DON'T WANT TO MISS A THING?

Certification Exam Passing Tips

Latest exam news and discount info

Curated and up-to-date by our experts

Yes, send me the newsletter

Prepare Strategically for the Cisco 350-401 ENCOR Exam with Practice Tests

Cisco certification exams like the 350-401 ENCOR are designed to validate your expertise in implementing and managing enterprise network solutions. To ensure a successful passing, it's crucial to leverage reliable exam resources and study materials. Reputable online platforms offer mock exams and practice tests with accurate exam questions and answers, simulating the actual exam environment. These mock exams allow you to assess your preparedness, identify knowledge gaps, and reinforce your understanding of key concepts. Test questions cover a wide range of topics, including dual-stack architectures, virtualization technologies, network infrastructure design, network assurance methodologies, security best practices, and automation tools. Regularly practicing with these exam questions and reviewing explanations will enhance your problem-solving abilities and increase your chances of excelling in the ENCOR exam. Remember, consistent preparation and familiarity with exam formats are vital steps towards earning this prestigious Cisco certification.

Take other online exams

Question #1
A network engineer configures BGP between R1 and R2. Both routers use BGP peer group CORP and are set up to use MD5 authentication. This message is logged to the console of router R1:`May 5 39:85:55.469: %TCP-6-BADAUTH` Invalid MD5 digest from 10.10.10.1 (29832) to 10.120.10.1 (179) tebleid -0Which two configurations allow a peering session to form between R1 and R2? (Choose two.)
A. hange Switch2 to switch port mode dynamic auto
B. hange the VTP domain to match on both switches
C. hange Switch1 to switch port mode dynamic auto
D. hange Switch1 to switch port mode dynamic desirable
View answer
Correct Answer: AB

View The Updated 350-401 Exam Questions

SPOTO Provides 100% Real 350-401 Exam Questions for You to Pass Your 350-401 Exam!

Question #2
In a three-tier hierarchical campus network design, which action is a design best-practice for the core layer?
A. rovide QoS prioritization services such as marking, queueing, and classification for critical network traffic
B. rovide redundant Layer 3 point-to-point links between the core devices for more predictable and faster convergence
C. rovide advanced network security features such as 802
D. rovide redundant aggregation for access layer devices and first-hop redundancy protocols such as VRRP
View answer
Correct Answer: B
Question #3
A network administrator is preparing a Python script to configure a Cisco IOS XE-based device on the network. The administrator is worried that colleagues will make changes to the device while the script is running. Which operation of the client manager in prevent colleague making changes to the device while the script is running?
A. m
B. m
C. m
D. m
View answer
Correct Answer: B
Question #4
Refer to the exhibit. An engineer must create a script that appends the output of the show process cpu sorted command to a file. Which action completes the configuration?
A. ction 4
B. ction 4
C. ction 4
D. ction 4
View answer
Correct Answer: B
Question #5
Which two methods are used by an AP that is trying to discover a wireless LAN controller? (Choose two.)
A. t enables Layer 2 and Layer 3 roaming between itself and the primary controller
B. t registers the LAPs if the primary controller fails
C. t avoids congestion on the primary controller by sharing the registration load on the LAPs
D. t shares the traffic load of the LAPs with the primary controller
View answer
Correct Answer: CD
Question #6
What do Cisco DNA southbound APIs provide?
A. nly one session can be configured at a time
B. special VLAN type must be used as the RSPAN destination
C. filter must be configured for RSPAN sessions
D. nly incoming traffic can be monitored
View answer
Correct Answer: C
Question #7
A network administrator is preparing a Python script to configure a Cisco IOS XE-based device on the network. The administrator is worried that colleagues will make changes to the device while the script is running.Which operation of the ncclient manager prevents colleagues from making changes to the devices while the script is running?
A.
B.
C.
D.
View answer
Correct Answer: B
Question #8
Which QoS component alters a packet to change the way that traffic is treated in the network?
A. policing
B. classification
C. marking
D. shaping
View answer
Correct Answer: C
Question #9
What is used to perform QoS packet classification?
A. he Type field in the Layer 2 frame
B. he Options field in the Layer 3 header
C. he TOS field in the Layer 3 header
D. he Flags field in the Layer 3 header
View answer
Correct Answer: C
Question #10
How do agent-based versus agentless configuration management tools compare?
A. gentless tools use proxy nodes to interface with slave nodes
B. gentless tools require no messaging systems between master and slaves
C. gent-based tools do not require a high-level language interpreter such as Python or Ruby on slave nodes
D. gent-based tools do not require installation of additional software packages on the slave nodes
View answer
Correct Answer: B
Question #11
When configuring WPA2 Enterprise on a WLAN, which additional security component configuration is required?
A. KI server
B. TP server
C. ADIUS server
D. ACACS server
View answer
Correct Answer: C
Question #12
In Cisco SD-WAN, which protocol is used to measure link quality?
A. Psec
B. MP
C. SVP
D. FD
View answer
Correct Answer: D
Question #13
A network is being migrated from IPv4 to IPv6 using a dual-stack approach. Network management is already 100% IPv6 enabled.In a dual-stack network with two dual-stack NetFlow collectors, how many flow exporters are needed per network device in the flexible NetFlow configuration?
A.
B.
C.
D.
View answer
Correct Answer: B
Question #14
What are two common sources of interference for Wi-Fi networks? (Choose two.)
A. LED lights
B. radar
C. fire alarm
D. conventional oven
E. rogue AP
View answer
Correct Answer: BE
Question #15
In a Cisco SD-Access solution, which protocol is used by an extended node to connect to a single edge node?
A. XLAN
B. S-IS
C. 02
D. TS
View answer
Correct Answer: C
Question #16
How does QoS traffic shaping alleviate network congestion?
A. It drops packets when traffic exceeds a certain bitrate
B. It buffers and queue packets above the committed rate
C. It fragments large packets and queues them for delivery
D. It drops packets randomly from lower priority queues
View answer
Correct Answer: B
Question #17
What is a benefit of deploying an on-premises infrastructure versus a cloud infrastructure deployment?
A. ability to quickly increase compute power without the need to install additional hardware
B. less power and coding resources needed to run infrastructure on-premises
C. faster deployment times because additional infrastructure does not need to be purchased
D. lower latency between systems that are physically located near each other
View answer
Correct Answer: D
Question #18
Refer to the exhibit. An engineer must assign an IP address of 192.168.1.1/24 to the GigabitEthernet1 interface. Which two commands must be added to the existing configuration to accomplish this task? (Choose two.)
A. ecause dynamic routing is not enabled
B. ecause the tunnel cannot reach its tunnel destination
C. ecause the best path to the tunnel destination is through the tunnel itself
D. ecause the router cannot recursively identify its egress forwarding interface
View answer
Correct Answer: AB
Question #19
What is one characteristic of VXLAN?
A. t supports a maximum of 4096 VLANs
B. t supports multitenant segments
C. t uses STP to prevent loops in the underlay network
D. t uses the Layer 2 header to transfer packets through the network underlay
View answer
Correct Answer: B
Question #20
Refer to the exhibit. An engineer attempts to create a configuration to allow the Blue VRF to leak into the global routing table, but the configuration does not function as expected. Which action resolves this issue?
A. hange the source network that is specified in access-list 101
B. hange the access-list destination mask to a wildcard
C. hange the access-list number in the route map
D. hange the route-map configuration to VRF_BLUE
View answer
Correct Answer: B
Question #21
Refer to the exhibit. After an engineer configures an EtherChannel between switch SW1 and switch SW2, this error message is logged on switch SW2:SW2#09:45:32: %PM-4-ERR_DISABLE: channel-misconfig error detected on Gi0/0, putting Gi0/0 in err-disable state09:45:32: %PM-4-ERR_DISABLE: channel-misconfig error detected on Gi0/1, putting Gi0/1 in err-disable stateBased on the output from switch SW1 and the log message received on switch SW2, what action should the engineer take to resolve this issue?
A. onfigure the same protocol on the EtherChannel on switch SW1 and SW2
B. efine the correct port members on the EtherChannel on switch SW1
C. orrect the configuration error on Interface Gi0/0 on switch SW1
D. orrect the configuration error on Interface Gi0/1 on switch SW1
View answer
Correct Answer: A
Question #22
Refer to the exhibit. What does the error message relay to the administrator who is trying to configure a Cisco IOS device?
A. he device received a valid NETCONF request and serviced it without error
B. he NETCONF running datastore is currently locked
C. NETCONF request was made for a data model that does not exist
D. NETCONF message with valid content based on the YANG data models was made, but the request failed
View answer
Correct Answer: C
Question #23
What is a characteristic of a next-generation firewall?
A. nly required at the network perimeter
B. equired in each layer of the network
C. ilters traffic using Layer 3 and Layer 4 information only
D. rovides intrusion prevention
View answer
Correct Answer: D
Question #24
What is a benefit of deploying an on-premises infrastructure versus a cloud infrastructure deployment?
A. ability to quickly increase compute power without the need to install additional hardware
B. less power and coding resources needed to run infrastructure on-premises
C. faster deployment times because additional infrastructure does not need to be purchased
D. lower latency between systems that are physically located near each other
View answer
Correct Answer: D
Question #25
Refer to the exhibit. An engineer is installing a new pair of routers in a redundant configuration. When checking on the standby status of each router, the engineer notices that the routers are not functioning as expected.Which action will resolve the configuration error?
A. onfigure matching hold and delay timers
B. onfigure matching key-strings
C. onfigure matching priority values
D. onfigure unique virtual IP addresses
View answer
Correct Answer: D
Question #26
Which QoS component alters a packet to change the way that traffic is treated in the network?
A. policing
B. classification
C. marking
D. shaping
View answer
Correct Answer: C
Question #27
In a Cisco SD-Access wireless environment, which device is responsible for hosting the anycast gateway?
A. usion router
B. ontrol plane node
C. abric border node
D. abric edge node
View answer
Correct Answer: D
Question #28
Which JSON syntax is valid?
A. {“switch”: “name”: “dist1”, “interfaces”: [“gig1”, “gig2”, “gig3”]}
B. {/“switch/”: {/“name/”: “dist1”, /“interfaces/”: [“gig1”, “gig2”, “gig3”]}}
C. {“switch”: {“name”: “dist1”, “interfaces”: [“gig1”, “gig2”, “gig3”]}}
D. {‘switch’: (‘name’: ‘dist1’, ‘interfaces’: [‘gig1’, ‘gig2’, ‘gig3’])}
View answer
Correct Answer: C
Question #29
Refer to the exhibit. An engineer configures the BGP adjacency between R1 and R2; however, it fails to establish. Which action resolves the issue?
A. hange the network statement on R1 to 172
B. hange the remote-as number on R1 to 6500
C. hange the remote-as number for 192
D. nable synchronization on R1 and R2
View answer
Correct Answer: B
Question #30
Which technology provides a secure communication channel for all traffic at Layer 2 of the OSI model?
A. SSL
B. Cisco TrustSec
C. MACsec
D. IPsec
View answer
Correct Answer: C
Question #31
If a VRRP master router fails, which router is selected as the new master router?
A. router with the lowest priority
B. router with the highest priority
C. router with the highest loopback address
D. router with the lowest loopback address
View answer
Correct Answer: B
Question #32
Refer to the exhibit. Router1 is currently operating as the HSRP primary with a priority of 110. Router1 fails and Router2 takes over the forwarding role. Which command on Router1 causes it to take over the forwarding role when it returns to service?
A. tandby 2 priority
B. tandby 2 preempt
C. tandby 2 track
D. tandby 2 timers
View answer
Correct Answer: B
Question #33
If AP power level is increased from 25 mW to 100 mW, what is the power difference in dBm?
A. dBm
B. 4 dBm
C. 7 dBm
D. 0 dBm
View answer
Correct Answer: A
Question #34
Which tool is used in Cisco DNA Center to build generic configurations that are able to be applied on devices with similar network settings?
A. ommand Runner
B. pplication Policies
C. emplate Editor
D. uthentication Template
View answer
Correct Answer: C
Question #35
Which component of the Cisco Cyber Threat Defense solution provides user and flow context analysis?
A. Cisco Firepower and FireSIGHT
B. Cisco Stealth watch system
C. Advanced Malware Protection
D. Cisco Web Security Appliance
View answer
Correct Answer: B
Question #36
To increase total throughput and redundancy on the links between the wireless controller and switch, the customer enabled LAG on the wireless controller.Which EtherChannel mode must be configured on the switch to allow the WLC to connect?
A. ctive
B. assive
C. n
D. uto
View answer
Correct Answer: C
Question #37
What is a characteristic of YANG?
A. t is a Cisco proprietary language that models NETCONF data
B. t allows model developers to create custom data types
C. t structures data in an object-oriented fashion to promote model reuse
D. t provides loops and conditionals to control flow within models
View answer
Correct Answer: C
Question #38
Refer to the exhibit. What are two results of the NAT configuration? (Choose two.)
A. ine vty 0 15 password cisco transport input telnet ssh exec-timeout 30 0
B. ine vty 0 15 password cisco transport input all exec-timeout 0 30
C. sername cisco privilege 15 cisco line vty 0 15 transport input telnet ssh login local exec-timeout 0 30
D. ine console 0 password cisco exec-timeout 30 0
View answer
Correct Answer: BD
Question #39
Which protocol infers that a YANG data model is being used?
A. SNMP
B. REST
C. RESTCONF
D. NX-API
View answer
Correct Answer: C
Question #40
Which method does the enable secret password option use to encrypt device passwords?
A. MD5
B. PAP
C. CHAP
D. AES
View answer
Correct Answer: A
Question #41
Which function does a fabric edge node perform in an SD-Access deployment?
A. onnects endpoints to the fabric and forwards their traffic
B. ncapsulates end-user data traffic into LISP
C. onnects the SD-Access fabric to another fabric or external Layer 3 networks
D. rovides reachability between border nodes in the fabric underlay
View answer
Correct Answer: A
Question #42
What NTP stratum level is a server that is connected directly to an authoritative time source?
A. Stratum 0
B. Stratum 1
C. Stratum 14
D. Stratum 15
View answer
Correct Answer: B
Question #43
A company plans to implement intent-based networking in its campus infrastructure. Which design facilities a migrate from a traditional campus design to a programmer fabric designer?
A. Layer 2 access
B. three-tier
C. two-tier
D. routed access
View answer
Correct Answer: D
Question #44
Which feature is used to propagate ARP, broadcast, and link-local frames across a Cisco SD-Access fabric to address connectivity needs for silent hosts that require reception of traffic to start communicating?
A. ultisite Fabric
B. ative Fabric Multicast
C. DA Transit
D. ayer 2 Flooding
View answer
Correct Answer: D
Question #45
Which DHCP option helps lightweight APs find the IP address of a wireless LAN controller?
A. ption 43
B. ption 60
C. ption 67
D. ption 150
View answer
Correct Answer: A
Question #46
Which three methods does Cisco DNA Center use to discover devices? (Choose three.)
A. t is used for HTTP and HTTPS requests
B. t requires certificates for authentication
C. t is provided using NGINX acting as a proxy web server
D. t is not supported on Cisco devices
View answer
Correct Answer: ACF
Question #47
An engineer must configure interface GigabitEthernet0/0 for VRRP group 10. When the router has the highest priority in the group, it must assume the master role.Which command set must be added to the initial configuration to accomplish this task?Initial Configuration -interface GigabitEthernet0/0description To IDF A 38-24-044.40ip address 172.16.13.2 255.255.255.0
A. tandby 10 ip 172
B. rrp group 10 ip 172
C. tandby 10 ip 172
D. rrp 10 ip 172
View answer
Correct Answer: D
Question #48
Which action is performed by Link Management Protocol in a Cisco StackWise Virtual domain?
A. t determines which switch becomes active or standby
B. t determines if the hardware is compatible to form the StackWise Virtual domain
C. t rejects any unidirectional link traffic forwarding
D. t discovers the StackWise domain and brings up SVL interfaces
View answer
Correct Answer: C
Question #49
An engineer is configuring a new SSID to present users with a splash page for authentication. Which WLAN Layer 3 setting must be configured to provide this functionality?
A. ocal Policy
B. PA2 Policy
C. CKM
D. eb Policy
View answer
Correct Answer: D
Question #50
In which part of the HTTP message is the content type specified?
A. HTTP method
B. body
C. header
D. URI
View answer
Correct Answer: C
Question #51
Refer to the exhibit. Communication between London and New York is down. Which command set must be applied to resolve this issue?
A. ewYork(config)#int f0/1 NewYork(config)#switchport nonegotiate NewYork(config)#end NewYork#
B. ewYork(config)#int f0/1 NewYork(config)#switchport mode trunk NewYork(config)#end NewYork#
C. ewYork(config)#int f0/1 NewYork(config)#switchport trunk encap dot1q NewYork(config)#end NewYork#
D. ewYork(config)#int f0/1 NewYork(config)#switchport mode dynamic desirable NewYork(config)#end NewYork#
View answer
Correct Answer: C
Question #52
How can an engineer prevent basic replay attacks from people who try to brute force a system via REST API?
A. dd a timestamp to the request in the API header
B. se a password hash
C. dd OAuth to the request in the API header
D. se HTTPS
View answer
Correct Answer: A
Question #53
Refer to the exhibit. Which Python code snippet prints the descriptions of disabled interfaces only?
A. ption A
B. ption B
C. ption C
D. ption D
View answer
Correct Answer: B
Question #54
Refer to the exhibit. The IP SLA is configured in a router. An engineer must configure an EEM applet to shut down the interface and bring it back up when there is a problem with the IP SL
A. Which configuration should the engineer use?A
B. vent manager applet EEM_IP_SLA event track 10 state unreachable
C. vent manager applet EEM_IP_SLA event sla 10 state unreachable
D. vent manager applet EEM_IP_SLA event sla 10 state down
View answer
Correct Answer: A
Question #55
What are two device roles in Cisco SD-Access fabric? (Choose two)
A. core switch
B. vBond controller
C. edge node
D. access switch
E. border node
View answer
Correct Answer: CE
Question #56
What is the function of a fabric border node in a Cisco SD-Access environment?
A. o collect traffic flow information toward external networks
B. o connect the Cisco SD-Access fabric to another fabric or external Layer 3 networks
C. o attach and register clients to the fabric
D. o handle an ordered list of IP addresses and locations for endpoints in the fabric
View answer
Correct Answer: B
Question #57
Which line must be added in the Python function to return the JSON object {`cat_9k`: `FXS1932Q2SE`}?
A. eturn (json
B. eturn (json
C. eturn (json
D. eturn (json
View answer
Correct Answer: A
Question #58
Which NGFW mode blocks flows crossing the firewall?
A. tap
B. inline
C. passive
D. inline tap
View answer
Correct Answer: B
Question #59
Refer to the exhibit. Both controllers are in the same mobility group. Which result occurs when client 1 roams between APs that are registered to different controllers in the same WLAN?
A. he client database entry moves from controller A to controller B
B. CAPWAP tunnel is created between controller A and controller B
C. lient 1 uses an EoIP tunnel to contact controller A
D. lient 1 contacts controller B by using an EoIP tunnel
View answer
Correct Answer: A
Question #60
What does this EEM applet event accomplish?"event snmp oid 1.3.6.1.3.7.0.9.5.3.1.2.9 get-type next entry-op gt entry-val 75 poll-interval 5"
A. Upon the value reaching 75%, a SNMP event is generated and sent to the trap server
B. It reads an SNMP variable, and when the value exceeds 75%, it triggers an action
C. It issues email when the value is greater than 75% for five polling cycles
D. It presents a SNMP variable that can be interrogated
View answer
Correct Answer: B
Question #61
Refer to the exhibit. Which IP address becomes the active next hop for 192.168.102.0/24 when 192.168.101.2 fails?
A. 92
B. 92
C. 92
D. 92
View answer
Correct Answer: D
Question #62
Refer to the exhibit. Object tracking has been configured for VRRP-enabled routers Edge-01 and Edge-02. Which commands cause Edge-02 to preempt Edge-01 in the event that interface G0/0 goes down on Edge-01?
A. dge-01(config)#interface G0/1 Edge-01(config-if)#vrrp 10 track 10 decrement 30
B. dge-02(config)#interface G0/1 Edge-02(config-if)#vrrp 10 track 10 decrement 30
C. dge-02(config)#interface G0/1 Edge-02(config-if)#vrrp 10 track 10 decrement 10
D. dge-01(config)#interface G0/1 Edge-01(config-if)#vrrp 10 track 10 decrement 10
View answer
Correct Answer: A
Question #63
Refer to the exhibit. Which command filters the ERSPAN session packets only to interface GigabitEthernet1?
A. ource ip 10
B. ilter access-group 10
C. estination ip 10
D. ource interface gigabitethernet1 ip 10
View answer
Correct Answer: B
Question #64
A server running Linux is providing support for virtual machines along with DNS and DHCP services for a small business. Which technology does this represent?
A. ontainer
B. ype 1 hypervisor
C. ype 2 hypervisor
D. ardware pass-thru
View answer
Correct Answer: C
Question #65
Which statement about an RSPAN session configuration is true?
A. Only one session can be configured at a time
B. A special VLAN type must be used as the RSPAN destination
C. A filter must be configured for RSPAN sessions
D. Only incoming traffic can be monitored
View answer
Correct Answer: B
Question #66
Which Cisco DNA Center application is responsible for group-based access control permissions?
A. rovision
B. esign
C. ssurance
D. olicy
View answer
Correct Answer: D
Question #67
What is a TLOC in a Cisco SD-WAN deployment?
A. alue that identifies a specific tunnel within the Cisco SD-WAN overlay
B. dentifier that represents a specific service offered by nodes within the Cisco SD-WAN overlay
C. ttribute that acts as a next hop for network prefixes
D. omponent set by the administrator to differentiate similar nodes that offer a common service
View answer
Correct Answer: C
Question #68
Which devices does Cisco Center configure when deploying an IP-based access control policy?
A. All devices integrating with ISE
B. selected individual devices
C. all devices in selected sites
D. all wired devices
View answer
Correct Answer: C
Question #69
A network administrator has designed a network with two multilayer switches on the distribution layer, which act as default gateways for the end hosts. Which two technologies allow every end host in a VLAN to use both gateways? (Choose two.)
A. 0/0 and G0/1 on Core
B. 0/0 on Edge-01 and G0/0 on Edge-02
C. 0/1 on Edge-01 and G0/1 on Edge-02
D. 0/0 and G0/1 on ASW-01
View answer
Correct Answer: BD
Question #70
Which resource is able to be shared among virtual machines deployed on the same physical server?
A. isk
B. M configuration file
C. pplications
D. perating system
View answer
Correct Answer: A
Question #71
Which HTTP status code is the correct response for a request with an incorrect password applied to a REST API session?
A. HTTP Status Code: 200
B. HTTP Status Code: 302
C. HTTP Status Code: 401
D. HTTP Status Code: 504
View answer
Correct Answer: C
Question #72
What is the structure of a JSON web token?
A. three parts separated by dots: header, payload, and signature
B. three parts separated by dots: version, header, and signature
C. header and payload
D. payload and signature
View answer
Correct Answer: A
Question #73
Which technology is used to provide Layer 2 and Layer 3 logical networks in the Cisco SD-Access architecture?
A. nderlay network
B. PN routing/forwarding
C. asy virtual network
D. verlay network
View answer
Correct Answer: D
Question #74
Refer to the exhibit. Why was the response code generated?
A. he resource was unreachable
B. ccess was denied based on the user permissions
C. ccess was denied based on the credentials
D. he resource is no longer available on the server
View answer
Correct Answer: B
Question #75
What is provided by the Stealthwatch component of the Cisco Cyber Threat Defense solution?
A. eal-time threat management to stop DDoS attacks to the core and access networks
B. eal-time awareness of users, devices, and traffic on the network
C. alware control
D. ynamic threat control for web traffic
View answer
Correct Answer: B
Question #76
What is a benefit of a virtual machine when compared with a physical server?
A. Type 1 hypervisor and a host operating system
B. hypervisor and physical server hardware
C. nly a Type 1 hypervisor
D. nly a Type 2 hypervisor
View answer
Correct Answer: A
Question #77
What is calculated using the numerical values of the transmitter power level, cable loss, and antenna gain?
A. EIRP
B. dBi
C. RSSI
D. SNR
View answer
Correct Answer: A
Question #78
Which function is performed by vSmart in the Cisco SD-WAN architecture'?
A. istribution of IPsec keys
B. xecution of localized policies
C. edistribution between OMP and other routing protocols
D. acilitation of NAT detection and traversal
View answer
Correct Answer: B
Question #79
Refer to the exhibit. What are two reasons for IP SLA tracking failure? (Choose two.)
A. ampler SAMPLER-1 mode random 1-out-of 2 flow FLOW-MONITOR-1 interface GigabitEthernet 0/0/0 ip flow monitor SAMPLER-1 input
B. low monitor FLOW-MONITOR-1 record v4_r1 sampler SAMPLER-1 interface GigabitEthernet 0/0/0 ip flow monitor FLOW-MONITOR-1 sampler SAMPLER-1 input
C. ampler SAMPLER-1 no mode random 1-out-of 2 mode percent 50 interface GigabitEthernet 0/0/0 ip flow monitor FLOW-MONITOR-1 sampler SAMPLER-1 input
D. nterface GigabitEthernet 0/0/0 ip flow monitor FLOW-MONITOR-1 sampler SAMPLER-1 input
View answer
Correct Answer: DE
Question #80
When is the Design workflow used in Cisco DNA Center?
A. n a greenfield deployment, with no existing infrastructure
B. n a greenfield or brownfield deployment, to wipe out existing data
C. n a brownfield deployment, to modify configuration of existing devices in the network
D. n a brownfield deployment, to provision and onboard new network devices
View answer
Correct Answer: A
Question #81
Refer to the exhibit. An engineer must block all traffic from a router to its directly connected subnet 209.165.200.0/24. The engineer applies access control list EGRESS in the outbound direction on the GigabitEthernet0/0 interface of the router. However, the router can still ping hosts on the 209.165.200.0/24 subnet.What explains this behavior?
A. ccess control lists that are applied outbound to a router interface do not affect traffic that is sourced from the router
B. fter an access control list is applied to an interface, that interface must be shut and no shut for the access control list to take effect
C. nly standard access control lists can block traffic from a source IP address
D. he access control list must contain an explicit deny to block traffic from the router
View answer
Correct Answer: A
Question #82
What do Cisco DNA southbound APIs provide?
A. interface between the controller and the consumer
B. RESTful API interface for orchestrator communication
C. interface between the controller and the network devices
D. NETCONF API interface for orchestrator communication
View answer
Correct Answer: C
Question #83
What is the fact about Cisco EAP-FAST?
A. It requires a client certificate
B. It is an IETF standard
C. It does not require a RADIUS server certificate
D. It operates in transparent mode
View answer
Correct Answer: C
Question #84
Which features does Cisco EDR use to provide threat detection and response protection?
A. ontainment, threat intelligence, and machine learning
B. irewalling and intrusion prevention
C. ontainer-based agents
D. loud analysis and endpoint firewall controls
View answer
Correct Answer: A
Question #85
If the noise floor is -90 dBm and the wireless client is receiving a signal of גˆ’75 dBm, what is the SNR?
A. 5
B.
C. ˆ’165
D.
View answer
Correct Answer: A
Question #86
Which requirement for an Ansible-managed node is true?
A. It must have an SSH server running
B. It must be a Linux server or a Cisco device
C. It must support ad hoc commands
D. It must have an Ansible Tower installed
View answer
Correct Answer: A
Question #87
Which reason could cause an OSPF neighborship to be in the EXSTART/EXCHANGE state?
A. mismatched OSPF link costs
B. mismatched OSPF network type
C. mismatched areas
D. mismatched MTU size
View answer
Correct Answer: D
Question #88
Refer to the exhibit. Which single security feature is recommended to provide Network Access Control in the enterprise?
A. AB
B. 02
C. ebAuth
D. ort security sticky MAC
View answer
Correct Answer: B
Question #89
When using TLS for syslog, which configuration allows for secure and reliable transportation of messages to its default port?
A. logging host 10
B. logging host 10
C. logging host 10
D. logging host 10
View answer
Correct Answer: C
Question #90
In a Cisco SD-WAN solution, how is the health of a data plane tunnel monitored?
A. ith IP SLA
B. RP probing
C. sing BFD
D. ith OMP
View answer
Correct Answer: C
Question #91
What is the difference between the enable password and the enable secret password when service password encryption is enabled on an IOS device?
A. he enable secret password is protected via stronger cryptography mechanisms
B. he enable password cannot be decrypted
C. he enable password is encrypted with a stronger encryption method
D. here is no difference and both passwords are encrypted identically
View answer
Correct Answer: A
Question #92
Refer to the exhibit. While troubleshooting a routing issue, an engineer issues a ping from S1 to S2. Which two actions result from the initial value of the TTL?(Choose two.)
A. he value given to the strength of the wireless signal received compared to the noise level
B. he value of how strong the wireless signal is leaving the antenna using transmit power, cable loss, and antenna gain
C. he value of how much wireless signal is lost over a defined amount of distance
D. he value of how strong a wireless signal is received, measured in dBm
View answer
Correct Answer: AD
Question #93
What is a characteristic of MACsec?
A. 02
B. 02
C. 02
D. 02
View answer
Correct Answer: A
Question #94
In Cisco DNA Center what is the integration API?
A. outhbound consumer-facing RESTful API, which enables network discovery and configuration management
B. estbound interface, which allows the exchange of data to be used by ITSM, IPAM and reporting
C. n interface between the controller and the network devices, which enables network discovery and configuration management
D. orthbound consumer-facing RESTful API which enables network discovery and configuration management
View answer
Correct Answer: B
Question #95
Which protocol infers that a YANG data model is being used?
A. NMP
B. ESTCONF
C. EST
D. X-API
View answer
Correct Answer: B
Question #96
Refer to the exhibit. Running the script causes the output in the exhibit. What should be the first line of the script?
A. rom ncclient import manager
B. mport manager
C. rom ncclient import *
D. cclient manager import
View answer
Correct Answer: A
Question #97
An engineer is configuring Local WebAuth on a Cisco Wireless LAN Controller. According to RFC 5737, which virtual IP address must be used in this configuration?
A. 72
B. 92
C.
D. 92
View answer
Correct Answer: D
Question #98
Refer to the exhibit. What are two effects of this configuration? (Choose two.)
A. 3(config)#route-map PREPEND permit 10 R3(config-route-map)#set as-path prepend 200 200 200 R3(config)#router bgp 200 R3#(config-router)#neighbor 10
B. 4(config)#route-map PREPEND permit 10 R4(config-route-map)#set as-path prepend 100 100 100 R4(config)#router bgp 200 R4(config-router)#neighbor 10
C. 4(config)#route-map PREPEND permit 10 R4(config-route-map)#set as-path prepend 200 200 200 R4(config)#router bgp 200 R4(config-router)#neighbor 10
D. 3(config)#route-map PREPEND permit 10 R3(config-route-map)#set as-path prepend 100 100 100 R3(config)#router bgp 200 R3(config-router)#neighbor 10
View answer
Correct Answer: CE
Question #99
Refer to the exhibit. A network engineer checks connectivity between two routers. The engineer can ping the remote endpoint but cannot see an ARP entry. Why is there no ARP entry?
A. hen VRFs are used, ARP protocol must be enabled in each VRF
B. he ping command must be executed in the global routing table
C. nterface FastEthernet0/0 is configured in VRF CUST-A, so the ARP entry is also in that VRF
D. hen VRFs are used, ARP protocol is disabled in the global routing table
View answer
Correct Answer: C
Question #100
Which method displays text directly into the active console with a synchronous EEM applet policy?
A. vent manager applet boom event syslog pattern 'UP' action 1
B. vent manager applet boom event syslog pattern 'UP' action 1
C. vent manager applet boom event syslog pattern 'UP' action 1
D. vent manager applet boom event syslog pattern 'UP' action 1
View answer
Correct Answer: D
Question #101
Refer to the exhibit. The inside and outside interfaces in the NAT configuration of this device have been correctly identified. What is the effect of this configuration?
A. AT64
B. ynamic NAT
C. tatic NAT
D. AT
View answer
Correct Answer: D
Question #102
Refer to the exhibit. Which configuration is required to summarize the Area 2 networks that are advertised to Area 0?
A. outerB(config)# router ospf 1 RouterB(config-router)# area 2 range 192
B. outerB(config)# router ospf 1 RouterB(config-router)# network 192
C. outerB(config)# router ospf 1 RouterB(config-router)# network 192
D. outerB(config)# router ospf 1 RouterB(config-router)# area 2 range 192
View answer
Correct Answer: A
Question #103
Which design principle states that a user has no access by default to any resource, and unless a resource is explicitly granted, it should be denied?
A. east privilege
B. ail-safe defaults
C. conomy of mechanism
D. omplete mediation
View answer
Correct Answer: B
Question #104
Refer to the exhibit. What is the result of the API request?
A. he native interface information is read from the network appliance
B. he information for all interfaces is read from the network appliance
C. he “params” variable reads data fields from the network appliance
D. he “params” variable sends data fields to the network appliance
View answer
Correct Answer: B
Question #105
Which algorithms are used to secure REST API from brute attacks and minimize the impact?
A. SHA-512 and SHA-384
B. MD5 algorithm-128 and SHA-384
C. SHA-1, SHA-256, and SHA-512
D. PBKDF2, BCrypt, and SCrypt
View answer
Correct Answer: D
Question #106
In a Cisco StackWise Virtual environment, which planes are virtually combined in the common logical switch?
A. anagement and data
B. ontrol, and forwarding
C. ontrol and management
D. ontrol and data
View answer
Correct Answer: C
Question #107
Refer to the exhibit. The port channel between the switches does not work as expected. Which action resolves the issue?
A. nterface Gi0/1 on Switch1 must be configured as desirable
B. runking must be enabled on both interfaces on Switch2
C. nterface Gi0/0 on Switch2 must be configured as passive
D. nterface Gi0/1 on Switch2 must be configured as active
View answer
Correct Answer: D
Question #108
What is one characteristic of the Cisco SD-Access control plane?
A. eploy the wireless network over the top of the fabric
B. mplement a Cisco DNA Center to manage the two networks
C. eploy a separate network for the wireless environment
D. eploy the APs in autonomous mode
View answer
Correct Answer: D
Question #109
Which measure is used by an NTP server to indicate its closeness to the authoritative time source?
A. tratum
B. ime zone
C. atency
D. op count
View answer
Correct Answer: A
Question #110
Which First Hop Redundancy Protocol maximizes uplink utilization and minimizes the amount of configuration that is necessary?
A. GLBP
B. HSRP v2
C. VRRP
D. HSRP v1
View answer
Correct Answer: A
Question #111
An engineer is concerned with the deployment of a new application that is sensitive to inter-packet delay variance. Which command configures the router to be the destination of jitter measurements?
A. outer(config)# ip sla responder udp-connect 172
B. outer(config)# ip sla responder tcp-connect 172
C. outer(config)# ip sla responder udp-echo 172
D. outer(config)# ip sla responder tcp-echo 172
View answer
Correct Answer: C
Question #112
Which devices does Cisco DNA Center configure when deploying an IP-based access control policy?
A. ll devices integrating with ISE
B. elected individual devices
C. ll devices in selected sites
D. ll wired devices
View answer
Correct Answer: C
Question #113
Refer to the exhibit. A port channel is configured between SW2 and SW3. SW2 is not running a Cisco operating system. When all physical connections are made, the port channel does not establish.Based on the configuration excerpt of SW3, what is the cause of the problem?
A. he port-channel mode should be set to auto
B. he port channel on SW2 is using an incompatible protocol
C. he port-channel trunk is not allowing the native VLAN
D. he port-channel interface load balance should be set to src-mac
View answer
Correct Answer: B
Question #114
Refer to the exhibit. Which type of antenna does the radiation pattern represent?
A. ultidirectional
B. irectional patch
C. mnidirectional
D. agi
View answer
Correct Answer: D
Question #115
In OSPF, which LSA type is responsible for pointing to the ASBR router?
A. type 1
B. type 2
C. type 3
D. type 4
View answer
Correct Answer: D
Question #116
Refer to the exhibit. What is the cause of the log messages?
A. SPF area change
B. TU mismatch
C. P address mismatch
D. ello packet mismatch
View answer
Correct Answer: A
Question #117
Refer to the exhibit. An engineer must ensure that all traffic leaving AS 200 will choose Link 2 as the exit point.Assuming that all BGP neighbor relationships have been formed and that the attributes have not been changed on any of the routers, which configuration accomplishes this task?
A. 4(config-router)bgp default local-preference 200
B. 3(config-router)bgp default local-preference 200
C. 4(config-router)neighbor 10
D. 3(config-router)neighbor 10
View answer
Correct Answer: A
Question #118
Refer to the exhibit. An engineer must add the SNMP interface table to the NetFlow protocol flow records. Where should the SNMP table option be added?
A. ogging host 10
B. ogging host 10
C. ogging host 10
D. ogging host 10
View answer
Correct Answer: D
Question #119
Why would a log file contain a * next to the date?
A. he network device was receiving NTP time when the log messages were recorded
B. he network device was unable to reach the NTP server when the log messages were recorded
C. he network device is not configured to use NTP
D. he network device is not configured to use NTP time stamps for logging
View answer
Correct Answer: C
Question #120
Which algorithms are used to secure REST API from brute attacks and minimize the impact?
A. SHA-512 and SHA-384
B. MD5 algorithm-128 and SHA-384
C. SHA-1, SHA-256, and SHA-512
D. PBKDF2, BCrypt, and SCrypt
View answer
Correct Answer: D
Question #121
Refer to the exhibit. On which interfaces should VRRP commands be applied to provide first hop redundancy to PC-01 and PC-02?
A. nder traffic classification and marking conditions
B. nder interface saturation conditions
C. nder all network conditions
D. nder network convergence conditions
View answer
Correct Answer: C
Question #122
Which OSPF network types are compatible and allow communication through the two peering devices?
A. point-to-multipoint to nonbroadcast
B. broadcast to nonbroadcast
C. point-to-multipoint to broadcast
D. broadcast to point-to-point
View answer
Correct Answer: B
Question #123
A company plans to implement intent-based networking in its campus infrastructure.Which design facilitates a migration from a traditional campus design to a programmable fabric design?
A. wo-tier
B. ayer 2 access
C. hree-tier
D. outed access
View answer
Correct Answer: D
Question #124
Refer to the exhibit. What is the value of the variable list after the code is run?
A. 1, 2], [1, 2], [1, 2]
B. 1, 2] * 3
C. 1, 2, 1, 2, 1, 2]
D. 3, 6]
View answer
Correct Answer: C
Question #125
Which DNS lookup does an access point perform when attempting CAPWAP discovery?
A. CISCO-CONTROLLER
B. CAPWAP-CONTROLLER
C. CISCO-CAPWAP-CONTROLLER
D. CISCO-DNA-CONTROLLER
View answer
Correct Answer: C
Question #126
Refer to the exhibit. An engineer must create a configuration that prevents R3 from receiving the LSA about 172.16.1.4/32. Which configuration set achieves this goal?
A. n R3 ip access-list standard R4_L0 deny host 172
B. n R1 ip prefix-list INTO-AREA1 seq 5 deny 172
C. n R1 ip prefix-list INTO-AREA1 seq 5 deny 172
D. n R3 ip prefix-list INTO-AREA1 seq 5 deny 172
View answer
Correct Answer: C
Question #127
Refer to the exhibit. VPN-A sends point-to-point traffic to VPN-B and receives traffic only from VPN-C. VPN-B sends point-to-point traffic to VPN-C and receives traffic only from VPN-
A. Which configuration is applied?A
B. E-3 vrf VPN-B address-family ipv4 unicast import route-target 100:2 export route-target 100:2
C. E-2 vrf VPN-B address-family ipv4 unicast import route-target 100:2 export route-target 100:2
D. E-3 vrf VPN-B address-family ipv4 unicast import route-target 100:1 export route-target 100:2
View answer
Correct Answer: D
Question #128
Refer to the exhibit. Assuming the WLC's interfaces are not in the same subnet as the RADIUS server, which interface would the WLC use as the source for all RADIUS-related traffic?
A. he controller management interface
B. he controller virtual interface
C. he interface specified on the WLAN configuration
D. ny interface configured on the WLC
View answer
Correct Answer: C
Question #129
Refer to the exhibit. A client has two directly connected eBGP peering links with diverse ISPs. Both providers advertise the same public prefix 209.165.200.224/27 to R1 without any route manipulation. Traffic leaves R1 outbound via ISP1 but returns inbound via ISP2. Which configuration prevents asymmetrical routing and makes ISP1 the preferred path inbound and outbound?
A. ption A
B. ption B
C. ption C
D. ption D
View answer
Correct Answer: C
Question #130
Which LISP device is responsible for publishing EID-to-RLOC mappings for a site?
A. ETR
B. MR
C. ITR
D. MS
View answer
Correct Answer: A
Question #131
Which HTTP status code is the correct response for a request with an incorrect password applied to a REST API session?
A. HTTP Status Code: 200
B. HTTP Status Code: 302
C. HTTP Status Code: 401
D. HTTP Status Code: 504
View answer
Correct Answer: C
Question #132
Which statement about route targets is true when using VRF-Lite?
A. ITR
B. ap resolver
C. ap server
D. ETR
View answer
Correct Answer: A
Question #133
What is the purpose of a data modelling language?
A. o describe the structure and meaning of exchanged data
B. o standardize the procedures that are executed when parsing sent and received data
C. o establish a framework to process data by using an object-oriented programming approach
D. o specify the rules for transcoding between text and binary data encodings
View answer
Correct Answer: A
Question #134
Which reason could cause an OSPF neighborship to be in the EXSTART/EXCHANGE state?
A. ismatched OSPF link costs
B. ismatched OSPF network type
C. ismatched areas
D. ismatched MTU size
View answer
Correct Answer: D
Question #135
Refer to the exhibit. A network engineer attempts to connect to the Router1 console port.Which configuration is needed to allow Telnet connections?
A. outer1(config)# line vty 0 15 Router1(config-line)# transport output telnet
B. outer1(config)# telnet client
C. outer1(config)# line console 0 Router1(config-line)# transport output telnet
D. outer1(config)# access-list 100 permit tcp any any eq telnet Router1(config)# line console 0 Router1(config-line)# access-class 100 out
View answer
Correct Answer: C
Question #136
What are two device roles in Cisco SD-Access fabric? (Choose two)
A. core switch
B. vBond controller
C. edge node
D. access switch
E. border node
View answer
Correct Answer: CE
Question #137
A network is being migrated from IPv4 to IPv6 using a dual-stack approach. Network management is already 100% IPv6 enabled.In a dual-stack network with two dual-stack NetFlow collectors, how many flow exporters are needed per network device in the flexible NetFlow configuration?
A. 1
B. 2
C. 4
D. 8
View answer
Correct Answer: B
Question #138
Refer to the exhibit. Only administrators from the subnet 10.10.10.0/24 are permitted to have access to the router. A secure protocol must be used for the remote access and management of the router instead of clear-text protocols. Which configuration achieves this goal?
A. ption A
B. ption B
C. ption C
D. ption D
View answer
Correct Answer: A
Question #139
A client device roams between access points located on different floors in an atrium. The access points joined to the same controller and configuration in local mode. The access points are in different IP addresses, but the client VLAN in the group same. What type of roam occurs?
A. inter-controller
B. inter-subnet
C. intra-VLAN
D. intra-controller
View answer
Correct Answer: D
Question #140
What is the process for moving a virtual machine from one host machine to another with no downtime?
A. igh availability
B. isaster recovery
C. ive migration
D. ultisite replication
View answer
Correct Answer: C
Question #141
Which statement about a fabric access point is true?
A. t is in local mode and must be connected directly to the fabric edge switch
B. t is in local mode and must be connected directly to the fabric border node
C. t is in FlexConnect mode and must be connected directly to the fabric border node
D. t is in FlexConnect mode and must be connected directly to the fabric edge switch
View answer
Correct Answer: A
Question #142
An engineer is configuring GigabitEthernet1/0/0 for VRRP. When the router has the highest priority in group 5, it must assume the master role.Which command set should the engineer add to the configuration to accomplish this task? interface GigabitEthernet1/0/0 description To IDF A 38-70-774-10 ip address 172.16.13.2 255.255.255.0
A. tandby 5 ip 172
B. tandby 5 ip 172
C. rrp 5 ip 172
D. rrp 5 ip 172
View answer
Correct Answer: C
Question #143
Refer to the exhibit. An engineer configures CoPP and enters the show command to verify the implementation. What is the result of the configuration?
A. ll traffic will be policed based on access-list 120
B. f traffic exceeds the specified rate, it will be transmitted and remarked
C. lass-default traffic will be dropped
D. CMP will be denied based on this configuration
View answer
Correct Answer: A
Question #144
An engineer has deployed a single Cisco 5520 WLC with a management IP address of 172 16.50.5/24. The engineer must register 50 new Cisco AIR-CAP2802I-E-K9 access points to the WLC using DHCP option 43. The access points are connected to a switch in VLAN 100 that uses the 172.16.100.0/24 subnet. The engineer has configured the DHCP scope on the switch as follows:Network 172.16.100.0 255.255.255.0Default Router 172.16.100.1Option 43 ASCII 172.16.50.5The access points are failing to join the wireless LAN contr
A. onfigure option 43 Hex F104
B. onfigure option 43 Hex F104
C. onfigure dns-server 172
D. onfigure dns-server 172
View answer
Correct Answer: A
Question #145
An engineer reviews a router's logs and discovers the following entry. What is the event's logging severity level?Router# *Jan 01 38:24:04.401: %LINK-3-UPDOWN: Interface GigabitEthernet0/1, changed state to up
A. rror
B. arning
C. nformational
D. otification
View answer
Correct Answer: A
Question #146
Which action is a function of VTEP in VXLAN?
A. tunneling traffic from IPv6 to IPv4 VXLANs
B. allowing encrypted communication on the local VXLAN Ethernet segment
C. encapsulating and de-encapsulating VXLAN Ethernet frames
D. tunneling traffic from IPv4 to IPv6 VXLANs
View answer
Correct Answer: C
Question #147
Refer to the exhibit. Which Python code snippet must be added to the script to store the changed interface configuration to a local JSON-formatted file?
A. ption A
B. ption B
C. ption C
D. ption D
View answer
Correct Answer: B
Question #148
A network is being migrated from IPv4 to IPv6 using a dual-stack approach. Network management is already 100% IPv6 enabled.In a dual-stack network with two dual-stack NetFlow collectors, how many flow exporters are needed per network device in the flexible NetFlow configuration?
A. 1
B. 2
C. 4
D. 8
View answer
Correct Answer: B
Question #149
A client device fails to see the enterprise SSID, but other client devices are connected to it. What is the cause of this issue?
A. The client has incorrect credentials stored for the configured broadcast SSID
B. The hidden SSID was not manually configured on the client
C. The broadcast SSID was not manually configured on the client
D. The client has incorrect credentials stored for the configured hidden SSID
View answer
Correct Answer: B
Question #150
Which element enables communication between guest VMs within a virtualized environment?
A. ypervisor
B. irtual router
C. Switch
D. NIC
View answer
Correct Answer: C
Question #151
What is an emulated machine that has dedicated compute, memory, and storage resources and a fully installed operating system?
A. ainframe
B. ost
C. irtual machine
D. ontainer
View answer
Correct Answer: C
Question #152
Which action is the vSmart controller responsible for in an SD-WAN deployment?
A. nboard vEdge nodes into the SD-WAN fabric
B. ather telemetry data from vEdge routers
C. istribute security information for tunnel establishment between vEdge routers
D. anage, maintain, and gather configuration and status for nodes within the SD-WAN fabric
View answer
Correct Answer: C
Question #153
How do the RIB and the FIB differ?
A. IB is derived from the control plane, and the FIB is derived from the RIB
B. IB is derived from the control plane, and the RIB is derived from the data plane
C. IB contains the interface for a destination, and the FIB contains the next hop information
D. IB contains routes learned through a dynamic routing protocol and the RIB contains routes that are static or directly connected
View answer
Correct Answer: A
Question #154
Which two mechanisms are available to secure NTP? (Choose two.)
A. IPsec
B. IP prefix list-based
C. encrypted authentication
D. TACACS-based authentication
E. IP access list-based
View answer
Correct Answer: CE
Question #155
Which behavior can be expected when the HSRP version is changed from 1 to 2?
A. No changes occur because the standby router is upgraded before the active router
B. No changes occur because version 1 and 2 use the same virtual MAC OUI
C. Each HSRP group reinitializes because the virtual MAC address has changed
D. Each HSRP group reinitializes because the multicast address has changed
View answer
Correct Answer: C
Question #156
Refer to the exhibit. An engineer is using XML in an application to send information to a RESTCONF-enabled device. After sending the request, the engineer gets this response message and an HTTP response code of 400. What do these responses tell the engineer?
A. SH
B. TTPS
C. WT
D. LS
View answer
Correct Answer: A
Question #157
What are two common sources of interference for Wi-Fi networks? (Choose two.)
A. LED lights
B. radar
C. fire alarm
D. conventional oven
E. rogue AP
View answer
Correct Answer: BE
Question #158
Refer to the exhibit. Which command set must be added to permit and log all traffic that comes from 172.20.10.1 in interface GigabitEthernet0/1 without impacting the functionality of the access list?
A. ption A
B. ption B
C. ption C
D. ption D
View answer
Correct Answer: A
Question #159
Which two characteristics define the Intent API provided by Cisco DNA Center? (Choose two.)
A. he device has not been assigned a workflow
B. he device could not be added to the fabric
C. he device had an error and could not be provisioned
D. he device is from a third-party vendor
View answer
Correct Answer: AB
Question #160
Which behavior can be expected when the HSRP version is changed from 1 to 2?
A. o changes occur because the standby router is upgraded before the active router
B. o changes occur because version 1 and 2 use the same virtual MAC OUI
C. ach HSRP group reinitializes because the virtual MAC address has changed
D. ach HSRP group reinitializes because the multicast address has changed
View answer
Correct Answer: C
Question #161
What is a Type 1 hypervisor?
A. uns directly on a physical server and depends on a previously installed operating system
B. uns directly on a physical server and includes its own operating system
C. uns on a virtual server and depends on an already installed operating system
D. uns on a virtual server and includes its own operating system
View answer
Correct Answer: B
Question #162
What does this EEM applet event accomplish?"event snmp oid 1.3.6.1.3.7.0.9.5.3.1.2.9 get-type next entry-op gt entry-val 75 poll-interval 5"
A. Upon the value reaching 75%, a SNMP event is generated and sent to the trap server
B. It reads an SNMP variable, and when the value exceeds 75%, it triggers an action
C. It issues email when the value is greater than 75% for five polling cycles
D. It presents a SNMP variable that can be interrogated
View answer
Correct Answer: B
Question #163
An engineer runs the code against an API of Cisco DNA Center, and the platform returns this output. What does the response indicate?
A. he authentication credentials are incorrect
B. he URI string is incorrect
C. he Cisco DNA Center API port is incorrect
D. he HTTP method is incorrect
View answer
Correct Answer: D
Question #164
In a Cisco SD-Access solution, what is the role of a fabric edge node?
A. o connect external Layer 3 networks to the SD-Access fabric
B. o connect wired endpoints to the SD-Access fabric
C. o advertise fabric IP address space to external networks
D. o connect the fusion router to the SD-Access fabric
View answer
Correct Answer: B
Question #165
A client with IP address 209.165.201.25 must access a web server on port 80 at 209.165.200.225. To allow this traffic, an engineer must add a statement to an access control list that is applied in the inbound direction on the port connecting to the web servers.Which statement allows this traffic?
A. permit tcp host 209
B. permit tcp host 209
C. permit tcp host 209
D. permit tcp host 209
View answer
Correct Answer: C
Question #166
What happens when a FlexConnect AP changes to standalone mode?
A. ll client roaming continues to work
B. nly clients on central switching WLANs stay connected
C. ll clients on all WLANs are disconnected
D. ll controller-dependent activities stop working except the DFS
View answer
Correct Answer: D
Question #167
Refer to the exhibit. Which command must be applied to R2 for an OSPF neighborship to form?
A. etwork 20
B. etwork 20
C. etwork 20
D. etwork 20
View answer
Correct Answer: B
Question #168
Which TCP setting is tuned to minimize the risk of fragmentation on a GRE/IP tunnel?
A. MSS
B. MTU
C. MRU
D. window size
View answer
Correct Answer: A
Question #169
An engineer is describing QoS to a client. Which two facts apply to traffic policing? (Choose two)
A. Policing adapts to network congestion by queuing excess traffic
B. Policing should be performed as close to the destination as possible
C. Policing drops traffic that exceeds the defined rate
D. Policing typically delays the traffic, rather than drops it
E. Policing should be performed as close to the source as possible
View answer
Correct Answer: CE
Question #170
On which protocol or technology is the fabric data plane based in Cisco SD-Access fabric?
A. VXLAN
B. LISP
C. Cisco TrustSec
D. IS-IS
View answer
Correct Answer: A
Question #171
Which First Hop Redundancy Protocol should be used to meet a design requirements for more efficient default bandwidth usage acrossmultiple devices?
A. GLBP
B. LCAP
C. HSRP
D. VRRP
View answer
Correct Answer: A
Question #172
What is a requirement for an Ansible-managed node?
A. t must have an SSH server running
B. t must be a Linux server or a Cisco device
C. t must support ad hoc commands
D. t must have an Ansible Tower installed
View answer
Correct Answer: A
Question #173
How does Cisco TrustSec enable more flexible access controls for dynamic networking environments and data centers?
A. ses flexible NetFlow
B. ssigns a VLAN to the endpoint
C. lassifies traffic based on advanced application recognition
D. lassifies traffic based on the contextual identity of the endpoint rather than its IP address
View answer
Correct Answer: D
Question #174
When a wireless client roams between two different wireless controllers, a network connectivity outage is experience for a period of time. Which configuration issue would cause this problem?
A. Not all of the controllers in the mobility group are using the same mobility group name
B. Not all of the controllers within the mobility group are using the same virtual interface IP address
C. All of the controllers within the mobility group are using the same virtual interface IP address
D. All of the controllers in the mobility group are using the same mobility group name
View answer
Correct Answer: B
Question #175
Refer to the exhibit. An engineer is reaching network 172.16.10.0/24 via the R1-R2-R4 path. Which configuration forces the traffic to take a path of R1-R3-R4?
A. 1(config)#route-map RM_LOCAL_PREF permit 10 R1(config-route-map)#set local-preference 101R1(config-route-map)#exitR1(config)#router bgp 100R1(config-router)#neighbor 13
B. 1(config)#route-map RM_AS_PATH_PREPEND R1(config-route-map)#set as-path prepend 200 200 R1(config-route-map)#exitR1(config)#router bgp 100R1(config-router)#neighbor 12
C. 1(config)#router bgp 100R1(config-router)#neighbor 13
D. 2(config)#route-map RM_MED permit 10 R2(config-route-map)#set metric 1R2(config-route-map)#exitR2(config)#router bgp 200R2(config-router)#neighbor 12
View answer
Correct Answer: A
Question #176
Refer to the exhibit. An engineer is troubleshooting a connectivity issue and executes a traceroute. What does the result confirm?
A. he destination port is unreachable
B. he probe timed out
C. he destination server reported it is too busy
D. he protocol is unreachable
View answer
Correct Answer: B
Question #177
Which statement explains why Type 1 hypervisor is considered more efficient than Type2 hypervisor?
A. Type 1 hypervisor is the only type of hypervisor that supports hardware acceleration techniques
B. Type 1 hypervisor relies on the existing OS of the host machine to access CPU, memory, storage, and network resources
C. Type 1 hypervisor runs directly on the physical hardware of the host machine without relying on the underlying OS
D. Type 1 hypervisor enables other operating systems to run on it
View answer
Correct Answer: C
Question #178
Which statement about a fabric access point is true?
A. It is in local mode and must be connected directly to the fabric edge switch
B. It is in local mode and must be connected directly to the fabric border node
C. It is in FlexConnect mode and must be connected directly to the fabric border node
D. It is in FlexConnect mode and must be connected directly to the fabric edge switch
View answer
Correct Answer: A
Question #179
Which standard access control entry permits traffic from odd-numbered hosts in the 10.0.0.0/24 subnet?
A. permit 10
B. permit 10
C. permit 10
D. permit 10
View answer
Correct Answer: B
Question #180
Refer to the exhibit. An engineer must prevent the R6 loopback from getting into Area 2 and Area 3 from Area 0. Which action must the engineer take?
A. pply a filter list outbound on R3 and R7
B. pply a filter list inbound on R2 and R9
C. pply a filter list inbound on R3 and R7
D. pply a filter list outbound on R7 only
View answer
Correct Answer: C

View The Updated CCNP Exam Questions

SPOTO Provides 100% Real CCNP Exam Questions for You to Pass Your CCNP Exam!

View Answers after Submission

Please submit your email and WhatsApp to get the answers of questions.

Note: Please make sure your email ID and Whatsapp are valid so that you can get the correct exam results.

Email:
Whatsapp/phone number: