Summer Special Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: scxmas70

350-401 Exam Dumps - Implementing Cisco Enterprise Network Core Technologies (ENCOR)

Question # 4

Refer the exhibit.

Which router is the designated router on the segment 192.168.0.0/24?

A.

This segment has no designated router because it is a nonbroadcast network type.

B.

This segment has no designated router because it is a p2p network type.

C.

Router Chicago because it has a lower router ID

D.

Router NewYork because it has a higher router ID

Full Access
Question # 5

What is used to perform OoS packet classification?

A.

the Options field in the Layer 3 header

B.

the Type field in the Layer 2 frame

C.

the Flags field in the Layer 3 header

D.

the TOS field in the Layer 3 header

Full Access
Question # 6

In cisco SD_WAN, which protocol is used to measure link quality?

A.

OMP

B.

BFD

C.

RSVP

D.

IPsec

Full Access
Question # 7

Which AP mode allows an engineer to scan configured channels for rogue access points?

A.

sniffer

B.

monitor

C.

bridge

D.

local

Full Access
Question # 8

Which two operations are valid for RESTCONF? (Choose two.)

A.

HEAD

B.

REMOVE

C.

PULL

D.

PATCH

E.

ADD

F.

PUSH

Full Access
Question # 9

Refer to the exhibit. POSTMAN is showing an attempt to retrieve network device information from Cisco DNA Center API. What is the issue?

A.

The URI string is incorrect

B.

The token has expired.

C.

Authentication has failed

D.

The JSON payload contains the incorrect UUID

Full Access
Question # 10

How are the different versions of IGMP compatible?

A.

IGMPv2 is compatible only with IGMPv1.

B.

IGMPv2 is compatible only with IGMPv2.

C.

IGMPv3 is compatible only with IGMPv3.

D.

IGMPv3 is compatible only with IGMPv1

Full Access
Question # 11

Refer to the exhibit. An engineer configures a new HSRP group. While reviewing the HSRP status, the engineer sees the logging message generated on R2. Which is the cause of the message?

A.

The same virtual IP address has been configured for two HSRP groups

B.

The HSRP configuration has caused a spanning-tree loop

C.

The HSRP configuration has caused a routing loop

D.

A PC is on the network using the IP address 10.10.1.1

Full Access
Question # 12

Refer to the exhibit.

An engineer must ensure that all traffic leaving AS 200 will choose Link 2 as the exit point. Assuming that all BGP neighbor relationships have been formed and that the attributes have not been changed on any of the routers, which configuration accomplish task?

A.

R4(config-router)bgp default local-preference 200

B.

R3(config-router)neighbor 10.1.1.1 weight 200

C.

R3(config-router)bgp default local-preference 200

D.

R4(config-router)nighbor 10.2.2.2 weight 200

Full Access
Question # 13

What is the recommended MTU size for a Cisco SD-Access Fabric?

A.

1500

B.

9100

C.

4464

D.

17914

Full Access
Question # 14

What is a characteristic of a virtual machine?

A.

It must be aware of other virtual machines, in order to allocate physical resources for them

B.

It is deployable without a hypervisor to host it

C.

It must run the same operating system as its host

D.

It relies on hypervisors to allocate computing resources for it

Full Access
Question # 15

Which protocol does REST API rely on to secure the communication channel?

A.

TCP

B.

HTTPS

C.

SSH

D.

HTTP

Full Access
Question # 16

Drag and drop the LISP components from the left onto the function they perform on the right. Not all options are used.

Full Access
Question # 17

“HTTP/1.1 204 content” is returned when cur –I –x delete command is issued. Which situation has occurred?

A.

The object could not be located at the URI path.

B.

The command succeeded in deleting the object

C.

The object was located at the URI, but it could not be deleted.

D.

The URI was invalid

Full Access
Question # 18

Which algorithms are used to secure REST API from brute attacks and minimize the impact?

A.

SHA-512 and SHA-384

B.

MD5 algorithm-128 and SHA-384

C.

SHA-1, SHA-256, and SHA-512

D.

PBKDF2, BCrypt, and SCrypt

Full Access
Question # 19

A customer has recently implemented a new wireless infrastructure using WLC-5520 at a site directly next to a large commercial airport. Users report that they intermittently lose WI-FI connectivity, and troubleshooting reveals it is due to frequent channel changes. Which two actions fix this issue? (Choose two)

A.

Remove UNII-2 and Extended UNII-2 channels from the 5 Ghz channel list

B.

Restore the DCA default settings because this automatically avoids channel interference.

C.

Configure channels on the UNIk2 and the Extended UNII-2 sub-bands of the 5 Ghz band only

D.

Enable DFS channels because they are immune to radar interference.

E.

Disable DFS channels to prevent interference with Doppler radar

Full Access
Question # 20

What is a characteristic of Cisco StackWise technology?

A.

It uses proprietary cabling

B.

It supports devices that are geographically separated

C.

lt combines exactly two devices

D.

It is supported on the Cisco 4500 series.

Full Access
Question # 21

A client device roams between access points located on different floors in an atrium. The access points are Joined to the same controller and configured in local mode. The access points are in different AP groups and have different IP addresses, but the client VLAN in the groups is the same. Which type of roam occurs?

A.

inter-controller

B.

inter-subnet

C.

intra-VLAN

D.

intra-controller

Full Access
Question # 22

Refer to the exhibit.

What are two reasons for IP SLA tracking failure? (Choose two )

A.

The destination must be 172 30 30 2 for icmp-echo

B.

A route back to the R1 LAN network is missing in R2.

C.

The source-interface is configured incorrectly.

D.

The default route has the wrong next hop IP address

E.

The threshold value is wrong

Full Access
Question # 23

A customer wants to provide wireless access to contractors using a guest portal on Cisco ISE. The portal Is also used by employees A solution is implemented, but contractors receive a certificate error when they attempt to access the portal Employees can access the portal without any errors. Which change must be implemented to allow the contractors and employees to access the portal?

A.

Install a trusted third-party certificate on the Cisco ISE.

B.

Install an Internal CA signed certificate on the contractor devices

C.

Install an internal CA signed certificate on the Cisco ISE

D.

install a trusted third-party certificate on the contractor devices.

Full Access
Question # 24

What is the process for moving a virtual machine from one host machine to another with no downtime?

A.

high availability

B.

disaster recovery

C.

live migration

D.

multisite replication

Full Access
Question # 25

Refer to the exhibit.

Which privilege level is assigned to VTY users?

A.

1

B.

7

C.

13

D.

15

Full Access
Question # 26

Which network devices secure API platform?

A.

next-generation intrusion detection systems

B.

Layer 3 transit network devices

C.

content switches

D.

web application firewalls

Full Access
Question # 27

Drag and drop the descriptions from the left onto the QoS components they describe on the right.

Full Access
Question # 28

Refer to the exhibit.

A network engineer is enabling logging to a local buffer, to the terminal and to a syslog server for all debugging level logs filtered by facility code 7. Which command is needed to complete this configuration snippet?

A.

logging buffered debugging

B.

logging discriminator Disc1 severity includes 7

C.

logging buffered discriminator Disc1 debugging

D.

logging discriminator Disc1 severity includes 7 facility includes fac7

Full Access
Question # 29

Refer to the exhibit.

An engineer attempts to bundle interface Gi0/0 into the port channel, but it does not function as expected. Which action resolves the issue?

A.

Configure channel-group 1 mode active on interface Gi0/0.

B.

Configure no shutdown on interface Gi0/0

C.

Enable fast LACP PDUs on interface Gi0/0.

D.

Set LACP max-bundle to 2 on interface Port-channeM

Full Access
Question # 30

What is a benefit of Type 1 hypervisors?

A.

Administrators are able to load portable virtual machine packages in OVA or QCOW2 formats.

B.

Network engineers are able to create virtual networks o interconnect virtual machines in Layer 2 topologies

C.

Operators are able to leverage orchestrators to manage workloads that run on multiple Type 1 hypervisors

D.

Storage engineers are able to leverage VMDK files to provide storage to virtual machine.

Full Access
Question # 31

Refer to the exhibit.

After an engineer configures an EtherChannel between switch SW1 and switch SW2, this error message is logged on switch SW2.

Based on the output from SW1 and the log message received on Switch SW2, what action should the engineer take to resolve this issue?

A.

Configure the same protocol on the EtherChannel on switch SW1 and SW2.

B.

Connect the configuration error on interface Gi0/1 on switch SW1.

C.

Define the correct port members on the EtherChannel on switch SW1.

D.

Correct the configuration error on interface Gi0/0 switch SW1.

Full Access
Question # 32

Refer to the exhibit. A network engineer must configure NETCONF. After creating the configuration, the engineer gets output from the command show line, but not from show running-config. Which command completes the configuration?

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Full Access
Question # 33

A customer wants to use a single SSID to authenticate loT devices using different passwords. Which Layer 2 security type must be configured in conjunction with Cisco ISE to achieve this requirement?

A.

Fast Transition

B.

Central Web Authentication

C.

Cisco Centralized Key Management

D.

Identity PSK

Full Access
Question # 34

Which protocol infers that a YANG data model is being used?

A.

SNMP

B.

NX-API

C.

REST

D.

RESTCONF

Full Access
Question # 35

Which two actions, when applied in the LAN network segment, will facilitate Layer 3 CAPWAP discovery for lightweight AP? (Choose two.)

A.

Utilize DHCP option 17.

B.

Configure WLC IP address on LAN switch.

C.

Utilize DHCP option 43.

D.

Configure an ip helper-address on the router interface

E.

Enable port security on the switch port

Full Access
Question # 36

In which two ways does TCAM differ from CAM? (Choose two.)

A.

CAM is used to make Layer 2 forwarding decisions, and TCAM is used for Layer 3 address lookups.

B.

The MAC address table is contained in CAM, and ACL and QoS Information Is stored in TCAM.

C.

CAM Is used by routers for IP address lookups, and TCAM is used to make Layer 2 forwarding decisions.

D.

CAM is used for software switching mechanisms, and TCAM is used for hardware switching mechanisms.

E.

The MAC address table Is contained in TCAM, and ACL and QoS information is stored in CAM.

Full Access
Question # 37

An engineer is configuring local web authentication on a WLAN. The engineer chooses the Authentication radio button under the Layer 3 Security options for Web Policy. Which device presents the web authentication for the WLAN?

A.

ISE server

B.

local WLC

C.

RADIUS server

D.

anchor WLC

Full Access
Question # 38

How cloud deployments differ from on-prem deployments?

A.

Cloud deployments require longer implementation times than on-premises deployments

B.

Cloud deployments are more customizable than on-premises deployments.

C.

Cloud deployments require less frequent upgrades than on-premises deployments.

D.

Cloud deployments have lower upfront costs than on-premises deployments.

Full Access
Question # 39

Refer to the exhibit

Communication between London and New York is down Which to resolve this issue?

A)

B)

C)

D)

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Full Access
Question # 40

An engineer must protect their company against ransom ware attacks. Which solution allows the engineer to block the execution stage and prevent file encryption?

A.

Use Cisco AMP deployment with the Malicious Activity Protection engineer enabled.

B.

Use Cisco AMP deployment with the Exploit Prevention engine enabled.

C.

Use Cisco Firepower and block traffic to TOR networks.

D.

Use Cisco Firepower with Intrusion Policy and snort rules blocking SMB exploitation.

Full Access
Question # 41

Which cisco DNA center application is responsible for group-based accesss control permissions?

A.

Design

B.

Provision

C.

Assurance

D.

Policy

Full Access
Question # 42

Which action is performed by Link Management Protocol in a Cisco StackWise Virtual domain?

A.

It rejects any unidirectional link traffic forwarding

B.

It determines if the hardware is compatible to form the StackWise Virtual domain

C.

discovers the StackWise domain and brings up SVL interfaces.

D.

It determines which switch becomes active or standby

Full Access
Question # 43

What does the LAP send when multiple WLCs respond to the CISCO_CAPWAP-CONTROLLER.localdomain hostname during the CAPWAP discovery and join process?

A.

broadcast discover request

B.

join request to all the WLCs

C.

unicast discovery request to each WLC

D.

Unicast discovery request to the first WLS that resolves the domain name

Full Access
Question # 44

An engineer configures a WLAN with fast transition enabled Some legacy clients fail to connect to this WLAN Which feature allows the legacy clients to connect while still allowing other clients to use fast transition based on then OLTIs?

A.

over the DS

B.

adaptive R

C.

802.11V

D.

802.11k

Full Access
Question # 45

Which method does Cisco DNA Center use to allow management of non-Cisco devices through southbound protocols?

A.

It creates device packs through the use of an SDK

B.

It uses an API call to interrogate the devices and register the returned data.

C.

It obtains MIBs from each vendor that details the APIs available.

D.

It imports available APIs for the non-Cisco device in a CSV format.

Full Access
Question # 46

How can an engineer prevent basic replay attacks from people who try to brute force a system via REST API?

A.

Add a timestamp to the request In the API header.

B.

Use a password hash

C.

Add OAuth to the request in the API header.

D.

UseHTTPS

Full Access
Question # 47

Refer to the exhibit.

The trunk does not work over the back-to-back link between Switch1 interface Giq1/0/20 and Switch2 interface Gig1/0/20. Which configuration fixes the problem?

A)

B)

C)

D)

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Full Access
Question # 48

An engineer is configuring a GRE tunnel interface in the default mode. The engineer has assigned an IPv4 address on the tunnel and sourced the tunnel from an Ethernet interface. Which option also is required on the tunnel interface before it is operational?

A.

(config-if)#tunnel destination

B.

(config-if)#keepalive

C.

(config-if)#ip mtu

D.

(config-if)#ip tcp adjust-mss

Full Access
Question # 49

An administrator must enable Telnet access to Router X using the router username and password database for authentication. Which configuration should be applied?

A)

B)

C)

D)

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Full Access
Question # 50

What are two considerations when using SSO as a network redundancy feature? (Choose two)

A.

both supervisors must be configured separately

B.

the multicast state is preserved during switchover

C.

must be combined with NSF to support uninterrupted Layer 2 operations

D.

must be combined with NSF to support uninterrupted Layer 3 operations

E.

requires synchronization between supervisors in order to guarantee continuous connectivity

Full Access
Question # 51

Drag and drop the characteristics from the left onto the deployment models on the right.

Full Access
Question # 52

What are two common sources of interference for Wi-Fi networks? (Choose two.)

A.

rogue AP

B.

conventional oven

C.

fire alarm

D.

LED lights

E.

radar

Full Access
Question # 53

What is the wireless received signal strength indicator?

A.

The value given to the strength of the wireless signal received compared to the noise level

B.

The value of how strong the wireless signal Is leaving the antenna using transmit power, cable loss, and antenna gain

C.

The value of how much wireless signal is lost over a defined amount of distance

D.

The value of how strong a tireless signal is receded, measured in dBm

Full Access
Question # 54

Refer to the exhibit.

A company requires that all wireless users authenticate using dynamic key generation. Which configuration must be applied?

A.

AP(config-if-ssid)# authentication open wep wep_methods

B.

AP(config-if-ssid)# authentication dynamic wep wep_methods

C.

AP(config-if-ssid)# authentication dynamic open wep_dynamic

D.

AP(config-if-ssid)# authentication open eap eap_methods

Full Access
Question # 55

Refer to the exhibit.

An engineers reaching network 172 16 10 0/24 via the R1-R2-R4 path. Which configuration forces the traffic to take a path of R1-R3-R4?

A)

B)

C)

D)

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Full Access
Question # 56

In a Cisco SD-Access solution, which protocol is used by an extended node to connect to a single edge node?

A.

VXLAN

B.

IS-IS

C.

802 1Q

D.

CTS

Full Access
Question # 57

What is required for a virtual machine to run?

A.

a Type 1 hypervisor and a host operating system

B.

a hypervisor and physical server hardware

C.

only a Type 1 hypervisor

D.

only a Type 2 hypervisor

Full Access
Question # 58

Drag and drop the snippets onto the blanks within the code to construct a script that adds a prefix list to a route map and sets the local preference. Not all options are used

Full Access
Question # 59

What is one difference between EIGRP and OSPF?

A.

OSPF is a Cisco proprietary protocol, and EIGRP is an IETF open standard protocol.

B.

OSPF uses the DUAL distance vector algorithm, and EIGRP uses the Dijkstra link-state algorithm

C.

EIGRP uses the variance command lot unequal cost load balancing, and OSPF supports unequal cost balancing by default.

D.

EIGRP uses the DUAL distance vector algorithm, and OSPF uses the Dijkstra link-state algorithm

Full Access
Question # 60

An engineer is working with the Cisco DNA Center API Drag and drop the methods from the left onto the actions that they are used for on the right.

Full Access
Question # 61

Which two parameters are examples of a QoS traffic descriptor? (Choose two)

A.

MPLS EXP bits

B.

bandwidth

C.

DSCP

D.

ToS

E.

packet size

Full Access
Question # 62

A network engineer is enabling HTTPS access to the core switch, which requires a certificate to be installed on the switch signed by the corporate certificate authority Which configuration commands are required to issue a certificate signing request from the core switch?

A)

B)

C)

D)

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Full Access
Question # 63

Refer to the exhibit.

What step resolves the authentication issue?

A.

use basic authentication

B.

change the port to 12446

C.

target 192 168 100 82 in the URI

D.

restart the vsmart host

Full Access
Question # 64

When firewall capabilities are considered, which feature is found only in Cisco next-generation firewalls?

A.

malware protection

B.

stateful inspection

C.

traffic filtering

D.

active/standby high availability

Full Access
Question # 65

Which technology is used as the basis for the cisco sd-access data plane?

A.

IPsec

B.

LISP

C.

VXLAN

D.

802.1Q

Full Access
Question # 66

Refer to the exhibit.

Which command set must be added to the configuration to analyze 50 packets out of every 100?

A)

B)

C)

D)

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Full Access
Question # 67

Refer to the exhibit.

A network architect has partially configured static NAT. which commands should be asked to complete the configuration?

A.

R1(config)#interface GigabitEthernet0/0 R1(config)#ip pat outside

R1(config)#interface GigabitEthernet0/1 R1(config)#ip pat inside

B.

R1(config)#interface GigabitEthernet0/0 R1(config)#ip nat outside

R1(config)#interface GigabitEthernet0/1 R1(config)#ip nat inside

C.

R1(config)#interface GigabitEthernet0/0 R1(config)#ip nat inside

R1(config)#interface GigabitEthernet0/1 R1(config)#ip nat outside

D.

R1(config)#interface GigabitEthernet0/0 R1(config)#ip pat inside

R1(config)#interface GigabitEthernet0/1 R1(config)#ip pat outside

Full Access
Question # 68

Refer to the exhibit.

An engineer reconfigures the pot-channel between SW1 and SW2 from an access port to a trunk and immediately notices this error in SW1's log.

Which command set resolves this error?

A)

B)

C)

D)

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Full Access
Question # 69

Which access point mode allows a supported AP to function like a WLAN client would, associating and identifying client connectivity issues?

A.

client mode

B.

SE-connect mode

C.

sensor mode

D.

sniffer mode

Full Access
Question # 70

Drag and drop the descriptions from the left onto the routing protocol they describe on the right.

Full Access
Question # 71

Which Python code snippet must be added to the script to save the returned configuration as a JSON-formatted file?

A)

B)

C)

D)

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Full Access
Question # 72

Which new enhancement was implemented in Wi-Fi 6?

A.

Wi-Fi Protected Access 3

B.

4096 Quadrature Amplitude Modulation Mode

C.

Channel bonding

D.

Uplink and Downlink Orthogonal Frequency Division Multiple Access

Full Access
Question # 73

Why would an engineer use YANG?

A.

to transport data between a controller and a network device

B.

to access data using SNMP

C.

to model data for NETCONF

D.

to translate JSON into an equivalent XML syntax

Full Access
Question # 74

Drag and drop the snippets onto the blanks within the code to construct a script that shows all logging that occurred on the appliance from Sunday until 9:00 p.m Thursday Not all options are used.

Full Access
Question # 75

Refer to the exhibit.

An engineer must create a configuration that prevents R3from receiving the LSA about 172.16.1.4/32.Which configuration set achieves this goal?

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Full Access
Question # 76

Drag and drop the characteristics from the left onto the technology types on the right.

Full Access
Question # 77

What is the API keys option for REST API authentication?

A.

a predetermined string that is passed from client to server

B.

a one-time encrypted token

C.

a username that is stored in the local router database

D.

a credential that is transmitted unencrypted

Full Access
Question # 78

Which VXLAN component is used to encapsulate and decapsulate Ethernet frames?

A.

VNI

B.

GRE

C.

VTEP

D.

EVPN

Full Access
Question # 79

Which configuration creates a CoPP policy that provides unlimited SSH access from dient 10.0.0.5 and denies access from all other SSH clients'?

A)

B)

C)

D)

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Full Access
Question # 80

Refer to the exhibit.

Which configuration must be applied to the HQ router to set up a GRE tunnel between the HQ and BR routers?

A)

B)

C)

D)

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Full Access
Question # 81

What is one benefit of adopting a data modeling language?

A.

augmenting management process using vendor centric actions around models

B.

refactoring vendor and platform specific configurations with widely compatible configurations

C.

augmenting the use of management protocols like SNMP for status subscriptions

D.

deploying machine-friendly codes to manage a high number of devices

Full Access
Question # 82

Which protocol is implemented to establish secure control plane adjacencies between Cisco SD-WAN nodes?

A.

IKF

B.

TLS

C.

IPsec

D.

ESP

Full Access
Question # 83

Refer to the exhibit. Which EEM script generates a critical-level syslog message and saves a copy of the running configuration to the bootflash when an administrator saves the running configuration to the startup configuration?

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Full Access
Question # 84

Refer to the exhibit.

An engineer must set up connectivity between a campus aggregation layer and a branch office access layer. The engineer uses dynamic trunking protocol to establish this connection, however, management traffic on VLAN1 is not passing. Which action resolves the issue and allow communication for all configured VLANs?

A.

Allow all VLANs on the trunk links

B.

Disable Spanning Tree for the native VLAN.

C.

Configure the correct native VLAN on the remote interface

D.

Change both interfaces to access ports.

Full Access
Question # 85

An engineer must configure an EXEC authorization list that first checks a AAA server then a local username. If both methods fail, the user is denied. Which configuration should be applied?

A.

aaa authorization exec default local group tacacs+

B.

aaa authorization exec default local group radius none

C.

aaa authorization exec default group radius local none

D.

aaa authorization exec default group radius local

Full Access
Question # 86

Refer to the exhibit.

A network engineer must log in to the router via the console, but the RADIUS servers are not reachable Which credentials allow console access1?

A.

the username "cisco" and the password "Cisco"

B.

no username and only the password "test123"

C.

no username and only the password "cisco123"

D.

the username "cisco" and the password “cisco123"

Full Access
Question # 87

A network engineer is configuring OSPF on a router. The engineer wants to prevent having a route to 177.16.0.0/16 learned via OSPF. In the routing table and configures a prefix list using the command ip prefix-list OFFICE seq S deny 172.16.0.0/16. Winch two identical configuration commands must be applied to accomplish the goal? (Choose two.)

A.

distribute-list prefix OFFICE in under the OSPF process

B.

Ip prefix-list OFFICE seq 10 permit 0.0.0.0/0 Ie 32

C.

ip prefix-list OFFICE seq 10 permit 0.0.0.0/0 ge 32

D.

distribute-list OFFICE out under the OSPF process

E.

distribute-list OFFICE in under the OSPF process

Full Access
Question # 88

Which type of tunnel Is required between two WLCs to enable Intercontroller roaming?

A.

mobility

B.

LWAPP

C.

CAPWAP

D.

iPsec

Full Access
Question # 89

Refer to the exhibit. An attacker can advertise OSPF fake routes from 172.16.20.0 network to the OSPF domain and black hole traffic. Which action must be taken to avoid this attack and still be able to advertise this subnet into OSPF?

A.

Configure 172.16.20.0 as a stub network.

B.

Apply a policy to filter OSPF packets on R2.

C.

Configure a passive Interface on R2 toward 172.16.20.0.

D.

Configure graceful restart on the 172.16.20.0 interface.

Full Access
Question # 90

Refer to the exhibit.

Object tracking has been configured for VRRP-enabled routers Edge-01 and Edge-02 Which commands cause Edge-02 to preempt Edge-01 in the event that interface G0/0 goes down on Edge-01?

A)

B)

C)

D)

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Full Access
Question # 91

Refer to the exhibit.

What are two effect of this configuration? (Choose two.)

A.

Inside source addresses are translated to the 209.165.201.0/27 subnet.

B.

It establishes a one-to-one NAT translation.

C.

The 10.1.1.0/27 subnet is assigned as the inside global address range.

D.

The 209.165.201.0/27 subnet is assigned as the outside local address range.

E.

The 10.1.1.0/27 subnet is assigned as the inside local addresses.

Full Access
Question # 92

What is a characteristics of a vSwitch?

A.

supports advanced Layer 3 routing protocols that are not offered by a hardware switch

B.

enables VMs to communicate with each other within a virtualized server

C.

has higher performance than a hardware switch

D.

operates as a hub and broadcasts the traffic toward all the vPorts

Full Access
Question # 93

What is the recommended minimum SNR for data applications on wireless networks?

A.

15

B.

20

C.

25

D.

10

Full Access
Question # 94

Refer to the exhibit. A network engineer must load balance traffic that comes from the NAT Router and is destined to 10.10.110.10, to several FTP servers. Which two commands sets should be applied? (Choose two).

A)

B)

C)

D)

E)

A.

Option A

B.

Option B

C.

Option C

D.

Option D

E.

Option E

Full Access
Question # 95

A large campus network has deployed two wireless LAN controllers to manage the wireless network. WLC1 and WLC2 have been configured as mobility peers. A client device roams from AP1 on WLC1 to AP2 on WLC2, but the controller's client interfaces are on different VLANs. How do the wireless LAN controllers handle the inter-subnet roaming?

A.

WLC1 marks me diem with an anchor entry In Its own database. The database entry is copied to the new controller and marked with a foreign entry on VVLC2.

B.

WLC2 marks the client with an anchor entry In Its own database. The database entry Is copied to the new controller and marked with a foreign entry on WLC1

C.

WLCl marks the client with a foreign entry in its own database. The database entry is copied to the new controller and marked with an anchor entry on WLC2.

D.

WLC2 marks the client with a foreign entry In its own database. The database entry Is copied to the new controller and marked with an anchor entry on WLC1.

Full Access
Question # 96

Which three resources must the hypervisor make available to the virtual machines? (Choose three)

A.

memory

B.

bandwidth

C.

IP address

D.

processor

E.

storage

F.

secure access

Full Access
Question # 97

Refer to the exhibit. A network engineer must block Telnet traffic from hosts in the range of 10.100 2.248 to 10.100.2 255 to the network 10.100.3.0 and permit everything else. Which configuration must the engineer apply'?

A)

B)

C)

D)

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Full Access
Question # 98

A system must validate access rights to all its resources and must not rely on a cached permission matrix. If the access level to a given resource is revoked but is not reflected in the permission matrix, the security is violated. Which term refers to this REST security design principle?

A.

economy of mechanism

B.

complete mediation

C.

separation of privilege

D.

least common mechanism

Full Access
Question # 99

Which function does a fabric wireless LAN controller perform In a Cisco SD-Access deployment?

A.

manages fabric-enabled APs and forwards client registration and roaming information to the Control Plane Node

B.

coordinates configuration of autonomous nonfabric access points within the fabric

C.

performs the assurance engine role for both wired and wireless clients

D.

is dedicated to onboard clients in fabric-enabled and nonfabric-enabled APs within the fabric

Full Access
Question # 100

Which component transports data plane traffic across a Cisco SD-WAN network?

A.

vSmart

B.

vManage

C.

cEdge

D.

vBond

Full Access
Question # 101

Which two characteristics apply to the endpoint security aspect of the Cisco Threat Defense architecture? (Choose two.)

A.

detect and black ransomware in email attachments

B.

outbound URL analysis and data transfer controls

C.

user context analysis

D.

blocking of fileless malware in real time

E.

cloud-based analysis of threats

Full Access
Question # 102

A Cisco DNA Center REST API sends a PUT to the /dna/intent/api/v1/network-device endpoint A response code of 504 is received What does the code indicate?

A.

The response timed out based on a configured interval

B.

The user does not have authorization to access this endpoint.

C.

The username and password are not correct

D.

The web server is not available

Full Access
Question # 103

Refer to The exhibit.

Assuming that R1 is a CE router, which VRF is assigned to Gi0/0 on R1?

A.

VRF VFN_A

B.

VRF VPN_B

C.

management VRF

D.

default VRF

Full Access
Question # 104

In a Cisco SD-Access wireless architecture which device manages endpoint ID to edge node bindings?

A.

fabric control plane node

B.

fabric wireless controller

C.

fabric border node

D.

fabric edge node

Full Access
Question # 105

If the maximum power level assignment for global TPC 802.11a/n/ac is configured to 10 dBm, which power level effectively doubles the transmit power?

A.

13dBm

B.

14 dBm

C.

17dBm

D.

20 dBm

Full Access
Question # 106

What is the purpose of an RP in PIM?

A.

send join messages toward a multicast source SPT

B.

ensure the shortest path from the multicast source to the receiver

C.

receive IGMP joins from multicast receivers

D.

secure the communication channel between the multicast sender and receiver

Full Access
Question # 107

Which option must be used to support a WLC with an IPv6 management address and 100 Cisco Aironet 2800 Series access points that will use DHCP to register?

A.

43

B.

52

C.

60

D.

82

Full Access
Question # 108

What is an emulated machine that has dedicated compute memory, and storage resources and a fully installed operating system?

A.

Container

B.

Mainframe

C.

Host

D.

virtual machine

Full Access
Question # 109

Refer io me exhibit.

An engineer configures the trunk and proceeds to configure an ESPAN session to monitor VLANs10. 20. and 30. Which command must be added to complete this configuration?

A.

Device(config.mon.erspan.stc)# no filter vlan 30

B.

Devic(config.mon.erspan.src-dst)# no vrf 1

C.

Devic(config.mon.erspan.src-dst)# erspan id 6

D.

Device(config.mon-erspan.Src-dst)# mtu 1460

Full Access
Question # 110
A.

S2 is configured as LACP. Change the channel group mode to passive

B.

S2 is configured with PAgP. Change the channel group mode to active.

C.

S1 is configured with LACP. Change the channel group mode to on

D.

S1 is configured as PAgP. Change the channel group mode to desirable

Full Access
Question # 111

What is used to validate the authenticity of the client and is sent in HTTP requests as a JSON object?

A.

SSH

B.

HTTPS

C.

JWT

D.

TLS

Full Access
Question # 112

Refer to the exhibit.

Which command set is needed to configure and verify router R3 to measure the response time from router R3 to the file server located in the data center?

A)

B)

C)

D)

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Full Access
Question # 113

Drag and drop the characteristics from the left onto the deployment types on the right.

Full Access
Question # 114

Drag and drop the characteristics from the left onto the infrastructure deployment models on the right.

Full Access
Question # 115

Refer to the exhibit. A network administrator configured RSPAN to troubleshoot an issue between switch1 and switch2. The switches are connected using interface GigabitEthernet 1/1. An external packet capture device is connected is switch2 interface GigabitEthernet 1/2. Which two commands must be added to complete this configuration? (Choose two)

A.

Option A

B.

Option B

C.

Option C

D.

Option D

E.

Option E

Full Access
Question # 116

Which two features does the Cisco SD-Access architecture add to a traditional campus network? (Choose two.)

A.

software-defined segmentation

B.

private VLANs

C.

SD-WAN

D.

modular QoS

E.

identity services

Full Access
Question # 117

Which two solutions are used for backing up a Cisco DNA Center Assurance database? (Choose two)

A.

NFS share

B.

non-linux server

C.

local server

D.

remote server

E.

bare metal server

Full Access
Question # 118

Which option works with a DHCP server to return at least one WLAN management interface IP address during the discovery phase and is dependent upon the VCI of the AP?

A.

Option 42

B.

Option 15

C.

Option 125

D.

Option 43

Full Access
Question # 119

An engineer must configure a router to leak routes between two VRFs Which configuration must the engineer apply?

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Full Access
Question # 120

Refer to the exhibit .

Which command must be configured for RESTCONF to operate on port 8888?

A.

ip http port 8888

B.

restconf port 8888

C.

ip http restconf port 8888

D.

restconf http port 8888

Full Access
Question # 121

Drag and drop the characteristics from the left to the table types on the right.

Full Access
Question # 122

Which Cisco FlexConnect state allows wireless users that are connected to the network to continue working after the connection to the WLC has been lost?

A.

Authentication Down/Switching Down

B.

Authentication-Central/Switch-Local

C.

Authentication- Down/Switch-Local

D.

Authentication-Central/Switch-Central

Full Access
Question # 123

Refer to the exhibit. A network engineer checks connectivity between two routers. The engineer can ping the remote endpoint but cannot see an ARP entry. Why is there no ARP entry?

A.

The ping command must be executed in the global routing table.

B.

Interface FastEthernet0/0 Is configured in VRF CUST-A, so the ARP entry is also in that VRF.

C.

When VRFs are used. ARP protocol must be enabled In each VRF.

D.

When VRFs are used. ARP protocol is disabled in the global routing table.

Full Access
Question # 124

What is an OVF?

A.

a package that is similar to an IMG and that contains an OVA file used to build a virtual machine

B.

an alternative form of an ISO that Is used to install the base operating system of a virtual machine

C.

the third step in a P2V migration

D.

a package of files that is used to describe a virtual machine or virtual appliance

Full Access
Question # 125

By default, which virtual MAC address does HSRP group 32 use?

A.

00:5e:0c:07:ac:20

B.

04:18:20:83:2e:32

C.

05:5e:5c:ac:0c:32

D.

00:00:0c:07:ac:20

Full Access
Question # 126

Refer to the exhibit.

How should the script be completed so that each device configuration is saved into a JSON-formatted file under the device name?

A)

B)

C)

D)

A.

Option

B.

Option

C.

Option

D.

Option

Full Access
Question # 127

Refer to the exhibit.

A network engineer must configure the router to use the ISE-Servers group for authentication. If both ISE servers are unavailable, the local username database must be used. If no usernames are defined in the configuration, then the enable password must be the last resort to log in. Which configuration must be applied to achieve this result?

A.

aaa authentication login default group ISE-Servers local enable

B.

aaa authentication login default group enable local ISE-Servers

C.

aaa authorization exec default group ISE-Servers local enable

D.

aaa authentication login error-enable

aaa authentication login default group enable local ISE-Servers

Full Access
Question # 128

Which two Cisco SD-WAN components exchange OMP information?

A.

vAnaiytlcs

B.

vSmart

C.

WAN Edge

D.

vBond

E.

vManage

Full Access
Question # 129

What does the number in an NTP stratum level represent?

A.

The number of hops it takes to reach the master time server.

B.

The number of hops it takes to reach the authoritative time source.

C.

The amount of offset between the device clock and true time.

D.

The amount of drift between the device clock and true time.

Full Access
Question # 130

A company requires a wireless solution to support its mam office and multiple branch locations. All sites have local Internet connections and a link to the main office lor corporate connectivity. The branch offices are managed centrally. Which solution should the company choose?

A.

Cisco United Wireless Network

B.

Cisco DNA Spaces

C.

Cisco Catalyst switch with embedded controller

D.

Cisco Mobility Express

Full Access
Question # 131

Which definition describes JWT in regard to REST API security?

A.

an encrypted JSON token that is used for authentication

B.

an encrypted JSON token that is used for authorization

C.

an encoded JSON token that is used to securely exchange information

D.

an encoded JSON token that is used for authentication

Full Access
Question # 132

Reler to the exhibit. An engineer a configuring WebAuth on a Cisco Catalyst 9000 Series WIC. The engineer has purchased a third-party certificate using the FQDN of the WLC as the CN and intends to use bit on the WebAuth splash page What must be configured so that the clients do not receive a certificate error?

A.

Virtual IPv4 Address must be set to a routatte address

B.

Virtual IPv4 Hostname must match the CN of the certificate.

C.

Trustpoint must be set to the management certificate of the WLC.

D.

Web Au!h Interoepl HTTPs must be enabled.

Full Access
Question # 133

Refer to the exhibit.

Which result Is achieved by the CoPP configuration?

A.

Traffic that matches entry 10 of ACL 100 is always allowed.

B.

Class-default traffic is dropped.

C.

Traffic that matches entry 10 of ACL 100 is always allowed with a limited CIR.

D.

Traffic that matches entry 10 of ACL 100 is always dropped.

Full Access
Question # 134

Which of the following attacks becomes more effective because of global leakages of users' passwords?

A.

Dictionary

B.

Brute-force

C.

Phishing

D.

Deauthentication

Full Access
Question # 135

In a Cisco SD-Access network architecture, which access layer cabling design is optimal for the underlay network?

A.

Switches are cross-linked at the same layer and have a single connection to each upstream distribution device.

B.

Switches are connected to each upstream distribution and core device.

C.

Switches are connected to each upstream distribution device.

D.

Switches are cross-linked to devices at the same layer and at the upstream and downstream devices.

Full Access
Question # 136

An engineer must construct an access list for a Cisco Catalyst 9800 Series WLC that will redirect wireless guest users to a splash page that is hosted on a Cisco ISE server The Cisco ISE servers are hosted at 10 9 11 141 and 10 1 11 141 Which access list meets the requirements?

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Full Access
Question # 137

Which Cisco WLC feature allows a wireless device to perform a Layer 3 roam between two separate controllers without changing the client IP address?

A.

mobile IP

B.

mobility tunnel

C.

LWAPP tunnel

D.

GRE tunnel

Full Access
Question # 138

Why would an architect use an OSPF virtual link?

A.

to allow a stub area to transit another stub area

B.

to connect two networks that have overlapping private IP address space

C.

to merge two existing Area Os through a nonbackbone

D.

to connect a nonbackbone area to Area 0 through another nonbackbone area

Full Access
Question # 139

Which function does a virtual switch provide?

A.

CPU context switching (or multitasking between virtual machines

B.

RAID storage for virtual machines

C.

emulation of power for virtual machines.

D.

connectivity between virtual machines

Full Access
Question # 140

Which type of antenna is designed to provide a 360-degree radiation pattern?

A.

Yagi

B.

directional

C.

omnidirectional

D.

patch

Full Access
Question # 141

Which of the following security methods uses physical characteristics of a person to authorize access to a location?

A.

Access control vestibule

B.

Palm scanner

C.

PIN pad

D.

Digital card reader

E.

Photo ID

Full Access
Question # 142

What is a client who is running 802.1x for authentication reffered to as?

A.

supplicant

B.

NAC device

C.

authenticator

D.

policy enforcement point

Full Access
Question # 143

What function does VXLAN perform in a Cisco SD-Access deployment?

A.

data plane forwarding

B.

control plane forwarding

C.

systems management and orchestration

D.

policy plane forwarding

Full Access
Question # 144

Which feature does Cisco DNA Center Assurance provide?

A.

application policy configuration

B.

device onboarding and configuration

C.

software upgrade and management

D.

data correlation and analysis

Full Access
Question # 145

What mechanism does PIM use to forward multicast traffic?

A.

PIM sparse mode uses a pull model to deliver multicast traffic.

B.

PIM dense mode uses a pull model to deliver multicast traffic.

C.

PIM sparse mode uses receivers to register with the RP.

D.

PIM sparse mode uses a flood and prune model to deliver multicast traffic.

Full Access
Question # 146

Simulation 09

Full Access
Question # 147

Refer to the exhibit. What is the result of the IP SLA configuration?

A.

The operation runs 300 times a day

B.

The operation runs 5000

C.

The rate is configured to repeat every 5 minutes

D.

IP SLA is scheduled to run at 3 a.m

Full Access
Question # 148

Refer to the exhibit. What is achieved when this Python script is executed?

A.

Each device that is looped through in the devices.txt file is put into its own list that is appended to the parent dictionary.

B.

Each device that is looped through in the devices.txt file is put into its own dictionary that is appended to the parent list.

C.

All devices that are looped through in the devices.txt file are put into a list that is appended to the parent dictionary.

D.

All devices that are looped through in the devices.txt file are put into a single dictionary that is appended to the parent list.

Full Access
Question # 149

How does the Cisco SD-Access control plane simplify traditional routing environments?

A.

Routing adjacencies are no longer required.

B.

Full routing tables are shared and ensure that all routers know all paths within the underlay fabric and overlay.

C.

Separation of EID and RLOC reduces the size of routing tables.

D.

Routers query all routes to the map server.

Full Access
Question # 150

Which device, in a LISP routing architecture, receives LISP map requests and determines which ETR should handle the map request?

A.

proxy ETR

B.

routing locator

C.

map server

D.

map resolver

Full Access
Question # 151

What is a command-line tool for consuming REST APIs?

A.

Postman

B.

CURL

C.

Firefox

D.

Python requests

Full Access
Question # 152

Which two actions are recommended as security best practices to protect REST API? (Choose two.)

A.

Use a password hash

B.

Use SSL for encryption

C.

Enable dual authentication of the session

D.

Use TACACS+ authentication

E.

Enable out-of-band authentication

Full Access
Question # 153

What is a common trait between Ansible and Chef?

A.

Both are used for mutable infrastructure

B.

Both rely on a declarative approach.

C.

Both rely on NETCONF.

D.

Both require a client to be installed on hosts

Full Access
Question # 154

Which method requires a client to authenticate and has the capability to function without encryption?

A.

open

B.

WEP

C.

WebAuth

D.

PSK

Full Access
Question # 155

Which mechanism can be used to enforce network access authentication against an AAA server if the endpoint does not support the 802.1X supplicant functionality?

A.

private VLANs

B.

port security

C.

MAC Authentication Bypass

D.

MACsec

Full Access
Question # 156

Refer to the exhibit.

Which address type is 10.10.10.10 configured for?

A.

inside global

B.

outside local

C.

outside global

D.

inside local

Full Access
Question # 157

Which technology is the Cisco SD-Access control plane based on?

A.

LISP

B.

CTS

C.

SGT

D.

VRF

Full Access
Question # 158

Refer to the exhibit. A network engineer Is troubleshooting an Issue with the file server based on reports of slow file transmissions. Which two commands or command sets are required. In switch SW1 to analyze the traffic from the file server with a packet analyzer? (Choose two.)

A)

B)

C)

D)

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Full Access
Question # 159

In which way are EIGRP and OSPF similar?

A.

They both support unequal-cost load balancing

B.

They both support MD5 authentication for routing updates.

C.

They nave similar CPU usage, scalability, and network convergence times.

D.

They both support autosummarization

Full Access
Question # 160

Refer to the exhibit. An engineer must configure PAT to provide internet access to all users by using one global address for many local addresses. Which command set completes the configuration?

A.

RouterA(config)# ip nat inside source list 1 pool Cisco overload

B.

RouterA(config)# ip nat inside source static 172.16.1.1 193.64.64.1

C.

RouterA(config)# ip nat inside source static 172.16.1.1 172.16.1.2

D.

RouterA(config)# ip nat inside source list 1 pool Cisco

Full Access
Question # 161

What is the role of vSmart in a Cisco SD-WAN environment?

A.

to monitor, configure, and maintain SD-WAN devices

B.

to establish secure control plane connections

C.

to provide secure data plane connectivity over WAN Inks

D.

to perform initial authentication of devices

Full Access
Question # 162

What is provided to the client to identify the authenticated session in subsequent API calls after authenticating to the Cisco DNA Center API?

A.

username and password

B.

client X.500 certificate

C.

authentication token

D.

session cookie

Full Access
Question # 163

What is a characteristic of the Cisco DMA Center Template Editor feature?

A.

It facilitates software upgrades lo network devices from a central point.

B.

It facilitates a vulnerability assessment of the network devices.

C.

It provides a high-level overview of the health of every network device.

D.

It uses a predefined configuration through parameterized elements or variables.

Full Access
Question # 164

Which API does Cisco DNA Center use to retrieve information about images?

A.

SWIM

B.

Img-Mgmt

C.

PnP

D.

Client Health

Full Access
Question # 165

Drag and drop the descriptions from the left onto the routing protocols they describe on the right.

Full Access
Question # 166

Refer to the exhibit.

An engineer must create a manually triggered EEM applet to enable the R2 router interface and assign an IP address to it. What is required to complete this configuration?

A.

R2(config-applel)# event oir

B.

R2(config-apple)#action 4 cli command "ip add 172.16.1.1 0.0.0.255"

C.

R2(config)# event manager session cli username

D.

R2(config-apple)# event none sync yes

Full Access
Question # 167

Refer to the exhibit.

Which configuration must be applied for the TACACS+ server to grant access-level rights to remote users?

A.

R1(config)# aaa authentication login enable

B.

R1(config)# aaa authorization exec default local if-authenticated

C.

R1(config)# aaa authorization exec default group tacacs+

D.

R1(config)# aaa accounting commands 15 default start-stop group tacacs+

Full Access
Question # 168

A network engineer wants to configure console access to a router without using AAA so that the privileged exec mode is entered directly after a user provides the correct login credentials. Which action achieves this goal?

A.

Configure login authentication privileged on line con 0.

B.

Configure a local username with privilege level 15.

C.

Configure privilege level 15 on line con 0.

D.

Configure a RADIUS or TACACS+ server and use it to send the privilege level.

Full Access
Question # 169

Refer to the exhibit. Which configuration must be applied to ensure that the preferred path for traffic from AS 65010 toward AS 65020 uses the R2 to R4 path?

A)

B)

C)

D)

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Full Access
Question # 170

What are two characteristics of a directional antenna? (Choose two.)

A.

high gain

B.

receive signals equally-from all directions

C.

commonly used to cover large areas

D.

provides the most focused and narrow beam width

E.

low gain

Full Access
Question # 171

Refer to the exhibit.

Which HTTP request produced the REST API response that was returned by Cisco DNA Center?

A.

fetch /network-device?macAddress=ac:4a:56:6c:7c:00

B.

POST/network-device?macAddress=ac:4a:56:6c:7c:00

C.

GET/network-device?macAddress=ac:4a:56:6c:7c:00

Full Access
Question # 172

In which way are EIGRP and OSPF similar?

A.

Both protocol support auto summarization.

B.

Both protocols support unequal-cost load balancing.

C.

Both protocols use hello packets to discover neighbors

D.

Both protocols send updates using unicast addresses

Full Access
Question # 173

An engineer must use flexible NetFlow on a group of switches. To prevent overloading of the flow collector, if the flow is idle for 20 seconds, the flow sample should be exported. Which command set should be applied?

A)

B)

C)

D)

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Full Access
Question # 174

To which category does a REST API that has been developed for IP address management integration belong?

A.

southbound

B.

eastbound

C.

northbound

D.

westbound

Full Access
Question # 175

Refer to me exhibit. The NETCONF object is sent to a Cisco IOS XE switch. What is me purpose of the object?

A.

view the configuration of all GigabitEthernet interfaces.

B.

Discover the IP address of interface GigabitEthernet.

C.

Set the description of interface GigabitEthernet1 to *1*.

D.

Remove the IP address from interface GigabitEthernet1.

Full Access
Question # 176

Which tag defines the properties to be applied to each specific WLAN?

A.

RF tag

B.

policy tag

C.

AP tag

D.

site tag

Full Access
Question # 177

Reter to the exhibit.

A client requests a new SSID that will use web-based authentication and external RADIUS servers. Which Layer 2 security mode must be selected?

A.

WPA + WPA2

B.

WPA2 + WPA3

C.

Static WEP

D.

None

Full Access
Question # 178

Which tunnel type al'ows clients to perform a seamless Layer 3 roam between a Cisco AireOS WLC and a Cisco IOS XE WLC?

A.

Ethernet over IP

B.

IPsec

C.

Mobility

D.

VPN

Full Access
Question # 179

Relet lo Ibe exhibit.

An ertgineer must modify the existing configuration so that R2 can take over as the primary router when serial interface 0/0.1 on R1 goes down. Whtch command must the engineer apply''

A.

R2W standby 100 track 26 decrement 10

B.

R2# standby 100 preempt

C.

R2# track 26 interface SerialWO.1 line-protocol

D.

R2# standby 100 priority 100

Full Access
Question # 180

Refer to the exhibit. An engineer must configure HSRP for VLAN 1000 on SW2 The secondary switch musí immediately lake over the rote of active router if the interlink with the primary switch fails Which command set completes this task?

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Full Access
Question # 181

Which configuration allows administrators to configure the device through the console port and use a network authentication server?

A)

B)

C)

D)

A.

Option

B.

Option

C.

Option

D.

Option

Full Access
Question # 182

How does a Type 2 hypervisor function?

A.

It runs on a virtual server and includes its own operating system,

B.

It runs directly on a physical server and includes its own operating system.

C.

It is installed as an application on an already installed operating system.

D.

It enables other operating systems to run on it.

Full Access
Question # 183

Refer to the exhibit. What is printed to the console when this script is run?

A.

a key-value pair in tuple type

B.

a key-value pair in list type

C.

a key-value pair in string type

D.

an error

Full Access
Question # 184

Refer to the exhibit.

The inside and outside interfaces u configuration of this device have been correctly identified. What is the effect of this configuration?

A.

dynamic NAT

B.

NAT64

C.

PAT

D.

static NAT

Full Access
Question # 185

Simulation 05

Full Access
Question # 186

Which security option protects credentials train snifter attacks in a basic API authentication?

A.

TLS of SSL for communication

B.

next-generation firewall

C.

VPN connection between client and server

D.

AAA services to authenticate the API

Full Access
Question # 187

An engineer is implementing a new SSID on a Cisco Catalyst 9800 Series WLC that must be broadcast on 6 GHz radios. Users will be required to use EAP-TLS to authenticate. Which wireless Layer 2 security method is required?

A.

WPA3 Personal

B.

WPA3 Enterprise

C.

WPA2 Enterprise

D.

WPA2 Personal

Full Access
Question # 188

What does Call Admission Control require the client to send in order to reserve the bandwidth?

A.

SIP flow information

B.

Wi-Fi multimedia

C.

traffic specification

D.

VoIP media session awareness

Full Access
Question # 189

Which configuration restricts the amount of SSH that a router accepts 100 kbps?

A)

B)

C)

D)

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Full Access
Question # 190

An engineer is troubleshooting the Ap join process using DNS. Which FQDN must be resolvable on the network for the access points to successfully register to the WLC?

A.

wlcbostname.domain.com

B.

cisco-capwap-controller.domain.com

C.

ap-manager.domain.com

D.

primary-wlc.domain.com

Full Access
Question # 191

Refer to the exhibit. What is the effect of this configuration?

A.

When users attempt to connect to vty lines 0 through 4, the device will authenticate them against TACACS+ if local authentication fails

B.

The device will authenticate all users connecting to vty lines 0 through 4 against TACACS+

C.

The device will allow users at 192.168.0.202 to connect to vty lines 0 through 4 using the password ciscotestkey

D.

The device will allow only users at 192.166.0.202 to connect to vty lines 0 through 4

Full Access
Question # 192

Wireless users report frequent disconnections from the wireless network. While troubleshooting a network engineer finds that after the user a disconnect, the connection re-establishes automatically without any input required. The engineer also notices these message logs .

Which action reduces the user impact?

A.

increase the AP heartbeat timeout

B.

increase BandSelect

C.

enable coverage hole detection

D.

increase the dynamic channel assignment interval

Full Access
Question # 193

What is the function of a VTEP in VXLAN?

A.

provide the routing underlay and overlay for VXLAN headers

B.

dynamically discover the location of end hosts in a VXLAN fabric

C.

encapsulate and de-encapsulate traffic into and out of the VXLAN fabric

D.

statically point to end host locations of the VXLAN fabric

Full Access
Question # 194

Which HTTP code must be returned to prevent the script form exiting?

A.

200

B.

201

C.

300

D.

301

Full Access
Question # 195

What is a characteristic of YANG?

A.

It is a Cisco proprietary language that models NETCONF data

B.

It allows model developers to create custom data types

C.

It structures data in an object-oriented fashion to promote model reuse

D.

It provides loops and conditionals to control now within models

Full Access
Question # 196

Where is radio resource management performed in a cisco SD-access wireless solution?

A.

DNA Center

B.

control plane node

C.

wireless controller

D.

Cisco CMX

Full Access
Question # 197

What is a characteristic of MACsec?

A.

802.1AE provides encryption and authentication services

B.

802.1AE is bult between the host and switch using the MKA protocol, which negotiates encryption keys based on the master session key from a successful 802.1X session

C.

802.1AE is bult between the host and switch using the MKA protocol using keys generated via the Diffie-Hellman algorithm (anonymous encryption mode)

D.

802.1AE is negotiated using Cisco AnyConnect NAM and the SAP protocol

Full Access
Question # 198

Refer to the exhibit. External users require HTTP connectivity to an internal company web server that is listening on TCP port 8080. Which command set accomplishes this requirement?

A)

B)

C)

D)

E)

A.

Option A

B.

Option B

C.

Option C

D.

Option D

E.

Option E

Full Access
Question # 199

Drag and drop the wireless elements on the left to their definitions on the right.

Full Access
Question # 200

Refer to the exhibit. Which two commands are needed to allow for full reachability between AS 1000 and AS 2000? (Choose two)

A.

R1#network 192.168.0.0 mask 255.255.0.0

B.

R2#no network 10.0.0.0 255.255.255.0

C.

R2#network 192.168.0.0 mask 255.255.0.0

D.

R2#network 209.165.201.0 mask 255.255.192.0

E.

R1#no network 10.0.0.0 255.255.255.0

Full Access
Question # 201

Which benefit is offered by a cloud infrastructure deployment but is lacking in an on-premises deployment?

A.

efficient scalability

B.

virtualization

C.

storage capacity

D.

supported systems

Full Access
Question # 202

Refer to Exhibit.

MTU has been configured on the underlying physical topology, and no MTU command has been configured on the tunnel interfaces. What happens when a 1500-byte IPv4 packet traverses the GRE tunnel from host X to host Y, assuming the DF bit is cleared?

A.

The packet arrives on router C without fragmentation.

B.

The packet is discarded on router A

C.

The packet is discarded on router B

D.

The packet arrives on router C fragmented.

Full Access
Question # 203

Which measure is used by an NTP server to indicate its closeness to the authoritative time source?

A.

latency

B.

hop count

C.

time zone

D.

stratum

Full Access
Question # 204

What are two differences between the RIB and the FIB? (Choose two.)

A.

The FIB is derived from the data plane, and the RIB is derived from the FIB.

B.

The RIB is a database of routing prefixes, and the FIB is the Information used to choose the egress interface for each packet.

C.

FIB is a database of routing prefixes, and the RIB is the information used to choose the egress interface for each packet.

D.

The FIB is derived from the control plane, and the RIB is derived from the FIB.

E.

The RIB is derived from the control plane, and the FIB is derived from the RIB.

Full Access
Question # 205

Refer to the exhibit. A network engineer configures NAT on R1 and enters the show command to verity the configuration What does the output confirm?

A.

The first pocket triggered NAT to add on entry to NAT table

B.

R1 is configured with NAT overload parameters

C.

A Telnet from 160.1.1 1 to 10.1.1.10 has been initiated.

D.

R1 to configured with PAT overload parameters

Full Access
Question # 206

How does the RIB differ from the FIB?

A.

The RIB is used to create network topologies and routing tables. The FIB is a list of routes to particular network destinations.

B.

The FIB includes many routes a single destination. The RIB is the best route to a single destination.

C.

The RIB includes many routes to the same destination prefix. The FIB contains only the best route

D.

The FIB maintains network topologies and routing tables. The RIB is a Iist of routes to particular network destinations.

Full Access
Question # 207

Refer to the exhibit. What does the error message relay to the administrator who is trying to configure a Cisco IOS device?

A.

A NETCONF request was made for a data model that does not exist.

B.

The device received a valid NETCONF request and serviced it without error.

C.

A NETCONF message with valid content based on the YANG data models was made, but the request failed.

D.

The NETCONF running datastore is currently locked.

Full Access
Question # 208

Refer to the exhibit.

The IP SLA is configured in a router. An engineer must configure an EEM applet to shut down the interface and bring it back up when there is a problem with the IP SLA. Which configuration should the engineer use?

A.

event manager applet EEM_IP_SLA

event track 10 state down

B.

event manager applet EEM_IP_SLA

event track 10 state unreachable

C.

event manager applet EEM_IP_SLA

event sla 10 state unreachable

D.

event manager applet EEM_IP_SLA

event sla 10 state down

Full Access
Question # 209

Refer to the exhibit.

Which configuration allows Customer2 hosts to access the FTP server of Customer1 that has the IP address of 192.168.1.200?

A.

ip route vrf Customerl 172.16.1.0 255.255.255.0 172.16.1.1 global

ip route vrf Customer 192.168.1.200 255.255.255.255 192.168.1.1 global

ip route 192.168.1.0 255.255.255.0 VlanlO

ip route 172.16.1.0 255.255.255.0 Vlan20

B.

ip route vrf Customerl 172.16.1.0 255.255.255.0 172.16.1.1 Customer2

ip route vrf Customer 192.168.1.200 255.255.255.255 192.168.1.1 Customerl

C.

ip route vrf Customerl 172.16.1.0 255.255.255.0 172.16.1.1 Customerl

ip route vrf Customer 192.168.1.200 255.255.255.255 192.168.1.1 Customer2

D.

ip route vrf Customerl 172.16.1.1 255.255.255.255 172.16.1.1 global

ip route vrf Customer 192.168.1.200 255.255.255.0 192.168.1.1 global

ip route 192.168.1.0 255.255.255.0 VlanlO

ip route 172.16.1.0 255.255.255.0 Vlan20

Full Access
Question # 210

How is MSDP used to interconnect multiple PIM-SM domains?

A.

MSDP depends on BGP or multiprotocol BGP for mterdomam operation

B.

MSDP SA request messages are used to request a list of active sources for a specific group

C.

SDP allows a rendezvous point to dynamically discover active sources outside of its domain

D.

MSDP messages are used to advertise active sources in a domain

Full Access
Question # 211

An engineer must provide wireless converge in a square office. The engineer has only one AP and believes that it should be placed it in the middle of the room. Which antenna type should the engineer use?

A.

directional

B.

polarized

C.

Yagi

D.

omnidirectional

Full Access
Question # 212

Which devices does Cisco DNA Center configure when deploying an IP-based access control policy?

A.

All devices integrating with ISE

B.

selected individual devices

C.

all devices in selected sites

D.

all wired devices

Full Access
Question # 213

Refer to the exhibit.

What are two effects of this configuration? (Choose two.)

A.

R1 becomes the active router.

B.

R1 becomes the standby router.

C.

If R2 goes down, R1 becomes active but reverts to standby when R2 comes back online.

D.

If R1 goes down. R2 becomes active and remains the active device when R1 comes back online.

E.

If R1 goes down, R2 becomes active but reverts to standby when R1 comes back online.

Full Access
Question # 214

Refer to the exhibit. An engineer attempts to configure a trunk between switch sw1 and switch SW2 using DTP, but the trunk does not form. Which command should the engineer apply to switch SW2 to resolve this issue?

A.

switchport mode dynamic desirable

B.

switchport nonegotiate

C.

no switchport

D.

switchport mode access

Full Access
Question # 215

What is a characteristic of a next-generation firewall?

A.

only required at the network perimeter

B.

required in each layer of the network

C.

filters traffic using Layer 3 and Layer 4 information only

D.

provides intrusion prevention

Full Access
Question # 216

Which action is the vSmart controller responsible for in an SD-WAN deployment?

A.

handle, maintain, and gather configuration and status for nodes within the SD-WAN fabric

B.

distribute policies that govern data forwarding performed within the SD-WAN fabric

C.

gather telemetry data from vEdge routers

D.

onboard vEdge nodes into the SD-WAN fabric

Full Access
Question # 217

Refer to the exhibit. Which configuration change will force BR2 to reach 209 165 201 0/27 via BR1?

A.

Set the weight attribute to 65.535 on BR1 toward PE1.

B.

Set the local preference to 150 on PE1 toward BR1 outbound

C.

Set the MED to 1 on PE2 toward BR2 outbound.

D.

Set the origin to igp on BR2 toward PE2 inbound.

Full Access
Question # 218

Drag and drop the virtual components from the left onto their deceptions on the right.

Full Access
Question # 219

Refer to the exhibit.

Assuming the WLC's interfaces are not in the same subnet as the RADIUS server, which interface would the WLC use as the source for all RADIUS-related traffic?

A.

the interface specified on the WLAN configuration

B.

any interface configured on the WLC

C.

the controller management interface

D.

the controller virtual interface

Full Access
Question # 220

When a wireless client roams between two different wireless controllers, a network connectivity outage is experience for a period of time. Which configuration issue would cause this problem?

A.

Not all of the controllers in the mobility group are using the same mobility group name.

B.

Not all of the controllers within the mobility group are using the same virtual interface IP address.

C.

All of the controllers within the mobility group are using the same virtual interface IP address.

D.

All of the controllers in the mobility group are using the same mobility group name.

Full Access
Question # 221

Drag and drop the threat defense solutions from the left onto their descriptions on the right.

Full Access
Question # 222

Which method creates an EEM applet policy that is registered with EEM and runs on demand or manually?

A.

event manager applet ondemand

event register

action 1.0 syslog priority critical msg 'This is a message from ondemand'

B.

event manager applet ondemand

event manual

action 1.0 syslog priority critical msg 'This is a message from ondemand'

C.

event manager applet ondemand

event none

action 1.0 syslog priority critical msg 'This is a message from ondemand'

D.

event manager applet ondemand

action 1.0 syslog priority critical msg 'This is a message from ondemand'

Full Access
Question # 223

Which outbound access list, applied to the WAN interface of a router, permits all traffic except for http traffic sourced from the workstation with IP address 10.10.10.1?

A)

B)

C)

D)

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Full Access
Question # 224

Refer to the exhibit.

An engineer is troubleshooting a connectivity issue and executes a traceoute. What does the result confirm?

A.

The destination server reported it is too busy

B.

The protocol is unreachable

C.

The destination port is unreachable

D.

The probe timed out

Full Access
Question # 225

A switch is attached to router R1 on its gig 0/0 interface. Fort security reasons, you want to prevent R1 from sending OSPF hellos to the switch. Which command should be enabled to accomplish this?

A.

R1(config-router)#ip ospf hello disable

B.

R1(config-router)#ip ospf hello-interval 0

C.

R1(config)#passive-interface Gig 0/0

D.

R1(config-router)#passive-interface Gig 0/0

Full Access
Question # 226

What does the statement print(format(0.8, '.0%')) display?

A.

80%

B.

8%

C.

.08%

D.

8.8%

Full Access
Question # 227

Which DNS lookup does an AP perform when attempting CAPWAP discovery?

A.

CAPWAP-CONTROLLER.Iocal

B.

CISCO-CAPWAP-CONTROLLER.Iocal

C.

CISCO-DNA-CONTROLLER.Iocal

D.

CISCO-CONTROLLER.Iocal

Full Access
Question # 228

Which two results occur if Cisco DNA center loses connectivity to devices in the SD-ACCESS fabric? (Choose two)

A.

All devices reload after detecting loss of connection to Cisco DNA Center

B.

Already connected users are unaffected, but new users cannot connect

C.

User connectivity is unaffected

D.

Cisco DNA Center is unable to collect monitoring data in Assurance

E.

Users lose connectivity

Full Access
Question # 229

In a Cisco StackWise Virtual environment, which planes are virtually combined in the common logical switch?

A.

control, and forwarding

B.

management and data

C.

control and management

D.

control and data

Full Access
Question # 230

How does Protocol Independent Multicast function?

A.

In sparse mode, it establishes neighbor adjacencies and sends hello messages at 5-second intervals.

B.

It uses the multicast routing table to perform the multicast forwarding function.

C.

It uses unicast routing information to perform the multicast forwarding function.

D.

It uses broadcast routing information to perform the multicast forwarding function.

Full Access
Question # 231

Drag and drop the code snippets from the bottom onto the blanks in the Python script to print the device model to the screen and write JSON data to a file Not all options are used

Full Access
Question # 232

What is the recommended minimum SNR for Voice applications for networks?

A.

15

B.

20

C.

25

D.

10

Full Access
Question # 233

If AP power level is increased from 25 mW to 100 mW. what is the power difference in dBm?

A.

6 dBm

B.

14 dBm

C.

17 dBm

D.

20 dBm

Full Access
Question # 234

Which A record type should be configured for access points to resolve the IP address of a wireless LAN controller using DNS?

A.

CISCO.CONTROLLER.localdomain

B.

CISCO.CAPWAP.CONTROLLER.localdomain

C.

CISCO-CONTROLLER.localdomain

D.

CISCO-CAPWAP-CONTROLLER.localdomain

Full Access
Question # 235

Simulation 04

Configure OSPF on both routers according to the topology to achieve these goals:

Full Access
Question # 236

Refer to the exhibit. Which command filters the ERSPAN session packets only to interface GigabitEthernet1?

A.

source ip 10.10.10.1

B.

source interface gigabitethernet1 ip 10.10.10.1

C.

filter access-group 10

D.

destination ip 10.10.10.1

Full Access
Question # 237

Which IP SLA operation requires the IP SLA responder to be configured on the remote end?

A.

TCP connect

B.

ICMP echo

C.

ICMP jitter

D.

UDP jitter

Full Access
Question # 238

A network engineer must configure a switch to allow remote access for all feasible protocols. Only a password must be requested for device authentication and all idle sessions must be terminated in 30 minutes. Which configuration must be applied?

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Full Access
Question # 239

Drag and drop the LISP components on the left to the correct description on the right.

Full Access
Question # 240

An engineer is connected to a Cisco router through a Telnet session. Which command must be issued to view the logging messages from the current session as soon as they are generated by the router?

A.

logging buffer

B.

service timestamps log uptime

C.

logging host

D.

terminal monitor

Full Access
Question # 241

What are two benefits of implementing a traditional WAN instead of an SD-WAN solution? (Choose two.)

A.

comprehensive configuration standardization

B.

lower control plane abstraction

C.

simplify troubleshooting

D.

faster fault detection

E.

lower data plane overhead

Full Access
Question # 242

Which security measure mitigates a man-in-the-middle attack of a REST API?

A.

SSL certificates

B.

biometric authentication

C.

password hash

D.

non repudiotion feature

Full Access
Question # 243

Refer to the exhibit.

Which action results from executing the Python script?

A.

display the output of a command that is entered on that device in a single line

B.

SSH to the IP address that is manually entered on that device

C.

display the output of a command that is entered on that device

D.

display the unformatted output of a command that is entered on that device

Full Access
Question # 244

What does the destination MAC on the outer MAC header identify in a VXLAN packet?

A.

thee emote spine

B.

the next hop

C.

the leaf switch

D.

the remote switch

Full Access
Question # 245

Refer to the exhibit Which command must be applied to complete the configuration and enable RESTCONF?

A.

ip http secure-server

B.

ip http server

C.

ip http secure-port 443

D.

ip http client username restconf

Full Access
Question # 246

An engineer is configuring RADIUS-Based Authentication with EAP. MS-CHAPv2 is configured on a client device. Which outer method protocol must be configured on the ISE to support this authentication type?

A.

EAP-TLS

B.

EAP-FAST

C.

LDAP

D.

PEAP

Full Access
Question # 247

Refer to the exhibit. Which command set enables router R2 to be configured via NETCONF?

A)

B)

C)

D)

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Full Access
Question # 248

Drag and drop the characteristics from the left onto the switching mechanisms they describe on the right.

Full Access
Question # 249

Using the EIRP formula,what parameter is subtracted to determine the EIRP value?

A.

transmitter power

B.

antenna cable loss

C.

antenna again

D.

signal-to-noise ratio

Full Access
Question # 250

An engineer applies this configuration to router R1. How does R1 respond when the user ‘cisco’ logs in?

A.

It displays the startup config and then permits the user to execute commands

B.

It places the user into EXEC mode and permits the user to execute any command

C.

It displays the startup config and then terminates the session.

D.

It places the user into EXEC mode but permits the user to execute only the show startup-config command

Full Access
Question # 251

When does a Cisco StackWise primary switch lose its role?

A.

when a stack member fails

B.

when the stack primary is reset

C.

when a switch with a higher priority is added to the stack

D.

when the priority value of a stack member is changed to a higher value

Full Access
Question # 252

In a Cisco SD-Access environment, which function is performed by the border node?

A.

Connect uteri and devices to the fabric domain.

B.

Group endpoints into IP pools.

C.

Provide reachability information to fabric endpoints.

D.

Provide connectivity to traditional layer 3 networks.

Full Access
Question # 253

By default, which virtual MAC address does HSRP group 22 use?

A.

c0:42:01:67:05:16

B.

c0:07:0c:ac:00:22

C.

00:00:0c:07:ac:16

D.

00:00:0c:07:ac:22

Full Access
Question # 254

Refer to the exhibit.

Assuming all links are functional, which path does PC1 take to reach DSW1?

A.

PC1 goes from ALSW1 to DSW2 to CORE to DSW1.

B.

PC1 goes from ALSW1 to DSW2 to DSW1.

C.

PC1 goes from ALSW1 to DSW1.

D.

PC1 goes from ALSW1 to DSW2 to ALSW2 to DSW1.

Full Access
Question # 255

Company policy restricts VLAN 10 to be allowed only on SW1 and SW2. All other VLANs can be on all three switches. An administrator has noticed that VLAN 10 has propagated to SW3. Which configuration corrects the issue?

A.

SW1(config)#intgi1/1

SW1(config)#switchport trunk allowed vlan 1-9,11-4094

B.

SW2(config)#intgi1/2

SW2(config)#switchport trunk allowed vlan 10

C.

SW2(config)#int gi1/2

SW2(config)#switchport trunk allowed vlan 1-9,11-4094

D.

SWl(config)#intgi1/1

SW1(config)#switchport trunk allowed vlan 10

Full Access
Question # 256

By default, which virtual MAC address does HSRP group 15 use?

A.

05:5e:ac:07:0c:0f

B.

c0:42:34:03:73:0f

C.

00:00:0c:07:ac:0f

D.

05:af:1c:0f:ac:15

Full Access
Question # 257

Refer to the exhibit.

Which GRE tunnel configuration command is missing on R2?

A.

tunnel source 192.181.2

B.

tunnel source 172.16.1.0

C.

tunnel source 200.1.1.1

D.

tunnel destination 200.1.1.1

Full Access
Question # 258

Refer to the exhibit Which configuration enables password checking on the console line, using only a password?

A)

B)

C)

D)

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Full Access
Question # 259

How is a data modelling language used?

A.

To enable data to be easily structured, grouped, validated, and replicated.

B.

To represent finite and well-defined network elements that cannot be changed.

C.

To model the flows of unstructured data within the infrastructure

D.

To provide human readability to scripting languages

Full Access
Question # 260

Which two pieces of information are necessary to compute SNR? (Choose two.)

A.

transmit power

B.

noise floor

C.

EIRP

D.

antenna gain

E.

RSSI

Full Access
Question # 261

Refer to the exhibit.

The OSPF neighborship fails between two routers. What is the cause of this issue?

A.

The OSPF router ID is missing on this router.

B.

The OSPF process is stopped on the neighbor router.

C.

There is an MTU mismatch between the two routers.

D.

The OSPF router ID is missing on the neighbor router.

Full Access
Question # 262

Drag and drop the characteristics from the left onto the deployment models on the right Not all options are used.

Full Access
Question # 263

Refer to the exhibit.

Why does the OSPF neighborship fail between the two interfaces?

A.

The IP subnet mask is not the same.

B.

There is a mismatch in the OSPF interface network type.

C.

The OSPF timers are different.

D.

The MTU is nor the same.

Full Access
Question # 264

Refer to the exhibit.

Hosts PC1 PC2 and PC3 must access resources on Serve 1. An engineer

configures NAT on Router R1 1e enable the communication and enters the show command to verify operation Which IP address is used by the hosts when they communicate globally to Server1?

A.

155.1.1.1

B.

randorm addresses in the 155.1.1.0/24 range

C.

their own address in the 10.10.10.0/24 rance

D.

155.1.1.5

Full Access
Question # 265

Drag and drop the snippets onto the blanks within the code to create an EEM script that adds an entry to a locally stored text file with a timestamp when a configuration change is made. Not all options are used.

Full Access
Question # 266

What is one role of the VTEP in a VXLAN environment?

A.

to forward packets to non-LISP sites

B.

to encapsulate the tunnel

C.

to maintain VLAN configuration consistency

D.

to provide EID-to-RLOC mapping

Full Access
Question # 267

Refer to the exhibit.

These commands have been added to the configuration of a switch Which command flags an error if it is added to this configuration?

A.

monitor session 1 source interface port-channel 6

B.

monitor session 1 source vlan 10

C.

monitor session 1 source interface FatEtheret0/1 x

D.

monitor session 1 source interface port-channel 7,port-channel8

Full Access
Question # 268

Refer to the exhibit Which two commands are required on route» R1 to block FTP and allow all other traffic from the Branch 2 network’ (Choose two)

A.

Option A

B.

Option B

C.

Option C

D.

Option D

E.

Option E

Full Access
Question # 269

Drag and drop the characteristics from the left onto the orchestration tool classifications on the right.

Full Access
Question # 270

Refer to the exhibit. An engineer builds an EEM script to apply an access list. Which statement must be added to complete the script?

A.

event none

B.

action 2.1 cli command "ip action 3.1 ell command 101''

C.

action 6.0 ell command ''ip access-list extended 101''

D.

action 6.0 cli command ''ip access-list extended 101"

Full Access
Question # 271

Which two results occur if Cisco DNA Center loses connectivity to devices in the SD-Access fabric? (Choose two)

A.

Cisco DNA Center is unable to collect monitoring data in Assurance.

B.

All devices reload after detecting loss of connection to Cisco DNA Center.

C.

Already connected users are unaffected, but new users cannot connect

D.

Users lose connectivity.

E.

User connectivity is unaffected.

Full Access
Question # 272

Which device is responsible for finding EID-to-RLOC mappings when traffic is sent to a LISP-capable site?

A.

map server

B.

map resolver

C.

ingress tunnel router

D.

egress tunnel router

Full Access
Question # 273

Refer to the exhibit. An engineer is reaching network 172.16.10.0/24 via the R1-R2-R4 path. Which configuration forces the traffic to fake a path of R1-R3-R4?

A)

B)

C)

D)

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Full Access
Question # 274

Which two methods are used to interconnect two Cisco SD-Access Fabric sites? (Choose two.)

A.

SD-Access transit

B.

fabric interconnect

C.

wireless transit

D.

IP-based transit

E.

SAN transit

Full Access
Question # 275

Refer to the exhibit. Which set of commands is required to configure and verify the VRF for Site 1 Network A on router R1?

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Full Access
Question # 276

A customer has 20 stores located throughout a city. Each store has a single Cisco access point managed by a central WLC. The customer wants to gather analysis for users in each store. Which technique supports these requirements?

A.

angle of arrival

B.

hyperlocation

C.

trilateration

D.

presence

Full Access
Question # 277

How is traffic classified when using Cisco TrustSec technology?

A.

with the VLAN

B.

with the MAC address

C.

with the IP address

D.

with the security group tag

Full Access
Question # 278

An engineer is describing QoS to a client. Which two facts apply to traffic policing? (Choose two.)

A.

Policing adapts to network congestion by queuing excess traffic

B.

Policing should be performed as close to the destination as possible

C.

Policing drops traffic that exceeds the defined rate

D.

Policing typically delays the traffic, rather than drops it

E.

Policing should be performed as close to the source as possible

Full Access