New CCNP and CCIE Enterprise Core 350-401 ENCOR Free Questions

350-401 ENCOR exam is a new Cisco Enterprise exam, if you want to pass this exam and start for your CCNP and CCIE Enterprise certification, PassQuestion offers you 350-401 ENCOR real exam questions to practice, you can do the excises in the following New CCNP and CCIE Enterprise Core 350-401 ENCOR Free Questions.

Implementing Cisco Enterprise Network Core Technologies v1.0 (ENCOR 350-401) exam is a 120-minute exam associated with the CCNP® Enterprise, CCIE® Enterprise Infrastructure, CCIE Enterprise Wireless, and Cisco Certified Specialist – Enterprise Core certifications. This exam tests a candidate’s knowledge of implementing core enterprise network technologies including dual stack (IPv4 and IPv6) architecture, virtualization, infrastructure, network assurance, security and automation.

View CCNP and CCIE Enterprise Core 350-401 ENCOR Free Questions Online

1. What is a benefit of data modeling languages like YANG?

They enable programmers to change or write their own application within the device operating system.

They create more secure and efficient SNMP OIDs.

They make the CLI simpler and more efficient.

They provide a standardized data structure, which results in configuration scalability and consistency

2. A customer has several small branches and wants to deploy a WI-FI solution with local management using CAPWAP.

Which deployment model meets this requirement?

Autonomous

Mobility express

SD-Access wireless

Local mode

3. Which statement about agent-based versus agentless configuration management tools is true?

Agentless tools require no messaging systems between master and slaves.

Agentless tools use proxy nodes to interface with slave nodes.

Agent-based tools do not require a high-level language interpreter such as Python or Ruby on slave nodes.

Agent-based tools do not require installation of additional software packages on the slave nodes.

4. On which protocol or technology is the fabric data plane based in Cisco SD-Access fabric?

LISP

IS-IS

Cisco TrustSec

VXLAN

5. When using TLS for syslog, which configuration allows for secure and reliable transportation of messages to its default port?

logging host 10.2.3.4 vrf mgmt transport tcp port 6514

logging host 10.2.3.4 vrf mgmt transport udp port 6514

logging host 10.2.3.4 vrf mgmt transport tcp port 514

logging host 10.2.3.4 vrf mgmt transport udp port 514

6. A client device fails to see the enterprise SSID, but other devices are connected to it.

What is the cause of this issue?

The hidden SSID was not manually configured on the client.

The broadcast SSID was not manually configured on the client.

The client has incorrect credentials stored for the configured hidden SSID.

The client has incorrect credentials stored for the configured broadcast SSID.

7. Which function does a fabric edge node perform in an SD-Access deployment?

Connects the SD-Access fabric to another fabric or external Layer 3 networks

Connects endpoints to the fabric and forwards their traffic

Provides reachability border nodes in the fabric underlay

Encapsulates end-user data traffic into LISP.

8. Which two methods are used by an AP that is typing to discover a wireless LAN controller? (Choose two.)

Cisco Discovery Protocol neighbor

broadcasting on the local subnet

DNS lookup cisco-DNA-PRIMARY. Local domain

DHCP Option 43

querying other APs

9. Which statement describes the IP and MAC allocation requirements for virtual machines on types hypervisors?

Each virtual machine requires a unique IP and MAC addresses to be able to reach to other nodes.

Each virtual machine requires a unique IP address but shares the MAC address with the physical server

Each virtual machines requires a unique IP address but shares the MAC address with the address of the physical server.

Each virtual machine requires a unique MAC address but shares the IP address with the physical server.

10. Which LISP infrastructure device provides connectivity between non-sites and LISP sites by receiving non-LISP traffic with a LISP site destination?

PETR

PITR

map resolver

map server

11. What are two characteristics of Cisco SD-Access elements? (Choose two)

Fabric endpoints are connected directly to the border node

The border node is required for communication between fabric and nonfabric devices

The control plane node has the full RLOC-to-EID mapping database

Traffic within the fabric always goes through the control plane node

The border node has the full RLOC-to-EID mapping database

12. Refer to the exhibit.

An engineer must assign an IP address of 192.168.1.1/24 to the GigabitEthemet1 interface.

Which two commands must be added to the existing configuration to accomplish this task? (Choose two)

Router(config-vrf)#address-family ipv6

Router(config-if)#ip address 192.168.1.1 255.255.255.0

Router(config-vrf)#ip address 192.168.1.1 255.255.255.0

Router(config-if)#address-family ipv4

Router(config-vrf)#address-family ipv4

13. What is the data policy in a Cisco SD-WAN deployment?

list of ordered statements that define node configurations and authentication used within the SD-WAN overlay

Set of statements that defines how data is forwarded based on IP packet information and specific VPNs

detailed database mapping several kinds of addresses with their corresponding location

group of services tested to guarantee devices and links liveliness within the SD -WAN overlay

14. Refer to the exhibit.

Which action resolves the EtherChannel issue between SW2 and SW3?

Configure switchport mode trunk on SW2

Configure switchport nonegotiate on SW3

Configure channel-group 1 mode desirable on both interfaces

Configure channel-group 5 mode active on both interfaces

15. Refer to the exhibit.

A network engineer configures OSPF and reviews the router configuration.

Which interface or interfaces are able to establish OSPF adjacency?

GigabitEthemet0/1 and GigabitEthernet0/1.40

Gigabit Ethernet0/0 and GigabitEthemet0/1

only GigabitEthernet0/0

only GigabitEthernet0/1

16. Refer to the exhibit.

What step resolves the authentication issue?

restart the vsmart host

target 192.168.100.82 in the URI

change the port to 12446

use basic authentication

17. Refer to the exhibit.

A network engineer must simplify the IPsec configuration by enabling IPsec over GRE using IPsec profiles.

Which two configuration changes accomplish this? (Choose two)

Apply the crypto map to the tunnel interface and change the tunnel mode to tunnel mode ipsec ipv4

Remove all configuration related to crypto map from R1 and R2 and eliminate the ACL 100

Remove the crypto map and modify the ACL to allow traffic between 10.10.0.0/24 to 10.20.0.0/24

Create an IPsec profile, associate the transform-set, and apply the profile to the tunnel interface

18. Which encryption hashing algorithm does NTP use for authentication?

SSL

AES256

AES128

MD5

19. What is a VPN in a Cisco SD-WAN deployment?

virtual channel used to carry control plane information

attribute to identify a set of services offered in specific places in the SD -WAN fabric

common exchange point between two different services

virtualized environment that provides traffic isolation and segmentation in the SD -WAN fabric

20. Drag and drop the characteristic from the left onto the orchestration tools that they describe on the right.

21. Refer to the exhibit.

Communication between London and New York is down.

Which command set must be applied to resolve this issue?

Option A

Option B

Option C

Option D

22. What is an emulated machine that has dedicated compute, memory, and storage resources and a fully installed operating system?

host

virtual machine

container

mainframe

23. Which two methods are used to reduce the AP coverage area? (Choose two)

Reduce AP transmit power

Increase minimum mandatory data rate

Reduce channel width from 40 MHz to 20 MHz

Enable Fastlane

Disable 2.4 GHz and use only 5 GHz

24. Which data is properly formatted with JSON?

Option A

Option B

Option C

Option D

Option A

Option B

Option C

Option D

25. Drag and drop the descriptions of the VSS technology from the left to the right. Not all options are used.

26. Refer to the exhibit.

All switches are configured with the default port priority value.

Which two commands ensure that traffic from PC1 is forwarded over Gi1/3 trunk port between DWS1 and DSW2? (Choose two)

DWS1(config-if)#spanning-tree port-priority 0

DSW2(config-if)#spanning-tree port-priority 16

DSW1(config-if)#interface gi1/3

DSW2(config-if)#interface gi1/3

DSW2(config-if)#spanning-tree port-priority 128

27. In a three-tier hierarchical campus network design, which action is a design best-practice for the core layer?

provide QoS prioritization services such as marking, queueing, and classification for critical network traffic

provide advanced network security features such as 802. IX, DHCP snooping, VACLs, and port security

provide redundant Layer 3 point-to-point links between the core devices for more predictable and faster convergence

provide redundant aggregation for access layer devices and first-hop redundancy protocols such as VRRP

28. Which two network problems indicate a need to implement QoS in a campus network? (Choose two)

port flapping

misrouted network packets

excess jitter

bandwidth-related packet loss

duplicate IP addresses

29. In a Cisco SD-Access solution, what is the role of the Identity Services Engine?

It provides GUI management and abstraction via apps that share context.

It is leveraged for dynamic endpoint to group mapping and policy definition.

It is used to analyze endpoint to app flows and monitor fabric status.

It manages the LISP EID database.

30. A customer has completed the installation of a Wi-Fi 6 greenfield deployment at their new campus. They want to leverage Wi-Fi 6 enhanced speeds on the trusted employee WLAN. To configure the employee WLAN, which two Layer 2 security policies should be used? (Choose two)

WPA (AES)

WPA2 (AES) + WEP

802.1X

OPEN

31. Which outcome is achieved with this Python code?

client.connect (ip, port=22,username=usr, password=pswd)

stdin, stdout, stderr = client.exec_command(‘show ip bgp 192.168.10100 bestpathn’)

print(stdout)

displays the output of the show command in a formatted way

connects to a Cisco device using SSH and exports the routing table information

connects to a Cisco device using Telnet and exports the routing table information

connects to a Cisco device using SSH and exports the BGP table for the prefix

32. What is YANG used for?

scraping data via CLI

providing a transport for network configuration data between client and server

processing SNMP read-only polls

describing data models

33. Refer to the exhibit.

Which configuration change ensures that R1 is the active gateway whenever it is in a functional state for the 172.30.110.0/24 network?

Option A

Option B

Option C

Option D

34. Refer to the exhibit.

Which JSON syntax is derived from this data?

Option A

Option B

Option C

Option D

35. An engineer creates the configuration below.

Drag and drop the authentication methods from the left into the order of priority on the right. Not all options are used.

36. Refer to the exhibit.

Which two facts does the device output confirm? (Choose two)

The device is using the default HSRP hello timer

The standby device is configured with the default HSRP priority

The device’s HSRP group uses the virtual IP address 10.0.3.242.

The device is configured with the default HSRP priority

The device sends unicast messages to its peers

37. Based on the output below, which Python code shows the value of the “upTime” key?

Option A

Option B

Option C

Option D

38. Which two actions, when applied in the LAN network segment, will facilitate Layer 3 CAPWAP discovery for lightweight AP? (Choose two)

Utilize DHCP option 17

Utilize DHCP option 43

Configure WLC IP address on LAN switch

Enable port security on the switch port

Configure an ip helper-address on the router interface

39. Refer to the exhibit.

Which configuration must be applied to R1 to enable R1 to reach the server at 172.16.0.1?

Option A

Option B

Option C

Option D

40. The following system log message is presented after a network administrator configures a GRE tunnel:

Why is Tunnel 0 disabled?

Because the tunnel cannot reach its tunnel destination

Because the best path to the tunnel destination is through the tunnel itself

Because dynamic routing is not enabled

Because the router cannot recursively identify its egress forwarding interface

41. What is provided by the Stealth watch component of the Cisco Cyber Threat Defense solution?

real-time threat management to stop DDoS attacks to the core and access networks

real-time awareness of users, devices and traffic on the network

malware control

dynamic threat control for web traffic

42. How does Protocol Independent Multicast function?

It uses unicast routing information to perform the multicast forwarding function.

It uses the multicast routing table to perform the multicast forwarding function.

In sparse mode it establishes neighbor adjacencies and sends hello messages at 5 -second intervals.

It uses broadcast routing information to perform the multicast forwarding function.

43. Under which network conditions is an outbound QoS policy that is applied on a router WAN interface most beneficial?

under all network conditions

under network convergence conditions

under interface saturation conditions

under traffic classification and marking conditions

44. Which technology does VXLAN use to provide segmentation for Layer 2 and Layer 3 traffic?

bridge domain

VLAN

VRF

VNI

45. A company has an existing Cisco 5520 HA cluster using SSO. An engineer deploys a new single Cisco Catalyst 9800 WLC to test new features. The engineer successfully configures a mobility tunnel between the 5520 cluster and 9800 WLC. Clients connected to the corporate WLAN roam seamlessly between access points on the 5520 and 9800 WLC. After a failure on the primary 5520 WLC, all WLAN services remain functional; however clients cannot roam between the 5520 and 9800 controllers without dropping their connection.

Which feature must be configured to remedy the issue?

mobility MAC on the 5520 cluster

mobility MAC on the 9800 WLC

new mobility on the 5520 cluster

new mobility on the 9800 WLC

46. What are two methods of ensuring that the multicast RPF check passes without changing the unicast routing table? (Choose two)

disabling BGP routing protocol

implementing static mroutes

disabling the interface of the router back to the multicast source

implementing MBGP

implementing OSPF routing protocol

47. What is the result when an active route processor fails in a design that combines NSF with SSO?

An NSF-aware device immediately updates the standby route processor RIB without churning the network

The standby route processor temporarily forwards packets until route convergence is complete

An NSF-capable device immediately updates the standby route processor RIB without churning the network

The standby route processor immediately takes control and forwards packets along known routes

48. What is a benefit of a virtual machine when compared with a physical server?

Deploying a virtual machine is technically less complex than deploying a physical server.

Virtual machines increase server processing performance.

The CPU and RAM resources on a virtual machine cannot be affected by other virtual machines.

Multiple virtual servers can be deployed on the same physical server without having to buy additional hardware.

49. What is the wireless received signal strength indicator?

The value of how strong the wireless signal is leaving the antenna using transmit power, cable loss, and antenna gain

The value given to the strength of the wireless signal received compared to the noise level

The value of how much wireless signal is lost over a defined amount of distance

The value of how strong a tireless signal is receded, measured in dBm

50. Which controller is capable of acting as a STUN server during the onboarding process of Edge devices?

vManage

vSmart

vBond

PNP server

51. What is the process for moving a virtual machine from one host machine to another with no downtime?

live migration

disaster recovery

high availability

multisite replication

52. What are two features of NetFlow flow monitoring? (Choose two)

Can track ingress and egress information

Include the flow record and the flow importer

Copies all ingress flow information to an interface

Does not required packet sampling on interfaces

Can be used to track multicast, MPLS, or bridged traffic

53. Which method should an engineer use to deal with a long-standing contention issue between any two VMs on the same host?

Adjust the resource reservation limits

Reset the host

Reset the VM

Live migrate the VM to another host

54. What is the recommended MTU size for a Cisco SD-Access Fabric?

4464

9100

1500

17914

55. What does the number in an NTP stratum level represent?

The number of hops it takes to reach the master time server.

The amount of drift between the device clock and true time.

The amount of offset between the device clock and true time.

The number of hops it takes to reach the authoritative time source.

56. Refer to the exhibit.

R1(config)#ip sla 1

R1(config-ip-sla)#icmp-echo 172.20.20.2 source-interface FastEthernet1/0 R1(config-ip-sla-echo)#timeout 5000 R1(config-ip-sla-echo)#frequency 10

R1(config-ip-sla-echo)#threshold 500

R1(config)#ip sla schedule 1 start-time now life forever

R1(config)#track 10 ip sla 1 reachability

R1(config)#ip route 0.0.0.0 0.0.0.0 172.20.20.2

After implementing the configuration 172.20.20.2 stops replaying to ICMP echoes, but the default route fails to be removed.

What is the reason for this behavior?

The source-interface is configured incorrectly.

The destination must be 172.30.30.2 for icmp-echo

The default route is missing the track feature

The threshold value is wrong

57. Refer to the exhibit.

Which type of antenna is show on the radiation patterns?

Dipole

Yagi

Patch

Omnidirectional

58. Drag and drop characteristics of PIM dense mode from the left to the right.

59. Refer to the exhibit.

Edge-01

track 10 interface GigabitEthernet0/0 line-protocol

!

interface GigabitEthernet0/1

ip address 10.104.110.2 255.255.255.0

vrrp 10 ip 10.104.110.100

vrrp 10 priority 120

Edge-02

interface GigabitEthernet0/1

ip address 10.104.110.3 255.255.255.0

vrrp 10 ip 10.104.110.100

Object tracking has been configured for VRRP enabled routers Edge-01 and Edge-02.

Which commands cause Edge-02 to preempt Edge-01 in the event that interface G0/0 goes down on Edge-01?

Option A

Edge-01(config)#interface G0/1

Edge-01(config-if)#vrrp 10 track 10

decrement 10

Option B

Edge-02(config)#interface G0/1

Edge-02(config-if)#vrrp 10 track 10

decrement 30

Option C

Edge-02(config)#interface G0/1

Edge-02(config-if)#vrrp 10 track 10

decrement 10

Option D

Edge-01(config)#interface G0/1

Edge-01(config-if)#vrrp 10 track 10

decrement 30

Option A

Option B

Option C

Option D

60. Which protocol is implemented to establish secure control plane adjacencies between Cisco SD-WAN nodes?

IKE

DTLS

IPsec

ESP

61. Refer to the exhibit.

What is the effect of introducing the sampler feature into the Flexible NetFlow configuration on the router?

NetFlow updates to the collector are sent 50% less frequently.

Every second IPv4 packet is forwarded to the collector for inspection.

CPU and memory utilization are reduced when compared with what is required for full NetFlow.

The resolution of sampling data increases, but it requires more performance from the router.

62. When does a stack master lose its role?

When the priority value of a stack member is changed to a higher value

When a switch with a higher priority is added to the stack

When the stack master is reset

When a stack member fails

63. What is the calculation that is used to measure the radiated power of a signal after it has gone through the radio, antenna cable, and antenna?

dBi

dBm

EIRP

64. After a redundant route processor failure occurs on a Layer 3 device, which mechanism allows for packets to be forwarded from a neighboring router based on the most recent tables?

RPVST+

RP failover

BFD

NSF

65. What is the differences between TCAM and the MAC address table?

Router prefix lookups happens in CA

MAC address table lookups happen in TCAM

The MAC address table supports partial matches. TCAM requires an exact match

The MAC address table is contained in CA

ACL and QoS information is stored in TCAM

TCAM is used to make Layer 2 forwarding decisions. CAM is used to build routing tables

66. Which two southbound interfaces originate from Cisco DNA Center and terminate at fabric underlay switches? (Choose two)

UDP 67: DHCP

ICMP: Discovery

TCP 23: Telnet

UDP 162: SNMP

UDP 6007: NetFlow

67. What is the function of a control-plane node in a Cisco SD-Access solution?

to connect APs and wireless endpoints to the SD-Access fabric

to connect external Layer 3 networks to the SD Access fabric

to implement policies and communicate with networks outside the fabric

to run a mapping system that manages endpoint to network device relationships

68. Refer to the exhibit.

What is the result when a switch that is running PVST+ is added to this network?

Spanning tree is disabled automatically on the network

DSW2 operates in Rapid PVST+ and the new switch operates in PVST+

Both switches operate in the PVST+ mode

Both switches operate in the Rapid PVST+ mode

69. What is a characteristic of a next-generation firewall?

required in each layer of the network

filters traffic using Layer 3 and Layer 4 information only

only required at the network perimeter

provides intrusion prevention

70. Which measure is used by an NTP server to indicate its closeness to the authoritative time source?

stratum

hop count

time zone

latency

71. Which two results occur if Cisco DNA Center loses connectivity to devices in the SD – Access fabric? (Choose two)

All devices reload after detecting loss of connection to Cisco DNA Center

Already connected users are unaffected, but new users cannot connect

Users lose connectivity

Cisco DNA Center is unable to collect monitoring data in Assurance

User connectivity is unaffected

72. Which two components are supported by LISP? (Choose two)

proxy ETR

HMAC algorithm

route reflector

egress tunnel router

spoke

73. Drag and drop the virtual component from the left onto their descriptions on the right.

74. How does EIGRP differ from OSPF?

EIGRP is more prone to routing loops than OSPF

EIGRP supports equal or unequal path cost, and OSPF supports only equal path cost.

EIGRP has a full map of the topology, and OSPF only knows directly connected neighbors

EIGRP uses more CPU and memory than OSPF

75. Refer to the exhibit.

What does the output confirm about the switch’s spanning tree configuration?

The spanning-tree mode stp ieee command was entered on this switch

The spanning-tree operation mode for this switch is PVST

The spanning-tree operation mode for this switch is IEEE

The spanning-tree operation mode for this switch is PVST+

76. A customer has recently implemented a new wireless infrastructure using WLC -5520S at a site directly next to a large commercial airport Users report that they intermittently lose Wi-Fi connectivity, and troubleshooting reveals it is due to frequent channel changes.

Which two actions fix this issue? (Choose two)

Remove UNII-2 and Extended UNII-2 channels from the 5 GHz channel list

Restore the DCA default settings because this automatically avoids channel interference

Disable DFS channels to prevent interference with Doppler radar

Enable DFS channels because they are immune to radar interference

Configure channels on the UNII-2 and the Extended UNII-2 sub-bands of the 5 GHz band only

77. What is a characteristic of para-virtualization?

Para-virtualization guest servers are unaware of one another

Para-virtualization allows direct access between the guest OS and the hypervisor

Para-virtualization lacks support for containers

Para-virtualization allows the host hardware to be directly accessed

78. Drag and drop the characteristics from the left onto the QoS components they describe on the right.

79. A customer requests a network design that supports these requirements:

* FHRP redundancy

* multivendor router environment

* IPv4 and IPv6 hosts

Which protocol does the design include?

GLBP

VRRP version 2

VRRP version 3

HSRP version 2

80. Refer to the exhibit.

What happens to access interfaces where VLAN 222 is assigned?

They are placed into an inactive state

A description “RSPAN” is added

STP BPDU guard is enabled

They cannot provide PoE

81. Which solution do IaaS service providers use to extend a Layer 2 segment across a Layer 3 network?

VXLAN

VTEP

VLAN

VRF

82. What is a characteristic of MACsec?

802.1AE provides encryption and authentication services

802.1AE is built between the host and switch using the MKA protocol, which negotiates encryption keys based on the master session key from a successful 802.1X session

802.1AE is built between the host and switch using the MKA protocol using keys generated via the Diffie-Hellman algorithm (anonymous encryption mode)

802.1AE is negotiated using Cisco AnyConnect NAM and the SAP protocol

83. Which unit measures the power of a radio signal with reference to 1 milliwatt?

dBw

dBi

dBm

84. A company plans to implement intent-based networking in its campus infrastructure.

Which design facilities a migrate from a traditional campus design to a programmer fabric designer?

Layer 2 access

three-tier

two-tier

routed access

85. Which benefit is offered by a cloud infrastructure deployment but is lacking in an on-premises deployment?

efficient scalability

virtualization

storage capacity

supported systems

86. What is a benefit of deploying an on-premises infrastructure versus a cloud infrastructure deployment?

faster deployment times because additional infrastructure does not need to be purchased

lower latency between systems that are physically located near each other

less power and cooling resources needed to run infrastructure on-premises

ability to quickly increase compute power without the need to install additional hardware

87. What are two reasons a company would choose a cloud deployment over an on-prem deployment? (Choose two)

Cloud deployments require long implementation times due to capital expenditure processes. OnPrem deployments can be accomplished quickly using operational expenditure processes

Cloud costs adjust up or down depending on the amount of resources consumed. On- Prem costs for hardware, power, and space are ongoing regardless of usage

In a cloud environment, the company controls technical issues. On-prem environments rely on the service provider to resolve technical issue

Cloud resources scale automatically to an increase in demand. On-prem requires additional capital expenditure

In a cloud environment, the company is in full control of access to their data. On-prem risks access to data due to service provider outages

88. In a Cisco Catalyst switch equipped with two supervisor modules an administrator must temporally remove the active supervisor from the chassis to perform hardware maintenance on it.

Which mechanism ensure that the active supervisor removal is not disruptive to the network operation?

NSF/NSR

SSO

HSRP

VRRP

89. Which PAgP mode combination prevents an EtherChannel from forming?

auto/auto

desirable/desirable

auto/desirable

desirable

90. Refer to the exhibit.

A port channel is configured between SW2 and SW3. SW2 is not running Cisco operating system. When all physical connections are made, the port channel does not establish.

Based on the configuration excerpt of SW3, what is the cause of the problem?

The port channel on SW2 is using an incompatible protocol

The port-channel trunk is not allowing the native VLAN

The port-channel should be set to auto

The port-channel interface lead balance should be set to src-mac

91. Refer to the exhibit.

After an engineer configures an EtherChannel between switch SW1 and switch SW2, this error message is logged on switch SW2.

Based on the output from SW1 and the log message received on Switch SW2, what action should the engineer take to resolve this issue?

Configure the same protocol on the EtherChannel on switch SW1 and SW2.

Connect the configuration error on interface Gi0/1 on switch SW1.

Define the correct port members on the EtherChannel on switch SW1.

Correct the configuration error on interface Gi0/0 switch SW1.

92. Refer to exhibit.

VLANs 50 and 60 exist on the trunk links between all switches. All access ports on SW3 are configured for VLAN 50 and SW1 is the VTP server.

Which command ensures that SW3 receives frames only from VLAN 50?

SW1(config)#vtp pruning

SW3(config)#vtp mode transparent

SW2(config)#vtp pruning

SW1(config)#vtp mode transparent

93. Refer to the exhibit.

SwitchC connects HR and Sales to the Core switch. However, business needs require that no traffic from the Finance VLAN traverse this switch.

Which command meets this requirement?

SwitchC(config)#vtp pruning

SwitchC(config)#vtp pruning vlan 110

SwitchC(config)#interface port-channel 1
SwitchC(config-if)#switchport trunk allowed vlan add 210,310

SwitchC(config)#interface port-channel 1
SwitchC(config-if)#switchport trunk allowed vlan remove 110

94. Refer to the exhibit.

Company policy restricts VLAN 10 to be allowed only on SW1 and SW2. All other VLANs can be on all three switches. An administrator has noticed that VLAN 10 has propagated to SW3.

Which configuration corrects the issue?

SW2(config)#interface gi1/2
SW2(config)#switchport trunk allowed vlan 10

SW1(config)#interface gi1/1
SW1(config)#switchport trunk allowed vlan 1-9,11-4094

SW2(config)#interface gi1/1
SW2(config)#switchport trunk allowed vlan 10

SW2(config)#interface gi1/2
SW2(config)#switchport trunk allowed vlan 1-9,11-4094

95. Which function does a fabric edge node perform in an SD-Access deployment?

Connects the SD-Access fabric to another fabric or external Layer 3 networks

Connects endpoints to the fabric and forwards their traffic

Provides reachability border nodes in the fabric underlay

Encapsulates end-user data traffic into LIS

96. Which action is the vSmart controller responsible for in an SD-WAN deployment?

onboard vEdge nodes into the SD-WAN fabric

distribute security information for tunnel establishment between vEdge routers

manage, maintain, and gather configuration and status for nodes within the SD -WAN fabric

gather telemetry data from vEdge routers

97. Which statement about a Cisco APIC controller versus a more traditional SDN controller is true?

APIC uses a policy agent to translate policies into instructions

APIC supports OpFlex as a Northbound protocol

APIC does support a Southbound REST API

APIC uses an imperative model

98. What the role of a fusion in an SD-Access solution?

provides connectivity to external networks

acts as a DNS server

performs route leaking between user-defined virtual networks and shared services

provides additional forwarding capacity to the fabric

99. Which statement about a fabric access point is true?

It is in local mode and must be connected directly to the fabric border node

It is in FlexConnect mode and must be connected directly to the fabric border node

It is in local mode an must connected directly to the fabric edge switch

It is in FlexConnect mode and must be connected directly to the fabric edge switch

100. On which protocol or technology is the fabric data plane based in Cisco SD -Access fabric?

LISP

IS-IS

Cisco TrustSec

VXLAN

101. Which description of an SD-Access wireless network infrastructure deployment is true?

The access point is part of the fabric underlay

The WLC is part of the fabric underlay

The access point is part the fabric overlay

The wireless client is part of the fabric overlay

102. Which controller is the single plane of management for Cisco SD-WAN?

vBond

vEdge

vSmart

vManage

103. When a wired client connects to an edge switch in an SDA fabric, which component decides whether the client has access to the network?

control-plane node

Identity Service Engine

RADIUS server

edge node

104. What are two device roles in Cisco SD-Access fabric? (Choose two)

core switch

vBond controller

edge node

access switch

border node

105. Which component handles the orchestration plane of the Cisco SD-WAN?

vBond

vSmart

vManage

vEdge

106. In an SD-Access solution what is the role of a fabric edge node?

to connect external Layer 3- network to the SD-Access fabric

to connect wired endpoint to the SD-Access fabric

to advertise fabric IP address space to external network

to connect the fusion router to the SD-Access fabric

107. What is the role of the vsmart controller in a Cisco SD-WAN environment?

IT performs authentication and authorization

It manages the control plane.

It is the centralized network management system.

It manages the data plane.

108. In a Cisco SD-WAN solution, how is the health of a data plane tunnel monitored?

with IP SLA

ARP probing

using BFD

with OMP

109. Which technology is used to provide Layer 2 and Layer 3 logical networks in the Cisco SD – Access architecture?

underlay network

overlay network

VPN routing/forwarding

easy virtual network

110. Drag and drop the solutions that comprise Cisco Cyber Threat Defense from the left onto the objectives they accomplish on the right.

111. What are two characteristics of Cisco SD-Access elements? (Choose two)

Fabric endpoints are connected directly to the border node

The border node is required for communication between fabric and nonfabric devices

The control plane node has the full RLOC-to-EID mapping database

Traffic within the fabric always goes through the control plane node

The border node has the full RLOC-to-EID mapping database

112. Refer to the exhibit.

An engineer must assign an IP address of 192.168.1.1/24 to the GigabitEthemet1 interface.

Which two commands must be added to the existing configuration to accomplish this task? (Choose two)

Router(config-vrf)#address-family ipv6

Router(config-if)#ip address 192.168.1.1 255.255.255.0

Router(config-vrf)#ip address 192.168.1.1 255.255.255.0

Router(config-if)#address-family ipv4

Router(config-vrf)#address-family ipv4

113. What is the data policy in a Cisco SD-WAN deployment?

list of ordered statements that define node configurations and authentication used within the SD-WAN overlay

Set of statements that defines how data is forwarded based on IP packet information and specific VPNs

detailed database mapping several kinds of addresses with their corresponding location

group of services tested to guarantee devices and links liveliness within the SD -WAN overlay

114. Refer to the exhibit.

Which action resolves the EtherChannel issue between SW2 and SW3?

Configure switchport mode trunk on SW2

Configure switchport nonegotiate on SW3

Configure channel-group 1 mode desirable on both interfaces

Configure channel-group 1 mode active on both interfaces

115. Refer to the exhibit.

A network engineer configures OSPF and reviews the router configuration.

Which interface or interfaces are able to establish OSPF adjacency?

GigabitEthemet0/1 and GigabitEthernet0/1.40

Gigabit Ethernet0/0 and GigabitEthemet0/1

only GigabitEthernet0/0

only GigabitEthernet0/1

116. Refer to the exhibit.

What step resolves the authentication issue?

restart the vsmart host

target 192.168.100.82 in the URI

change the port to 12446

use basic authentication

117. Refer to the exhibit.

A network engineer must simplify the IPsec configuration by enabling IPsec over GRE using IPsec profiles.

Which two configuration changes accomplish this? (Choose two)

Apply the crypto map to the tunnel interface and change the tunnel mode to tunnel mode ipsec ipv4

Remove all configuration related to crypto map from R1 and R2 and eliminate the ACL 100

Remove the crypto map and modify the ACL to allow traffic between 10.10.0.0/24 to 10.20.0.0/24

Create an IPsec profile, associate the transform-set, and apply the profile to the tunnel interface

118. Which encryption hashing algorithm does NTP use for authentication?

SSL

AES256

AES128

MD5

119. What is a VPN in a Cisco SD-WAN deployment?

virtual channel used to carry control plane information

attribute to identify a set of services offered in specific places in the SD -WAN fabric

common exchange point between two different services

virtualized environment that provides traffic isolation and segmentation in the SD -WAN fabric

120. Drag and drop the characteristic from the left onto the orchestration tools that they describe on the right.

121. Refer to the exhibit.

Communication between London and New York is down.

Which command set must be applied to resolve this issue?

Option A

Option B

Option C

Option D

122. What is an emulated machine that has dedicated compute, memory, and storage resources and a fully installed operating system?

host

virtual machine

container

mainframe

123. Which two methods are used to reduce the AP coverage area? (Choose two)

Reduce AP transmit power

Increase minimum mandatory data rate

Reduce channel width from 40 MHz to 20 MHz

Enable Fastlane

Disable 2.4 GHz and use only 5 GHz

124. Which data is properly formatted with JSON?

Option A

Option B

Option C

Option D

Option A

Option B

Option C

Option D

125. Drag and drop the descriptions of the VSS technology from the left to the right. Not all options are used.

126. Refer to the exhibit.

How to make DSW1 the primary root for VLAN 10? (Choose two)

DWS1(config-if)#spanning-tree port-priority 0

DSW2(config-if)#spanning-tree port-priority 16

DSW1(config-if)#interface gi1/3

DSW2(config-if)#interface gi1/3

DSW2(config-if)#spanning-tree port-priority 128

127. In a three-tier hierarchical campus network design, which action is a design best-practice for the core layer?

provide QoS prioritization services such as marking, queueing, and classification for critical network traffic

provide advanced network security features such as 802. IX, DHCP snooping, VACLs, and port security

provide redundant Layer 3 point-to-point links between the core devices for more predictable and faster convergence

provide redundant aggregation for access layer devices and first-hop redundancy protocols such as VRRP

128. Which two network problems indicate a need to implement QoS in a campus network? (Choose two)

port flapping

misrouted network packets

excess jitter

bandwidth-related packet loss

duplicate IP addresses

129. In a Cisco SD-Access solution, what is the role of the Identity Services Engine?

It provides GUI management and abstraction via apps that share context.

It is leveraged for dynamic endpoint to group mapping and policy definition.

It is used to analyze endpoint to app flows and monitor fabric status.

It manages the LISP EID database.

130. A customer has completed the installation of a Wi-Fi 6 greenfield deployment at their new campus. They want to leverage Wi-Fi 6 enhanced speeds on the trusted employee WLAN.

To configure the employee WLAN, which two Layer 2 security policies should be used? (Choose two)

WPA (AES)

WPA2 (AES) + WEP

802.1X

OPEN

131. Which outcome is achieved with this Python code?

client.connect (ip, port=22,username=usr,password=pswd)

stdin,stdout,stderr = client.exec_command(‘show ip bgp 192.168.10100 bestpathn’)

print(stdout)

displays the output of the show command in a formatted way

connects to a Cisco device using SSH and exports the routing table information

connects to a Cisco device using Telnet and exports the routing table information

connects to a Cisco device using SSH and exports the BGP table for the prefix

132. What is YANG used for?

scraping data via CLI

providing a transport for network configuration data between client and server

processing SNMP read-only polls

describing data models

133. Refer to the exhibit.

Which configuration change ensures that R1 is the active gateway whenever it is in a functional state for the 172.30.110.0/24 network?

Option A

Option B

Option C

Option D

134. Refer to the exhibit.

Which JSON syntax is derived from this data?

Option A

Option B

Option C

Option D

135. An engineer creates the configuration below.

Drag and drop the authentication methods from the left into the order of priority on the right. Not all options are used.

136. Refer to the exhibit.

Which two facts does the device output confirm? (Choose two)

The device is using the default HSRP hello timer

The standby device is configured with the default HSRP priority

The device‟s HSRP group uses the virtual IP address 10.0.3.242.

The device is configured with the default HSRP priority

The device sends unicast messages to its peers

137. Based on the output below, which Python code shows the value of the “upTime” key?

Option A

Option B

Option C

Option D

138. Which two actions, when applied in the LAN network segment, will facilitate Layer 3 CAPWAP discovery for lightweight AP? (Choose two)

Utilize DHCP option 17

Utilize DHCP option 43

Configure WLC IP address on LAN switch

Enable port security on the switch port

Configure an ip helper-address on the router interface

139. Refer to the exhibit.

Which configuration must be applied to R1 to enable R1 to reach the server at 172.16.0.1?

Option A

Option B

Option C

Option D

140. The following system log message is presented after a network administrator configures a GRE tunnel:

Why is Tunnel 0 disabled?

Because the tunnel cannot reach its tunnel destination

Because the best path to the tunnel destination is through the tunnel itself

Because dynamic routing is not enabled

Because the router cannot recursively identify its egress forwarding interface

141. After a redundant route processor failure occurs on a Layer 3 device, which mechanism allows for packets to be forwarded from a neighboring router based on the most recent tables?

RPVST+

RP failover

BFD

NSF

142. What is the differences between TCAM and the MAC address table?

Router prefix lookups happens in CA

MAC address table lookups happen in TCAM

The MAC address table supports partial matches. TCAM requires an exact match

The MAC address table is contained in CA

ACL and QoS information is stored in TCAM

TCAM is used to make Layer 2 forwarding decisions. CAM is used to build routing tables

143. Which two southbound interfaces originate from Cisco DNA Center and terminate at fabric underlay switches? (Choose two)

UDP 67: DHCP

ICMP: Discovery

TCP 23: Telnet

UDP 162: SNMP

UDP 6007: NetFlow

144. What is the function of a control-plane node in a Cisco SD-Access solution?

to connect APs and wireless endpoints to the SD-Access fabric

to connect external Layer 3 networks to the SD Access fabric

to implement policies and communicate with networks outside the fabric

to run a mapping system that manages endpoint to network device relationships

145. Refer to the exhibit.

What is the result when a switch that is running PVST+ is added to this network?

Spanning tree is disabled automatically on the network

DSW2 operates in Rapid PVST+ and the new switch operates in PVST+

Both switches operate in the PVST+ mode

Both switches operate in the Rapid PVST+ mode

146. What is a characteristic of a next-generation firewall?

required in each layer of the network

filters traffic using Layer 3 and Layer 4 information only

only required at the network perimeter

provides intrusion prevention

147. Which measure is used by an NTP server to indicate its closeness to the authoritative time source?

stratum

hop count

time zone

latency

148. Which two resu lts occur if Cisco DNA Center loses connectivity to devices in the SD – Access fabric? (Choose two)

All devices reload after detecting loss of connection to Cisco DNA Center

Already connected users are unaffected, but new users cannot connect

Users lose connectivity

Cisco DNA Center is unable to collect monitoring data in Assurance

User connectivity is unaffected

149. Which two components are supported by LISP? (Choose two)

proxy ETR

HMAC algorithm

route reflector

egress tunnel router

spoke

150. Drag and drop the virtual component from the left onto their descriptions on the right.

151. How does EIGRP differ from OSPF?

EIGRP is more prone to routing loops than OSPF

EIGRP supports equal or unequal path cost, and OSPF supports only equal path cost.

EIGRP has a full map of the topology, and OSPF only knows directly connected neighbors

EIGRP uses more CPU and memory than OSPF

152. Refer to the exhibit.

What does the output confirm about the switch‟s spanning tree configuration?

The spanning-tree mode stp ieee command was entered on this switch

The spanning-tree operation mode for this switch is PVST

The spanning-tree operation mode for this switch is IEEE

The spanning-tree operation mode for this switch is PVST+

153. A customer has recently implemented a new wireless infrastructure using WLC -5520S at a site directly next to a large commercial airport Users report that they intermittently lose Wi -Fi connectivity, and troubleshooting reveals it is due to frequent channel changes.

Which two actions fix this issue? (Choose two)

Remove UNII-2 and Extended UNII-2 channels from the 5 GHz channel list

Restore the DCA default settings because this automatically avoids channel interference

Disable DFS channels to prevent interference with Doppler radar

Enable DFS channels because they are immune to radar interference

Configure channels on the UNII-2 and the Extended UNII-2 sub-bands of the 5 GHz band only

154. What is a characteristic of para-virtualization?

Para-virtualization guest servers are unaware of one another

Para-virtualization allows direct access between the guest OS and the hypervisor

Para-virtualization lacks support for containers

Para-virtualization allows the host hardware to be directly accessed

155. Drag and drop the characteristics from the left onto the QoS components they describe on the right.

156. A customer requests a network design that supports these requirements:

* FHRP redundancy

* multivendor router environment

* IPv4 and IPv6 hosts

Which protocol does the design include?

GLBP

VRRP version 2

VRRP version 3

HSRP version 2

157. Refer to the exhibit.

What happens to access interfaces where VLAN 222 is assigned?

They are placed into an inactive state

A description “RSPAN” is added

STP BPDU guard is enabled

They cannot provide PoE

158. Which solution do IaaS service providers use to extend a Layer 2 segment across a Layer 3 network?

VXLAN

VTEP

VLAN

VRF

159. What is a characteristic of MACsec?

802.1AE provides encryption and authentication services

802.1AE is built between the host and switch using the MKA protocol, which negotiates encryption keys based on the master session key from a successful 802.1X session

802.1AE is built between the host and switch using the MKA protocol using keys generated via the Diffie-Hellman algorithm (anonymous encryption mode)

802.1AE is negotiated using Cisco AnyConnect NAM and the SAP protocol

160. Which unit measures the power of a radio signal with reference to 1 milliwatt?

dBw

dBi

dBm

161. A company plans to implement intent-based networking in its campus infrastructure.

Which design facilities a migrate from a traditional campus design to a programmer fabric designer?

Layer 2 access

three-tier

two-tier

routed access

162. Which benefit is offered by a cloud infrastructure deployment but is lacking in an on-premises deployment?

efficient scalability

virtualization

storage capacity

supported systems

163. What is a benefit of deploying an on-premises infrastructure versus a cloud infrastructure deployment?

faster deployment times because additional infrastructure does not need to be purchased

lower latency between systems that are physically located near each other

less power and cooling resources needed to run infrastructure on-premises

ability to quickly increase compute power without the need to install additional hardware

164. What are two reasons a company would choose a cloud deployment over an on-prem deployment? (Choose two)

Cloud deployments require long implementation times due to capital expenditure processes. OnPrem deployments can be accomplished quickly using operational expenditure processes

Cloud costs adjust up or down depending on the amount of resources consumed. On- Prem costs for hardware, power, and space are ongoing regardless of usage

In a cloud environment, the company controls technical issues. On-prem environments rely on the service provider to resolve technical issue

Cloud resources scale automatically to an increase in demand. On-prem requires additional capital expenditure

In a cloud environment, the company is in full control of access to their data. On-prem risks access to data due to service provider outages

165. In a Cisco Catalyst switch equipped with two supervisor modules an administrator must temporally remove the active supervisor from the chassis to perform hardware maintenance on it.

Which mechanism ensure that the active supervisor removal is not disruptive to the network operation?

NSF/NSR

SSO

HSRP

VRRP

166. Which PAgP mode combination prevents an Etherchannel from forming?

auto/auto

desirable/desirable

auto/desirable

desirable

167. Refer to the exhibit.

The port channel on SW2 is using an incompatible protocol

The port-channel trunk is not allowing the native VLAN

The port-channel should be set to auto

The port-channel interface lead balance should be set to src-mac

168. Refer to the exhibit.

After an engineer configures an EtherChannel between switch SW1 and switch SW2, this error message is logged on switch SW2.

Based on the output from SW1 and the log message received on Switch SW2, what action should the engineer take to resolve this issue?

Configure the same protocol on the EtherChannel on switch SW1 and SW2.

Connect the configuration error on interface Gi0/1 on switch SW1.

Define the correct port members on the EtherChannel on switch SW1.

Correct the configuration error on interface Gi0/0 switch SW1.

169. Refer to exhibit.

SW1 (config)#vtp pruning

SW3(config)#vtp mode transparent

SW2(config)#vtp pruning

SW1(config)>vtp mode transparent

170. Refer to the exhibit.

SwitchC connects HR and Sales to the Core switch. However, business needs require that no traffic from the Finance VLAN traverse this switch.

Which command meets this requirement?

SwitchC(config)#vtp pruning

SwitchC(config)#vtp pruning vlan 110

SwitchC(config)#interface port-channel 1
SwitchC(config-if)#switchport trunk allowed vlan add 210,310

SwitchC(config)#interface port-channel 1
SwitchC(config-if)#switchport trunk allowed vlan remove 110

171. Refer to the exhibit.

SW2(config)#interface gi1/2
SW2(config)#switchport trunk allowed vlan 10

SW1(config)#interface gi1/1
SW1(config)#switchport trunk allowed vlan 1-9,11-4094

SW2(config)#interface gi1/1
SW2(config)#switchport trunk allowed vlan 10

SW2(config)#interface gi1/2
SW2(config)#switchport trunk allowed vlan 1-9,11-4094

172. Which function does a fabric edge node perform in an SD-Access deployment?

Connects the SD-Access fabric to another fabric or external Layer 3 networks

Connects endpoints to the fabric and forwards their traffic

Provides reachability border nodes in the fabric underlay

Encapsulates end-user data traffic into LIS

173. Which action is the vSmart controller responsible for in an SD-WAN deployment?

onboard vEdge nodes into the SD-WAN fabric

distribute security information for tunnel establishment between vEdge routers

manage, maintain, and gather configuration and status for nodes within the SD -WAN fabric

gather telemetry data from vEdge routers

174. Which statement about a Cisco APIC controller versus a more traditional SDN controller is true?

APIC uses a policy agent to translate policies into instructions

APIC supports OpFlex as a Northbound protocol

APIC does support a Southbound REST API

APIC uses an imperative model

175. What the role of a fusion in an SD-Access solution?

provides connectivity to external networks

acts as a DNS server

performs route leaking between user-defined virtual networks and shared services

provides additional forwarding capacity to the fabric

176. Which statement about a fabric access point is true?

It is in local mode and must be connected directly to the fabric border node

It is in FlexConnect mode and must be connected directly to the fabric border node

It is in local mode an must connected directly to the fabric edge switch

It is in FlexConnect mode and must be connected directly to the fabric edge switch

177. On which protocol or technology is the fabric data plane based in Cisco SD-Access fabric?

LISP

IS-IS

Cisco TrustSec

VXLAN

178. Which description of an SD-Access wireless network infrastructure deployment is true?

The access point is part of the fabric underlay

The WLC is part of the fabric underlay

The access point is part the fabric overlay

The wireless client is part of the fabric overlay

179. Which controller is the single plane of management for Cisco SD-WAN?

vBond

vEdge

vSmart

vManage

180. When a wired client connects to an edge switch in an SDA fabric, which component decides whether the client has access to the network?

control-plane node

Identity Service Engine

RADIUS server

edge node

181. What are two device roles in Cisco SD-Access fabric? (Choose two)

core switch

vBond controller

edge node

access switch

border node

182. Which component handles the orchestration plane of the Cisco SD-WAN?

vBond

vSmart

vManage

vEdge

183. In an SD-Access solution what is the role of a fabric edge node?

to connect external Layer 3- network to the SD-Access fabric

to connect wired endpoint to the SD-Access fabric

to advertise fabric IP address space to external network

to connect the fusion router to the SD-Access fabric

184. What is the role of the vsmart controller in a Cisco SD-WAN environment?

IT performs authentication and authorization

It manages the control plane.

It is the centralized network management system.

It manages the data plane.

185. In a Cisco SD-WAN solution, how is the health of a data plane tunnel monitored?

with IP SLA

ARP probing

using BFD

with OMP

186. Which technology is used to provide Layer 2 and Layer 3 logical networks in the Cisco SD-Access architecture?

underlay network

overlay network

VPN routing/forwarding

easy virtual network

187. In an SD-WAN deployment, which action in the vSmart controller responsible for?

handle, maintain, and gather configuration and status for nodes within the SD -WAN fabric

onboard vEdge nodes into the SD-WAN fabric

gather telemetry data from vEdge routers

distribute policies that govern data forwarding performed within the SD-WAN fabric

188. In a Cisco SD-Access fabric, which control plane protocol is used for mapping and resolving endpoints?

LISP

DHCP

SXP

VXLAN

189. What is one fact about Cisco SD-Access wireless network deployments?

The access point is part of the fabric underlay

The WLC is part of the fabric underlay

The access point is part the fabric overlay

The wireless client is part of the fabric overlay

190. What is the function of the fabric control plane node in a Cisco SD-Access deployment?

It is responsible for policy application and network segmentation in the fabric.

It performs traffic encapsulation and security profiles enforcement in the fabric.

It holds a comprehensive database that tracks endpoints and networks in the fabric.

It provides integration with legacy nonfabric-enabled environments.

191. In a Cisco SD-Access wireless architecture, which device manages endpoint ID to Edge Node bindings?

fabric control plane node

fabric wireless controller

fabric border node

fabric edge node

192. Which control plane protocol is used between Cisco SD-WAN routers and vSmart controllers?

BGP

OMP

TCP

UDP

193. In a wireless Cisco SD-Access deployment, which roaming method is used when a user moves from one access point to another on a different access switch using a single WLC?

Layer 3

inter-xTR

auto anchor

fast roam

194. Which protocol is responsible for data plane forwarding in a Cisco SD -Access deployment?

VXLAN

IS-IS

OSPF

LISP

195. Which tunneling technique is used when designing a Cisco SD -Access fabric data plane?

VXLAN

VRF Lite

VRF

LISP

196. Which statement about the default QoS configuration on a Cisco switch is true?

All traffic is sent through four egress queues

Port trust is enabled

The Port Cos value is 0

The Cos value of each tagged packet is modified

197. Which QoS mechanism will prevent a decrease in TCP performance?

Shaper

Policer

WRED

Rate-Limit

LLQ

Fair-Queue

198. Which QoS component alters a packet to change the way that traffic is treated in the network?

Marking

Classification

Shaping

Policing

199. Which marking field is used only as an internal marking within a router?

QOS Group

Discard Eligiblity

IP Precedence

MPLS Experimental

200. How does QoS traffic shaping alleviate network congestion?

It drops packets when traffic exceeds a certain bitrate.

It buffers and queue packets above the committed rate.

It fragments large packets and queues them for delivery.

It drops packets randomly from lower priority queues.

201. An engineer is describing QoS to a client.

Which two facts apply to traffic policing? (Choose two)

Policing adapts to network congestion by queuing excess traffic

Policing should be performed as close to the destination as possible

Policing drops traffic that exceeds the defined rate

Policing typically delays the traffic, rather than drops it

Policing should be performed as close to the source as possible

202. During deployment, a network engineer notices that voice traffic is not being tagged correctly as it traverses the network.

Which COS to DSCP map must be modified to ensure that voice traffic is treated properly?

COS of 5 to DSCP 46

COS of 7 to DSCP 48

COS of 6 to DSCP 46

COS of 3 to DSCP of 26

203. Which QoS queuing method transmits packets out of the interface in the order the packets arrive?

custom

weighted- fair

FIFO

priority

204. Which statement about Cisco Express Forwarding is true?

It uses a fast cache that is maintained in a router data plane

It maintains two tables in the data plane the FIB and adjacency table

It makes forwarding decisions by a process that is scheduled through the IOS scheduler

The CPU of a router becomes directly involved with packet-switching decisions

205. Which two statements about Cisco Express Forwarding load balancing are true? (Choose two)

Cisco Express Forwarding can load-balance over a maximum of two destinations

It combines the source IP address subnet mask to create a hash for each destination

Each hash maps directly to a single entry in the RIB

Each hash maps directly to a single entry in the adjacency table

It combines the source and destination IP addresses to create a hash for each destination

206. How are the Cisco Express Forwarding table and the FIB related to each other?

The FIB is used to populate the Cisco Express Forwarding table

The Cisco Express Forwarding table allows route lookups to be forwarded to the route processor for processing before they are sent to the FIB

There can be only one FIB but multiple Cisco Express Forwarding tables on IOS devices

Cisco Express Forwarding uses a FIB to make IP destination prefix-based switching decisions

207. What is the difference between a RIB and a FIB?

The RIB is used to make IP source prefix-based switching decisions

The FIB is where all IP routing information is stored

The RIB maintains a mirror image of the FIB

The FIB is populated based on RIB content

208. How does the RIB differ from the FIB?

The RIB includes many routes to the same destination prefix. The FIB contains only the best route.

The FIB maintains network topologies and routing tables. The RIB is a list of routes to particular network destinations.

The RIB is used to create network topologies and routing tables. The FIB is a list of routes to particular network destinations.

The FIB includes many routes a single destination. The RIB is the best route to a single destination.

209. What is the difference between CEF and process switching?

CEF processes packets that are too complex for process switching to manage.

CEF is more CPU-intensive than process switching.

CEF uses the FIB and the adjacency table to make forwarding decisions, whereas process switching punts each packet.

Process switching is faster than CE

210. Drag and drop the solutions that comprise Cisco Cyber Threat Defense from the left onto the objectives they accomplish on the right.

211. Which function does a fabric edge node perform in an SD-Access deployment?

Connects endpoints to the fabric and forwards their traffic.

Encapsulates end-user data traffic into LIS

Connects the SD-Access fabric to another fabric or external Layer 3 networks.

Provides reachability between border nodes in the fabric underlay.

212. Refer to the exhibit.

Which privilege level is assigned to VTY users?

213. What is the difference between a RIB and a FIB?

The FIB is populated based on RIB content.

The RIB maintains a minor image of the FI

The RIB is used to make IP source prefix-based switching decisions.

The FIB is where all IP routing information is stored.

214. Which requirement for an Ansible-managed node is true?

It must have an SSH server running.

It must be a Linux server or a Cisco device.

It must support ad hoc commands.

It must have an Ansible Tower installed.

215. A client device fails to see the enterprise SSID, but other client devices are connected to it.

What is the cause of this issue?

The client has incorrect credentials stored for the configured broadcast SSI

The hidden SSID was not manually configured on the client.

The broadcast SSID was not manually configured on the client.

The client has incorrect credentials stored for the configured hidden SSI

216. Which two descriptions of FlexConnect mode for Cisco APs are true? (Choose two.)

APs that operate in FlexConnect mode cannot detect rogue APs

FlexConnect mode is used when the APs are set up in a mesh environment and used to bridge between each other.

FlexConnect mode is a feature that is designed to allow specified CAPWAP-enabled APs to exclude themselves from managing data traffic between clients and infrastructure.

When connected to the controller, FlexConnect APs can tunnel traffic back to the controller

FlexConnect mode is a wireless solution for branch office and remote office deployments

217. Which OSPF network types are compatible and allow communication through the two peering devices?

point-to-multipoint to nonbroadcast

broadcast to nonbroadcast

point-to-multipoint to broadcast

broadcast to point-to-point

218. Which NGFW mode blocks flows crossing the firewall?

tap

inline

passive

inline tap

219. Which statement about route targets is true when using VRF-Lite?

Route targets control the import and export of routes into a customer routing table.

When BGP is configured, route targets are transmitted as BGP standard communities.

Route targets allow customers to be assigned overlapping addresses.

Route targets uniquely identify the customer routing table.

220. How does Cisco TrustSec enable more flexible access controls for dynamic networking environments and data centers?

uses flexible NetFlow

assigns a VLAN to the endpoint

classifies traffic based on advanced application recognition

classifies traffic based on the contextual identity of the endpoint rather than its IP address

221. Refer to the exhibit.

Which statement about the OPSF debug output is true?

The output displays OSPF hello messages which router R1 has sent or received on interface Fa0/1.

The output displays OSPF messages which router R1 has sent or received on all interfaces.

The output displays OSPF messages which router R1 has sent or received on interface Fa0/1.

The output displays OSPF hello and LSACK messages which router R1 has sent or received.

222. Which LISP infrastructure device provides connectivity between non-LISP sites and LISP sites by receiving non-LISP traffic with a LISP site destination?

PITR

map resolver

map server

PETR

223. Which two protocols are used with YANG data models? (Choose two.)

TLS

RESTCONF

SSH

NETCONF

HTTPS

224. Which HTTP status code is the correct response for a request with an incorrect password applied to a REST API session?

HTTP Status Code: 200

HTTP Status Code: 302

HTTP Status Code: 401

HTTP Status Code: 504

225. The login method is configured on the VTY lines of a router with these parameters.

– The first method for authentication is TACACS

– If TACACS is unavailable, login is allowed without any provided credentials.

Which configuration accomplishes this task?

A.

A. Option A

B. Option B

C. Option C

D. Option D

226. Which statement about multicast RPs is true?

RPs are required only when using protocol independent multicast dense mode.

RPs are required for protocol independent multicast sparse mode and dense mode.

By default, the RP is needed periodically to maintain sessions with sources and receivers.

By default, the RP is needed only to start new sessions with sources and receivers.

227. To increase total throughput and redundancy on the links between the wireless controller and switch, the customer enabled LAG on the wireless controller.

Which EtherChannel mode must be configured on the switch to allow the WLC to connect?

Active

Passive

Auto

228. Which feature does Cisco TrustSec use to provide scalable, secure communication throughout a network?

security group tag ACL assigned to each port on a switch

security group tag number assigned to each user on a switch

security group tag number assigned to each port on a network

security group tag ACL assigned to each router on a network

229. An engineer configures a WLAN with fast transition enabled. Some legacy clients fail to connect to this WLAN.

Which feature allows the legacy clients to connect while still allowing other clients to use fast transition based on their OUIs?

over the DS

802.11k

adaptive R

802.11v

230. Which exhibit displays a valid JSON file?

A.

A. Option A

B. Option B

C. Option C

D. Option D

231. A network administrator is implementing a routing configuration change and enables routing debugs to track routing behavior during the change. The logging output on the terminal is interrupting the command typing process.

Which two actions can the network administrator take to minimize the possibility of typing commands incorrectly? (Choose two.)

Configure the logging synchronous global configuration command.

Configure the logging synchronous command under the vty.

Increase the number of lines on the screen using the terminal length command.

Configure the logging delimiter feature.

Press the TAB key to reprint the command in a new line.

232. Which two pieces of information are necessary to compute SNR? (Choose two.)

transmit power

noise floor

EIRP

antenna gain

RSSI

233. Which statements are used for error handling in Python?

try/catch

catch/release

block/rescue

try/except

234. What are two benefits of virtualizing the server with the use of VMs in a data center environment? (Choose two.)

reduced rack space, power, and cooling requirements

smaller Layer 2 domain

increased security

speedy deployment

reduced IP and MAC address requirements

235. Which two steps are required for a complete Cisco DNA Center upgrade? (Choose two.)

automation backup

system update

golden image selection

proxy configuration

application updates

236. What is a benefit of data modeling languages like YANG?

They create more secure and efficient SNMP OIDs.

They provide a standardized data structure, which results in configuration scalability and consistency.

They enable programmers to change or write their own applications within the device operating system.

They make the CLI simpler and more efficient.

237. Refer to the exhibit.

What is the JSON syntax that is formed from the data?

{Name: Bob Johnson, Age: 75, Alive: true, Favorite Foods: [Cereal, Mustard, Onions]}

{“Name”: “Bob Johnson”, “Age”: 75, “Alive”: true, “Favorite Foods”: [“Cereal”, “Mustard”, “Onions”]}

{‘Name’: ‘Bob Johnson’, ‘Age’: 75, ‘Alive’: True, ‘Favorite Foods’: ‘Cereal’, ‘Mustard’, ‘Onions’}

{“Name”: “Bob Johnson”, “Age”: Seventyfive, “Alive”: true, “Favorite Foods”: [“Cereal”, “Mustard”, “Onions”]}

238. Based on this interface configuration, what is the expected state of OSPF adjacency?

2WAY/DROTHER on both routers

not established

FULL on both routers

FULL/BDR on R1 and FULL/BDR on R2

239. Refer to the exhibit.

Link1 is a copper connection and Link2 is a fiber connection. The fiber port must be the primary port for all forwarding. The output of the show spanning-tree command on SW2 shows that the fiber port is blocked by spanning tree. An engineer enters the spanning-tree port-priority 32 command on G0/1 on SW2, but the port remains blocked.

Which command should be entered on the ports that are connected to Link2 to resolve the issue?

Enter spanning-tree port-priority 4 on SW2.

Enter spanning-tree port-priority 32 on SW1.

Enter spanning-tree port-priority 224 on SW1.

Enter spanning-tree port-priority 64 on SW2.

240. Which JSON syntax is valid?

{“switch”: “name”: “dist1”, “interfaces”: [“gig1”, “gig2”, “gig3”]}

{/“switch/”: {/“name/”: “dist1”, /“interfaces/”: [“gig1”, “gig2”, “gig3”]}}

{“switch”: {“name”: “dist1”, “interfaces”: [“gig1”, “gig2”, “gig3”]}}

{‘switch’: (‘name’: ‘dist1’, ‘interfaces’: [‘gig1’, ‘gig2’, ‘gig3’])}

241. What are two common sources of interference for Wi-Fi networks? (Choose two.)

LED lights

radar

fire alarm

conventional oven

rogue AP

242. When using TLS for syslog, which configuration allows for secure and reliable transportation of messages to its default port?

logging host 10.2.3.4 vrf mgmt transport tcp port 514

logging host 10.2.3.4 vrf mgmt transport udp port 514

logging host 10.2.3.4 vrf mgmt transport tcp port 6514

logging host 10.2.3.4 vrf mgmt transport udp port 6514

243. Which behavior can be expected when the HSRP version is changed from 1 to 2?

No changes occur because the standby router is upgraded before the active router.

No changes occur because version 1 and 2 use the same virtual MAC OU

Each HSRP group reinitializes because the virtual MAC address has changed.

Each HSRP group reinitializes because the multicast address has changed.

244. Which protocol does REST API rely on to secure the communication channel?

HTTP

SSH

HTTPS

TCP

245. Refer to this output.

R1# *Feb 14 37:09:53.129: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/1, changed state to up What is the logging severity level?

notification

emergency

critical

alert

246. Refer to the exhibit.

Which IP address becomes the active next hop for 192.168.102.0/24 when 192.168.101.2 fails?

192.168.101.10

192.168.101.14

192.168.101.6

192.168.101.18

247. Which PAgP mode combination prevents an EtherChannel from forming?

auto/desirable

desirable/desirable

desirable/auto

auto/auto

248. If a VRRP master router fails, which router is selected as the new master router?

router with the lowest priority

router with the highest priority

router with the highest loopback address

router with the lowest loopback address

249. Which QoS component alters a packet to change the way that traffic is treated in the network?

policing

classification

marking

shaping

250. Refer to the exhibit.

Assuming that R1 is a CE router, which VRF is assigned to Gi0/0 on R1?

default VRF

VRF VPN_A

VRF VPN_B

management VRF

251. Refer to the exhibit.

Based on the configuration in this WLAN security setting, which method can a client use to authenticate to the network?

text string

username and password

RADIUS token

certificate

252. Which two mechanisms are available to secure NTP? (Choose two.)

IPsec

IP prefix list-based

encrypted authentication

TACACS-based authentication

IP access list-based

253. Which technology provides a secure communication channel for all traffic at Layer 2 of the OSI model?

SSL

Cisco TrustSec

MACsec

IPsec

254. Refer to the exhibit.

An engineer must block all traffic from a router to its directly connected subnet 209.165.200.0/24. The engineer applies access control list EGRESS in the outbound direction on the GigabitEthernet0/0 interface of the router. However, the router can still ping hosts on the 209.165.200.0/24 subnet.

Which explanation of this behavior is true?

Access control lists that are applied outbound to a router interface do not affect traffic that is sourced from the router.

After an access control list is applied to an interface, that interface must be shut and no shut for the access control list to take effect.

Only standard access control lists can block traffic from a source IP address.

The access control list must contain an explicit deny to block traffic from the router.

255. Which two methods are used by an AP that is trying to discover a wireless LAN controller? (Choose two.)

Cisco Discovery Protocol neighbor

querying other APs

DHCP Option 43

broadcasting on the local subnet

DNS lookup CISCO-DNA-PRIMAR

localdomain

256. Which IP SLA operation requires the IP SLA responder to be configured on the remote end?

UDP jitter

ICMP jitter

TCP connect

ICMP echo

257. Which statement explains why Type 1 hypervisor is considered more efficient than Type2 hypervisor?

Type 1 hypervisor is the only type of hypervisor that supports hardware acceleration techniques.

Type 1 hypervisor relies on the existing OS of the host machine to access CPU, memory, storage, and network resources.

Type 1 hypervisor runs directly on the physical hardware of the host machine without relying on the underlying O

Type 1 hypervisor enables other operating systems to run on it.

258. A client with IP address 209.165.201.25 must access a web server on port 80 at 209.165.200.225. To allow this traffic, an engineer must add a statement to an access control list that is applied in the inbound direction on the port connecting to the web servers.

Which statement allows this traffic?

permit tcp host 209.165.200.225 lt 80 host 209.165.201.25

permit tcp host 209.165.201.25 host 209.165.200.225 eq 80

permit tcp host 209.165.200.225 eq 80 host 209.165.201.25

permit tcp host 209.165.200.225 host 209.165.201.25 eq 80

259. In OSPF, which LSA type is responsible for pointing to the ASBR router?

type 1

type 2

type 3

type 4

260. Refer to the exhibit.

SW1(config)#vtp mode transparent

SW3(config)#vtp mode transparent

SW2(config)#vtp pruning

SW1(config)#vtp pruning

261. Which statement about a fabric access point is true?

It is in local mode and must be connected directly to the fabric edge switch.

It is in local mode and must be connected directly to the fabric border node

It is in FlexConnect mode and must be connected directly to the fabric border node.

It is in FlexConnect mode and must be connected directly to the fabric edge switch.

262. Which First Hop Redundancy Protocol maximizes uplink utilization and minimizes the amount of configuration that is necessary?

GLBP

HSRP v2

VRRP

HSRP v1

263. Which standard access control entry permits traffic from odd-numbered hosts in the 10.0.0.0/24 subnet?

permit 10.0.0.0 0.0.0.1

permit 10.0.0.1 0.0.0.254

permit 10.0.0.1 0.0.0.0

permit 10.0.0.0 255.255.255.254

264. Refer to the exhibit.

Which configuration establishes EBGP connected neighborship between these two directly connected neighbors and exchanges the loopback network of the two routers through BGP?

R1(config)#router bgp 1
R1(config-router)#neighbor 192.168.10.2 remote-as 2
R1(config-router)#network 10.1.1.0 mask 255.255.255.0
R2(config)#router bgp 2
R2(config-router)#neighbor 192.168.10.1 remote-as 1
R2(config-router)#network 10.2.2.0 mask 255.255.255.0

R1(config)#router bgp 1
R1(config-router)#neighbor 10.2.2.2 remote-as 2
R1(config-router)#network 10.1.1.0 mask 255.255.255.0
R2(config)#router bgp 2
R2(config-router)#neighbor 10.1.1.1 remote-as 1
R2(config-router)#network 10.2.2.0 mask 255.255.255.0

R1(config)#router bgp 1
R1(config-router)#neighbor 192.168.10.2 remote-as 2
R1(config-router)#network 10.0.0.0 mask 255.0.0.0
R2(config)#router bgp 2
R2(config-router)#neighbor 192.168.10.1 remote-as 1
R2(config-router)#network 10.0.0.0 mask 255.0.0.0

R1(config)#router bgp 1
R1(config-router)#neighbor 10.2.2.2 remote-as 2
R1(config-router)#neighbor 10.2.2.2 update-source |o0
R1(config-router)#network 10.1.1.0 mask 255.255.255.0
R2(config)#router bgp 2
R2(config-router)#neighbor 10.1.1.1 remote-as 1
R2(config-router)#neighbor 10.1.1.1 update-source |o0
R2(config-router)#network 10.2.2.0 mask 255.255.255.0

265. Refer to the exhibit.

Which type of antenna do the radiation patterns present?

Yagi

patch

omnidirectional

dipole

266. Which method creates an EEM applet policy that is registered with EEM and runs on demand or manually?

event manager applet ondemand
event none
action 1.0 syslog priority critical msg ‘This is a message from ondemand’

event manager applet ondemand
action 1.0 syslog priority critical msg ‘This is a message from ondemand’

event manager applet ondemand
event register
action 1.0 syslog priority critical msg ‘This is a message from ondemand’

event manager applet ondemand
event manual
action 1.0 syslog priority critical msg ‘This is a message from ondemand’

267. An engineer is configuring local web authentication on a WLAN. The engineer chooses the Authentication radio button under the Layer 3 Security options for Web Policy.

Which device presents the web authentication for the WLAN?

ISE server

RADIUS server

anchor WLC

local WLC

268. Which controller is the single plane of management for Cisco SD-WAN?

vBond

vSmart

vManage

vEdge

269. A network is being migrated from IPv4 to IPv6 using a dual-stack approach. Network management is already 100% IPv6 enabled.

In a dual-stack network with two dual-stack NetFlow collectors, how many flow exporters are needed per network device in the flexible NetFlow configuration?

270. Which statement about TLS is true when using RESTCONF to write configurations on network devices?

It is used for HTTP and HTTPS requests.

It requires certificates for authentication.

It is provided using NGINX acting as a proxy web server.

It is not supported on Cisco devices.

271. What are two reasons a company would choose a cloud deployment over an on-prem deployment? (Choose Two)

In a cloud environment, the company controls technical issues. On-prem environments rely on the service provider to resolve technical issue.

Cloud costs adjust up or down depending on the amount of resources consumed. On-Prem costs for hardware, power, and space are ongoing regardless of usage

Cloud deployments require long implementation times due to capital expenditure processes. On-Prem deployments can be accomplished quickly using operational expenditure processes.

Cloud resources scale automatically to an increase in demand. On-prem requires additional capital expenditure.

In a cloud environment, the company is in full control of access to their data. On-prem risks access to data due to service provider outages

272. Which data modeling language is commonly used by NETCONF?

REST

YANG

HTML

XML

273. Refer to the exhibit.

Tunnel-Private-Group-Id (81): 15

Tunnel-Medium-Type (65): IEEE-802(6)

Tunnel-Type (64): VLAN (13)

A wireless client is connecting to FlexAP1 which is currently working standalone mode.

The AAA authentication process is returning the following AVPs:

Which three behaviors will the client experience? (Choose three.)

While the AP is in standalone mode, the client will be placed in VLAN 15.

While the AP is in standalone mode, the client will be placed in VLAN 10.

When the AP transitions to connected mode, the client will be de-authenticated.

While the AP is in standalone mode, the client will be placed in VLAN 13.

When the AP is in connected mode, the client will be placed in VLAN 13.

When the AP transitions to connected mode, the client will remain associated.

When the AP is in connected mode, the client will be placed in VLAN 15.

When the AP is in connected mode, the client will be placed in VLAN 10.

274. What would be the preferred way to implement a loopless switch network where there are 1500 defined VLANs and it is necessary to load the shared traffic through two main aggregation points based on the VLAN identifier?

802.1D

802.1s

802.1W

802.1AE

275. Refer to the exhibit.

An engineer configures CoPP and enters the show command to verify the implementation.

What is the result of the configuration?

All traffic will be policed based on access-list 120.

If traffic exceeds the specified rate, it will be transmitted and remarked.

Class-default traffic will be dropped.

ICMP will be denied based on this configuration.

276. Which statement about Cisco Express Forwarding is true?

It uses a fast cache that is maintained in a router data plane.

it maintains two tables in the data plane the FIB and adjacency table.

It makes forwarding decisions by a process that is scheduled through the IOS scheduler.

The CPU of a router becomes directly involved with packet-switching decisions.

277. Which action is a function of VTEP in VXLAN?

tunneling traffic from IPv6 to IPv4 VXLANs

allowing encrypted communication on the local VXLAN Ethernet segment

encapsulating and de-encapsulating VXLAN Ethernet frames

tunneling traffic from IPv4 to IPv6 VXLANs

278. What are two device roles in Cisco SD-Access fabric? (Choose two.)

core switch

vBond controller

edge node

access switch

border node

279. On which protocol or technology is the fabric data plane based in Cisco SD-Access fabric?

LISP

IS-IS

Cisco TrustSec

VXLAN

280. How does SSO work with HSRP to minimize network disruptions?

It enables HSRP to elect another switch in the group as the active HSRP switch.

It ensures fast failover in the case of link failure.

It enables data forwarding along known routes following a switchover, white the routing protocol reconverges.

It enables HSRP to failover to the standby RP on the same device.

281. How are the Cisco Express Forwarding table and the FIB related to each other?

Cisco Express Forwarding uses a FIB to make IP destination prefix-based switching decisions correct

The FIB is used to populate the Cisco Express Forwarding table

There can be only one FIB but multiple Cisco Express Forwarding tables on IOS devices

The Cisco Express Forwarding table allows route lookups to be forwarded to the route processor for processing before they are sent to the FIB

282. Which characteristic distinguishes Ansible from Chef?

Ansible lacs redundancy support for the master server. Chef runs two masters in an active/active mode.

Ansible uses Ruby to manage configurations. Chef uses YAML to manage configurations.

Ansible pushes the configuration to the client. Chef client pulls the configuration from the server.

The Ansible server can run on Linux, Unix or Windows. The Chef server must run on Linux or Unix.

283. You are configuring a controller that runs Cisco IOS XE by using the CLI.

Which three configuration options are used for 802.11w Protected Management Frames? (Choose three.)

mandatory

association-comeback

SA teardown protection

saquery-retry-time

enable

comeback-time

284. What is a benefit of data modeling languages like YANG?

They enable programmers to change or write their own application within the device operating system.

They create more secure and efficient SNMP OIDs.

They make the CLI simpler and more efficient.

They provide a standardized data structure, which results in configuration scalability and consistency.

285. What do Cisco DNA southbound APIs provide?

Interface between the controller and the network devices

NETCONF API interface for orchestration communication

RESful API interface for orchestrator communication

Interface between the controller and the consumer

286. If a VRRP master router fails, which router is selected as the new master router?

router with the highest priority

router with the highest loopback address

router with the lowest loopback address

router with the lowest priority

287. Which statement about a Cisco APIC controller versus a more traditional SDN controller is true?

APIC does support a Southbound REST API

APIC supports OpFlex as a Northbound protocol

APIC uses a policy agent to translate policies into instructions

APIC uses an imperative model

288. Which two statements about EIGRP load balancing are true? (Choose two)

Cisco Express Forwarding is required to load-balance across interfaces

A path can be used for load balancing only if it is a feasible successor

EIGRP supports unequal-cost paths by default

Any path in the EIGRP topology table can be used for unequal-cost load balancing

EIGRP supports 6 unequal-cost paths

289. Refer to the exhibit.

An engineer must ensure that all traffic leaving AS 200 will choose Link 2 as an entry point.

Assuming that all BGP neighbor relationships have been formed and that the attributes have not been changed on any of the routers, which configuration accomplish task?

Option A

Option B

Option C

Option D

290. In which part of the HTTP message is the content type specified?

HTTP method

URI

header

body

291. Which statement about a fabric access point is true?

It is in local mode an must be connected directly to the fabric border node.

It is in FlexConnect mode and must be connected directly to the fabric border node.

It is in local mode an must connected directly to the fabric edge switch.

It is in FlexConnect mode and must be connected directly to the fabric edge switch.

292. Drag and drop the characteristics from the left onto the routing protocols they describe on the right.

293. Which action is the vSmart controller responsible for in an SD-WAN deployment?

onboard vEdge nodes into the SD-WAN fabric

distribute security information for tunnel establishment between vEdge routers

manage, maintain, and gather configuration and status for nodes within the SD-WAN fabric

gather telemetry data from vEdge routers

294. What is the correct EBGP path attribute list, ordered from most preferred to the least preferred, that the BGP best-path algorithm uses?

weight. AS path, local preference. MED

weight, local preference AS path, MED

local preference weight AS path, MED

local preference, weight MED, AS path

295. What does Call Admission Control require the client to send in order to reserve the bandwidth?

SIP flow information

Wi-Fi multimedia

traffic specification

VoIP media session awareness

296. Drag and drop the DHCP messages that are exchanged between a client and an AP into the order they are exchanged on the right.

297. Which two statements about IP SLA are true? (Choose two)

It uses NetFlow for passive traffic monitoring

It can measure MOS

The IP SLA responder is a component in the source Cisco device

It is Layer 2 transport-independent correct

It uses active traffic monitoring correct

SNMP access is not supported

298. What does this EEM applet event accomplish? "event snmp oid 1.3.6.1.3.7.1.5.1.2.4.2.9 get-type next entry-op g entry-val 75 poll-interval 5"

It issues email when the value is greater than 75% for five polling cycles.

It reads an SNMP variable, and when the value exceeds 75% for live polling cycles.

It presents a SNMP variable that can be interrogated.

Upon the value reaching 75%, a SNMP event is generated and sent to the trap server.

299. Which statement about multicast RPs is true?

RPs are required only when using protocol independent multicast dense mode.

RPs are required for protocol independent multicast sparse mode and dense mode.

By default, the RP is needed periodically to maintain sessions with sources and receivers

By default, the RP is needed only to start new sessions with sources and receivers.

300. Refer to the exhibit.

Edge-01 is currently operational as the HSRP primary with priority 110.

Which command on Edge-02 causes it to take over the forwarding role when Edge-01 is down?

standby 10 priority

standby 10 preempt

standby 10 track

standby 10 timers

301. What is the purpose of an RP in PIM?

send join messages toward a multicast source SPT

ensure the shortest path from the multicast source to the receiver.

receive IGMP joins from multicast receivers.

secure the communication channel between the multicast sender and receiver.

302. What is the role of the RP in PIM sparse mode?

The RP responds to the PIM join messages with the source of requested multicast group

The RP maintains default aging timeouts for all multicast streams requested by the receivers.

The RP acts as a control-plane node and does not receive or forward multicast packets.

The RP is the multicast that is the root of the PIM-SM shared multicast distribution tree.

303. Refer to the exhibit.

What are two effect of this configuration? (Choose two.)

Inside source addresses are translated to the 209.165.201.0/27 subnet.

It establishes a one-to-one NAT translation.

The 10.1.1.0/27 subnet is assigned as the inside global address range.

The 209.165.201.0/27 subnet is assigned as the outside local address range.

The 10.1.1.0/27 subnet is assigned as the inside local addresses.

304. A network administrator applies the following configuration to an IOS device.

aaa new-model

aaa authentication login default local group tacacs+

What is the process of password checks when a login attempt is made to the device?

A TACACS+server is checked first. If that check fail, a database is checked?

A TACACS+server is checked first. If that check fail, a RADIUS server is checked. If that check fail. a local database is checked.

A local database is checked first. If that fails, a TACACS+server is checked, if that check fails, a RADUIS server is checked.

A local database is checked first. If that check fails, a TACACS+server is checked.

305. Which variable in an EEM applet is set when you use the sync yes option?

$_cli_result

$_exit_status

$_string_result

$_result

306. Which feature must be configured to allow packet capture over Layer 3 infrastructure’?

VSPAN

IPSPAN

RSPAN

ERSPAN

307. Refer to the exhibit.

Which IPv6 OSPF network type is applied to interface Fa0/0 of R2 by default?

multipoint

broadcast

Ethernet

point-to-point

308. Which benefit is offered by a cloud infrastructure deployment but is lacking in an on-premises deployment?

efficient scalability

virtualization

storage capacity

supported systems

309. In a Cisco SD-WAN solution, how is the health of a data plane tunnel monitored?

with IP SLA

ARP probing

using BFD

with OMP

310. Which TCP setting is tuned to minimize the risk of fragmentation on a GRE/IP tunnel?

MTU

Window size

MRU

MSS

311. What is a Type 1 hypervisor?

runs directly on a physical server and depends on a previously installed operating system

runs directly on a physical server and includes its own operating system

runs on a virtual server and depends on an already installed operating system

run on a virtual server and includes its own operating system

312. Drag and drop the characteristics from the left onto the correct infrastructure deployment types on the right.

313. Which QoS mechanism will prevent a decrease in TCP performance?

Shaper

Rate-Limit

Policer

Fair-Queue

WRED

LLQ

314. Drag and Drop the decryptions from the left onto the routing protocol they describe on the right.

315. What is the main function of VRF-lite?

To connect different autonomous systems together to share routes

To allow devices to use labels to make Layer 2 Path decisions

To route IPv6 traffic across an IPv4 backbone

To segregate multiple routing tables on a single device

316. Which two LISP infrastructure elements are needed to support LISP to non-LISP internetworking? (Choose two)

PETR

PITR

ALT

317. What is the primary effect of the spanning-tree portfast command?

It enables BPDU messages

It minimizes spanning-tree convergence time

It immediately puts the port into the forwarding state when the switch is reloaded

It immediately enables the port in the listening state

318. When reason could cause an OSPF neighborship to be in the EXSTART/EXCHANGE state?

Mismatched OSPF network type

Mismatched areas

Mismatched MTU size

Mismatched OSPF link costs

319. Which three methods does Cisco DNA Centre use to discover devices? (Choose three)

CDP

SNMP

LLDP

ping

NETCONF

a specified range of IP addresses

320. What is the result of applying this access control list?

ip access-list extended STATEFUL

10 permit tcp any any established

20 deny ip any any

TCP traffic with the URG bit set is allowed

TCP traffic with the SYN bit set is allowed

TCP traffic with the ACK bit set is allowed

TCP traffic with the DF bit set is allowed

321. Which statement explains why Type 1 hypervisor is considered more efficient than Type 2 hypervisor?

Type 1 hypervisor runs directly on the physical hardware of the host machine without relying on the underlying O

Type 1 hypervisor enables other operating systems to run on it.

Type 1 hypervisor relics on the existing OS of the host machine to access CPU, memory, storage, and network resources.

Type 1 hypervisor is the only type of hypervisor that supports hardware acceleration techniques.

322. Which access controls list allows only TCP traffic with a destination port range of 22-433, excluding port 80?

Deny tcp any any eq 80
Permit tcp any any gt 21 it 444

Permit tcp any any ne 80

Permit tcp any any range 22 443
Deny tcp any any eq 80

Deny tcp any any ne 80
Permit tcp any any range 22 443

323. When a wired client connects to an edge switch in an SDA fabric, which component decides whether the client has access to the network?

control-plane node

Identity Service Engine

RADIUS server

edge node

324. Which two statements about HSRP are true? (Choose two)

It supports unique virtual MAC addresses

Its virtual MAC is 0000.0C07.ACxx

Its default configuration allows for pre-emption

It supports tracking

Its multicast virtual MAC is 0000.5E00.01xx

325. Refer to the exhibit.

Which configuration establishes EBGP neighborship between these two directly connected neighbors and exchanges the loopback network of the two routers through BGP?

326. What is a benefit of deploying an on-premises infrastructure versus a cloud infrastructure deployment?

faster deployment times because additional infrastructure does not need to be purchased

lower latency between systems that are physically located near each other

less power and cooling resources needed to run infrastructure on-premises

ability to quickly increase compute power without the need to install additional hardware

327. How does the RIB differ from the FIB?

The RIB is used to create network topologies and routing tables. The FIB is a list of routes to particular network destinations.

The FIB includes many routes a single destination. The RIB is the best route to a single destination.

The RIB includes many routes to the same destination prefix. The FIB contains only the best route

The FIB maintains network topologies and routing tables. The RIB is a Iist of routes to particular network destinations.

328. Which antenna type should be used for a site-to-site wireless connection?

Omnidirectional

dipole

patch

Yagi

329. Which technology provides a secure communication channel for all traffic at Layer 2 of the OSI model?

MACsec

IPsec

SSL

Cisco Trustsec

330. Which NGFW mode block flows crossing the firewall?

Passive

Tap

Inline tap

Inline

New CCNP and CCIE Enterprise Core 350-401 ENCOR Free Questions

View CCNP and CCIE Enterprise Core 350-401 ENCOR Free Questions Online

Leave a Reply Cancel reply