question # 141

When a DNS host record is configured for a new Cisco AireOS WLC, which hostname must be added to allow APs to successfully discover the WLC?

A.

CONTROLLER-CAPWAP-CISCO

B.

CISCO-CONTROLLER-CAPWAP

C.

CAPWAP-CISCO-CONTROLLER

D.

CISCO-CAPWAP-CONTROLLER

Full Access
Question # 142

If AP power level is increased from 25 mW to 100 mW. what is the power difference in dBm?

A.

6 dBm

B.

14 dBm

C.

17 dBm

D.

20 dBm

Full Access
Question # 143

What does the statement print(format(0.8, '.0%')) display?

A.

80%

B.

8%

C.

.08%

D.

8.8%

Full Access
Question # 144

Drag and drop the characteristics from the left onto the switching mechanisms they describe on the right.

Full Access
Question # 145

Which free application has the ability to make REST calls against Cisco DNA Center?

A.

API Explorer

B.

REST Explorer

C.

Postman

D.

Mozilla

Full Access
Question # 146

the following system log message is presented after a network administrator configures a GRE tunnel:

%TUN-5-RECURDOWN Interface Tunnel 0 temporarily disabled due to recursive routing

Why is tunnel 0 disabled?

A.

Because dynamic routing is not enabled

B.

Because the tunnel cannot reach its tunnel destination

C.

Because the best path to the tunnel destination is through the tunnel itself

D.

Because the router cannot recursively identify its egress forwarding interface

Full Access
Question # 147

Refer to the exhibit.

Only administrators from the subnet 10.10.10.0/24 are permitted to have access to the router. A secure protocol must be used for the remote access and management of the router instead of clear-text protocols. Which configuration achieves this goal?

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Full Access
Question # 148

Refer to the exhibit.

An engineer configures a trunk between SW1 and SW2 but tagged packets are not passing. Which action fixes the issue?

A.

Configure SW1 with dynamic auto mode on interface FastEthernet0/1.

B.

Configure the native VLAN to be the same VLAN on both switches on interface FastEthernet0/1.

C.

Configure SW2 with encapsulation dot1q on interface FastEthernet0/1.

D.

Configure FastEthernet0/1 on both switches for static trunking.

Full Access
Question # 149

What is the rose of the vSmart controller in a Cisco SD-WN environment?

A.

it performs authentication and authorization

B.

it manages the control plane.

C.

it is the centralized network management system

D.

it manages the data plane

Full Access
Question # 150

Refer to the exhibit.

The OSPF neighborship fails between two routers. What is the cause of this issue?

A.

The OSPF router ID is missing on this router.

B.

The OSPF process is stopped on the neighbor router.

C.

There is an MTU mismatch between the two routers.

D.

The OSPF router ID is missing on the neighbor router.

Full Access
Question # 151

Which access control feature does MAB provide?

A.

user access based on IP address

B.

allows devices to bypass authenticate*

C.

network access based on the physical address of a device

D.

simultaneous user and device authentication

Full Access
Question # 152

What is one role of the VTEP in a VXLAN environment?

A.

to forward packets to non-LISP sites

B.

to encapsulate the tunnel

C.

to maintain VLAN configuration consistency

D.

to provide EID-to-RLOC mapping

Full Access
Question # 153

Refer to the exhibit Which two commands are required on route» R1 to block FTP and allow all other traffic from the Branch 2 network’ (Choose two)

A.

Option A

B.

Option B

C.

Option C

D.

Option D

E.

Option E

Full Access
Question # 154

How does Cisco Express Forwarding switching differ from process switching on Cisco devices?

A.

Cisco Express Forwarding switching uses adjacency tables built by the CDP protocol, and process switching uses the routing table.

B.

Cisco Express Forwarding switching uses dedicated hardware processors, and process switching uses the main processor.

C.

Cisco Express Forwarding swithing saves memory by storing adjacency tables in dedicated memory on the line cards, and process switching stores all tables in the main memory.

D.

Cisco Express Forwarding switching uses a proprietary protocol based on IS-IS for MAC address lookup, and process switching uses the MAC address table.

Full Access
Question # 155

Which component handles the orchestration plane of the Cisco SD-WAN?

A.

vBond

B.

cSmart

C.

vManage

D.

WAN Edge

Full Access
Question # 156

Simulation 02

Configure HSRP between DISTRO-SW1 and DISTRO-SW2 on VLAN 100 for hosts connected to ACCESS-SW1 to achieve these goals:

1. Configure group number 1 using the virtual IP address of 192.168.1.1/24.

2. Configure DlSTRO-SW1 as the active router using a priority value of 110 and DISTRO-SW2 as the standby router.

3. Ensure that DISTRO-SW2 will take over the active role when DISTRO-SW1 goes down, and when DISTRO-SW1 recovers, it automatically resumes the active role.

DISTRO-SW2

Full Access
Question # 157

Refer to the exhibit. What are two results of the NAT configuration? (Choose two.)

A.

Packets with a destination of 200.1.1.1 are translated to 10.1.1.1 or .2. respectively.

B.

A packet that is sent to 200.1.1.1 from 10.1.1.1 is translated to 209.165.201.1 on R1.

C.

R1 looks at the destination IP address of packets entering S0/0 and destined for inside hosts.

D.

R1 processes packets entering E0/0 and S0/0 by examining the source IP address.

E.

R1 is performing NAT for inside addresses and outside address.

Full Access
Question # 158

: 194

Refer to the exhibit.

Which type of antenna is shown on the radiation patterns?

A.

Yagi

B.

dipole

C.

patch

D.

omnidirectional

Full Access
Question # 159

What is difference between TCAM and the MAC address table?

A.

TCAM is used to make Lalyer 2 forwarding decisions CAM is used to build routing tables.

B.

The MAC address table supports partial matches .TCAM requires an exact match.

C.

The MAC address table is contained in CAM.ACL and QoS information is stored in TCAM.

D.

Router prefix lookups happens in CAM.MAC address table lookups happen in TCAM.

Full Access
Question # 160

Which A record type should be configured for access points to resolve the IP address of a wireless LAN controller using DNS?

A.

CISCO.CONTROLLER.localdomain

B.

CISCO.CAPWAP.CONTROLLER.localdomain

C.

CISCO-CONTROLLER.localdomain

D.

CISCO-CAPWAP-CONTROLLER.localdomain

Full Access
Question # 161

Refer to the exhibit.

Which action results from executing the Python script?

A.

display the output of a command that is entered on that device in a single line

B.

SSH to the IP address that is manually entered on that device

C.

display the output of a command that is entered on that device

D.

display the unformatted output of a command that is entered on that device

Full Access
Question # 162

Drag and drop the characteristics from the left onto the deployment models on the right Not all options are used.

Full Access
Question # 163

Which tool is used in Cisco DNA Center to build generic configurations that are able to be applied on device with similar network settings?

A.

Command Runner

B.

Template Editor

C.

Application Policies

D.

Authentication Template

Full Access
Question # 164

Why would a customer implement an on-premises solution instead of a cloud solution?

A.

On-premises Offers greater compliance for government regulations than cloud

B.

On-premises offers greater scalability than cloud.

C.

On-premises oilers shorter deployment time than cloud.

D.

On-premises is more secure man cloud.

Full Access
Question # 165

Refer to the exhibit.

An engineer must assign an IP address of 192.168.1.1/24 to the GigabitEtherenet1 interface. Which two commands must be added to the existing configuration to accomplish this task? (Choose two.)

A.

Router(config-vrf)#ip address 192.168.1.1 255.255.255.0

B.

Router(config-vrf)#address-family ipv4

C.

Router(config-if)#address-family ipv4

D.

Router(config-vrf)#address-family ipv6

E.

Router(config-if)#ip address 192.168.1.1 255.255.255.0

Full Access
Question # 166

How do stratum levels relate to the distance from a time source?

A.

Stratum 1 devices are connected directly to an authoritative time source.

B.

Stratum 15 devices are connected directly to an authoritative time source

C.

Stratum 0 devices are connected directly to an authoritative time source.

D.

Stratum 15 devices are an authoritative time source.

Full Access
Question # 167

Which solution supports end to end line-rate encryption between two sites?

A.

IPsec

B.

TrustSec

C.

MACseC

D.

GRE

Full Access
Question # 168

Refer to the exhibit. An engineer must allow the FTP traffic from users on 172.16.1.0 /24 to 172.16.2.0 /24 and block all other traffic. Which configuration must be applied?

A)

B)

C)

D)

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Full Access
Question # 169

By default, which virtual MAC address does HSRP group 22 use?

A.

c0:42:01:67:05:16

B.

c0:07:0c:ac:00:22

C.

00:00:0c:07:ac:16

D.

00:00:0c:07:ac:22

Full Access
Question # 170

Which technology is the Cisco SD-Access control plane based on?

A.

LISP

B.

CTS

C.

SGT

D.

VRF

Full Access
Question # 171

Refer to the exhibit. What is the result of this Python code?

A.

1

B.

0

C.

7

D.

7.5

Full Access
Question # 172

Drag and drop the characteristics from the left onto the architectures on the right.

Full Access
Question # 173

In which way are EIGRP and OSPF similar?

A.

They both support unequal-cost load balancing

B.

They both support MD5 authentication for routing updates.

C.

They nave similar CPU usage, scalability, and network convergence times.

D.

They both support autosummarization

Full Access
Question # 174

Which tag defines the roaming domain and properties of an AP deployment?

A.

RF tag

B.

policy tag

C.

site tag

D.

AP tag

Full Access
Question # 175

A script contains the statement "while loop != 999:" Which value terminates the loop?

A.

A value equal to 999.

B.

A value less than or equal to 999.

C.

A value not equal to 999.

D.

A value greater than or equal to 999.

Full Access
Question # 176

Which function is performed by vSmart in the Cisco SD-WAN architecture?

A.

distribution of IPsec keys

B.

Redistribution between OMP and other routing protocols

C.

facilitation of NAT detection and traversal

D.

execution of localized policies

Full Access
Question # 177

What are two characteristics of vManage APIs? (Choose two.)

A.

Southbound API is based on OMP and DTLS.

B.

Northbound API is RESTful, using JSON.

C.

Northbound API is based on RESTCONF and JSON.

D.

Southbound API is based on NETCONF and XML.

E.

Southbound API is based on RESTCONF and JSON.

Full Access
Question # 178

Drag and drop the characteristics from the left onto the corresponding infrastructure deployment models on the right.

Full Access
Question # 179

Which of the following security methods uses physical characteristics of a person to authorize access to a location?

A.

Access control vestibule

B.

Palm scanner

C.

PIN pad

D.

Digital card reader

E.

Photo ID

Full Access
Question # 180

Which security option protects credentials train snifter attacks in a basic API authentication?

A.

TLS of SSL for communication

B.

next-generation firewall

C.

VPN connection between client and server

D.

AAA services to authenticate the API

Full Access
Question # 181

What is the purpose of the weight attribute in an EID-lo-RLOC mapping?

A.

it indicates the preference for using LISP over native IP connectivity.

B.

it determines the administrative distance of LISP generated routes in the RIB

C.

It identifies the preferred RLOC address family.

D.

it indicates the load-balancing ratio between CTRs of 9m earns priority.

Full Access
Question # 182

Which behavior can be expected when the HSRP versions is changed from 1 to 2?

A.

Each HSRP group reinitializes because the virtual MAC address has changed.

B.

No changes occur because version 1 and 2 use the same virtual MAC OUI.

C.

Each HSRP group reinitializes because the multicast address has changed.

D.

No changes occur because the standby router is upgraded before the active router.

Full Access
Question # 183

Refer to the exhibit.

Which command « required to validate that an IP SLA configuration matches the traffic between the branch office and the central site?

A.

R1# show ip sla configuration

B.

R1# show Ip sla group schedule

C.

RI1# show Ip route

D.

R1# show ip sla statistics

Full Access
Question # 184

A network engineer must configure the VTY lines on a router to achieve these results:

  • Remote access should be permitted for all feasible protocols.
  • Only a password should be required for device authentication.
  • All idle EXEC sessions must be terminated in 60 minutes.

Which configuration should be applied?

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Full Access
Question # 185

Simulation 09

Full Access
Question # 186

Which mechanism can be used to enforce network access authentication against an AAA server if the endpoint does not support the 802.1X supplicant functionality?

A.

private VLANs

B.

port security

C.

MAC Authentication Bypass

D.

MACsec

Full Access
Question # 187

Refer to the exhibit. Which action automatically enables privilege exec mode when logging in via SSH?

A.

Configure user "Cisco" with privilege level 15.

B.

Configure a password under the line configuration.

C.

Configure privilege level 15 under the line configuration.

D.

Configure the enable secret to be the same as the secret for user 'Cisco*.

Full Access
Question # 188

Which solution should be used in a high-density wireless environment to increase bandwidth for each user?

A.

Increase antenna size

B.

Increase the mandatory minimum data rate.

C.

Increase the cell size of each AP.

D.

Increase TX power.

Full Access
Question # 189

What is the purpose of a data modeling language?

A.

to establish a framework to process data by using an object-oriented programming approach

B.

to specify the rules for transcoding between text and binary data encodings

C.

to standardize the procedures that are executed when parsing sent and received data

D.

to describe the structure and meaning of exchanged data

Full Access
Question # 190

Refer to the exhibit.

Which address type is 10.10.10.10 configured for?

A.

inside global

B.

outside local

C.

outside global

D.

inside local

Full Access
Question # 191

In a wireless network environment, what is calculated using the numencal values of the transmitter power level, cable loss, and antenna gain?

A.

EIRP

B.

RSSI

C.

SNR

D.

bBi

Full Access
Question # 192

A customer has two Cisco WLCs that manage separate APs throughout a building. Each WLC advertises the same SSID but terminates on different interfaces. Users report that they drop their connections and change IP addresses when roaming. Which action resolves this issue?

A.

Enable client toad balancing.

B.

Enable fast roaming.

C.

Configure high availability.

D.

Configure mobility groups.

Full Access
Question # 193

What is a characteristic of a traditional WAN?

A.

low complexity and high overall solution scale

B.

centralized reachability, security, and application policies

C.

operates over DTLS and TLS authenticated and secured tunnels

D.

united data plane and control plane

Full Access
Question # 194

How do OSPF and EIGKP compare?

A.

OSPF and EIGRP us© the same administrative distance.

B.

Both OSPF and EIGRP use the concept of areas.

C.

EIGRP shows an known routes, and OSPF shows successor and feasible successor routes.

D.

EIGRP shows successor and feasible successor routes, and OSPF shows all known routes.

Full Access
Question # 195

In a campus network design, what ate two benefits of using BFD tor failure detection? (Choose two.)

A.

BFD provides path failure detection in less than a second.

B.

BFD is an efficient way to reduce memory and CPU usage.

C.

BFD provides fault tolerance by enabling multiple routers to appear as a single virtual router.

D.

BFD speeds up routing convergence time.

E.

BFD enables network peers to continue forwarding packets in the event of a restart.

Full Access
Question # 196

Which DNS lookup does an access point perform when attempting CAPWAP discovery?

A.

CISCO-DNA-CONTROLLER local

B.

CAPWAP-CONTROLLER local

C.

CISCO-CONTROLLER local

D.

CISCO-CAPWAP-CONTROLLER local

Full Access
Question # 197

Which method requires a client to authenticate and has the capability to function without encryption?

A.

open

B.

WEP

C.

WebAuth

D.

PSK

Full Access
Question # 198

Drag and drop the automation characteristics from the left onto the corresponding tools on the right. Not all options are used.

Full Access
Question # 199

Why would a small or mid-size business choose a cloud solution over an on-premises solution?

A.

Cloud provides higher data security than on-premises.

B.

Cloud provides more control over the implementation process than on-premises.

C.

Cloud provides greater ability for customization than on-premises.

D.

Cloud provides lower upfront cost than on-premises.

Full Access
Question # 200

Which device, in a LISP routing architecture, receives LISP map requests and determines which ETR should handle the map request?

A.

proxy ETR

B.

routing locator

C.

map server

D.

map resolver

Full Access
Question # 201

When a branch location loses connectivity, which Cisco FlexConnect state rejects new users but allows existing users to function normally?

A.

Authentication-Down / Switch-Local

B.

Authentication-Down / Switching-Down

C.

Authentication-Local / Switch-Local

D.

Authentication-Central f Switch-Local

Full Access
Question # 202

What is a benefit of yang?

A.

It enforces configuration constraints.

B.

It enables multiple leaf statements to exist within a leaf list.

C.

It enforces the use of a specific encoding format for NETCONF.

D.

It collects statistical constraint analysis information.

Full Access
Question # 203

An engineer must configure GigabitEthernet 0/0 for VRRP group 65. The rouler must assume the primary rote when it has the highest priority in the group. Which command set must be applied?

A)

B)

C)

D)

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Full Access
Question # 204

Drag and drop the characteristics from the left onto the deployment models on the right.

Full Access
Question # 205

A network administrator wants to install new VoIP switches in a small network closet but is concerned about the current heat level of the room. Which of the following should the administrator take into consideration before installing the new equipment?

A.

The power load of the switches

B.

The humidity in the room

C.

The fire suppression system

D.

The direction of airflow within the switches

Full Access
Question # 206

Refer to the exhibit Users cannot reach the web server at 192.168 100 1. What is the root cause for the failure?

A.

The server is attempting to load balance between links 10.100 100.1 and 10 100.200.1.

B.

The server is out of service.

C.

There is a loop in the path to the server.

D.

The gateway cannot translate the server domain name.

Full Access
Question # 207

An engineer plans to use Python to convert text files that contain device information lo JSON. Drag and drop the code snippets from the bottom onto the blanks in the code to construct the request. Not all options are used.

Full Access
Question # 208

What is a characteristic of Layer 3 roaming?

A.

It provides seamles roaming between APs that are connected to different Layer 3 networks and different mobility groups.

B.

It is only supported on controllers that run SSO.

C.

It provides seamless client roaming between APs in different Layer 3 networks but within the same mobility group

D.

Clients must obtain a new IP address when they roam between APs

Full Access
Question # 209

Relet lo Ibe exhibit.

An ertgineer must modify the existing configuration so that R2 can take over as the primary router when serial interface 0/0.1 on R1 goes down. Whtch command must the engineer apply''

A.

R2W standby 100 track 26 decrement 10

B.

R2# standby 100 preempt

C.

R2# track 26 interface SerialWO.1 line-protocol

D.

R2# standby 100 priority 100

Full Access
Question # 210

Which mobility role is assigned to a client in the client table of the new controller after a Layer 3 roam?

A.

anchor

B.

foreign

C.

mobility

D.

transparent

Full Access
Question # 211

Which RF value represents the decline of the RF signal amplitude over a given distance?

A.

signal-to-noise ration

B.

effective isotropic racketed power

C.

free space path loss

D.

received signal strength indicator

Full Access
Question # 212

What function does VXLAN perform in a Cisco SD-Access deployment?

A.

data plane forwarding

B.

control plane forwarding

C.

systems management and orchestration

D.

policy plane forwarding

Full Access
Question # 213

Refer to the exhibit.

Which statement is needed to complete the EEM applet and use the Tel script to store the backup file?

A.

action 2.0 cli command "write_backup.tcl tcl"

B.

action 2.0 cli command "flash:write_backup.tcl"

C.

action 2.0 cli command "write_backup.tcl"

D.

action 2.0 cli command "telsh flash:write_backup.tcl"

Full Access
Question # 214

Which solution simplifies management ot secure access to network resources?

A.

RFC 3580-based solution to enable authenticated access leveraging RADIUS and AV pairs

B.

TrustSec to logically group internal user environments and assign policies

C.

802.1AE to secure communication in the network domain

D.

ISE to automate network access control leveraging RADIUS AV pairs

Full Access
Question # 215

Which method ensures the confidentiality ot data exchanged over a REST API?

A.

Use the POST method instead of URL-encoded GET to pass parameters.

B.

Encode sensitive data using Base64 encoding.

C.

Deploy digest-based authentication to protect the access to the API.

D.

Use TLS to secure the underlying HTTP session.

Full Access
Question # 216

Which of the following attacks becomes more effective because of global leakages of users' passwords?

A.

Dictionary

B.

Brute-force

C.

Phishing

D.

Deauthentication

Full Access
Question # 217

What is a characteristic of the Cisco DMA Center Template Editor feature?

A.

It facilitates software upgrades lo network devices from a central point.

B.

It facilitates a vulnerability assessment of the network devices.

C.

It provides a high-level overview of the health of every network device.

D.

It uses a predefined configuration through parameterized elements or variables.

Full Access
Question # 218

Drag and drop the code snippets from the bottom onto the blanks in the code to construct a request that configures a deny rule on an access list?

Full Access
Question # 219

What is a characteristics of traffic shaping?

A.

can be applied in both traffic direction

B.

queues out-of-profile packets until the buffer is full

C.

drops out-of-profile packets

D.

causes TCP retransmits when packet are dropped

Full Access
Question # 220

A network administrator is designing a new network for a company that has frequent power spikes. The company wants to ensure that employees can the best solution for the administrator to recommend?

A.

Generator

B.

Cold site

C.

Redundant power supplies

D.

Uninterruptible power supply

Full Access
Question # 221

Refer to the exhibit.

Which action must be taken to configure a WLAN for WPA2-AES with PSK and allow only 802.l1r-capable clients to connect?

A.

Change Fast Transition to Adaptive Enabled and enable FT * PSK

B.

Enable Fast Transition and FT + PSK.

C.

Enable Fast Transition and PSK

D.

Enable PSK and FT + PSK.

Full Access
Question # 222

Refer to the exhibit. The DevOps team noticed missing NetFlow data during peak utilization times for remote branches. Which configuration allows for this issue to be minimized or resolved?

A.

Configure NetFlow on the in and outbound directions.

B.

Change the transport type from UDP to TCP.

C.

Configure long byte counters when specifying a flow record.

D.

Change the flow monitor to IPv6 from IPv4.

Full Access
Question # 223

Drag and drop the descriptions from the left onto the routing protocols they describe on the right.

Full Access
Question # 224

Which template is used when multiple templates are grouped together to run in succession in Cisco DNA Center?

A.

composite

B.

regular

C.

project

D.

configuration

Full Access
Question # 225

Refer to the exhibit. Which two commands are needed to allow for full reachability between AS 1000 and AS 2000? (Choose two)

A.

R1#network 192.168.0.0 mask 255.255.0.0

B.

R2#no network 10.0.0.0 255.255.255.0

C.

R2#network 192.168.0.0 mask 255.255.0.0

D.

R2#network 209.165.201.0 mask 255.255.192.0

E.

R1#no network 10.0.0.0 255.255.255.0

Full Access
Question # 226

“HTTP/1.1 204 content” is returned when cur –I –x delete command is issued. Which situation has occurred?

A.

The object could not be located at the URI path.

B.

The command succeeded in deleting the object

C.

The object was located at the URI, but it could not be deleted.

D.

The URI was invalid

Full Access
Question # 227

Which AP mode allows an engineer to scan configured channels for rogue access points?

A.

sniffer

B.

monitor

C.

bridge

D.

local

Full Access
Question # 228

A network engineer configures a new GRE tunnel and enters the show run command. What does the output verify?

A.

The tunnel will be established and work as expected

B.

The tunnel destination will be known via the tunnel interface

C.

The tunnel keepalive is configured incorrectly because they must match on both sites

D.

The default MTU of the tunnel interface is 1500 byte.

Full Access
Question # 229

A company plans to implement intent-based networking in its campus infrastructure. Which design facilities a migrate from a traditional campus design to a programmer fabric designer?

A.

Layer 2 access

B.

three-tier

C.

two-tier

D.

routed access

Full Access
Question # 230

What is the difference between CEF and process switching?

A.

CEF processes packets that are too complex for process switching to manage.

B.

CEF is more CPU-intensive than process switching.

C.

CEF uses the FIB and the adjacency table to make forwarding decisions, whereas process switching punts each packet.

D.

Process switching is faster than CEF.

Full Access
Question # 231

Refer to me exhibit. What is the cause of the log messages?

A.

hello packet mismatch

B.

OSPF area change

C.

MTU mismatch

D.

IP address mismatch

Full Access
Question # 232

Which two methods are used to reduce the AP coverage area? (Choose two)

A.

Reduce channel width from 40 MHz to 20 MHz

B.

Disable 2.4 GHz and use only 5 GHz.

C.

Reduce AP transmit power.

D.

Increase minimum mandatory data rate

E.

Enable Fastlane

Full Access
Question # 233

Refer to the exhibit.

Security policy requires all idle-exec sessions to be terminated in 600 seconds. Which configuration achieves this goal?

A.

line vty 0 15

absolute-timeout 600

B.

line vty 0 15

exec-timeout

C.

line vty 01 5

exec-timeout 10 0

D.

line vty 0 4

exec-timeout 600

Full Access
Question # 234

Drag and drop the wireless elements on the left to their definitions on the right.

Full Access
Question # 235

Which two operations are valid for RESTCONF? (Choose two.)

A.

HEAD

B.

REMOVE

C.

PULL

D.

PATCH

E.

ADD

F.

PUSH

Full Access
Question # 236

Which measure is used by an NTP server to indicate its closeness to the authoritative time source?

A.

latency

B.

hop count

C.

time zone

D.

stratum

Full Access
Question # 237

Refer to the exhibit. What does the error message relay to the administrator who is trying to configure a Cisco IOS device?

A.

A NETCONF request was made for a data model that does not exist.

B.

The device received a valid NETCONF request and serviced it without error.

C.

A NETCONF message with valid content based on the YANG data models was made, but the request failed.

D.

The NETCONF running datastore is currently locked.

Full Access
Question # 238

What are two benefits of YANG? (Choose two.)

A.

It enforces the use of a specific encoding format for NETCONF.

B.

It collects statistical constraint analysis information.

C.

It enables multiple leaf statements to exist within a leaf list.

D.

It enforces configuration semantics.

E.

It enforces configuration constraints.

Full Access
Question # 239

Refer to the exhibit.

An engineer must modify the access control list EGRESS to allow all IP traffic from subnet 10.1.10.0/24 to 10.1.2.0/24. The access control list is applied in the outbound direction on router interface GigabitEthemet 0/1. Which configuration commands can the engineer use to allow this traffic without disrupting existing traffic flows?

A)

B)

C)

D)

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Full Access
Question # 240

Refer to the exhibit.

Based on the configuration in this WLAN security setting, Which method can a client use to authenticate to the network?

A.

text string

B.

username and password

C.

certificate

D.

RADIUS token

Full Access
Question # 241

When a wireless client roams between two different wireless controllers, a network connectivity outage is experience for a period of time. Which configuration issue would cause this problem?

A.

Not all of the controllers in the mobility group are using the same mobility group name.

B.

Not all of the controllers within the mobility group are using the same virtual interface IP address.

C.

All of the controllers within the mobility group are using the same virtual interface IP address.

D.

All of the controllers in the mobility group are using the same mobility group name.

Full Access
Question # 242

Wireless users report frequent disconnections from the wireless network. While troubleshooting a network engineer finds that after the user a disconnect, the connection re-establishes automatically without any input required. The engineer also notices these message logs .

Which action reduces the user impact?

A.

increase the AP heartbeat timeout

B.

increase BandSelect

C.

enable coverage hole detection

D.

increase the dynamic channel assignment interval

Full Access
Question # 243

What is the differences between TCAM and the MAC address table?

A.

The MAC address table is contained in TCAM ACL and QoS information is stored in TCAM

B.

The MAC address table supports partial matches. TCAM requires an exact match

C.

Router prefix lookups happens in CAM. MAC address table lookups happen in TCAM.

D.

TCAM is used to make Layer 2 forwarding decisions CAM is used to build routing tables

Full Access
Question # 244

Which characteristic distinguishes Ansible from Chef?

A.

Ansible lacs redundancy support for the master server. Chef runs two masters in an active/active mode.

B.

Ansible uses Ruby to manage configurations. Chef uses YAML to manage configurations.

C.

Ansible pushes the configuration to the client. Chef client pulls the configuration from the server.

D.

The Ansible server can run on Linux, Unix or Windows. The Chef server must run on Linux or Unix.

Full Access
Question # 245

Which features does Cisco EDR use to provide threat detection and response protection?

A.

containment, threat intelligence, and machine learning

B.

firewalling and intrusion prevention

C.

container-based agents

D.

cloud analysis and endpoint firewall controls

Full Access
Question # 246

Drag and drop the characteristics from the left onto the appropriate infrastructure deployment types on the right.

Full Access
Question # 247

Refer to the exhibit. A network engineer must configure a password expiry mechanism on the gateway router for all local passwords to expire after 60 days. What is required to complete this task?

A.

The password expiry mechanism is on the AAA server and must be configured there.

B.

Add the aaa authentication enable default Administrators command.

C.

Add the username admin privilege 15 common-criteria*policy Administrators password 0 Cisco13579! command.

D.

No further action Is required. The configuration is complete.

Full Access
Question # 248

Refer to the exhibit.

After implementing the configuration 172.20.20.2 stops replaying to ICMP echoes, but the default route fails to be removed. What is the reason for this behavior?

A.

The source-interface is configured incorrectly.

B.

The destination must be 172.30.30.2 for icmp-echo

C.

The default route is missing the track feature

D.

The threshold value is wrong.

Full Access
Question # 249

Refer to the exhibit. An engineer has configured Cisco ISE to assign VLANs to clients based on their method of authentication, but this is not working as expected. Which action will resolve this issue?

A.

require a DHCP address assignment

B.

utilize RADIUS profiling

C.

set a NAC state

D.

enable AAA override

Full Access
Question # 250

What is a benefit of data modeling languages like YANG?

A.

They enable programmers to change or write their own application within the device operating system.

B.

They create more secure and efficient SNMP OIDs.

C.

They make the CLI simpler and more efficient.

D.

They provide a standardized data structure, which results in configuration scalability and consistency.

Full Access
Question # 251

What is the output of this code?

A.

username Cisco

B.

get_credentials

C.

username

D.

CISCO

Full Access
Question # 252

Refer to the exhibit.

SwitchC connects HR and Sales to the Core switch However, business needs require that no traffic from the Finance VLAN traverse this switch Which command meets this requirement?

A)

B)

C)

D)

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Full Access
Question # 253

What is a consideration when designing a Cisco SD-Access underlay network?

A.

End user subnets and endpoints are part of the underlay network.

B.

The underlay switches provide endpoint physical connectivity for users.

C.

Static routing is a requirement,

D.

It must support IPv4 and IPv6 underlay networks

Full Access
Question # 254

Which two mechanisms are available to secure NTP? (Choose two.)

A.

IP prefix list-based

B.

IPsec

C.

TACACS-based authentication

D.

IP access list-based

E.

Encrypted authentication

Full Access
Question # 255

What is the function of a fabric border node in a Cisco SD-Access environment?

A.

To collect traffic flow information toward external networks

B.

To connect the Cisco SD-Access fabric to another fabric or external Layer 3 networks

C.

To attach and register clients to the fabric

D.

To handle an ordered list of IP addresses and locations for endpoints in the fabric.

Full Access
Question # 256

Refer to the exhibit. An engineer is investigating why guest users are able to access other guest user devices when the users are connected to the customer guest WLAN. What action resolves this issue?

A.

implement MFP client protection

B.

implement split tunneling

C.

implement P2P blocking

D.

implement Wi-Fi direct policy

Full Access
Question # 257

Refer to the exhibit. Which configuration must be applied to R to enable R to reach the server at 172.16.0.1?

A)

B)

C)

D)

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Full Access
Question # 258

How is MSDP used to interconnect multiple PIM-SM domains?

A.

MSDP depends on BGP or multiprotocol BGP for mterdomam operation

B.

MSDP SA request messages are used to request a list of active sources for a specific group

C.

SDP allows a rendezvous point to dynamically discover active sources outside of its domain

D.

MSDP messages are used to advertise active sources in a domain

Full Access
Question # 259

Which line must be added in the Python function to return the JSON object {"cat_9k": “FXS193202SE")?

A)

B)

C)

D)

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Full Access
Question # 260

What is the data policy in a Cisco SD-WAN deployment?

A.

list of ordered statements that define node configurations and authentication used within the SD-WAN overlay

B.

Set of statements that defines how data is forwarded based on IP packet information and specific VPNs

C.

detailed database mapping several kinds of addresses with their corresponding location

D.

group of services tested to guarantee devices and links liveliness within the SD-WAN overlay

Full Access
Question # 261

Which AP mode allows an engineer to scan configured channels for rogue access points?

A.

sniffer

B.

monitor

C.

bridge

D.

local

Full Access
Question # 262

A network engineer configures BGP between R1 and R2. Both routers use BGP peer group CORP and are set up to use MD5 authentication. This message is logged to the console of router R1:

Which two configuration allow peering session to from between R1 and R2? Choose two.)

A.

R1(config-router)#neighbor 10.10.10.1 peer-group CORP R1(config-router)#neighbor CORP password Cisco

B.

R2(config-router)#neighbor 10.120.10.1 peer-group CORP R2(config-router)#neighbor CORP password Cisco

C.

R2(config-router)#neighbor 10.10.10.1 peer-group CORP R2(config-router)#neighbor PEER password Cisco

D.

R1(config-router)#neighbor 10.120.10.1 peer-group CORP R1(config-router)#neighbor CORP password Cisco

E.

R2(config-router)#neighbor 10.10.10.1 peer-group CORP R2(config-router)#neighbor CORP password Cisco

Full Access
Question # 263

What is a fact about Cisco EAP-FAST?

A.

It does not require a RADIUS server certificate.

B.

It requires a client certificate.

C.

It is an IETF standard.

D.

It operates in transparent mode.

Full Access
Question # 264

Refer to the exhibit.

An engineer configures monitoring on SW1 and enters the show command to verify operation. What does the output confirm?

A.

SPAN session 1 monitors activity on VLAN 50 of a remote switch

B.

SPAN session 2 only monitors egress traffic exiting port FastEthernet 0/14.

C.

SPAN session 2 monitors all traffic entering and exiting port FastEthernet 0/15.

D.

RSPAN session 1 is incompletely configured for monitoring

Full Access
Question # 265

What is the purpose of the LISP routing and addressing architecture?

A.

It creates two entries for each network node, one for Its identity and another for its location on the network.

B.

It allows LISP to be applied as a network visualization overlay though encapsulation.

C.

It allows multiple Instances of a routing table to co-exist within the same router.

D.

It creates head-end replication used to deliver broadcast and multicast frames to the entire network.

Full Access
Question # 266

In an SD-Access solution what is the role of a fabric edge node?

A.

to connect external Layer 3- network to the SD-Access fabric

B.

to connect wired endpoint to the SD-Access fabric

C.

to advertise fabric IP address space to external network

D.

to connect the fusion router to the SD-Access fabric

Full Access
Question # 267

Refer to the exhibit. Which configuration change will force BR2 to reach 209 165 201 0/27 via BR1?

A.

Set the weight attribute to 65.535 on BR1 toward PE1.

B.

Set the local preference to 150 on PE1 toward BR1 outbound

C.

Set the MED to 1 on PE2 toward BR2 outbound.

D.

Set the origin to igp on BR2 toward PE2 inbound.

Full Access
Question # 268

While configuring an IOS router for HSRP with a virtual IP of 10 1.1.1. an engineer sees this log message.

Which configuration change must the engineer make?

A.

Change the HSRP group configuration on the local router to 1.

B.

Change the HSRP virtual address on the local router to 10.1.1.1.

C.

Change the HSRP virtual address on the remote router to 10.1.1.1.

D.

Change the HSRP group configuration on the remote router to 1.

Full Access
Question # 269

Refer to the exhibit.

Assuming the WLC's interfaces are not in the same subnet as the RADIUS server, which interface would the WLC use as the source for all RADIUS-related traffic?

A.

the interface specified on the WLAN configuration

B.

any interface configured on the WLC

C.

the controller management interface

D.

the controller virtual interface

Full Access
Question # 270

Refer to the exhibit.

Which configuration allows Customer2 hosts to access the FTP server of Customer1 that has the IP address of 192.168.1.200?

A.

ip route vrf Customerl 172.16.1.0 255.255.255.0 172.16.1.1 global

ip route vrf Customer 192.168.1.200 255.255.255.255 192.168.1.1 global

ip route 192.168.1.0 255.255.255.0 VlanlO

ip route 172.16.1.0 255.255.255.0 Vlan20

B.

ip route vrf Customerl 172.16.1.0 255.255.255.0 172.16.1.1 Customer2

ip route vrf Customer 192.168.1.200 255.255.255.255 192.168.1.1 Customerl

C.

ip route vrf Customerl 172.16.1.0 255.255.255.0 172.16.1.1 Customerl

ip route vrf Customer 192.168.1.200 255.255.255.255 192.168.1.1 Customer2

D.

ip route vrf Customerl 172.16.1.1 255.255.255.255 172.16.1.1 global

ip route vrf Customer 192.168.1.200 255.255.255.0 192.168.1.1 global

ip route 192.168.1.0 255.255.255.0 VlanlO

ip route 172.16.1.0 255.255.255.0 Vlan20

Full Access
Question # 271

Refer to the exhibit.

An engineer must deny Telnet traffic from the loopback interface of router R3 to the loopback interface of router R2 during the weekend hours. All other traffic between the loopback interfaces of routers R3 and R2 must be allowed at all times. Which command accomplish this task?

A)

B)

C)

D)

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Full Access
Question # 272

Drag and drop the DHCP messages that are exchanged between a client and an AP into the order they are exchanged on the right.

Full Access
Question # 273

In cisco SD_WAN, which protocol is used to measure link quality?

A.

OMP

B.

BFD

C.

RSVP

D.

IPsec

Full Access
Question # 274

Which three methods does Cisco DNA Centre use to discover devices? (Choose three)

A.

CDP

B.

SNMP

C.

LLDP

D.

ping

E.

NETCONF

F.

a specified range of IP addresses

Full Access
Question # 275

What is a characteristic of a next-generation firewall?

A.

only required at the network perimeter

B.

required in each layer of the network

C.

filters traffic using Layer 3 and Layer 4 information only

D.

provides intrusion prevention

Full Access
Question # 276

An engineer must configure HSRP group 300 on a Cisco IOS router. When the router is functional, it must be the must be the active HSRP router. The peer router has been configured using the default priority value. Which command set is required?

A)

B)

C)

D)

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Full Access
Question # 277

Drag and drop the descriptions from the left onto the QoS components on the right.

Full Access
Question # 278

What is the recommended MTU size for a Cisco SD-Access Fabric?

A.

1500

B.

9100

C.

4464

D.

17914

Full Access