1.Which two capabilities of the Cisco DNA Center make it more extensible? (Choose two.)
A. customized versions for small, medium, and large enterprises
B. adapters that support all families of Cisco IOS software
C. REST APIS that allow for external applications to interact natively with Cisco DNA Center
D. modular design that is upgradable as needed
E. SDKs that support interaction with third-party network equipment
Correct Answer: CE
2. What is the benefit of using a Cisco Wireless LAN Controller?
A. Central AP management requires more complex configurations.
B. Unique SSIDs cannot use the same authentication method.
C. It eliminates the need to configure each access point individually.
D. It supports autonomous and lightweight APs
Correct Answer: C
3. A router running EIGRP has learned the same route from two different paths. Which parameter does the router use to select the best path?
A. administrative distance
B. cost
C. metric
D. as-path
Correct Answer: C
4. Which statement correctly compares traditional networks and controller-based networks?
A. Only traditional networks natively support centralized management.
B. Only traditional networks offer a centralized control plane.
C. Traditional and controller-based networks abstract policies from device configurations
D. Only controller-based networks decouple the control plane and the data plane
Correct Answer: D
5. Which network allows devices to communicate without the need to access the Internet?
A. 172.9.0.0/16
B. 172.28.0.0/16
C. 192.0.0.0/8
D. 209.165.201.0/24
Correct Answer: B
6. Which IPv6 address type provides communication between subnets and cannot route on the Internet?
A. multicast
B. unique local
C. link-local
D. global unicast
Correct Answer: B
7. Which command prevents passwords from being stored in the configuration as plain text on a router or switch?
A. enable secret
B. enable password
C. service password-encryption
D. username cisco password encrypt
Correct Answer: C
8. When a floating static route is configured, which action ensures that the backup route is used when the primary route fails?
A. The administrative distance must be higher on the primary route so that the backup route becomes secondary.
B. The floating static route must have a higher administrative distance than the primary route so it is used as a backup.
C. The default-information originate command must be configured for the route to be installed into the routing table.
D. The floating static route must have a lower administrative distance than the primary route so it is used as a backup.
Correct Answer: B
9. Which two tasks must be performed to configure NTP to a trusted server in client mode on a single network device? (Choose two.)
A. Enable NTP authentication.
B. Specify the IP address of the NTP server.
C. Disable NTP broadcasts
D. Verify the time zone.
E. Set the NTP server private key.
Correct Answer: AB
10. A network engineer must back up 20 network router configurations globally within a customer environment. Which protocol allows the engineer to perform this function using the Cisco IOS MIB?
A. SMTP
B. SNMP
C. ARP
D. CDP
Correct Answer: B
Read More: New 200 Cisco CCNP 300-720 SESA Demos from SPOTO(Update Questions)
11. Router 1 has a Fast Ethernet interface 0/0 with IP address 10.1.1.1. The interface is connected to a switch. This connection is then migrated to use 802.1Q trunking. Which of the following commands could be part of a valid configuration for Router 1’s Fa0/0 interface?
A.A. interface FastEthernet 0/0.4
B.dot1q enable
C.dot1q enable 4
D.trunking enable
E.trunking enable 4
F.encapsulation dot1q 4
G.Both A and F
H.Both C and F
Correct Answer: G
12. Router R1 has a router-on-a-stick configuration with two subinterfaces of interface G0/1: G0/1.1 and G0/1.2. Physical interface G0/1 is currently in a down/downstate. The network engineer then configures a shutdown command when in interface configuration mode for G0/1.1 and a no shutdown command when in interface configuration mode for G0/1.2. Which answers are correct about the interface state for the subinterfaces?
A. G0/1.1 will be in a down/downstate.
B. G0/1.2 will be in a down/downstate.
C. G0/1.1 will be in an administratively downstate.
D. G0/1.2 will be in an up/upstate.
E. Both A and C
F. Both B and C
Correct Answer: E
13. A Layer 3 switch has been configured to route IP packets between VLANs 1, 2, and 3 using SVIs, which connect to subnets 172.20.1.0/25, 172.20.2.0/25 and 172.20.3.0/25, respectively. The engineer issues a show ip route connected command on the Layer 3 switch, listing the connected routes. Which of the following answers lists a piece of information that should be in at least one of the routes?
A. Interface Gigabit Ethernet 0/0.3
B. Next-hop router 172.20.2.1
C. Interface VLAN 2
D. Mask 255.255.255.0
Correct Answer: C
14. An engineer has successfully configured a Layer 3 switch with SVIs for VLANs 2 and 3. Hosts in the subnets using VLANs 2 and 3 can ping each other with the Layer 3 switch routing the packets. The next week, the network engineer receives a call that those same users can no longer ping each other. If the problem is with the Layer 3 switching function, which of the following could have caused the problem?
A. Six — or more — out of 10 working VLAN 2 access ports failing due to physical problems
B. A shutdown command issued from interface VLAN 4 configuration mode
C. VTP on the switch removing VLAN 3 from the switch’s VLAN list
D. A shutdown command issued from VLAN 2 configuration mode
E. Both C and D
F. Both B and D
Correct Answer: E
15. A LAN design uses a Layer 3 EtherChannel between two switches, SW1 and SW2, with port-channel interface 1 used on both switches. SW1 uses ports G0/1, G0/2, and G0/3 in the channel. Which of the following are true about SW1’s configuration to make the channel be able to route IPv4 packets correctly?
A. The ip address command must be on the port-channel 1 interface.
B. The ip address command must be on interface G0/1 — lowest numbered port.
C. The port-channel 1 interface must be configured with the no switchport command.
D. Interface G0/1 must be configured with the routedport command.
E. Both B and D
F. Both A and C
Correct Answer: F
16. A LAN design uses a Layer 3 EtherChannel between two switches, SW1 and SW2, with port-channel interface 1 used on both switches. SW1 uses ports G0/1 and G0/2 in the channel. However, only interface G0/1 is bundled into the channel and working. Think about the configuration settings on port G0/2 that could have existed before adding G0/2 to the EtherChannel. Which answers identify a setting that could prevent IOS from adding G0/2 to the Layer 3 EtherChannel?
A. A different STP cost (spanning-tree cost value)
B. A different speed (speed value)
C. A default setting for switchport (switchport)
D. A different access VLAN (switchport access vlan vlan-id)
E. Both A and C
F. Both B and C
Correct Answer: F
17. All 30 users on a single floor of a building are complaining about network slowness. After investigating the access switch, the network administrator notices that the MAC address table is full (10,000 entries) and all traffic is being flooded out of every port. Which action can the administrator take to prevent this from occurring?
A. Configure port-security to limit the number of mac-addresses allowed on each port
B. Upgrade the switch to one that can handle 20,000 entries
C. Configure private-vlans to prevent hosts from communicating with one another
D. Enable storm-control to limit the traffic rate
E. Configure a VACL to block all IP traffic except traffic to and from that subnet
Correct Answer: A
18. Which two keying mechanisms are available within MACsec? (Choose two.)
A. IKE
B. GDOI
C. SAP
D. MKA
E. Diffie-Hellman
Correct Answer: CD
19. Which two features are supported on the Cisco Adaptive Security Virtual Appliance? (Choose two.)
A. high availability
B. EtherChannel
C. site-to-site VPN
D. PAK-based licensing
E. multiple contexts
F. clustering
Correct Answer: AC
20. Which type of authentication and encryption does SNMPv3 use at the authPriv security level?
A. username authentication with MD5 or SHA encryption
B. MD5 or SHA authentication with DES encryption
C. username authentication with DES encryption
D. DES authentication with MD5 or SHA encryption
Correct Answer: B
21. Which identity store option allows you to modify the directory services that run on TCP/IP?
A. Lightweight Directory Access Protocol
B. RSA SecurID server
C. RADIUS
D. Active Directory
Correct Answer: A
22. Which statement about system time and NTP server configuration with Cisco ISE is true?
A. The system time and NTP server settings can be configured centrally on the Cisco ISE.
B. The system time can be configured centrally on the Cisco ISE, but NTP server settings must be configured individually on each ISE node.
C. NTP server settings can be configured centrally on the Cisco ISE, but the system time must be configured individually on each ISE node.
D. The system time and NTP server settings must be configured individually on each ISE node.
Correct Answer: D
23. Which option is required for inline security group tag propagation?
A. Cisco Secure Access Control System
B. hardware support
C. Security Group Tag Exchange Protocol (SXP) v4
D. Cisco Identity Services Engine
Correct Answer: B
24. Which protocol sends authentication and accounting in different requests?
A. RADIUS
B. TACACS+
C. EAP-Chaining
D. PEAP
E. EAP-TLS
Correct Answer: B
25. Your company network security policy requires that all network traffic be tunneled to the corporate office. End users must be able to access local LAN resources when they connect to the corporate network. Which two configurations do you implement in Cisco AnyConnect? (Choose two.)
A. split-exclude tunneling
B. local LAN access
C. static routes
D. Client Bypass Protocol
E. tunnel all
Correct Answer: BE
26. What advantage does elliptic curve cryptography have over RSA cryptography?
A. ECC compresses the enciphered data
B. ECC has wider industry adoption
C. ECC utilizes symmetric encryption for greater performance
D. ECC provides greater security with a smaller key size
Correct Answer: D
27. Which description of the Layer 4 traffic Monitor on a Cisco WSA is true?
A. monitors suspicious traffic across all the TCP/UDP ports
B. decrypts SSL traffic to monitor for malicious content
C. prevents data exfiltration by searching all the network traffic for specified sensitive information
D. blocks traffic from URL categories that are known to contain malicious content
Correct Answer: A
Note: SPOTO offers various certified exam answers and questions that cover real exam questions. we have professional tutors and experts to help all candidates. JOIN US NOW!
Comments