• support@dumpspool.com

SPECIAL LIMITED TIME DISCOUNT OFFER. USE DISCOUNT CODE TO GET 20% OFF DP2021

PDF Only

Dumpspool PDF book

$35.00 Free Updates Upto 90 Days

  • 350-401 Dumps PDF
  • 983 Questions
  • Updated On November 18, 2024

PDF + Test Engine

Dumpspool PDF and Test Engine book

$55.00 Free Updates Upto 90 Days

  • 350-401 Question Answers
  • 983 Questions
  • Updated On November 18, 2024

Test Engine

Dumpspool Test Engine book

$45.00 Free Updates Upto 90 Days

  • 350-401 Practice Questions
  • 983 Questions
  • Updated On November 18, 2024
Check Our Free Cisco 350-401 Online Test Engine Demo.

How to pass Cisco 350-401 exam with the help of dumps?

DumpsPool provides you the finest quality resources you’ve been looking for to no avail. So, it's due time you stop stressing and get ready for the exam. Our Online Test Engine provides you with the guidance you need to pass the certification exam. We guarantee top-grade results because we know we’ve covered each topic in a precise and understandable manner. Our expert team prepared the latest Cisco 350-401 Dumps to satisfy your need for training. Plus, they are in two different formats: Dumps PDF and Online Test Engine.

How Do I Know Cisco 350-401 Dumps are Worth it?

Did we mention our latest 350-401 Dumps PDF is also available as Online Test Engine? And that’s just the point where things start to take root. Of all the amazing features you are offered here at DumpsPool, the money-back guarantee has to be the best one. Now that you know you don’t have to worry about the payments. Let us explore all other reasons you would want to buy from us. Other than affordable Real Exam Dumps, you are offered three-month free updates.

You can easily scroll through our large catalog of certification exams. And, pick any exam to start your training. That’s right, DumpsPool isn’t limited to just Cisco Exams. We trust our customers need the support of an authentic and reliable resource. So, we made sure there is never any outdated content in our study resources. Our expert team makes sure everything is up to the mark by keeping an eye on every single update. Our main concern and focus are that you understand the real exam format. So, you can pass the exam in an easier way!

IT Students Are Using our Implementing Cisco Enterprise Network Core Technologies (350-401 ENCOR) Dumps Worldwide!

It is a well-established fact that certification exams can’t be conquered without some help from experts. The point of using Implementing Cisco Enterprise Network Core Technologies (350-401 ENCOR) Practice Question Answers is exactly that. You are constantly surrounded by IT experts who’ve been through you are about to and know better. The 24/7 customer service of DumpsPool ensures you are in touch with these experts whenever needed. Our 100% success rate and validity around the world, make us the most trusted resource candidates use. The updated Dumps PDF helps you pass the exam on the first attempt. And, with the money-back guarantee, you feel safe buying from us. You can claim your return on not passing the exam.

How to Get 350-401 Real Exam Dumps?

Getting access to the real exam dumps is as easy as pressing a button, literally! There are various resources available online, but the majority of them sell scams or copied content. So, if you are going to attempt the 350-401 exam, you need to be sure you are buying the right kind of Dumps. All the Dumps PDF available on DumpsPool are as unique and the latest as they can be. Plus, our Practice Question Answers are tested and approved by professionals. Making it the top authentic resource available on the internet. Our expert has made sure the Online Test Engine is free from outdated & fake content, repeated questions, and false plus indefinite information, etc. We make every penny count, and you leave our platform fully satisfied!

Cisco 350-401 Exam Overview:

Detail Information
Exam Code 350-401
Exam Title Implementing and Operating Cisco Enterprise Network Core Technologies (ENCOR)
Exam Cost $300 USD
Total Time 120 minutes
Available Languages English, Japanese
Passing Marks Variable (usually 750-850)

Few More 350-401 Exact Exam Questions:

Question # 1

Refer to the exhibit: The connection between SW1 and SW2 is not operational. Which two actions resolve the issue? (Choose two.)

A. configure switchport nonegotiate on SW1

B. configure switchport nonegotiate on SW2

C. configure switchport mode access on SW2

D. configure switchport mode trunk on SW2

E. configure switchport mode dynamic desirable on SW2

Answer: B,E

Question # 2

An engineer must enable a login authentication method that allows a user to log in by using local authentication if all other defined authentication methods fail. Which configuration should be applied?

A. aaa authentication login CONSOLE group radius local-case enable aaa

B. authentication login CONSOLE group radius local enable none

C. aaa authentication login CONSOLE group radius local enable

D. aaa authentication login CONSOLE group tacacs+ local enable

Answer: D

Question # 3

Drag and drop the characteristics from the left onto the deployment models on the right.

Answer:

Question # 4

In a Cisco SD-WAN solution, which two functions are performed by OMP? (Choose two.)

A. advertisement of network prefixes and their attributes

B. configuration of control and data policies

C. gathering of underlay infrastructure data

D. delivery of crypto keys

E. segmentation and differentiation of traffic

Answer: A,D

Question # 5

Which two Cisco SD-Access components provide communication between traditional network elements and controller layer? (Choose two)

A. network data platform

B. network underlay

C. fabric overlay

D. network control platform

E. partner ecosystem

Answer: B,C

Question # 6

Refer to the exhibit. An engineer configures OSPF and wants to verify the configuration. Which configuration is applied to this device?

A. R1(config)#interface Gi0/1 R1(config-if)#ip ospf enable R1(contig-if)#ip ospf network broadcast R1(config-if)#no shutdown

B. R1(config)#router ospf 1 R1(config-router)#network 0.0.0.0 0.0.0.0 area 0 R1(config-router)#no passive-interface Gi0/1

C. R1(config)#interface Gi0/1 R1(config-if)#ip ospf 1 area 0 R1(config-if)#no shutdown

D. R1(config)#router ospf 1 R1(config-router)#network 192.168.50.0 0.0.0.255 area 0

Answer: D

Frequently Asked Questions

Cisco 350-401 Sample Question Answers

Question # 1

Which technology enables a redundant supervisor engine to take over when the primary supervisor engine fails?

 A. NSF 
B. graceful restart 
C. SSO
 D. FHRP

Question # 2

Refer to the exhibit Remote users cannot access the Internet but can upload files to the storage server Which configuration must be applied to allow Internet access?

A. Option A 
B. Option B 
C. Option C
D. Option D 

Question # 3

Which two pieces of information are necessary to compute SNR? (Choose two.)

A. transmit power 
B. noise floor 
C. EIRP 
D. antenna gain 
E. RSSI 

Question # 4

Which technology enables a redundant supervisor engine to take over when the primary supervisor engine fails?

A. NSF 
B. graceful restart 
C. SSO 
D. FHRP

Question # 5

Refer to the exhibit. What are two results of the NAT configuration? (Choose two.)

A. Packets with a destination of 200.1.1.1 are translated to 10.1.1.1 or .2. respectively. 
B. A packet that is sent to 200.1.1.1 from 10.1.1.1 is translated to 209.165.201.1 on R1. 
C. R1 looks at the destination IP address of packets entering S0/0 and destined for inside hosts.
D. R1 processes packets entering E0/0 and S0/0 by examining the source IP address. 
E. R1 is performing NAT for inside addresses and outside address.

Question # 6

Which Quality of Service (QoS) mechanism allows the network administrator to control the maximum rate of traffic received or sent on a given interface?

A. Policing 
B. Marking 
C. Queueing 
D. Classification 

Question # 7

Refer to the exhibit. Why does OSPF fail to establish an adjacency between R1 and R2?

A. authentication mismatch 
B. interface MTU mismatch 
C. area mismatch 
D. timers mismatch 

Question # 8

Refer to the exhibit. An engineer must allow the FTP traffic from users on 172.16.1.0 /24 to 172.16.2.0 /24 and block all other traffic. Which configuration must be applied? 

A. Option A 
B. Option B 
C. Option C 
D. Option D 

Question # 9

By default, which virtual MAC address does HSRP group 41 use?

A. 0c:5e:ac:07:0c:29 
B. 00:05:0c:07:ac:41
 C. 004:41:73:18:84:29 
D. 00:00:0c:07:ac:29 

Question # 10

Refer to the exhibit. Which two commands ensure that DSW1 becomes the root bridge for VLAN 10 and 20? (Choose two.) 

A. spanning-tree mst 1 priority 1 
B. spanning-tree mstp vlan 10.20 root primary 
C. spanning-tree mil 1 root primary 
D. spanning-tree mst 1 priority 4096 
E. spanning-tree mst vlan 10.20 priority root 

Question # 11

Refer to the exhibit. Traffic is not passing between SW1 and SW2. Which action fixes the issue?

A. Configure LACP mode on S1 to passive. 
B. Configure switch port mode to ISL on S2. 
C. Configure PAgP mode on S1 to desirable. 
D. Configure LACP mode on S1 to active. 

Question # 12

By default, which virtual MAC address does HSRP group 12 use?

A. 00 5e0c:07:ac:12
 B. 05:44:33:83:68:6c 
C. 00:00:0c:07:ac:0c 
D. 00:05:5e:00:0c:12 

Question # 13

Which JSON script is properly formatted?  

A. Option A 
B. Option B 
C. Option C 
D. Option D 

Question # 14

Refer to the exhibit. A network engineer Is troubleshooting an Issue with the file server based on reports of slow file transmissions. Which two commands or command sets are required. In switch SW1 to analyze the traffic from the file server with a packet analyzer? (Choose two.)  

A. Option A 
B. Option B 
C. Option C 
D. Option D 

Question # 15

Which collection contains the resources to obtain a list of fabric nodes through the vManage API?

A. device management 
B. administration 
C. device inventory 
D. monitoring 

Question # 16

Which Python code snippet must be added to the script to store the changed interface configuration to a local JSON-formatted file?

A. Option A 
B. Option B 
C. Option C 
D. Option D

Question # 17

An engineer is describing QoS to a client. Which two facts apply to traffic policing? (Choose two.) 

A. Policing adapts to network congestion by queuing excess traffic 
B. Policing should be performed as close to the destination as possible 
C. Policing drops traffic that exceeds the defined rate 
D. Policing typically delays the traffic, rather than drops it 
E. Policing should be performed as close to the source as possible 

Question # 18

Refer to the exhibit. A network administrator must configure router B to allow traffic only from network 10.1002.0 to networks outside of router 0. Which configuration must be applied?

A. Option A 
B. Option B 
C. Option C 
D. Option D 

Question # 19

Refer to the exhibit.  What is achieved by the XML code?

A. It reads the access list sequence numbers from the output of the show ip access-list extended flp command into a dictionary list. 
B. It displays the output of the show ip access-list extended flp command on the terminal screen 
C. It displays the access list sequence numbers from the output of the show Ip access-list extended flp command on the terminal screen 
D. It reads the output of the show ip access-list extended flp command into a dictionary list. 

Question # 20

In a Cisco SD-Access environment, which function is performed by the border node?

A. Connect uteri and devices to the fabric domain. 
B. Group endpoints into IP pools. 
C. Provide reachability information to fabric endpoints. 
D. Provide connectivity to traditional layer 3 networks. 

Question # 21

Refer to the exhibit. R1 and R2 are directly connected, but the BGP session does not establish. Which action must be taken to build an eBGP session?

A. Configure ip route 1.1.1.1 0.0.0.0 192.168.12.1 on R2. 
B. Configure neighbor 192.168.12.1 activate under R2 BGP process. 
C. Configure neighbor 2.2.2.2 remote-as 65002 under R1 BGP process. 
D. Configure no neighbor 192.168.12.1 shutdown under R2 BGP process. 

Question # 22

Why would a customer implement an on-premises solution instead of a cloud solution? 

A. On-premises Offers greater compliance for government regulations than cloud 
B. On-premises offers greater scalability than cloud. 
C. On-premises oilers shorter deployment time than cloud. 
D. On-premises is more secure man cloud. 

Question # 23

In which way are EIGRP and OSPF similar?

A. They both support unequal-cost load balancing 
B. They both support MD5 authentication for routing updates. 
C. They nave similar CPU usage, scalability, and network convergence times.
 D. They both support autosummarization 

Question # 24

Refer to the exhibit. Which two commands ensure that DSW1 becomes root bridge for VLAN 10? (Choose two)

A. DSW1(config)#spanning-tree vlan 10 priority 4096 Most Voted 
B. DSW1(config)#spanning-tree vlan 10 priority root 
C. DSW2(config)#spanning-tree vlan 10 priority 61440 Most Voted 
D. DSW1(config)#spanning-tree vlan 10 port-priority 0 
E. DSW2(config)#spanning-tree vlan 20 priority 0

Question # 25

What are two benefits of implementing a traditional WAN instead of an SD-WAN solution? (Choose two.)

A. comprehensive configuration standardization 
B. lower control plane abstraction 
C. simplify troubleshooting 
D. faster fault detection 
E. lower data plane overhead 

Question # 26

Which security measure mitigates a man-in-the-middle attack of a REST API?

A. SSL certificates
 B. biometric authentication 
C. password hash 
D. non repudiotion feature 

Question # 27

Which Python library is used to work with YANG data models via NETCONF? 

A. Postman
 B. requests 
C. nccllent 
D. cURL 

Question # 28

What is the function of vBond in a Cisco SD-WAN deployment? 

A. initiating connections with SD-WAN routers automatically 
B. pushing of configuration toward SD-WAN routers 
C. onboarding of SD-WAN routers into the SD-WAN overlay 
D. gathering telemetry data from SD-WAN routers

Question # 29

Which two methods are used to interconnect two Cisco SD-Access Fabric sites? (Choose two.) 

A. SD-Access transit 
B. fabric interconnect 
C. wireless transit 
D. IP-based transit
 E. SAN transit 

Question # 30

Which two methods are used to assign security group tags to the user in a Cisco Trust Sec architecture? (Choose two )

A. modular QoS 
B. policy routing 
C. web authentication 
D. DHCP
 E. IEEE 802.1x 

Question # 31

Which configuration filters out DOT1X messages in the format shown below from being sent toward Syslog server 10.15.20.33?

A. Option A 
B. Option B 
C. Option C
D. Option D 

Question # 32

Refer to the exhibit. Which command set enables router R2 to be configured via NETCONF? 

A. Option A 
B. Option B 
C. Option C 
D. Option D 

Question # 33

Reler to the exhibit The EtherChannel between SW1 and SW2 is not operational. Which a coon will resolve the issue? 

A. Configure channel-group 1 mode active on GVO and G1 1 of SW2. 
B. Configure twitchport trunk encapsulation dot1q on SW1 and SW2. 
C. Configure channel-group 1 mode active on Gl'O and GM of SW1 . 
D. Configure switchport mode dynamic desirable on SW1 and SW2 

Question # 34

Refer to the exhibit.  Which configuration enables fallback to local authentication and authorization when no TACACS+ server is available?

A. Router(config)# aaa authentication login default local Router(config)# aaa authorization exec default local 
B. Router(config)# aaa authentication login default group tacacs+ local Router(config)# aaa authorization exec default group tacacs+ local 
C. Router(config)# aaa fallback local 
D. Router(config)# aaa authentication login FALLBACK local Router(config)# aaa authorization exec FALLBACK local 

Question # 35

Which authorization framework gives third-party applications limited access to HTTP services?

A. iPsec 
B. Basic Auth 
C. GRE 
D. OAuth 2.0 

Question # 36

What is the purpose of the weight attribute in an EID-lo-RLOC mapping?

A. it indicates the preference for using LISP over native IP connectivity. 
B. it determines the administrative distance of LISP generated routes in the RIB 
C. It identifies the preferred RLOC address family. 
D. it indicates the load-balancing ratio between CTRs of 9m earns priority. 

Question # 37

Which two new security capabilities are introduced by using a next-generation firewall at the Internet edge? (Choose two.)

A. DVPN 
B. NAT 
C. stateful packet inspection 
D. application-level inspection 
E. integrated intrusion prevention

Question # 38

An engineer must configure router R1 to validate user logins via RADIUS and fall back to the local user database if the RADIUS server is not available. Which configuration must be applied?

A. aaa authorization exec default radius local 
B. aaa authorization exec default radius 
C. aaa authentication exec default radius local 
D. aaa authentication exec default radius 

Question # 39

Refer to the exhibit.  Which type of antenna is shown on the radiation patterns?

A. Yagi 
B. dipole 
C. patch 
D. omnidirectional

Question # 40

Refer to the exhibit.The OSPF neighborship fails between two routers. What is the cause of this issue?

A. The OSPF router ID is missing on this router. 
B. The OSPF process is stopped on the neighbor router. 
C. There is an MTU mismatch between the two routers. 
D. The OSPF router ID is missing on the neighbor router. 

Question # 41

An engineer must configure GigabitEthernet 0/0 for VRRP group 65. The rouler must assume the primary rote when it has the highest priority in the group. Which command set must be applied?

A. Option A 
B. Option B 
C. Option C 
D. Option D 

Question # 42

Based on the router's API output In JSON format below, which Python code will display the value of the 'role' key?

A. Option A 
B. Option B 
C. Option C 
D. Option D 

Question # 43

Which two steps are required for a complete Cisco DNA Center upgrade? (Choose two.) 

A. golden image selection 
B. automation backup 
C. proxy configuration 
D. application updates 
E. system update 

Question # 44

Refer to the exhibit. An engineer must configure an ERSPAN tunnel that mirrors traffic from linux1 on Switch1 to Linux2 on Switch2. Which command must be added to the destination configuration to enable the ERSPAN tunnel?

A. (config-mon-erspan-dst-src)# origin ip address 172.16.10.10 
B. (config-mon-erspan-dst-src)# erspan-id 172.16.10.10 
C. (config-mon-erspan-dst-src)# no shut 
D. (config-mon-erspan-dst-src)# erspan-id 110 

Question # 45

Refer to me exhibit. The NETCONF object is sent to a Cisco IOS XE switch. What is me purpose of the object?

A. view the configuration of all GigabitEthernet interfaces. 
B. Discover the IP address of interface GigabitEthernet. 
C. Set the description of interface GigabitEthernet1 to *1*. 
D. Remove the IP address from interface GigabitEthernet1. 

Question # 46

What does the destination MAC on the outer MAC header identify in a VXLAN packet?

A. thee emote spine 
B. the next hop
 C. the leaf switch 
D. the remote switch 

Question # 47

Which unit of measure is used to measure wireless RF SNR?

A. mW 
B. bBm 
C. dB 
D. dBi 

Question # 48

A network engineer wants to configure console access to a router without using AAA so that the privileged exec mode is entered directly after a user provides the correct login credentials. Which action achieves this goal? 

A. Configure login authentication privileged on line con 0. 
B. Configure a local username with privilege level 15. 
C. Configure privilege level 15 on line con 0. 
D. Configure a RADIUS or TACACS+ server and use it to send the privilege level. 

Question # 49

Refer to the exhibit. Which configuration is required to summarize the Area 2 networks that are advertised to Area 0? 

A. Option A 
B. Option B 
C. Option C 
D. Option D 

Question # 50

Which QoS queuing method transmits packets out of the interface in the order the packets arrive? 

A. custom 
B. weighted- fair
C. FIFO 
D. priority 

Question # 51

Refer to the exhibit. Why does the OSPF neighborship fail between the two interfaces? 

A. The IP subnet mask is not the same. 
B. There is a mismatch in the OSPF interface network type. 
C. The OSPF timers are different. 
D. The MTU is nor the same. 

Question # 52

Refer to the exhibit. An engineer must protect the CPU of the router from high rates of NTP, SNMP, and SSH traffic. Which two configurations must be applied to drop these types of traffic when it continuously exceeds 320 kbps? (Choose two)

A. Option A 
B. Option B 
C. Option C 
D. Option D 
E. Option E 

Question # 53

What does the Cisco DNA Center Authentication API provide?

A. list of global issues that are logged in Cisco DNA Center 
B. access token to make calls to Cisco DNA Center 
C. list of VLAN names 
D. dent health status 

Question # 54

What is one method for achieving REST API security?

A. using built-in protocols known as Web Services Security 
B. using a combination of XML encryption and XML signatures 
C. using a MD5 hash to verify the integrity 
D. using HTTPS and TLS encryption 

Question # 55

Refer to the exhibit. A company has an internal wireless network with a hidden SSID and RADIUS-based client authentication for increased security. An employee attempts to manually add the company network to a laptop, but the laptop does not attempt to connect to the network. The regulatory domains of the access points and the laptop are identical. Which action resolves this issue?

A. Ensure that the "Connect even if this network is not broadcasting" option is selected. 
B. Limit the enabled wireless channels on the laptop to the maximum channel range that is supported by the access points. 
C. Change the security type to WPA2-Personal AES. 
D. Use the empty string as the hidden SSID network name. 

Question # 56

Refer to the exhibit. An engineer is reaching network 172.16.10.0/24 via the R1-R2-R4 path. Which configuration forces the traffic to fake a path of R1-R3-R4? A)

A. Option A 
B. Option B 
C. Option C 
D. Option D 

Question # 57

What is a characteristic of a traditional WAN? 

A. low complexity and high overall solution scale 
B. centralized reachability, security, and application policies 
C. operates over DTLS and TLS authenticated and secured tunnels 
D. united data plane and control plane 

Question # 58

Which LISP component decapsulates messages and forwards them to the map server responsible for the egress tunnel routers?

A. Ingress Tunnel Router 
B. Map Resolver 
C. Proxy ETR 
D. Router Locator 

Question # 59

When a DNS host record is configured for a new Cisco AireOS WLC, which hostname must be added to allow APs to successfully discover the WLC?

A. CONTROLLER-CAPWAP-CISCO 
B. CISCO-CONTROLLER-CAPWAP 
C. CAPWAP-CISCO-CONTROLLER 
D. CISCO-CAPWAP-CONTROLLER 

Question # 60

What is one being of implementing a data modetag language?

A. accuracy of the operations performed 
B. uses XML style of data formatting 
C. machine-oriented logic and language-facilitated processing. 
D. conceptual representation to simplify interpretation. 

Question # 61

What do Chef and Ansible have in common?

A. They rely on a declarative approach. 
B. They rely on a procedural approach. 
C. They use YAML as their primary configuration syntax. 
D. They are clientless architectures. 

Question # 62

An engineer must implement a configuration to allow a network administrator to connect to the console port of a router and authenticate over the network. Which command set should the engineer use?

A. aaa new-model aaa authentication login default enable 
B. aaa new-model aaa authentication login console local 
C. aaa new-model aaa authentication login console group radius 
D. aaa new-model aaa authentication enable default

Question # 63

Refer to the exhibit. Which configuration must be applied to ensure that the preferred path for traffic from AS 65010 toward AS 65020 uses the R2 to R4 path?

A. Option A 
B. Option B
C. Option C 
D. Option D 

Question # 64

Which device is responsible for finding EID-to-RLOC mappings when traffic is sent to a LISP-capable site?

A. map server 
B. map resolver 
C. ingress tunnel router 
D. egress tunnel router 

Question # 65

How does Cisco Express Forwarding switching differ from process switching on Cisco devices?

A. Cisco Express Forwarding switching uses adjacency tables built by the CDP protocol, and process switching uses the routing table. 
B. Cisco Express Forwarding switching uses dedicated hardware processors, and process switching uses the main processor. 
C. Cisco Express Forwarding swithing saves memory by storing adjacency tables in dedicated memory on the line cards, and process switching stores all tables in the main memory. 
D. Cisco Express Forwarding switching uses a proprietary protocol based on IS-IS for MAC address lookup, and process switching uses the MAC address table. 

Question # 66

Which element is unique to a Type 2 hypervisor?

A. memory
 B. VM OS
 C. host OS 
D. host hardware 

Question # 67

What is a characteristics of Cisco SD-WAN?

A. operates over DTLS/TLS authenticated and secured tunnels 
B. requires manual secure tunnel configuration 
C. uses unique per-device feature templates 
D. uses control connections between routers 

Question # 68

Which solution supports end to end line-rate encryption between two sites?

A. IPsec 
B. TrustSec 
C. MACseC 
D. GRE

Question # 69

Refer to the exhibit. Why was the response code generated?

A. The resource was unreachable
 B. Access was denied based on the user permissions. 
C. The resource 15 no longer available on the server.
 D. There Is a conflict in the current stale of the resource. 

Question # 70

Which two features are available only in next-generation firewalls? (Choose two.)

A. virtual private network 
B. deep packet inspection 
C. stateful inspection 
D. application awareness 
E. packet filtering 

Question # 71

Refer to the exhibit Users cannot reach the web server at 192.168 100 1. What is the root cause for the failure?

A. The server is attempting to load balance between links 10.100 100.1 and 10 100.200.1. 
B. The server is out of service. 
C. There is a loop in the path to the server. 
D. The gateway cannot translate the server domain name. 

Question # 72

Which action limits the total amount of memory and CPU that is used by a collection of VMs?

A. Place the collection of VMs in a resource pool.
 B. Place the collection of VMs in a vApp. 
C. Limit the amount of memory and CPU that is available to the cluster. 
D. Limit the amount of memory and CPU that is available to the individual VMs. 

Question # 73

Refer to the exhibit. Which two configurations enable R1 and R2 to advertise routes into OSPF? (Choose two)  

A. Option A 
B. Option B 
C. Option C 
D. Option D 
E. Option E

Question # 74

What is the result of applying this access control list?

A. TCP traffic with the URG bit set is allowed 
B. TCP traffic with the SYN bit set is allowed 
C. TCP traffic with the ACK bit set is allowed 
D. TCP traffic with the DF bit set is allowed 

Question # 75

What is a benefit of Cisco TrustSec in a multilayered LAN network design? 

A. Policy or ACLS are nor required. 
B. There is no requirements to run IEEE 802.1X when TrustSec is enabled on a switch port. 
C. Applications flows between hosts on the LAN to remote destinations can be encrypted. 
D. Policy can be applied on a hop-by-hop basis. 

Question # 76

Refer to the exhibit. An engineer configures HSRP and enters the show standby command. Which two facts about the network environment are derived from the output? (Choose two.) 

A. The local device has a higher priority selling than the active router 
B. The virtual IP address of the HSRP group is 10.1.1.1. 
C. If the local device fails to receive a hello from the active router for more than 5 seconds, it becomes the active router. 
D. The hello and hold timers are set to custom values. 
E. If a router with a higher IP address and same HSRP priority as the active router becomes available, that router becomes the new active router 5 seconds later. 

Question # 77

Which mechanism can be used to enforce network access authentication against an AAA server if the endpoint does not support the 802.1X supplicant functionality?

A. private VLANs 
B. port security 
C. MAC Authentication Bypass 
D. MACsec

Question # 78

Refer to the exhibit. An LACP port channel is configured between Switch-1 and Switch-2, but It falls to come up. Which action will resolve the issue?

A. Configure Switch-1 with channel-group mode active
 B. Configure Switch-2 with channel-group mode desirable.
C. Configure Switch-1 with channel-group mode on. 
D. Configure SwKch-2 with channel-group mode auto 

Question # 79

Refer to the exhibit Which two commands are required on route» R1 to block FTP and allow all other traffic from the Branch 2 network’ (Choose two)

A. Option A 
B. Option B 
C. Option C 
D. Option D 
E. Option E 

Question # 80

Refer to the exhibit. Which command set completes the ERSPAN session configuration?

A. Option A 
B. Option B 
C. Option C 
D. Option D 

Question # 81

Refer to the exhibit. An engineer builds an EEM script to apply an access list. Which statement must be added to complete the script?

A. event none 
B. action 2.1 cli command "ip action 3.1 ell command 101''
 C. action 6.0 ell command ''ip access-list extended 101'' 
D. action 6.0 cli command ''ip access-list extended 101"

Question # 82

What does the statement print(format(0.8, '.0%')) display?

A. 80% 
B. 8% 
C. .08% 
D. 8.8% 

Question # 83

Refer to the exhibit. Cisco IOS routers R1 and R2 are interconnected using interface Gi0/0. Which configuration allows R1 and R2 to form an OSPF neighborship on interface Gi0/0? 

A. Option A 
B. Option B 
C. Option C 
D. Option D 

Question # 84

An engineer applies this configuration to router R1. How does R1 respond when the user ‘cisco’ logs in?

A. It displays the startup conftg and then permits the user to execute commands 
B. It places the user into EXEC mode and permits the user to execute any command 
C. It displays the startup conflg and then terminates the session. 
D. It places the user into EXEC mode but permits the user to execute only the show startup-config command 

Question # 85

Refer to the exhibit.  Which action results from executing the Python script? 

A. display the output of a command that is entered on that device in a single line 
B. SSH to the IP address that is manually entered on that device 
C. display the output of a command that is entered on that device 
D. display the unformatted output of a command that is entered on that device 

Question # 86

Refer to the exhibit. What is printed to the console when this script is run?

A. a key-value pair in tuple type 
B. a key-value pair in list type
 C. a key-value pair in string type 
D. an error 

Question # 87

Refer to the exhibit. Which set of commands is required to configure and verify the VRF for Site 1 Network A on router R1?

A. Option A 
B. Option B
 C. Option C 
D. Option D 

Question # 88

Which configuration restricts the amount of SSH traffic that a router accepts to 100 kbps?A)  

A. Option A 
B. Option B 
C. Option C 
D. Option D 

Question # 89

Refer to the exhibit. The traceroute fails from R1 to R3. What is the cause of the failure?

A. The loopback on R3 Is in a shutdown stale. 
B. An ACL applied Inbound on loopback0 of R2 Is dropping the traffic. 
C. An ACL applied Inbound on fa0/1 of R3 is dropping the traffic. 
D. Redistribution of connected routes into OSPF is not configured. 

Question # 90

In a wireless network environment, what is calculated using the numerical values of the transmitter power level, cable loss, and antenna gain?

A. RSSI 
B. dBI 
C. SNR 
D. EIRP

Question # 91

How is traffic classified when using Cisco TrustSec technology?

A. with the VLAN 
B. with the MAC address
 C. with the IP address 
D. with the security group tag 

Question # 92

A switch is attached to router R1 on its gig 0/0 interface. Fort security reasons, you want to prevent R1 from sending OSPF hellos to the switch. Which command should be enabled to accomplish this? 

A. R1(config-router)#ip ospf hello disable 
B. R1(config-router)#ip ospf hello-interval 0 
C. R1(config)#passive-interface Gig 0/0 
D. R1(config-router)#passive-interface Gig 0/0 

Question # 93

What is one role of the VTEP in a VXLAN environment?

A. to forward packets to non-LISP sites 
B. to encapsulate the tunnel 
C. to maintain VLAN configuration consistency 
D. to provide EID-to-RLOC mapping 

Question # 94

A firewall address of 192 166.1.101 can be pinged from a router but, when running a traceroute to It, this output is received What is the cause of this issue?

A. The firewall blocks ICMP traceroute traffic.
 B. The firewall rule that allows ICMP traffic does not function correctly
 C. The firewall blocks ICMP traffic. 
D. The firewall blocks UDP traffic 

Question # 95

Refer to the exhibit Which command must be applied to complete the configuration and enable RESTCONF?

A. ip http secure-server 
B. ip http server 
C. ip http secure-port 443 
D. ip http client username restconf 

Question # 96

Which device, in a LISP routing architecture, receives and de-encapsulates LISP traffic for endpoints within a LISP-capable site?

A. MR
 B. ETR 
C. OMS 
D. ITR 

Question # 97

Refer to the exhibit. Extended access-list 100 is configured on interface GigabitEthernet 0/0 in an inbound direction, but it does not have the expected behavior of allowing only packets to or from 192.168.0.0/16. Which command set properly configures the access list?

A. R1(config)#no access-list 100 seq 10 R1(config)#access-list 100 seq 40 deny ip any any 
B. R1(config)#ip access-list extended 100 R1(config-ext-nacl)#no 10 
C. R1(config)#no access-list 100 deny ip any any 
D. R1(config)#ip access-list extended 100 R1(config-ext-nacl)#5 permit to any any

Question # 98

A company recently decided to use RESTCONF instead of NETCONF and many of their NETCONF scripts contain the operation (operation=”create”).Which RESTCONF operation must be used to replace these statements?

A. POST 
B. GET 
C. PUT 
D. CREATE 

Question # 99

Refer to the exhibit. A network engineer configures NAT on R1 and enters me show command to verity me configuration What toes the output confirm?

A. The first pocket triggered NAT to add an entry to the NAT table 
B. R1 is configured with NAT overload parameters. 
C. A Telnet session from 160.1.1.1 to 10.1.1.10 has been initiated. 
D. R1 a configured win PAT overload parameters 

Question # 100

A customer has 20 stores located throughout a city. Each store has a single Cisco access point managed by a central WLC. The customer wants to gather analysis for users in each store. Which technique supports these requirements?

A. angle of arrival 
B. hyperlocation 
C. trilateration 
D. presence 

Question # 101

Refer to the exhibit An engineer is troubleshooting a newly configured BGP peering that does not establish What is the reason for the failure?

A. BGP peer 10 255 255 3 is not configured for peenng wth R1 
B. Mandatory BOP parameters between R1 and 10 255 255 3 are mismatched 
C. A firewall is blocking access to TCP port 179 on the BGP peer 10 255 255.3 
D. Both BGP pern are configured for passive TCP transport 

Question # 102

What is one characteristic of Cisco DNA Center and vManage northbound APIs?

A. They push configuration changes down to devices. 
B. They implement the RESTCONF protocol. 
C. They exchange XML-formatted content. 
D. They implement the NETCONF protocol. 

Question # 103

What is a benefit of using segmentation with TrustSec? 

A. Packets sent between endpoints on a LAN are encrypted using symmetric key cryptography. 
B. Firewall rules are streamlined by using business-level profiles. 
C. Integrity checks prevent data from being modified in transit.
 D. Security group tags enable network segmentation. 

Question # 104

Refer to the exhibit. An engineer configures a new WLAN that will be used for secure communications; however, wireless clients report that they are able to communicate with each other. Which action resolves this issue?

A. Enable Client Exclusions. 
B. Disable Aironet IE 
C. Enable Wi-Fi Direct Client Policy 
D. Enable P2P Blocking. 

Question # 105

Refer to the exhibit.  The server in DC2 is expecting traffic from the database in DC1 to use the source network of 10.50.250.0/24. The server sends the initial request. The inside global IP is configured for 10.50.250.1. What is the result of this configuration?

A. Only the server can initiate communication. 
B. The server and the database cannot communicate. 
C. The server and the database can initiate communication. 
D. Only the database can initiate communication 

Question # 106

Which DNS lookup does an AP perform when attempting CAPWAP discovery?

A. CAPWAP-CONTROLLER.Iocal 
B. CISCO-CAPWAP-CONTROLLER.Iocal 
C. CISCO-DNA-CONTROLLER.Iocal 
D. CISCO-CONTROLLER.Iocal 

Question # 107

Which mobility role is assigned to a client in the client table of the new controller after a Layer 3 roam?

A. anchor 
B. foreign 
C. mobility 
D. transparent

Question # 108

Refer to the exhibit. Which configuration set implements Control plane Policing for SSH and Telnet?

A. Option A 
B. Option B 
C. Option C 
D. Option D 

Question # 109

Refer to the exhibit. An engineer constructs an EEM applet to prevent anyone from entering configuration mode on a switch. Which snippet is required to complete the EEM applet?

A. sync yes skip yes 
B. sync no skip yes 
C. sync no skip no 
D. sync yes skip no

Question # 110

What is an advantage of utilizing data models in a multivendor environment? 

A. lowering CPU load incurred to managed devices 
B. improving communication security with binary encoded protocols 
C. facilitating a unified approach to configuration and management 
D. removing the distinction between configuration and runtime state data 

Question # 111

Which two results occur if Cisco DNA center loses connectivity to devices in the SDACCESS fabric? (Choose two

A. All devices reload after detecting loss of connection to Cisco DNA Center 
B. Already connected users are unaffected, but new users cannot connect 
C. User connectivity is unaffected D. Cisco DNA Center is unable to collect monitoring data in Assurance 
E. Users lose connectivity

Question # 112

Which of the following are examples of Type 2 hypervisors? (Choose three.)

A. VMware ESXi 
B. Oracle VirtualBox 
C. Oracle Solaris Zones 
D. Microsoft Hyper-V 
E. Microsoft Virtual PC 

Question # 113

When is GLBP preferred over HSRP?

A. When encrypted helm are required between gateways h a single group. 
B. When the traffic load needs to be shared between multiple gateways using a single virtual IP. 
C. When the gateway routers are a mix of Cisco and non-Cisco routers 
D. When clients need the gateway MAC address lo Be the same between multiple gateways 

Question # 114

A customer has a pair of Cisco 5520 WLCs set up in an SSO cluster to manage all APs. Guest traffic is anchored to a Cisco 3504 WLC located in a DMZ. Which action is needed to ensure that the EolP tunnel remains in an UP state in the event of failover on the SSO cluster?

A. Configure back-to-back connectivity on the RP ports. 
B. Enable default gateway reachability check. 
C. Use the same mobility domain on all WLCs. 
D. Use the mobility MAC when the mobility peer is configured. 

Question # 115

How do cloud deployments compare to on-premises deployments?

A. Cloud deployments provide a better user experience across world regions, whereas onpremises deployments depend upon region-specific conditions 
B. Cloud deployments are inherently unsecure. whereas a secure architecture is mandatory for on-premises deployments. 
C. Cloud deployments mandate a secure architecture, whereas on-premises deployments are inherently unsecure. 
D. Cloud deployments must include automation infrastructure, whereas on-premises deployments often lack the ability for automation.

Question # 116

Which language defines the structure or modelling of data for NETCONF and RESTCONF? 

A. YAM 
B. YANG
 C. JSON 
D. XML 

Question # 117

Which two actions, when applied in the LAN network segment, will facilitate Layer 3 CAPWAP discovery for lightweight AP? Choose two.)

A. Enable port security on the switch port.
 B. Configure an IP helper-address on the router interface. 
C. Utilize DHCP option 17. 
D. Configure WLC IP address LAN switch. 
E. Utilize DHCP option 43.

Question # 118

Which two results occur if Cisco DNA Center loses connectivity to devices in the SDAccess fabric? (Choose two)

A. Cisco DNA Center is unable to collect monitoring data in Assurance. 
B. All devices reload after detecting loss of connection to Cisco DNA Center. 
C. Already connected users are unaffected, but new users cannot connect 
D. Users lose connectivity. 
E. User connectivity is unaffected. 

Question # 119

Refer to the exhibit. Which router is elected as the VRRP primary virtual router?

A. Router B
 B. Router D 
C. Router C 
D. Router A 

Question # 120

Which two functions is an edge node responsible for? (Choose two.)

A. provides multiple entry and exit points for fabric traffic 
B. provides the default exit point for fabric traffic 
C. provides the default entry point for fabric traffic 
D. provides a host database that maps endpoint IDs to a current location 
E. authenticates endpoints

Question # 121

Refer to the exhibit. An engines configured TACACS^ to authenticate remote users but the configuration is not working as expected Which configuration must be applied to enable access? A)

A. Option A 
B. Option B 
C. Option C 
D. Option D 

Question # 122

Which hypervisor requires a host OS to run and is not allowed to directly access the hosts hardware and resources?

A. native 
B. bare metal 
C. type 1 
D. type 2 

Question # 123

What is a client who is running 802.1x for authentication reffered to as?

A. supplicant 
B. NAC device 
C. authenticator 
D. policy enforcement point 

Question # 124

In lhe Cisco DNA Center Image Repository, what is a golden image?

A. The latest software image that is available for a specific device type 
B. The Cisco recommended software image for a specific device type. 
C. A software image that is compatible with multiple device types. 
D. A software image that meets the compliance requirements of the organization. 

Question # 125

Where is the wireless LAN controller located in a mobility express deployment?

A. There is no wireless LAN controller in the network. 
B. The wireless LAN controller is embedded into the access point. 
C. The wireless LAN controller exists in the cloud. 
D. The wireless LAN controller exists in a server that is dedicated for this purpose. 

Question # 126

Which configuration enables a device to be configured via NETCONF over SSHv2?  

A. Option A 
B. Option B 
C. Option C 
D. Option D 

Question # 127

Refer to the exhibit. An engineer attempts to configure standby group 512 on interface GigabitEthernet0/1, but the configuration is not accepted. Which command resolves this problem?

A. standby version 2 
B. standby 512 preempt 
C. standby redirects 
D. standby 512 priority 100 

Question # 128

Refer to the exhibit What does this Python script do?

A. enters the RAOIUS username for a specific IP address 
B. writes the username for a specific IP address into a light database 
C. enters the TACACS* username for a specific IP address 
D. reads the username for a specific IP address from a light database 

Question # 129

Refer to the exhibit. What is the cause of the communication failure between R1 and R4?

A. R1 is configured with the no ip unreachables command. 
B. R2 is denying ICMP 
C. R4 is denying ICMP. 
D. R3 is denying ICMP. 

Question # 130

Refer to the exhibit. What is output by this code?

A. 8 7 6 5 
B. -4 -5 -6 -7 
C. -1 -2-3-4 
D. 4 5 6 7 

Question # 131

Which access control feature does MAB provide?

A. user access based on IP address 
B. allows devices to bypass authenticate* 
C. network access based on the physical address of a device 
D. simultaneous user and device authentication 

Question # 132

Refer to the exhibit. Which command allows hosts that are connected to FastEthernet0/2 to access the Internet? 

A. ip nat inside source list 10 interface FastEthernet0/1 overload 
B. ip nat inside source list 10 interface FastEthernet0/2 overload 
C. ip nat outside source list 10 interface FastEthernet0/2 overload 
D. ip nat outside source static 209.165.200.225 10.10.10.0 overload 

Question # 133

Refer to the exhibit Which configuration enables password checking on the console line, using only a password?

A. Option A
B. Option B 
C. Option C 
D. Option D 

Question # 134

What is the function of the fabric control plane node in a Cisco SD-Access deployment?

A. It is responsible for policy application and network segmentation in the fabric 
B. It performs traffic encapsulation and security profiles enforcement in the fabric 
C. It holds a comprehensive database that tracks endpoints and networks in the fabric 
D. It provides integration with legacy nonfabric-enabled environments 

Question # 135

Refer to the exhibit. Which command filters the ERSPAN session packets only to interface GigabitEthernet1?

A. source ip 10.10.10.1 
B. source interface gigabitethernet1 ip 10.10.10.1
 C. filter access-group 10 
D. destination ip 10.10.10.1 

Question # 136

Company policy restricts VLAN 10 to be allowed only on SW1 and SW2. All other VLANs can be on all three switches. An administrator has noticed that VLAN 10 has propagated to SW3. Which configuration corrects the issue?

A. SW1(config)#intgi1/1 SW1(config)#switchport trunk allowed vlan 1-9,11-4094 
B. SW2(config)#intgi1/2 SW2(config)#switchport trunk allowed vlan 10 
C. SW2(config)#int gi1/2 SW2(config)#switchport trunk allowed vlan 1-9,11-4094 
D. SWl(config)#intgi1/1 SW1(config)#switchport trunk allowed vlan 10 

Question # 137

A. Option A 
B. Option B 
C. Option C
 D. Option D 

Question # 138

Refer to the exhibit.

A. Option A 
B. Option B 
C. Option C
 D. Option D 

Question # 139

An administrator must enable Telnet access to Router X using the router username and password database for authentication. Which configuration should be applied?  

A. Option A 
B. Option B 
C. Option C 
D. Option D 

Question # 140

Refer to the exhibit. 

A. The spanning-tree mode stp ieee command was entered on this switch 
B. The spanning-tree operation mode for this switch is IEEE. 
C. The spanning-tree operation mode for this switch is PVST+.
 D. The spanning-tree operation mode for this switch is PVST 

Question # 141

Which two parameters are examples of a QoS traffic descriptor? (Choose two)

 A. MPLS EXP bits 
B. bandwidth 
C. DSCP D. ToS
 E. packet size

Question # 142

Refer to the exhibit. Which command set must be added to the configuration to analyze 50 packets out of every 100?A)

A. Option A 
B. Option B 
C. Option C 
D. Option D 

Question # 143

The network administrator must be able to perform configuration changes when all the RADIUS servers are unreachable. Which configuration allows all commands to be authorized if the user has successfully authenticated? 

A. aaa authorization exec default group radius none 
B. aaa authentication login default group radius local none
C. aaa authorization exec default group radius if-authenticated 
D. aaa authorization exec default group radius

Question # 144

Refer to the exhibit.

A. Option A 
B. Option B 
C. Option C 
D. Option D 

Question # 145

An engineer must configure AAA on a Cisco 9800 WLC for central web authentication Which two commands are needed to accomplish this task? (Choose two.) 

A. Option A 
B. Option B 
C. Option C 
D. Option D 
E. Option E

Question # 146

A. Option A
 B. Option B 
C. Option C 
D. Option D 

Question # 147

An engineer must create a new SSID on a Cisco 9800 wireless LAN controller. The client has asked to use a pre-shared key for authentication Which profile must the engineer edit to achieve this requirement?

 A. RF
B. Policy 
C. WLAN 
D. Flex 

Question # 148

Refer to the exhibit.

A. The device sends unicast messages to its peers 
B. The device's HSRP group uses the virtual IP address 10.0.3.242 
C. The standby device is configured with the default HSRP priority. 
D. The device is using the default HSRP hello timer
 E. The device is configured with the default HSRP priority

Question # 149

Refer to the exhibit. 

A. Option A 
B. Option B 
C. Option C 
D. Option D

Question # 150

A network monitoring system uses SNMP polling to record the statistics of router interfaces The SNMP queries work as expected until an engineer installs a new interface and reloads the router After this action, all SNMP queries for the router fail What is the cause of this issue?

A. The SNMP community is configured incorrectly 
B. The SNMP interface index changed after reboot. 
C. The SNMP server traps are disabled for the interface index 
D. The SNMP server traps are disabled for the link state. 

Question # 151

Refer to the exhibit.

A. Option A 
B. Option B 
C. Option C 
D. Option D 

Question # 152

How does Cisco Trustsec enable more flexible access controls for dynamic networking environments and data centers? 

A. uses flexible NetFlow 
B. assigns a VLAN to the endpoint
 C. classifies traffic based an the contextual identity of the endpoint rather than its IP address 
D. classifies traffic based on advanced application recognition 

Question # 153

Based on the router's API output in JSON format below, which Python code will display the value of the "hostname" key?  

A. Option 
B. Option 
C. Option 
D. Option 

Question # 154

Refer to the exhibit.  

A. Option A 
B. Option B 
C. Option C 
D. Option D

Question # 155

An engineer must create an EEM script to enable OSPF debugging in the event the OSPF neighborship goes down. Which script must the engineer apply? 

A. Option A 
B. Option B 
C. Option C 
D. Option D 

Question # 156

Refer to the exhibit. 

A. Option A 
B. Option B 
C. Option C 
D. Option D 
E. Option E 
F. Option F

Question # 157

An engineer is troubleshooting an application running on Apple phones. The application Is receiving incorrect QoS markings. The systems administrator confirmed that ail configuration profiles are correct on the Apple devices. Which change on the WLC optimizes QoS for these devices?

 A. Enable Fastlane 
B. Set WMM to required 
C. Change the QoS level to Platinum 
D. Configure AVC Profiles 

Question # 158

In a Cisco StackWise Virtual environment, which planes are virtually combined in the common logical switch?

 A. management and data 
B. control and management 
C. control, and forwarding 
D. control and data 

Question # 159

What does the LAP send when multiple WLCs respond to the CISCO_CAPWAPCONTROLLER.localdomain hostname during the CAPWAP discovery and join process?

A. broadcast discover request 
B. join request to all the WLCs 
C. unicast discovery request to each WLC 
D. Unicast discovery request to the first WLS that resolves the domain name

Question # 160

An engineer attempts to bundle interface Gi0/0 into the port channel, but it does not function as expected. Which action resolves the issue?

A. Configure channel-group 1 mode active on interface Gi0/0.
 B. Configure no shutdown on interface Gi0/0 
C. Enable fast LACP PDUs on interface Gi0/0. 
D. Set LACP max-bundle to 2 on interface Port-channeM

Question # 161

A. Option A 
B. Option B 
C. Option C 
D. Option D 

Question # 162

Which command must be applied to Router 1 to bring the GRE tunnel to an up/up state?

A. Routed (config if funnel mode gre multipoint 
B. Router1(config-if)&tunnel source Loopback0 
C. Router1(config-if)#tunnel source GigabitEthernet0/1 
D. Router1 (config)#interface tunnel0 

Question # 163

Which router is the designated router on the segment 192.168.0.0/24?

A. This segment has no designated router because it is a nonbroadcast network type. 
B. This segment has no designated router because it is a p2p network type. 
C. Router Chicago because it has a lower router ID 
D. Router NewYork because it has a higher router ID

Question # 164

Refer to the exhibit.

A. The tunnel line protocol goes down when the keepalive counter reaches 6 
B. The keepalives are sent every 5 seconds and 3 retries 
C. The keepalives are sent every 3 seconds and 5 retries 
D. The tunnel line protocol goes down when the keepalive counter reaches 5 

Question # 165

How is a data modeling language used? 

A. To enable data lo be easily structured, grouped, validated, and replicated 
B. To represent finite and well-defined network elements that cannot be changed 
C. To model the flows of unstructured data within the infrastructure 
D. To provide human readability to scripting languages 

Question # 166

Refer to the exhibit. An engineer is designing a guest portal on Cisco ISE using the default configuration. During the testing phase, the engineer receives a warning when displaying the guest portal. Which issue is occurring? 

A. The server that is providing the portal has an expired certificate 
B. The server that is providing the portal has a self-signed certificate 
C. The connection is using an unsupported protocol 
D. The connection is using an unsupported browser 

Question # 167

An engineer must export the contents of the devices object in JSON format. Which statement must be used?

A. json.repr(Devices)
B. json.dumps(Devices) 
C. json.prints(Devices) 
D. json.loads(Devices) 

Question # 168

A network engineer is enabling HTTPS access to the core switch, which requires a certificate to be installed on the switch signed by the corporate certificate authority Which configuration commands are required to issue a certificate signing request from the core switch? 

A. Option A 
B. Option B 
C. Option C 
D. Option D

Question # 169

Refer to the exhibit. Which type of antenna does the radiation pattern represent?

A. Yagi 
B. multidirectional 
C. directional patch 
D. omnidirectional 

Question # 170

An engineer must permit traffic from these networks and block all other traffic An informational log message should be triggered when traffic enters from these prefixes Which access list must be used?

A. access-list acl_subnets permit ip 10.0.32.0 0 0.0.255 log 
B. access-list acl_subnets permit ip 10.0.32.0 0.0.7.255 log 
C. access-list acl_subnets permit ip 10.0.32.0 0.0.7.255 access-list acl_subnets deny ip any log 
D. access-list acl_subnets permit ip 10.0.32.0 255.255.248.0 log 

Question # 171

An engineer must configure static NAT on R1 lo allow users HTTP access to the web server on TCP port 80. The web server must be reachable through ISP 1 and ISP 2. Which command set should be applied to R1 to fulfill these requirements?

A. ip nat inside source static tcp 10.1.1.100 80 209.165.200.225 80 extendable ip nat inside source static tcp 10.1.1.100 80 209.165.201.1 80 extendable 
B. ip nat inside source static tcp 10.1.1.100 80 209.165.200.225 80 ip nat inside source static tcp 10.1.1.100 80 209.165.201.1 80 
C. ip nat inside source static tcp 10.1.1.100 80 209.165.200.225 80 ip nat inside source static tcp 10.1.1.100 8080 209.165.201.1 8080 
D. ip nat inside source static tcp 10.1.1.100 80 209.165.200.225 80 no-alias ip nat inside source static tcp 10.1.1.100 80 209.165.201.1 80 no-alias 

Question # 172

Refer to the exhibit.

A. Option A 
B. Option B 
C. Option C 
D. Option D 

Question # 173

Refer to the exhibit.  R2 is the neighboring router of R1. R2 receives an advertisement for network 192 168.10.50/32. Which configuration should be applied for the subnet to be advertised with the original /24 netmask?

A. Option A 
B. Option B 
C. Option C 
D. Option D 

Question # 174

Refer to the exhibit.

A. Option A 
B. Option B 
C. Option C 
D. Option D 

Question # 175

Refer to the exhibit.  Which privilege level is assigned to VTY users?

A. 1 
B. 7
 C. 13 
D. 15 

Question # 176

Refer to the exhibit.  After the code is run on a Cisco IOS-XE router, the response code is 204. What is the result of the script? 

A. The configuration fails because another interface is already configured with IP address 10.10.10.1/24. 
B. The configuration fails because interface GigabitEthernet2 is missing on the target device. 
C. The configuration is successfully sent to the device in cleartext. 
D. Interface GigabitEthernet2 is configured with IP address 10.10.10.1/24 

Question # 177

A vulnerability assessment highlighted that remote access to the switches is permitted using unsecure and unencrypted protocols Which configuration must be applied to allow only secure and reliable remote access for device administration? 

A. line vty 0 15 login local transport input none 
B. line vty 0 15 login local transport input telnet ssh 
C. line vty 0 15 login local transport input ssh 
D. line vty 0 15 login local transport input all 

Question # 178

What is a characteristics of a vSwitch? 

A. supports advanced Layer 3 routing protocols that are not offered by a hardware switch 
B. enables VMs to communicate with each other within a virtualized server 
C. has higher performance than a hardware switch D. operates as a hub and broadcasts the traffic toward all the vPorts 

Question # 179

A. Configure ip route 1.1.1.1 0.0.0.0 192.168.12.1 on R2. 
B. Configure neighbor 192.168.12.1 activate under R2 BGP process. 
C. Configure neighbor 2.2.2.2 remote-as 65002 under R1 BGP process. 
D. Configure no neighbor 192.168.12.1 shutdown under R2 BGP process. 

Question # 180

A. source ip 10.10.10.1 
B. source interface gigabitethernet1 ip 10.10.10.1 
C. filter access-group 10 
D. destination ip 10.10.10.1

Question # 181

Only administrators from the subnet 10.10.10.0/24 are permitted to have access to the router. A secure protocol must be used for the remote access and management of the router instead of clear-text protocols. Which configuration achieves this goal?

A. Option A 
B. Option B 
C. Option C 
D. Option D 

Question # 182

When does a Cisco StackWise primary switch lose its role? 

A. when a stack member fails 
B. when the stack primary is reset 
C. when a switch with a higher priority is added to the stack 
D. when the priority value of a stack member is changed to a higher value 

Question # 183

Which activity requires access to Cisco DNA Center CLI? 

A. provisioning a wireless LAN controller 
B. creating a configuration template 
C. upgrading the Cisco DNA Center software 
D. graceful shutdown of Cisco DNA Center 

Question # 184

A. Option A 
B. Option B 
C. Option C 
D. Option D 

Question # 185

An engineer is configuring RADIUS-Based Authentication with EAP. MS-CHAPv2 is configured on a client device. Which outer method protocol must be configured on the ISE to support this authentication type? 

A. EAP-TLS 
B. EAP-FAST 
C. LDAP
 D. PEAP 

Question # 186

What is the result of the API request?

A. The "params" variable sends data fields to the network appliance. 
B. The native interface information is read from the network appliance. 
C. The Information for all interfaces is read from the network appliance. 
D. The "params" variable reads data fields from the network appliance

Question # 187

Which router is elected the IGMP Querier when more than one router is in the same LAN segment? 

A. The router with the shortest uptime
 B. The router with the lowest IP address 
C. The router with the highest IP address 
D. The router with the longest uptime 

Question # 188

A customer has a wireless network deployed within a multi-tenant building. The network provides client access, location-based services, and is monitored using Cisco DNA Center. The security department wants to locate and track malicious devices based on threat signatures. Which feature is required for this solution?

A. Cisco aWIPS policies on the WLC 
B. Cisco aWIPS policies on Cisco DNA Center 
C. malicious rogue rules on the WLC 
D. malicious rogue rules on Cisco DNA Center

Question # 189

In a Cisco SD-Access fabric, which control plane protocol is used for mapping and resolving endpoints? 

A. DHCP 
B. VXLAN 
C. SXP 
D. LISP 

Question # 190

 

A. Option A 
B. Option B 
C. Option C 
D. Option D 

Question # 191

What is the rose of the vSmart controller in a Cisco SD-WN environment? 

A. it performs authentication and authorization 
B. it manages the control plane. 
C. it is the centralized network management system
 D. it manages the data plane 

Question # 192

The Gig0/0 interface of two routers is directly connected with a 1G Ethernet link. Which configuration must be applied to the interface of both routers to establish an OSPF adjacency without maintaining a DR/BDR relationship?

A. Option A
B. Option B 
C. Option C 
D. Option D 

Question # 193

How do EIGRP metrics compare to OSPF metrics? 

A. EIGRP metrics are based on a combination of bandwidth and packet loss, and OSPF metrics are based on interface bandwidth. 
B. EIGRP uses the Dijkstra algorithm, and OSPF uses The DUAL algorithm 
C. The EIGRP administrative distance for external routes is 170. and the OSPF administrative distance for external routes is undefined 
D. The EIGRP administrative distance for external routes is 170. and the OSPF administrative distance for external routes is 110 

Question # 194

A. Option A 
B. Option B 
C. Option C 
D. Option D

Question # 195

A network engineer must configure a switch to allow remote access for all feasible protocols. Only a password must be requested for device authentication and all idle sessions must be terminated in 30 minutes. Which configuration must be applied?

A. Option A 
B. Option B 
C. Option C
 D. Option D 

Question # 196

A network administrator is preparing a Python scrip to configure a Cisco IOS XE-based device on the network. The administrator is worried that colleagues will make changes to the device while the script is running. Which operation of he in client manager prevent colleague making changes to the device while the scrip is running? 

A. m.lock(config=’running’)
 B. m.lock(target=’running’) 
C. m.freeze(target=’running’) 
D. m.freeze(config=’running’) 

Question # 197

What is a characteristic of a Type I hypervisor? 

A. It is installed on an operating system and supports other operating systems above it.
 B. It is referred to as a hosted hypervisor. 
C. Problems in the base operating system can affect the entire system. 
D. It is completely independent of the operating system. 

What our clients say about 350-401 Practice Questions

Leave a comment

Your email address will not be published. Required fields are marked *

Rating / Feedback About This Exam