DON'T WANT TO MISS A THING?

Certification Exam Passing Tips

Latest exam news and discount info

Curated and up-to-date by our experts

Yes, send me the newsletter

Boost Your Preparation with Updated Cisco 350-401 ENCOR Exam Dumps

Cisco 350-401 ENCOR exam is designed to assess your proficiency in Implementing and Operating Cisco Enterprise Network Core Technologies. This comprehensive exam evaluates your knowledge and skills in implementing core enterprise network technologies. It covers a range of topics, including network infrastructure, security, automation, and more. By practicing with real Cisco 350-401 ENCOR exam questions, you'll gain valuable insights into the exam format, question types, and content areas. These questions are carefully crafted to reflect the complexity and diversity of the actual exam, helping you prepare effectively and confidently. With access to exam resources, study materials, and mock exams, you'll be well-equipped to tackle the challenges of the Cisco certification journey. Prepare thoroughly, understand the exam objectives, and master key concepts to ensure a successful passing score. Start your preparation today and take your career to new heights with Cisco certification.

Take other online exams

Question #1
What is the role of the vSmart controller in a Cisco SD-WAN environment?
A. IT performs authentication and authorization
B. It manages the control plane
C. It is the centralized network management system
D. It manages the data plane
View answer
Correct Answer: B

View The Updated 350-401 Exam Questions

SPOTO Provides 100% Real 350-401 Exam Questions for You to Pass Your 350-401 Exam!

Question #2
A customer requests a design that includes GLBP as the FHRP. The network architect discovers that the members of the GLBP group have different throughput capabilities. Which GLBP load balancing method supports this environment?
A. ound robin
B. ost dependent
C. eighted
D. east connection
View answer
Correct Answer: C
Question #3
Refer to the exhibit. Which command must be applied to Router1 to bring the GRE tunnel to an up/up state?
A. outer1(config-if)#tunnel source Loopback0
B. outer1(config-if)#tunnel mode gre multipoint
C. outer1(config-if)#tunnel source GigabitEthernet0/1
D. outer1(config)#interface tunnel0
View answer
Correct Answer: A
Question #4
A customer wants to connect a device to an autonomous Cisco AP configured as a WGB. The WGB is configured properly: however, it fails to associate to aCAPWAP-enabled AP. Which change must be applied in the advanced WLAN settings to resolve this issue?
A. nable Aironet IE
B. nable passive client
C. isable AAA override
D. isable FlexConnect local switching
View answer
Correct Answer: A
Question #5
In a Cisco SD-Access solution, what is the role of the Identity Services Engine?
A. t is leveraged for dynamic endpoint to group mapping and policy definition
B. t provides GUI management and abstraction via apps that share context
C. t is used to analyze endpoint to app flows and monitor fabric status
D. t manages the LISP EID database
View answer
Correct Answer: A
Question #6
A customer has several small branches and wants to deploy a Wi-Fi solution with local management using CAPWAP. Which deployment model meets this requirement?
A. ocal mode
B. utonomous
C. D-Access wireless
D. obility Express
View answer
Correct Answer: D
Question #7
Which statement about agent-based versus agentless configuration management tools is true?
A. Agentless tools use proxy nodes to interface with slave nodes
B. Agentless tools require no messaging systems between master and slaves
C. Agent-based tools do not require a high-level language interpreter such as Python or Ruby on slave nodes
D. Agent-based tools do not require installation of additional software packages on the slave nodes
View answer
Correct Answer: B
Question #8
What is the result when an active route processor fails in a design that combines NSF with SSO?
A. he standby route processor temporarily forwards packets until route convergence is complete
B. n NSF-aware device immediately updates the standby route processor RIB without churning the network
C. n NSF-capable device immediately updates the standby route processor RIB without churning the network
D. he standby route processor immediately takes control and forwards packets along known routes
View answer
Correct Answer: D
Question #9
What is the function of a control-plane node in a Cisco SD-Access solution?
A. o run a mapping system that manages endpoint to network device relationships
B. o implement policies and communicate with networks outside the fabric
C. o connect external Layer 3 networks to the SD-Access fabric
D. o connect APs and wireless endpoints to the SD-Access fabric
View answer
Correct Answer: A
Question #10
An engineer is describing QoS to a client. Which two facts apply to traffic policing? (Choose two)
A. Policing adapts to network congestion by queuing excess traffic
B. Policing should be performed as close to the destination as possible
C. Policing drops traffic that exceeds the defined rate
D. Policing typically delays the traffic, rather than drops it
E. Policing should be performed as close to the source as possible
View answer
Correct Answer: CE
Question #11
What is the function of vBond in a Cisco SD-WAN deployment?
A. nitiating connections with SD-WAN routers automatically
B. ushing of configuration toward SD-WAN routers
C. nboarding of SD-WAN routers into the SD-WAN overlay
D. athering telemetry data from SD-WAN routers
View answer
Correct Answer: A
Question #12
Refer to the exhibit. An engineer must configure an ERSPAN session with the remote end of the session 10.10.0.1. Which commands must be added to complete the configuration?
A. evice(config)#monitor session 1 type erspan-source Device(config-mon-erspan-src)#destination Device(config-mon-erspan-src-dst)#no origin ip address 10
B. evice(config)#monitor session 1 type erspan-source Device(config-mon-erspan-src)#destination Device(config-mon-erspan-src-dst)#no vrf 1
C. evice(config)#monitor session 1 type erspan-source Device(config-mon-erspan-src)#destination Device(config-mon-erspan-src-dst)#no origin ip address 10
D. evice(config)#monitor session 1 type erspan-destination Device(config-mon-erspan-src)#source Device(config-mon-erspan-src-dst)#origin ip address 10
View answer
Correct Answer: A
Question #13
An engineer must configure HSRP group 300 on a Cisco IOS router. When the router is functional, it must be the active HSRP router. The peer router has been configured using the default priority value. Which command set is required?
A. tandby version 2 standby 300 priority 110 standby 300 pre-empt
B. tandby 300 priority 110 standby 300 timers 1 110
C. tandby version 2 standby 300 priority 90 standby 300 pre-empt
D. tandby 300 priority 90 standby 300 pre-empt
View answer
Correct Answer: A
Question #14
How do stratum levels relate to the distance from a time source?
A. tratum 0 devices are connected directly to an authoritative time source
B. tratum 1 devices are connected directly to an authoritative time source
C. tratum 15 devices are connected directly to an authoritative time source
D. tratum 15 devices are an authoritative time source
View answer
Correct Answer: B
Question #15
Which option must be used to support a WLC with an IPv6 management address and 100 Cisco Aironet 2800 Series access points that will use DHCP to register?
A. 3
B. 2
C. 0
D. 2
View answer
Correct Answer: B
Question #16
What is the role of the vSmart controller in a Cisco SD-WAN environment?
A. dge node
B. dentity Services Engine
C. ADIUS server
D. ontrol-plane node
View answer
Correct Answer: B
Question #17
Which method does Cisco DNA Centre use to allow management of non-Cisco devices through southbound protocols?
A. t creates device packs through the use of an SDK
B. t uses an API call to interrogate the devices and register the returned data
C. t obtains MIBs from each vendor that details the APIs available
D. t imports available APIs for the non-Cisco device in a CSV format
View answer
Correct Answer: A
Question #18
Which behavior can be expected when the HSRP version is changed from 1 to 2?
A. No changes occur because the standby router is upgraded before the active router
B. No changes occur because version 1 and 2 use the same virtual MAC OUI
C. Each HSRP group reinitializes because the virtual MAC address has changed
D. Each HSRP group reinitializes because the multicast address has changed
View answer
Correct Answer: C
Question #19
Refer to the exhibit. Which action completes the configuration to achieve a dynamic continuous mapped NAT for all users?
A. econfigure the pool to use the 192
B. onfigure a match-host type NAT pool
C. ncrease the NAT pool size to support 254 usable addresses
D. onfigure a one-to-one type NAT pool
View answer
Correct Answer: C
Question #20
How does an on-premises infrastructure compare to a cloud infrastructure?
A. n-premises offers faster deployment than cloud
B. n-premises requires less power and cooling resources than cloud
C. n-premises offers lower latency for physically adjacent systems than cloud
D. n-premises can increase compute power faster than cloud
View answer
Correct Answer: C
Question #21
Which two descriptions of FlexConnect mode for Cisco APs are true? (Choose two.)
A. y entering the command spanning-tree portfast trunk in the interface configuration mode
B. y entering the command spanning-tree mst1 vlan 10,20,30,40 in the global configuration mode
C. y entering the command spanning-tree portfast in the interface configuration mode
D. y entering the command spanning-tree vlan 10,20,30,40 root primary in the interface configuration mode
View answer
Correct Answer: BE
Question #22
Which LISP infrastructure device provides connectivity between non-LISP sites and LISP sites by receiving non-LISP traffic with a LISP site destination?
A. PITR
B. map resolver
C. map server
D. PETR
View answer
Correct Answer: A
Question #23
Refer to the exhibit. Which set of commands on router R1 allow deterministic translation of private hosts PC1, PC2, and PC3 to addresses in the public space?
A. outerR1(config)#int f0/0 RouterR1(config)#ip nat inside RouterR1(config)#exit RouterR1(config)#int f0/1 RouterR1(config)#ip nat outside RouterR1(config)#exit RouterR1(config)#access-list 1 10
B. outerR1(config)#int f0/0 RouterR1(config)#ip nat inside RouterR1(config)#exit RouterR1(config)#int f0/1 RouterR1(config)#ip nat outside RouterR1(config)#exit RouterR1(config)#access-list 1 10
C. outerR1(config)#int f0/0 RouterR1(config)#ip nat inside RouterR1(config)#exit RouterR1(config)#int f0/1 RouterR1(config)#ip nat outside RouterR1(config)#exit RouterR1(config)#ip nat inside source static 10
D. outerR1(config)#int f0/0 RouterR1(config)#ip nat outside RouterR1(config)#exit RouterR1(config)#int f0/1 RouterR1(config)#ip nat inside RouterR1(config)#exit RouterR1(config)#ip nat inside source static 10
View answer
Correct Answer: C
Question #24
Refer to the exhibit. A network engineer must configure NETCONF. After creating the configuration, the engineer gets output from the command show line, but not from show running-config. Which command completes the configuration?
A. KE
B. LS
C. Psec
D. SP
View answer
Correct Answer: D
Question #25
What is the difference between a RIB and a FIB?
A. The FIB is populated based on RIB content
B. The RIB maintains a minor image of the FIB
C. The RIB is used to make IP source prefix-based switching decisions
D. The FIB is where all IP routing information is stored
View answer
Correct Answer: A
Question #26
Which JSON syntax is valid?
A. {“switch”: “name”: “dist1”, “interfaces”: [“gig1”, “gig2”, “gig3”]}
B. {/“switch/”: {/“name/”: “dist1”, /“interfaces/”: [“gig1”, “gig2”, “gig3”]}}
C. {“switch”: {“name”: “dist1”, “interfaces”: [“gig1”, “gig2”, “gig3”]}}
D. {‘switch’: (‘name’: ‘dist1’, ‘interfaces’: [‘gig1’, ‘gig2’, ‘gig3’])}
View answer
Correct Answer: C
Question #27
Which two namespaces does the LISP network architecture and protocol use? (Choose two)
A. TLOC
B. RLOC
C. DNS
D. VTEP
E. EID
View answer
Correct Answer: BE
Question #28
Refer to the exhibit. SwitchC connects HR and Sales to the Core switch. However, business needs require that no traffic from the Finance VLAN traverse this switch.Which command meets this requirement?
A. witchC(config)#vtp pruning vlan 110
B. witchC(config)#vtp pruning
C. witchC(config)#interface port-channel 1 SwitchC(config-if)#switchport trunk allowed vlan add 210,310
D. witchC(config)#interface port-channel 1 SwitchC(config-if)#switchport trunk allowed vlan remove 110
View answer
Correct Answer: D
Question #29
Which tool is used in Cisco DNA Center to build generic configurations that are able to be applied on device with similar network settings?
A. Command Runner
B. Template Editor
C. Application Policies
D. Authentication Template
View answer
Correct Answer: B
Question #30
Which IPv4 packet field carries the QoS IP classification marking?
A. D
B. TL
C. CS
D. oS
View answer
Correct Answer: D
Question #31
What does a YANG model provide?
A. tandardized data structure independent of the transport protocols
B. reation of transport protocols and their interaction with the OS
C. ser access to interact directly with the CLI of the device to receive or modify network configurations
D. tandardized data structure that can be used only with NETCONF or RESTCONF transport protocols
View answer
Correct Answer: A
Question #32
What is the structure of a JSON web token?
A. three parts separated by dots: header, payload, and signature
B. three parts separated by dots: version, header, and signature
C. header and payload
D. payload and signature
View answer
Correct Answer: A
Question #33
A network engineer must configure a router to send logging messages to a syslog server based on these requirements:-uses syslog IP address: 10.10.10.1-uses a reliable protocol-must not use any well-known TCP/UDP portsWhich configuration must be used?
A. ogging host 10
B. ogging host 10
C. ogging host 10
D. ogging origin-id 10
View answer
Correct Answer: A
Question #34
Which action is the vSmart controller responsible for in an SD-WAN deployment?
A. onboard vEdge nodes into the SD-WAN fabric
B. gather telemetry data from vEdge routers
C. distribute security information for tunnel establishment between vEdge routers
D. manage, maintain, and gather configuration and status for nodes within the SD-WAN fabric
View answer
Correct Answer: C
Question #35
Refer to the exhibit. MTU has been configured on the underlying physical topology, and no MTU command has been configured on the tunnel interfaces.What happens when a 1500-byte IPv4 packet traverses the GRE tunnel from host X to host Y, assuming the DF bit is cleared?
A. he packet is discarded on router B
B. he packet arrives on router C without fragmentation
C. he packet arrives on router C fragmented
D. he packet is discarded on router A
View answer
Correct Answer: C
Question #36
Which device makes the decision for a wireless client to roam?
A. ireless client
B. ireless LAN controller
C. ccess point
D. CS location server
View answer
Correct Answer: A
Question #37
A client with IP address 209.165.201.25 must access a web server on port 80 at 209.165.200.225. To allow this traffic, an engineer must add a statement to an access control list that is applied in the inbound direction on the port connecting to the web servers.Which statement allows this traffic?
A. permit tcp host 209
B. permit tcp host 209
C. permit tcp host 209
D. permit tcp host 209
View answer
Correct Answer: C
Question #38
What is the responsibility of a secondary WLC?
A. ext string
B. sername and password
C. ADIUS token
D. ertificate
View answer
Correct Answer: B
Question #39
Which two security features are available when implementing NTP? (Choose two.)
A. symmetric server passwords
B. dock offset authentication
C. broadcast association mode
D. encrypted authentication mechanism
E. access list-based restriction scheme
View answer
Correct Answer: DE
Question #40
What is a characteristic of Cisco StackWise technology?
A. t is supported on the Cisco 4500 series
B. t supports devices that are geographically separated
C. t combines exactly two devices
D. t uses proprietary cabling
View answer
Correct Answer: D
Question #41
Refer to the exhibit. POSTMAN is showing an attempt to retrieve network device information from Cisco DNA Center API. What is the issue?
A. he URI string is incorrect
B. he token has expired
C. uthentication has failed
D. he JSON payload contains the incorrect UUI
View answer
Correct Answer: A
Question #42
Which AP mode allows a supported AP to function like a WLAN client would, associating and identifying client connectivity issues?
A. lient mode
B. E-connect mode
C. ensor mode
D. niffer mode
View answer
Correct Answer: C
Question #43
Refer to the exhibit. Cisco IOS routers R1 and R2 are interconnected using interface Gi0/0. Which configuration allows R1 and R2 to form an OSPF neighborship on interface Gi0/0?
A. GP is not running on RouterCHI
B. here is a static route in RouterSF for 10
C. he route from RouterDAL has a lower MED
D. he Router-ID for Router DAL is lower than the Router-ID for RouterCHI
View answer
Correct Answer: C
Question #44
Refer to the exhibit. Which statement about the OSPF debug output is true?
A. Ps are required only when using protocol independent multicast dense mode
B. Ps are required for protocol independent multicast sparse mode and dense mode
C. y default, the RP is needed periodically to maintain sessions with sources and receivers
D. y default, the RP is needed only to start new sessions with sources and receivers
View answer
Correct Answer: A
Question #45
Refer to the exhibit. Which action resolves the EtherChannel issue between SW2 and SW3?
A. igabitEthernet0/0 and GigabitEthernet0/1
B. nly GigabitEthernet0/1
C. nly GigabitEthernet0/0
D. igabitEthernet0/1 and GigabitEthernet0/1
View answer
Correct Answer: C
Question #46
What is the difference between the enable password and the enable secret password when service password encryption is enabled on an IOS device?
A. The enable secret password is protected via stronger cryptography mechanisms
B. The enable password cannot be decrypted
C. The enable password is encrypted with a stronger encryption method
D. There is no difference and both passwords are encrypted identically
View answer
Correct Answer: A
Question #47
Refer to the exhibit. The network administrator must be able to perform configuration changes when all the RADIUS servers are unreachable. Which configuration allows all commands to be authorized if the user has successfully authenticated?
A. aa authentication login default group radius local none
B. aa authorization exec default group radius
C. aa authorization exec default group radius if-authenticated
D. aa authorization exec default group radius none
View answer
Correct Answer: C
Question #48
What is the difference between a RIB and a FIB?
A. The FIB is populated based on RIB content
B. The RIB maintains a minor image of the FIB
C. The RIB is used to make IP source prefix-based switching decisions
D. The FIB is where all IP routing information is stored
View answer
Correct Answer: A
Question #49
What is one difference between EIGRP and OSPF?
A. IGRP uses the DUAL distance vector algorithm, and OSPF uses the Dijkstra link-state algorithm
B. SPF uses the DUAL distance vector algorithm, and EIGRP uses the Dijkstra link-state algorithm
C. IGRP uses the variance command for unequal cost load balancing, and OSPF supports unequal cost balancing by default
D. SPF is a Cisco proprietary protocol, and EIGRP is an IETF open standard protocol
View answer
Correct Answer: A
Question #50
Which statement about TLS is accurate when using RESTCONF to write configurations on network devices?
A. nterface between the controller and the consumer
B. ESTful API interface for orchestrator communication
C. nterface between the controller and the network devices
D. ETCONF API interface for orchestrator communication
View answer
Correct Answer: C
Question #51
An engineer must protect their company against ransom ware attacks. Which solution allows the engineer to block the execution stage and prevent file encryption?
A. Use Cisco AMP deployment with the Malicious Activity Protection engineer enabled
B. Use Cisco AMP deployment with the Exploit Prevention engine enabled
C. Use Cisco Firepower and block traffic to TOR networks
D. Use Cisco Firepower with Intrusion Policy and snort rules blocking SMB exploitation
View answer
Correct Answer: A
Question #52
Refer to the exhibit.Ccommunication between London and New York is down. Which command set must be applied to the NewYork switch to resolve the issue?
A. ewYork(config)#no interface po1 NewYork(config)#interface range fa0/1-2 NewYork(config-if)#channel-group 1 mode negotiate NewYork(config-if)#end NewYork#
B. ewYork(config)#no interface po1 NewYork(config)#interface range fa0/1-2 NewYork(config-if)#channel-group 1 mode on NewYork(config-if)#end NewYork#
C. ewYork(config)#no interface po1 NewYork(config)#interface range fa0/1-2 NewYork(config-if)#channel-group 1 mode passive NewYork(config-if)#end NewYork#
D. ewYork(config)#no interface po1 NewYork(config)#interface range fa0/1-2 NewYork(config-if)#channel-group 1 mode auto NewYork(config-if)#end NewYork#
View answer
Correct Answer: C
Question #53
Which function does a fabric edge node perform in an SD-Access deployment?
A. Connects endpoints to the fabric and forwards their traffic
B. Encapsulates end-user data traffic into LISP
C. Connects the SD-Access fabric to another fabric or external Layer 3 networks
D. Provides reachability between border nodes in the fabric underlay
View answer
Correct Answer: A
Question #54
What is one fact about Cisco SD-Access wireless network deployments?
A. he access point is part of the fabric overlay
B. he wireless client is part of the fabric overlay
C. he access point is part of the fabric underlay
D. he WLC is part of the fabric underlay
View answer
Correct Answer: A
Question #55
Which reason could cause an OSPF neighborship to be in the EXSTART/EXCHANGE state?
A. mismatched OSPF link costs
B. mismatched OSPF network type
C. mismatched areas
D. mismatched MTU size
View answer
Correct Answer: D
Question #56
Which standard access control entry permits traffic from odd-numbered hosts in the 10.0.0.0/24 subnet?
A. permit 10
B. permit 10
C. permit 10
D. permit 10
View answer
Correct Answer: B
Question #57
DRAG DROP (Drag and Drop is not supported)Drag and drop the LISP components from the left onto the functions they perform on the right. Not all options are used.Select and Place:
A. unnelling traffic from IPv6 to IPv4 VXLANs
B. llowing encrypted communication on the local VXLAN Ethernet segment
C. ncapsulating and de-encapsulating VXLAN Ethernet frames
D. unnelling traffic from IPv4 to IPv6 VXLANs
View answer
Correct Answer: A
Question #58
What are two reasons why broadcast radiation is caused in the virtual machine environment? (Choose two)
A. vSwitch must interrupt the server CPU to process the broadcast packet
B. The Layer 2 domain can be large in virtual machine environments
C. Virtual machines communicate primarily through broadcast mode
D. Communication between vSwitch and network switch is broadcast based
E. Communication between vSwitch and network switch is multicast based
View answer
Correct Answer: AB
Question #59
Refer to the exhibit. What is the effect of this configuration?
A. he device will allow users at 192
B. he device will authenticate all users connecting to vty lines 0 through 4 against TACACS+
C. he device will allow only users at 192
D. hen users attempt to connect to vty lines 0 through 4, the device will authenticate them against TACACS+ if local authentication fails
View answer
Correct Answer: B
Question #60
Which feature does Cisco TrustSec use to provide scalable, secure communication throughout a network?
A. security group tag ACL assigned to each port on a switch
B. security group tag number assigned to each user on a switch
C. security group tag number assigned to each port on a network
D. security group tag ACL assigned to each router on a network
View answer
Correct Answer: B
Question #61
A company plans to implement intent-based networking in its campus infrastructure. Which design facilities a migrate from a traditional campus design to a programmer fabric designer?
A. Layer 2 access
B. three-tier
C. two-tier
D. routed access
View answer
Correct Answer: D
Question #62
Which protocol does REST API rely on to secure the communication channel?
A. TTP
B. SH
C. TTPS
D. CP
View answer
Correct Answer: C
Question #63
What does the Cisco DNA Center use to enable the delivery of applications through a network and to yield analytics for innovation?
A. process adapters
B. Command Runner
C. intent-based APIs
D. domain adapters
View answer
Correct Answer: C
Question #64
What does the number in an NTP stratum level represent?
A. pply the correct interface to this WLAN
B. pply the changes this SSID
C. elect the PSK under authentication key management
D. efine the correct Radio Policy
View answer
Correct Answer: A
Question #65
How does EIGRP differ from OSPF?
A. IGRP is more prone to routing loops than OSPF
B. IGRP uses more CPU and memory than OSPF
C. IGRP has a full map of the topology, and OSPF only knows directly connected neighbors
D. IGRP supports equal or unequal path cost, and OSPF supports only equal path cost
View answer
Correct Answer: D
Question #66
Which controller is the single plane of management for Cisco SD-WAN?
A. vBond
B. vSmart
C. vManage
D. vEdge?
View answer
Correct Answer: C
Question #67
What is a characteristic of a WLC that is in master controller mode?
A. onfiguration on the master controller is executed on all wireless LAN controllers
B. he master controller is responsible for load balancing all connecting clients to other controllers
C. ll new APs that join the WLAN are assigned to the master controller
D. ll wireless LAN controllers are managed by the master controller
View answer
Correct Answer: C
Question #68
In which part of the HTTP message is the content type specified?
A. HTTP method
B. body
C. header
D. URI
View answer
Correct Answer: C
Question #69
An engineer must protect their company against ransom ware attacks. Which solution allows the engineer to block the execution stage and prevent file encryption?
A. Use Cisco AMP deployment with the Malicious Activity Protection engineer enabled
B. Use Cisco AMP deployment with the Exploit Prevention engine enabled
C. Use Cisco Firepower and block traffic to TOR networks
D. Use Cisco Firepower with Intrusion Policy and snort rules blocking SMB exploitation
View answer
Correct Answer: A
Question #70
Which component of the Cisco Cyber Threat Defense solution provides user and flow context analysis?
A. Cisco Firepower and FireSIGHT
B. Cisco Stealth watch system
C. Advanced Malware Protection
D. Cisco Web Security Appliance
View answer
Correct Answer: B
Question #71
In which two ways does the routing protocol OSPF differ from EIGRP? (Choose two.)
A. aa authorization exec default group ISE-Servers local enable
B. aa authentication login error-enable aaa authentication login default group enable local ISE-Servers
C. aa authentication login default group ISE-Servers local enable
D. aa authentication login default group enable local ISE-Servers
View answer
Correct Answer: BD
Question #72
A network administrator is implementing a routing configuration change and enables routing debugs to track routing behavior during the change. The logging output on the terminal is interrupting the command typing process.Which two actions can the network administrator take to minimize the possibility of typing commands incorrectly? (Choose two.)
A. Configure the logging synchronous global configuration command
B. Configure the logging synchronous command under the vty
C. Increase the number of lines on the screen using the terminal length command
D. Configure the logging delimiter feature
E. Press the TAB key to reprint the command in a new line
View answer
Correct Answer: BE
Question #73
What is a benefit of data modeling languages like YANG?
A. They create more secure and efficient SNMP OIDs
B. They provide a standardized data structure, which results in configuration scalability and consistency
C. They enable programmers to change or write their own applications within the device operating system
D. They make the CLI simpler and more efficient
View answer
Correct Answer: B
Question #74
Refer to the exhibit. An engineer must deny HTTP traffic from host A to host B while allowing all other communication between the hosts. Drag and drop the commands into the configuration to achieve these results. Some commands may be used more than once. Not all commands are used.Select and Place:
A. sername netadmin secret 5 $1$b1Ju$kZbBS1Pyh4QzwXyZ1kSZ2
B. sername netadmin secret 9 $9$vFpMf8elb4RVV8$seZ/bDAx1uV
C. sername netadmin secret $1$b1Ju$k406689705QzwXyZ1kSZ2
D. ine Console 0 password $1$b1Ju$
View answer
Correct Answer: A
Question #75
By default, which virtual MAC address does HSRP group 14 use?
A. 4:17:01:05:7c:0e
B. 0:05:0c:07:ac:14
C. 0:00:0c:07:ac:0e
D. 0:05:5e:19:0c:14
View answer
Correct Answer: C
Question #76
Running the script causes the output in the exhibit. Which change to the first line of the script resolves the error?
A. rom ncclient import
B. mport manager
C. rom ncclient import *
D. mport ncclient manager
View answer
Correct Answer: C
Question #77
In a Cisco SD-Access fabric, which control plane protocol is used for mapping and resolving endpoints?
A. HCP
B. XLAN
C. XP
D. ISP
View answer
Correct Answer: D
Question #78
What are the main components of Cisco TrustSec?
A. isco ISE and Enterprise Directory Services
B. isco ISE, network switches, firewalls, and routers
C. isco ISE and TACACS+
D. isco ASA and Cisco Firepower Threat Defense
View answer
Correct Answer: B
Question #79
Which privilege level is assigned to VTY users?
A. 1
B. 7
C. 13
D. 15
View answer
Correct Answer: A
Question #80
Refer to this output.R1# *Feb 14 37:09:53.129: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/1, changed state to upWhat is the logging severity level?
A. otification
B. mergency
C. ritical
D. lert
View answer
Correct Answer: A
Question #81
What is the function of the fabric control plane node in a Cisco SD-Access deployment?
A. t is responsible for policy application and network segmentation in the fabric
B. t performs traffic encapsulation and security profiles enforcement in the fabric
C. t holds a comprehensive database that tracks endpoints and networks in the fabric
D. t provides integration with legacy nonfabric-enabled environments
View answer
Correct Answer: C
Question #82
Refer to the exhibit. An engineer must configure a SPAN session.What is the effect of the configuration?
A. raffic received on VLANs 10, 11, and 12 is copied and sent to interface g0/1
B. raffic sent on VLANs 10 and 12 only is copied and sent to interface g0/1
C. raffic sent on VLANs 10, 11, and 12 is copied and sent to interface g0/1
D. raffic received on VLANs 10 and 12 only is copied and sent to interface g0/1
View answer
Correct Answer: A
Question #83
Refer to the exhibit. Which code results in the working Python script displaying a list of network devices from the Cisco DNA Center?
A. etwork_device_list(dnac[host], dnac[username],dnac[password]) login = dnac_login(dnac) print(dnac_devices)
B. ogin = dnac_login(dnac[host], dnac[username], dnac[password]) network_device_list(dnac, login) print(dnac_devices)
C. ogin = dnac_login(dnac[host], dnac[username], dnac[password]) network_device_list(dnac, login) for item in dnac_devices: print(dnac_devices
D. etwork_device_list(dnac[host], dnac[username], dnac[password]) login = dnac_login(dnac) for item in dnac_devices: print(dnac_devices
View answer
Correct Answer: B
Question #84
Which statement about VXLAN is true?
A. XLAN encapsulates a Layer 2 frame in an IP-UDP header, which allows Layer 2 adjacency across router boundaries
B. XLAN uses the Spanning Tree Protocol for loop prevention
C. XLAN extends the Layer 2 Segment ID field to 24-bits, which allows up to 4094 unique Layer 2 segments over the same network
D. XLAN uses TCP as the transport protocol over the physical data centre network
View answer
Correct Answer: A
Question #85
Which DNS lookup does an access point perform when attempting CAPWAP discovery?
A. ISCO-CONTROLLER
B. APWAP-CONTROLLER
C. ISCO-CAPWAP-CONTROLLER
D. ISCO-DNA-CONTROLLER
View answer
Correct Answer: C
Question #86
Which statement about TLS is true when using RESTCONF to write configurations on network devices?
A. It is used for HTTP and HTTPS requests
B. It requires certificates for authentication
C. It is provided using NGINX acting as a proxy web server
D. It is not supported on Cisco devices
View answer
Correct Answer: C
Question #87
Which method of account authentication does OAuth 2.0 use within REST APIs?
A. sername/role combination
B. ccess tokens
C. ookie authentication
D. asic signature workflow
View answer
Correct Answer: B
Question #88
What is the role of the RP in PIM sparse mode?
A. he RP maintains default aging timeouts for all multicast streams requested by the receivers
B. he RP acts as a control-plane node only and does not receive or forward multicast packets
C. he RP is the multicast router that is the root of the PIM-SM shared multicast distribution tree
D. he RP responds to the PIM join messages with the source of a requested multicast group
View answer
Correct Answer: C
Question #89
Refer to the exhibit. A network engineer must configure a password expiry mechanism on the gateway router for all local passwords to expire after 60 days. What is required to complete this task?
A. dd the username admin privilege 15 common-criteria-policy Administrators password 0 Cisco13579! command
B. he password expiry mechanism is on the AAA server and must be configured there
C. dd the aaa authentication enable default Administrators command
D. o further action is required
View answer
Correct Answer: A
Question #90
Which statement about Cisco Express Forwarding is true?
A. The CPU of a router becomes directly involved with packet switching decisions
B. It uses a fast cache that is maintained in a router data plane
C. It maintains two tables in the data plane: the FIB and adjacency table
D. It makes forwarding decisions by a process that is scheduled through the IOS scheduler
View answer
Correct Answer: C
Question #91
If a client's radio device receives a signal strength of -67 dBm and the noise floor is -85 dBm, what is the SNR value?
A. 5 dB
B. 6 dB
C. 8 dB
D. 0 dB
View answer
Correct Answer: C
Question #92
What do Cisco DNA southbound APIs provide?
A. interface between the controller and the consumer
B. RESTful API interface for orchestrator communication
C. interface between the controller and the network devices
D. NETCONF API interface for orchestrator communication
View answer
Correct Answer: C
Question #93
On which protocol or technology is the fabric data plane based in Cisco SD-Access fabric?
A. XLAN
B. ISP
C. isco TrustSec
D. S-IS
View answer
Correct Answer: A
Question #94
Which NTP Stratum level is a server that is connected directly to an authoritative time source?
A. tratum 0
B. tratum 1
C. tratum 14
D. tratum 15
View answer
Correct Answer: B
Question #95
Which protocol infers that a YANG data model is being used?
A. SNMP
B. REST
C. RESTCONF
D. NX-API
View answer
Correct Answer: C
Question #96
Which function does a fabric edge node perform in an SD-Access deployment?
A. Connects endpoints to the fabric and forwards their traffic
B. Encapsulates end-user data traffic into LISP
C. Connects the SD-Access fabric to another fabric or external Layer 3 networks
D. Provides reachability between border nodes in the fabric underlay
View answer
Correct Answer: A
Question #97
What are two reasons why broadcast radiation is caused in the virtual machine environment? (Choose two)
A. vSwitch must interrupt the server CPU to process the broadcast packet
B. The Layer 2 domain can be large in virtual machine environments
C. Virtual machines communicate primarily through broadcast mode
D. Communication between vSwitch and network switch is broadcast based
E. Communication between vSwitch and network switch is multicast based
View answer
Correct Answer: AB
Question #98
How do cloud deployments differ from on-premises deployments?
A. loud deployments require longer implementation times than on-premises deployments
B. loud deployments are more customizable than on-premises deployments
C. loud deployments have lower upfront costs than on-premises deployments
D. loud deployments require less frequent upgrades than on-premises deployments
View answer
Correct Answer: C
Question #99
What is the difference between the enable password and the enable secret password when service password encryption is enabled on an IOS device?
A. The enable secret password is protected via stronger cryptography mechanisms
B. The enable password cannot be decrypted
C. The enable password is encrypted with a stronger encryption method
D. There is no difference and both passwords are encrypted identically
View answer
Correct Answer: A
Question #100
Which access point mode allows a supported AP to function like a WLAN client would, associating and identifying client connectivity issues?
A. client mode
B. SE-connect mode
C. sensor mode
D. sniffer mode
View answer
Correct Answer: C
Question #101
Which benefit is offered by a cloud infrastructure deployment but is lacking in an on-premises deployment?
A. efficient scalability
B. virtualization
C. storage capacity
D. supported systems
View answer
Correct Answer: A
Question #102
A response code of 404 is received while using the REST API on Cisco DNA Center to POST to this URI: /dna/intent/api/v1/template-programmer/project What does the code mean?
A. The POST/PUT request was fulfilled and a new resource was created
B. The request was accepted for processing, but the processing was not completed
C. The client made a request for a resource that does not exist
D. The server has not implemented the functionality that is needed to fulfill the request
View answer
Correct Answer: C
Question #103
What does a northbound API accomplish?
A. rogrammatic control of abstracted network resources through a centralized controller
B. ccess to controlled network resources from a centralized node
C. ommunication between SDN controllers and physical switches
D. ontrolled access to switches from automated security applications
View answer
Correct Answer: A
Question #104
Refer to the exhibit. Rapid PVST+ is enabled on all switches. Which command set must be configured on Switch1 to achieve the following results on port fa0/1?-When a device is connected, the port transitions immediately to a forwarding state.-The interface should not send or receive BPDUs.-If a BPDU is received, it continues operating normally.
A. et the MED to 1 on PE2 toward BR2 outbound
B. et the origin to igp on BR2 toward PE2 inbound
C. et the weight attribute to 65,535 on BR1 toward PE1
D. et the local preference to 150 on PE1 toward BR1 outbound
View answer
Correct Answer: A
Question #105
Why is an AP joining a different WLC than the one specified through option 43?
A. The WLC is running a different software version
B. The API is joining a primed WLC
C. The AP multicast traffic unable to reach the WLC through Layer 3
D. The APs broadcast traffic is unable to reach the WLC through Layer 2
View answer
Correct Answer: B
Question #106
Which two descriptions of FlexConnect mode for Cisco APs are true?(Choose two.)
A. APs that operate in FlexConnect mode cannot detect rogue APs
B. FlexConnect mode is used when the APs are set up in a mesh environment and used to bridge between each other
C. FlexConnect mode is a feature that is designed to allow specified CAPWAP-enabled APs to exclude themselves from managing data traffic between clients and infrastructure
D. When connected to the controller, FlexConnect APs can tunnel traffic back to the controller
E. FlexConnect mode is a wireless solution for branch office and remote office deployments
View answer
Correct Answer: DE
Question #107
Which two methods are used by an AP that is trying to discover a wireless LAN controller? (Choose two.)
A. Cisco Discovery Protocol neighbor
B. querying other APs
C. DHCP Option 43
D. broadcasting on the local subnet
E. DNS lookup CISCO-DNA-PRIMARY
View answer
Correct Answer: CD
Question #108
Which two Cisco SD-WAN components exchange OMP information? (Choose two.)
A. he number of hops it takes to reach the authoritative time source
B. he amount of offset between the device clock and true time
C. he number of hops it takes to reach the primary time server
D. he amount of drift between the device clock and true time
View answer
Correct Answer: AE
Question #109
Which statement about multicast RPs is true?
A. RPs are required only when using protocol independent multicast dense mode
B. RPs are required for protocol independent multicast sparse mode and dense mode
C. By default, the RP is needed periodically to maintain sessions with sources and receivers
D. By default, the RP is needed only to start new sessions with sources and receivers
View answer
Correct Answer: D
Question #110
When does a Cisco StackWise primary switch lose its role?
A. hen a switch with a higher priority is added to the stack
B. hen a stack member fails
C. hen the priority value of a stack member is changed to a higher value
D. hen the stack primary is reset
View answer
Correct Answer: D
Question #111
Which free application has the ability to make REST calls against Cisco DNA Center?
A. PI Explorer
B. EST Explorer
C. ostman
D. ozilla
View answer
Correct Answer: C
Question #112
Which action is the vSmart controller responsible for in an SD-WAN deployment?
A. onboard vEdge nodes into the SD-WAN fabric
B. gather telemetry data from vEdge routers
C. distribute security information for tunnel establishment between vEdge routers
D. manage, maintain, and gather configuration and status for nodes within the SD-WAN fabric
View answer
Correct Answer: C
Question #113
Refer to the exhibit. Which command set must be added to the configuration to analyze 50 packets out of every 100?
A. o transport data between a controller and a network device
B. o model data for NETCONF
C. o access data using SNMP
D. o translate JSON into an equivalent XML syntax
View answer
Correct Answer: D
Question #114
Which feature does Cisco TrustSec use to provide scalable, secure communication throughout a network?
A. ecurity group tag ACL assigned to each port on a switch
B. ecurity group tag number assigned to each user on a switch
C. ecurity group tag number assigned to each port on a network
D. ecurity group tag ACL assigned to each router on a network
View answer
Correct Answer: B
Question #115
An engineer must design a wireless network for a school system based on these requirements:-The network must be able to triangulate client location based on RSSI.-Each client must be able to sustain 5 Mbps of throughput at all times.-Each classroom has up to 30 clients.-Primary coverage is 5 GHz.Which design should be used?
A. lace APs in a grid orientation throughout the building, located as close as possible to the center of each classroom
B. ount one AP in the center of each classroom
C. pace APs evenly on both sides of the hallways
D. lace APs near exterior walls and corners of the building, and fill in the center area with a staggered pattern
View answer
Correct Answer: D
Question #116
Which component does Cisco Threat Defence use to measure bandwidth, application performance, and utilization?
A. rustSec
B. dvanced Malware Protection for Endpoints
C. etFlow
D. isco Umbrella
View answer
Correct Answer: C
Question #117
Refer to the exhibit. Which type of antenna do the radiation patterns present?
A. agi
B. atch
C. mnidirectional
D. ipole
View answer
Correct Answer: B
Question #118
Which AP mode allows an engineer to scan configured channels for rogue access points?
A. onitor
B. ridge
C. ocal
D. niffer
View answer
Correct Answer: A
Question #119
Refer to the exhibit. Based on the configuration in this WLAN security setting, which method can a client use to authenticate to the network?
A. he client has incorrect credentials stored for the configured broadcast SSID
B. he hidden SSID was not manually configured on the client
C. he broadcast SSID was not manually configured on the client
D. he client has incorrect credentials stored for the configured hidden SSI
View answer
Correct Answer: A
Question #120
Wireless users report frequent disconnections from the wireless network. While troubleshooting, a network engineer finds that after the user is disconnected, the connection re-establishes automatically without any input required. The engineer also notices these message logs:AP 'AP2' is down. Reason: Radio channel set. 6:54:04 PMAP 'AP4' is down. Reason: Radio channel set. 6:44:49 PMAP 'AP7' is down. Reason: Radio channel set. 6:34:32 PMWhich action reduces the user impact?
A. nable coverage hole detection
B. ncrease the AP heartbeat timeout
C. nable BandSelect
D. ncrease the dynamic channel assignment interval
View answer
Correct Answer: D
Question #121
What is a fact about Cisco EAP-FAST?
A. t requires a client certificate
B. t is an IETF standard
C. t does not require a RADIUS server certificate
D. t operates in transparent mode
View answer
Correct Answer: C
Question #122
Which statement about route targets is true when using VRF-Lite?
A. Route targets control the import and export of routes into a customer routing table
B. When BGP is configured, route targets are transmitted as BGP standard communities
C. Route targets allow customers to be assigned overlapping addresses
D. Route targets uniquely identify the customer routing table
View answer
Correct Answer: A
Question #123
Refer to the exhibit. An engineer configures HSRP and enters the show standby command. Which two facts about the network environment are derived from the output? (Choose two.)
A. 2(config)#interface Gi0/0 R2(config-if)#ip ospf cost 1
B. 1(config)#router ospf 1 R1(config-if)#network 172
C. 1(config)#router ospf 1 R1(config-router)#no passive-interface Gi0/0
D. 2(config)#router ospf 1 R2(config-router)#passive-interface Gi0/0
View answer
Correct Answer: BC
Question #124
When using TLS for syslog, which configuration allows for secure and reliable transportation of messages to its default port?
A. logging host 10
B. logging host 10
C. logging host 10
D. logging host 10
View answer
Correct Answer: C
Question #125
What are two benefits of virtualizing the server with the use of VMs in a data centre environment? (Choose two.)
A. oute targets control the import and export of routes into a customer routing table
B. hen BGP is configured, route targets are transmitted as BGP standard communities
C. oute targets allow customers to be assigned overlapping addresses
D. oute targets uniquely identify the customer routing table
View answer
Correct Answer: AD
Question #126
Which PAgP mode combination prevents an EtherChannel from forming?
A. auto/desirable
B. desirable/desirable
C. desirable/auto
D. auto/auto
View answer
Correct Answer: D
Question #127
A system must validate access rights to all its resources and must not rely on a cached permission matrix. If the access level to a given resource is revoked but is not reflected in the permission matrix, the security is violated. Which term refers to this REST security design principle?
A. conomy of mechanism
B. omplete mediation
C. eparation of privilege
D. east common mechanism
View answer
Correct Answer: B
Question #128
Refer to the exhibit. An engineer must configure static NAT on R1 to allow users HTTP access to the web server on TCP port 80. The web server must be reachable through ISP 1 and ISP 2. Which command set should be applied to R1 to fulfill these requirements?
A. p nat inside source static tcp 10
B. p nat inside source static tcp 10
C. p nat inside source static tcp 10
D. p nat inside source static tcp 10
View answer
Correct Answer: A
Question #129
Which First Hop Redundancy Protocol should be used to meet a design requirements for more efficient default bandwidth usage across multiple devices?
A. GLBP
B. LCAP
C. HSRP
D. VRRP
View answer
Correct Answer: A
Question #130
Which character formatting is required for DHCP Option 43 to function with current AP models?
A. D5
B. ase64
C. SCII
D. ex
View answer
Correct Answer: D
Question #131
In a wireless Cisco SD-Access deployment, which roaming method is used when a user moves from one AP to another on a different access switch using a singleWLC?
A. ayer 3
B. nter-xTR
C. uto anchor
D. ast roam
View answer
Correct Answer: B
Question #132
Which two protocols are used with YANG data models? (Choose two.)
A. TLS
B. RESTCONF
C. SSH
D. NETCONF
E. HTTPS
View answer
Correct Answer: BD
Question #133
A local router shows an EBGP neighbor in the Active state. Which statement is true about the local router?
A. The local router is attempting to open a TCP session with the neighboring router
B. The local router is receiving prefixes from the neighboring router and adding them in RIB-IN
C. The local router has active prefixes in the forwarding table from the neighboring router
D. The local router has BGP passive mode configured for the neighboring router
View answer
Correct Answer: A
Question #134
What is the function of a VTEP in VXLAN?
A. rovide the routing underlay and overlay for VXLAN headers
B. ynamically discover the location of end hosts in a VXLAN fabric
C. ncapsulate and de-encapsulate traffic into and out of the VXLAN fabric
D. tatically point to end host locations of the VXLAN fabric
View answer
Correct Answer: C
Question #135
A customer wants to use a single SSID to authenticate IoT devices using different passwords. Which Layer 2 security type must be configured in conjunction withCisco ISE to achieve this requirement?
A. entral Web Authentication
B. isco Centralized Key Management
C. dentity PSK
D. ast Transition
View answer
Correct Answer: C
Question #136
Which feature is supported by EIGRP but is not supported by OSPF?
A. route filtering
B. unequal-cost load balancing
C. route summarization
D. equal-cost load balancing
View answer
Correct Answer: B
Question #137
Which two steps are required for a complete Cisco DNA Center upgrade? (Choose two.)
A. vent manager applet ondemand event none action 1
B. vent manager applet ondemand action 1
C. vent manager applet ondemand event register action 1
D. vent manager applet ondemand event manual action 1
View answer
Correct Answer: BE
Question #138
Which First Hop Redundancy Protocol maximizes uplink utilization and minimizes the amount of configuration that is necessary?
A. GLBP
B. HSRP v2
C. VRRP
D. HSRP v1
View answer
Correct Answer: A
Question #139
Refer to the exhibit. Communication between R2 and R3 over FastEthenet1/1 falls. What is the root cause of the failure?
A. t allows host mobility only in the wireless network
B. t is based on VXLAN technology
C. ach router processes every possible destination and route
D. t stores remote routes in a centralized database server
View answer
Correct Answer: A
Question #140
Refer to the exhibit. Security policy requires all idle exec sessions to be terminated in 600 seconds.Which configuration achieves this goal?
A. ine vty 0 15 absolute-timeout 600
B. ine vty 0 15 no exec-timeout
C. ine vty 0 15 exec-timeout 10 0
D. ine vty 0 4 exec-timeout 600
View answer
Correct Answer: C
Question #141
An engineer is troubleshooting the AP join process using DNS. Which FQDN must be resolvable on the network for the access points to successfully register to the WLC?
A. plink and Downlink Orthogonal Frequency Division Multiple Access
B. hannel bonding
C. i-Fi Protected Access 3
D. 096 Quadrature Amplitude Modulation Mode
View answer
Correct Answer: B
Question #142
Where is radio resource management performed in a Cisco SD-Access wireless solution?
A. NA Center
B. ontrol plane node
C. ireless controller
D. isco CMX
View answer
Correct Answer: C
Question #143
Which protocol does REST API rely on to secure the communication channel?
A. HTTP
B. SSH
C. HTTPS
D. TCP
View answer
Correct Answer: C
Question #144
Which two actions, when applied in the LAN network segment, will facilitate Layer 3 CAPWAP discovery for lightweight AP? (Choose two.)
A. onfigure switchport mode trunk on SW2
B. onfigure switchport nonegotiate on SW3
C. onfigure channel-group 1 mode desirable on both interfaces
D. onfigure channel-group 1 mode active on both interfaces
View answer
Correct Answer: AC
Question #145
If the maximum power level assignment for global TPC 802.11a/n/ac is configured to 10 dBm. which power level effectively doubles the transmit power?
A. 3 dBm
B. 4 dBm
C. 7 dBm
D. 0 dBm
View answer
Correct Answer: A
Question #146
How does QoS traffic shaping alleviate network congestion?
A. It drops packets when traffic exceeds a certain bitrate
B. It buffers and queue packets above the committed rate
C. It fragments large packets and queues them for delivery
D. It drops packets randomly from lower priority queues
View answer
Correct Answer: B
Question #147
Refer to the exhibit. A network engineer configures a GRE tunnel and enters the show interface tunnel command. What does the output confirm about the configuration?
A. he keepalive value is modified from the default value
B. he physical interface MTU is 1476 bytes
C. he tunnel mode is set to the default
D. nterface tracking is configured
View answer
Correct Answer: C
Question #148
What function does VXLAN perform in a Cisco SD-Access deployment?
A. olicy plane forwarding
B. ontrol plane forwarding
C. ata plane forwarding
D. ystems management and orchestration
View answer
Correct Answer: C
Question #149
Which statement about Cisco Express Forwarding is true?
A. The CPU of a router becomes directly involved with packet switching decisions
B. It uses a fast cache that is maintained in a router data plane
C. It maintains two tables in the data plane: the FIB and adjacency table
D. It makes forwarding decisions by a process that is scheduled through the IOS scheduler
View answer
Correct Answer: C
Question #150
Refer to the exhibit. VLANs 50 and 60 exist on the trunk links between all switches. All access ports on SW3 are configured for VLAN 50 and SW1 is the VTP server.Which command ensures that SW3 receives frames only from VLAN 50?
A. W1(config)#vtp mode transparent
B. W3(config)#vtp mode transparent
C. W2(config)#vtp pruning
D. W1(config)#vtp pruning
View answer
Correct Answer: D
Question #151
Which statement about an RSPAN session configuration is true?
A. Only one session can be configured at a time
B. A special VLAN type must be used as the RSPAN destination
C. A filter must be configured for RSPAN sessions
D. Only incoming traffic can be monitored
View answer
Correct Answer: B
Question #152
Refer the exhibit. Which configuration elects SW4 as the root bridge for VLAN 1 and puts G0/2 on SW2 into a blocking state?
A. W4(config)#spanning-tree vlan 1 priority 0 !SW2(config)#int G0/2SW2(config-if)#spanning-tree cost 128
B. W4(config)#spanning-tree vlan 1 priority 0 !SW2(config)#interface G0/2SW2(config-if)#spanning-tree vlan 1 port-priority 64
C. W4(config)#spanning-tree vlan 1 priority 32768 !SW2(config)#int G0/2SW2(config-if)#spanning-tree cost 128
D. W4(config)#spanning-tree vlan 1 priority 32768 !SW2(config)#interface G0/2SW2(config-if)#spanning-tree vlan 1 port-priority 0
View answer
Correct Answer: A
Question #153
Refer to the exhibit. Which command set completes the ERSPAN session configuration?
A. onitor session 11 type erspan-destinationdestination interface GigabitEthemet4source erspan-id 11ip address 10
B. onitor session 12 type erspan-destinationdestination interface GigabitEthernet4source erspan-id 12ip address 10
C. onitor session 11 type erspan-destinationdestination interface GigabitEthernet4source erspan-id 12ip address 10
D. onitor session 12 type erspan-destinationdestination interface GigabitEthernet4source erspan-id 11ip address 10
View answer
Correct Answer: B
Question #154
In a wireless network environment, what is calculated using the numerical values of the transmitter power level, cable loss, and antenna gain?
A. NR
B. SSI
C. IRP
D. Bi
View answer
Correct Answer: C
Question #155
Refer to the exhibit. The WLC administrator sees that the controller to which a roaming client associates has Mobility Role Anchor configured under Clients > Detail.Which type of roaming is supported?
A. ndirect
B. ayer 3 intercontroller
C. ntracontroller
D. ayer 2 intercontroller
View answer
Correct Answer: B
Question #156
What is a VPN in a Cisco SD-WAN deployment?
A. ommon exchange point between two different services
B. ttribute to identify a set of services offered in specific places in the SD-WAN fabric
C. irtualized environment that provides traffic isolation and segmentation in the SD-WAN fabric
D. irtual channel used to carry control plane information
View answer
Correct Answer: C
Question #157
At which layer does Cisco DNA Center support REST controls?
A. session layer
B. northbound APIs
C. EEM applets or scripts
D. YAML output from responses to API calls
View answer
Correct Answer: B
Question #158
What is a benefit of data modeling languages like YANG?
A. They create more secure and efficient SNMP OIDs
B. They provide a standardized data structure, which results in configuration scalability and consistency
C. They enable programmers to change or write their own applications within the device operating system
D. They make the CLI simpler and more efficient
View answer
Correct Answer: B
Question #159
Refer to the exhibit. The OSPF neighborship fails between two routers. What is the cause of this issue?
A. he OSPF process is stopped on the neighbor router
B. he OSPF router ID is missing on this router
C. he OSPF router ID is missing on the neighbor router
D. here is an MTU mismatch between the two routers
View answer
Correct Answer: D
Question #160
If a VRRP master router fails, which router is selected as the new master router?
A. outer with the lowest priority
B. outer with the highest priority
C. outer with the highest loopback address
D. outer with the lowest loopback address
View answer
Correct Answer: B
Question #161
Which statements are used for error handling in Python?
A. try/catch
B. catch/release
C. block/rescue
D. try/except
View answer
Correct Answer: D
Question #162
Which TCP setting is tuned to minimize the risk of fragmentation on a GRE/IP tunnel?
A. SS
B. TU
C. RU
D. indow size
View answer
Correct Answer: A
Question #163
When a wired client connects to an edge switch in an SDA fabric, which component decides whether the client has access to the network?
A. control-plane node
B. Identity Service Engine
C. RADIUS server
D. edge node
View answer
Correct Answer: B
Question #164
How is a data modeling language used?
A. o enable data to be easily structured, grouped, validated, and replicated
B. o represent finite and well-defined network elements that cannot be changed
C. o model the flows of unstructured data within the infrastructure
D. o provide human readability to scripting languages
View answer
Correct Answer: A
Question #165
Which router is elected the IGMP Querier when more than one router is in the same LAN segment?
A. he router with the shortest uptime
B. he router with the longest uptime
C. he router with the highest IP address
D. he router with the lowest IP address
View answer
Correct Answer: D
Question #166
"HTTP/1.1 204 No Content" is returned when the curl -i -X DELETE command is issued. Which situation has occurred?
A. he command succeeded in deleting the object
B. he object was located at the URI, but it could not be deleted
C. he object could not be located at the URI path
D. he URI was invalid
View answer
Correct Answer: A
Question #167
Which method of account authentication does OAuth 2.0 within REST APIs?
A. username/role combination
B. access tokens
C. cookie authentication
D. basic signature workflow
View answer
Correct Answer: B
Question #168
What mechanism does PIM use to forward multicast traffic?
A. PIM sparse mode uses a pull model to deliver multicast traffic
B. PIM dense mode uses a pull model to deliver multicast traffic
C. PIM sparse mode uses receivers to register with the RP
D. PIM sparse mode uses a flood and prune model to deliver multicast traffic
View answer
Correct Answer: A
Question #169
Refer to the exhibit. An engineer attempts to configure a trunk between switch SW1 and switch SW2 using DTP, but the trunk does not form. Which command should the engineer apply to switch SW2 to resolve this issue?
A. lchostname
B. isco-capwap-controller
C. p-manager
D. rimary-wlc
View answer
Correct Answer: C
Question #170
Which two results occur if Cisco DNA Center loses connectivity to devices in the SD-Access fabric? (Choose two.)
A. nsure that the "Connect even if this network is not broadcasting" option is selected
B. hange the security type to WPA2-Personal AES
C. se the empty string as the hidden SSID network name
D. imit the enabled wireless channels on the laptop to the maximum channel range that is supported by the access points
View answer
Correct Answer: DE
Question #171
While configuring an IOS router for HSRP with a virtual IP of 10.1.1.1, an engineer sees this log message.Jan 1 12:12:12.111 : %HSRP-4-DIFFVIP1: GigabitEthernet0/0 Grp 1 active routers virtual IP address 10.1.1.1 is different to the locally configured address 10.1.1.25Which configuration change must the engineer make?
A. hange the HSRP group configuration on the local router to 1
B. hange the HSRP virtual address on the local router to 10
C. hange the HSRP virtual address on the remote router to 10
D. hange the HSRP group configuration on the remote router to 1
View answer
Correct Answer: B
Question #172
An engineer must configure an ACL that permits packets which include an ACK in the TCP header. Which entry must be included in the ACL?
A. ccess-list 110 permit tcp any any eq 21 tcp-ack
B. ccess-list 10 permit tcp any any eq 21 established
C. ccess-list 110 permit tcp any any eq 21 established
D. ccess-list 10 permit ip any any eq 21 tcp-ack
View answer
Correct Answer: C
Question #173
Which function does a fabric wireless LAN controller perform in a Cisco SD-Access deployment?
A. anages fabric-enabled APs and forwards client registration and roaming information to the Control Plane Node
B. oordinates configuration of autonomous nonfabric access points within the fabric
C. erforms the assurance engine role for both wired and wireless clients
D. s dedicated to onboard clients in fabric-enabled and nonfabric-enabled APs within the fabric
View answer
Correct Answer: A
Question #174
Why is an AP joining a different WLC than the one specified through option 43?
A. he AP is joining a primed WLC
B. he APs broadcast traffic is unable to reach the WLC through Layer 2
C. he AP multicast traffic is unable to reach the WLC through Layer 3
D. he WLC is running a different software version
View answer
Correct Answer: A
Question #175
What it the purpose of the LISP routing and addressing architecture?
A. t creates two entries for each network node, one for its identity and another for its location on the network
B. t allows LISP to be applied as a network virtualization overlay though encapsulation
C. t allows multiple instances of a routing table to co-exist within the same router
D. t creates head-end replication used to deliver broadcast and multicast frames to the entire network
View answer
Correct Answer: A
Question #176
What is the difference between a RIB and a FIB?
A. he FIB is populated based on RIB content
B. he RIB maintains a mirror image of the FI
C. he RIB is used to make IP source prefix-based switching decisions
D. he FIB is where all IP routing information is stored
View answer
Correct Answer: A
Question #177
Which method does the enable secret password option use to encrypt device passwords?
A. D5
B. AP
C. HAP
D. ES
View answer
Correct Answer: A
Question #178
Which two operations are valid for RESTCONF? (Choose two.)
A. he Accept header sent was application/xml
B. OST was used instead of PUT to update
C. he Content-Type header sent was application/xml
D. JSON body was used
View answer
Correct Answer: CF
Question #179
Refer to the exhibit. Which command when applied to the Atlanta router reduces type 3 LSA flooding into the backbone area and summarizes the inter-area routes on the Dallas router?
A. tlanta(config-router)#area 0 range 192
B. tlanta(config-router)#area 1 range 192
C. tlanta(config-router)#area 0 range 192
D. tlanta(config-router)#area 1 range 192
View answer
Correct Answer: D
Question #180
Why is an AP joining a different WLC than the one specified through option 43?
A. The WLC is running a different software version
B. The API is joining a primed WLC
C. The AP multicast traffic unable to reach the WLC through Layer 3
D. The APs broadcast traffic is unable to reach the WLC through Layer 2
View answer
Correct Answer: B
Question #181
Which LISP infrastructure device provides connectivity between non-LISP sites and LISP sites by receiving non-LISP traffic with a LISP site destination?
A. ype 1 hypervisor is the only type of hypervisor that supports hardware acceleration techniques
B. ype 1 hypervisor relies on the existing OS of the host machine to access CPU, memory, storage, and network resources
C. ype 1 hypervisor runs directly on the physical hardware of the host machine without relying on the underlying OS
D. ype 1 hypervisor enables other operating systems to run on it
View answer
Correct Answer: A
Question #182
Which two GRE features are configured to prevent fragmentation? (Choose two.)
A. efault VRF
B. RF VPN_A
C. RF VPN_B
D. anagement VRF
View answer
Correct Answer: BC
Question #183
A customer has a wireless network deployed within a multi-tenant building. The network provides client access, location-based services and is monitored usingCisco DNA Center. The security department wants to locate and track malicious devices based on threat signatures. Which feature is required for this solution?
A. alicious rogue rules on Cisco DNA Center
B. alicious rogue rules on the WLC
C. isco aWIPS policies on the WLC
D. isco aWIPS policies on Cisco DNA Center
View answer
Correct Answer: D
Question #184
A local router shows an EBGP neighbor in the Active state.Which statement is true about the local router?
A. he local router is attempting to open a TCP session with the neighboring router
B. he local router is receiving prefixes from the neighboring router and adding them in RIB-IN
C. he local router has active prefixes in the forwarding table from the neighboring router
D. he local router has BGP passive mode configured for the neighboring router
View answer
Correct Answer: A
Question #185
Which technology does VXLAN use to provide segmentation for Layer 2 and Layer 3 traffic?
A. ridge domain
B. LAN
C. NI
D. RF
View answer
Correct Answer: C
Question #186
Refer to the exhibit. Which privilege level is assigned to VTY users?
A.
B.
C. 3
D. 5
View answer
Correct Answer: A
Question #187
Refer to the exhibit. An engineer has configured Cisco ISE to assign VLANs to clients based on their method of authentication, but this is not working as expected.Which action will resolve this issue?
A. nable AAA override
B. et a NAC state
C. tilize RADIUS profiling
D. equire a DHCP address assignment
View answer
Correct Answer: C

View The Updated CCNP Exam Questions

SPOTO Provides 100% Real CCNP Exam Questions for You to Pass Your CCNP Exam!

View Answers after Submission

Please submit your email and WhatsApp to get the answers of questions.

Note: Please make sure your email ID and Whatsapp are valid so that you can get the correct exam results.

Email:
Whatsapp/phone number: