Black Friday Sale Special 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: exams65

Implementing Cisco Enterprise Network Core Technologies (ENCOR) Question and Answers

Implementing Cisco Enterprise Network Core Technologies (ENCOR)

Last Update Dec 4, 2023
Total Questions : 775

We are offering FREE 350-401 Cisco exam questions. All you do is to just go and sign up. Give your details, prepare 350-401 free exam questions and then go for complete pool of Implementing Cisco Enterprise Network Core Technologies (ENCOR) test questions that will help you more.

350-401 pdf

350-401 PDF

$38.5  $109.99
350-401 Engine

350-401 Testing Engine

$45.5  $129.99
350-401 PDF + Engine

350-401 PDF + Testing Engine

$59.5  $169.99
Questions 1

A network engineer is adding an additional 10Gps link to an exiting 2x10Gps LACP-based LAG to augment its capacity. Network standards require a bundle interface to be taken out of service if one of its member links goes down, and the new link must be added with minimal impact to the production network. Drag and drop the tasks that the engineer must perform from the left into the sequence on the right. Not all options are used.

Options:

Discussion 0
Questions 2

Which protocol is used to encrypt control plane traffic between SD-WAN controllers and SD-WAN endpoints?

Options:

A.  

DTLS

B.  

IPsec

C.  

PGP

D.  

HTTPS

Discussion 0
Questions 3

What is a characteristic of Cisco StackWise technology?

Options:

A.  

It uses proprietary cabling

B.  

It supports devices that are geographically separated

C.  

lt combines exactly two devices

D.  

It is supported on the Cisco 4500 series.

Discussion 0
Questions 4

Why would a log file contain a * next to the date?

Options:

A.  

The network device was receiving NTP time when the log messages were recorded.

B.  

The network device was unable to reach The NTP server when the log messages were recorded

C.  

The network device is not configured to use NTP.

D.  

The network device is nor configured to use NTP time stamps for logging

Discussion 0
Questions 5

Options:

A.  

S2 is configured as LACP. Change the channel group mode to passive

B.  

S2 is configured with PAgP. Change the channel group mode to active.

C.  

S1 is configured with LACP. Change the channel group mode to on

D.  

S1 is configured as PAgP. Change the channel group mode to desirable

Discussion 0
Questions 6

An engineer must configure an ACL that permits packets which include an ACK in the TCP header Which entry must be included in the ACL?

Options:

A.  

access-list 10 permit ip any any eq 21 tcp-ack

B.  

access-list 110 permit tcp any any eq 21 tcp-ack

C.  

access-list 10 permit tcp any any eq 21 established

D.  

access-list 110 permit tcp any any eq 21 established

Discussion 0
Questions 7

Refer to the exhibit.

An engineer must configure static NAT on R1 lo allow users HTTP access to the web server on TCP port 80. The web server must be reachable through ISP 1 and ISP 2. Which command set should be applied to R1 to fulfill these requirements?

Options:

A.  

ip nat inside source static tcp 10.1.1.100 80 209.165.200.225 80 extendable

ip nat inside source static tcp 10.1.1.100 80 209.165.201.1 80 extendable

B.  

ip nat inside source static tcp 10.1.1.100 80 209.165.200.225 80

ip nat inside source static tcp 10.1.1.100 80 209.165.201.1 80

C.  

ip nat inside source static tcp 10.1.1.100 80 209.165.200.225 80

ip nat inside source static tcp 10.1.1.100 8080 209.165.201.1 8080

D.  

ip nat inside source static tcp 10.1.1.100 80 209.165.200.225 80 no-alias

ip nat inside source static tcp 10.1.1.100 80 209.165.201.1 80 no-alias

Discussion 0
Questions 8

What do Cisco DNA southbound APIs provide?

Options:

A.  

Interface between the controller and the network devices

B.  

NETCONF API interface for orchestration communication

C.  

RESful API interface for orchestrator communication

D.  

Interface between the controller and the consumer

Discussion 0
Questions 9

Refer to the exhibit.

The trunk does not work over the back-to-back link between Switch1 interface Giq1/0/20 and Switch2 interface Gig1/0/20. Which configuration fixes the problem?

A)

B)

C)

D)

Options:

A.  

Option A

B.  

Option B

C.  

Option C

D.  

Option D

Discussion 0
Questions 10

Refer to the exhibit.

After configuring HSRP an engineer enters the show standby command. Which two facts are derived from the output? (Choose two.)

Options:

A.  

The router with IP 10.10 1.3 is active because it has a higher IP address

B.  

If Fa0/0 is shut down, the HSRP priority on R2 becomes 80

C.  

R2 Fa1/0 regains the primary role when the link comes back up

D.  

R2 becomes the active router after the hold time expires.

E.  

R2 is using the default HSRP hello and hold timers.

Discussion 0
Questions 11

What is a TLOC in a Cisco SD-WAN deployment?

Options:

A.  

value that identifies a specific tunnel within the Cisco SD-WAN overlay

B.  

identifier that represents a specific service offered by nodes within the Cisco SD-WAN overlay

C.  

attribute that acts as a next hop for network prefixes

D.  

component set by the administrator to differentiate similar nodes that offer a common service

Discussion 0
Questions 12

Which technology does VXLAN use to provide segmentation for Layer 2 and Layer 3 traffic?

Options:

A.  

bridge domain

B.  

VLAN

C.  

VRF

D.  

VNI

Discussion 0
Questions 13

Refer to the exhibit.

Which commands are required to allow SSH connection to the router?

A)

B)

C)

D)

Options:

A.  

Option A

B.  

Option B

C.  

Option C

D.  

Option D

Discussion 0
Questions 14

Which two characteristics define the Intent API provided by Cisco DNA Center? (Choose two.)

Options:

A.  

northbound API

B.  

business outcome oriented

C.  

device-oriented

D.  

southbound API

E.  

procedural

Discussion 0
Questions 15

An engineer is configuring Local WebAuth on a Cisco Wireless LAN Controller. According to RFC 5737, WHICH VIRTUAL IP address must be used in this configuration?

Options:

A.  

192.0.2.1

B.  

172.20.10.1

C.  

1.1.1.1

D.  

192.168.0.1

Discussion 0
Questions 16

Refer to the exhibit.

What are two reasons for IP SLA tracking failure? (Choose two )

Options:

A.  

The destination must be 172 30 30 2 for icmp-echo

B.  

A route back to the R1 LAN network is missing in R2.

C.  

The source-interface is configured incorrectly.

D.  

The default route has the wrong next hop IP address

E.  

The threshold value is wrong

Discussion 0
Questions 17

A customer wants to provide wireless access to contractors using a guest portal on Cisco ISE. The portal Is also used by employees A solution is implemented, but contractors receive a certificate error when they attempt to access the portal Employees can access the portal without any errors. Which change must be implemented to allow the contractors and employees to access the portal?

Options:

A.  

Install a trusted third-party certificate on the Cisco ISE.

B.  

Install an Internal CA signed certificate on the contractor devices

C.  

Install an internal CA signed certificate on the Cisco ISE

D.  

install a trusted third-party certificate on the contractor devices.

Discussion 0
Questions 18

Refer to the exhibit.

The network administrator must be able to perform configuration changes when all the RADIUS servers are unreachable. Which configuration allows all commands to be authorized if the user has successfully authenticated?

Options:

A.  

aaa authorization exec default group radius none

B.  

aaa authentication login default group radius local none

C.  

aaa authorization exec default group radius if-authenticated

D.  

aaa authorization exec default group radius

Discussion 0
Questions 19

Refer to the exhibit.

What is the result when a technician adds the monitor session 1 destination remote vlan 223 command1?

Options:

A.  

The RSPAN VLAN is replaced by VLAN 223.

B.  

RSPAN traffic is sent to VLANs 222 and 223

C.  

An error is flagged for configuring two destinations.

D.  

RSPAN traffic is split between VLANs 222 and 223.

Discussion 0
Questions 20

Refer to the exhibit.

What is required to configure a second export destination for IP address 192.168.10.1?

Options:

A.  

Specify a VRF.

B.  

Specify a different UDP port.

C.  

Specify a different flow ID

D.  

Configure a version 5 flow-export to the same destination.

E.  

Specify a different TCP port.

Discussion 0
Questions 21

An engineer must create a new SSID on a Cisco 9800 wireless LAN controller. The client has asked to use a pre-shared key for authentication Which profile must the engineer edit to achieve this requirement?

Options:

A.  

RF

B.  

Policy

C.  

WLAN

D.  

Flex

Discussion 0
Questions 22

An engineer must protect their company against ransom ware attacks. Which solution allows the engineer to block the execution stage and prevent file encryption?

Options:

A.  

Use Cisco AMP deployment with the Malicious Activity Protection engineer enabled.

B.  

Use Cisco AMP deployment with the Exploit Prevention engine enabled.

C.  

Use Cisco Firepower and block traffic to TOR networks.

D.  

Use Cisco Firepower with Intrusion Policy and snort rules blocking SMB exploitation.

Discussion 0
Questions 23

Refer to the exhibit.

An engineer configures OSPF and wants to verify the configuration Which configuration is applied to this device?

A)

B)

C)

D)

Options:

A.  

Option A

B.  

Option B

C.  

Option C

D.  

Option D

Discussion 0
Questions 24

Refer to the exhibit.

What does the output confirm about the switch's spanning tree configuration?

Options:

A.  

The spanning-tree mode stp ieee command was entered on this switch

B.  

The spanning-tree operation mode for this switch is IEEE.

C.  

The spanning-tree operation mode for this switch is PVST+.

D.  

The spanning-tree operation mode for this switch is PVST

Discussion 0
Questions 25

Which outcome is achieved with this Python code?

Options:

A.  

connects to a Cisco device using SSH and exports the routing table information

B.  

displays the output of the show command in a formatted way

C.  

connects to a Cisco device using SSH and exports the BGP table for the prefix

D.  

connects to a Cisco device using Telnet and exports the routing table information

Discussion 0
Questions 26

Which two actions, when applied in the LAN network segment, will facilitate Layer 3 CAPWAP discovery for lightweight AP? (Choose two.)

Options:

A.  

Utilize DHCP option 17.

B.  

Configure WLC IP address on LAN switch.

C.  

Utilize DHCP option 43.

D.  

Configure an ip helper-address on the router interface

E.  

Enable port security on the switch port

Discussion 0
Questions 27

Refer to the exhibit. Which EEM script generates a critical-level syslog message and saves a copy of the running configuration to the bootflash when an administrator saves the running configuration to the startup configuration?

Options:

A.  

Option A

B.  

Option B

C.  

Option C

D.  

Option D

Discussion 0
Questions 28

What is a characteristic of a type 2 hypervisor?

Options:

A.  

ideal for data center

B.  

complicated deployment

C.  

ideal for client/end-user system

D.  

referred to as bare-metal

Discussion 0
Questions 29

What is the calculation that is used to measure the radiated power of a signal after it has gone through the radio, antenna cable, and antenna?

Options:

A.  

EIRP

B.  

mW

C.  

dBm

D.  

dBi

Discussion 0
Questions 30

Refer to the exhibit .

Which command must be configured for RESTCONF to operate on port 8888?

Options:

A.  

ip http port 8888

B.  

restconf port 8888

C.  

ip http restconf port 8888

D.  

restconf http port 8888

Discussion 0
Questions 31

Which resource is able to be shared among virtual machines deployed on the same physical server?

Options:

A.  

applications

B.  

disk

C.  

VM configuration file

D.  

operating system

Discussion 0
Questions 32

Which feature Is used to propagate ARP broadcast, and link-local frames across a Cisco SD-Access fabric to address connectivity needs for silent hosts that require reception of traffic to start communicating?

Options:

A.  

Native Fabric Multicast

B.  

Layer 2 Flooding

C.  

SOA Transit

D.  

Multisite Fabric

Discussion 0
Questions 33

Which two solutions are used for backing up a Cisco DNA Center Assurance database? (Choose two)

Options:

A.  

NFS share

B.  

non-linux server

C.  

local server

D.  

remote server

E.  

bare metal server

Discussion 0
Questions 34

Refer to the exhibit.

An engineer configures routing between all routers and must build a configuration to connect R1 to R3 via a GRE tunnel Which configuration must be applied?

A)

B)

C)

D)

Options:

A.  

Option

B.  

Option

C.  

Option

D.  

Option

Discussion 0
Questions 35

Refer to the exhibit. Which command is required to verify NETCONF capability reply messages?

Options:

A.  

show netconf | section rpc-reply

B.  

show netconf rpc-reply

C.  

show netconf xml rpc-reply

D.  

show netconf schema | section rpc-reply

Discussion 0
Questions 36

Refer to the exhibit. A network engineer must block Telnet traffic from hosts in the range of 10.100 2.248 to 10.100.2 255 to the network 10.100.3.0 and permit everything else. Which configuration must the engineer apply'?

A)

B)

C)

D)

Options:

A.  

Option A

B.  

Option B

C.  

Option C

D.  

Option D

Discussion 0
Questions 37

How must network management traffic be treated when defining QoS policies?

Options:

A.  

as delay-sensitive traffic in a low latency queue

B.  

using minimal bandwidth guarantee

C.  

using the same marking as IP routing

D.  

as best effort

Discussion 0
Questions 38

An engineer is configuring a new SSID to present users with a splash page for authentication. Which WLAN Layer 3 setting must be configured to provide this functionally?

Options:

A.  

CCKM

B.  

WPA2 Policy

C.  

Local Policy

D.  

Web Policy

Discussion 0
Questions 39

Refer to the exhibit.

Which command when applied to the Atlanta router reduces type 3 LSA flooding into the backbone area and summarizes the inter-area routes on the Dallas router?

Options:

A.  

Atlanta(config-route)#area 0 range 192.168.0.0 255.255.248.0

B.  

Atlanta(config-route)#area 0 range 192.168.0.0 255.255.252.0

C.  

Atlanta(config-route)#area 1 range 192.168.0.0 255.255.252.0

D.  

Atlanta(config-route)#area 1 range 192.168.0.0 255.255.248.0

Discussion 0
Questions 40

Why is an AP joining a different WLC than the one specified through option 43?

Options:

A.  

The WLC is running a different software version.

B.  

The API is joining a primed WLC

C.  

The AP multicast traffic unable to reach the WLC through Layer 3.

D.  

The APs broadcast traffic is unable to reach the WLC through Layer 2.

Discussion 0
Questions 41

What are two common sources of interference for Wi-Fi networks? (Choose two.)

Options:

A.  

rogue AP

B.  

conventional oven

C.  

fire alarm

D.  

LED lights

E.  

radar

Discussion 0
Questions 42

Refer to the exhibit.

An engineer must configure and validate a CoPP policy that allows the network management server to monitor router R1 via SNMP while protecting the control plane. Which two commands or command sets must be used? (Choose two.)

Options:

A.  

Option A

B.  

Option B

C.  

Option C

D.  

Option D

E.  

Option E

F.  

Option F

Discussion 0
Questions 43

By default, which virtual MAC address does HSRP group 14 use?

Options:

A.  

04.16.19.09.4c.0e

B.  

00:05:5e:19:0c:14

C.  

00:05:0c:07:ac:14

D.  

00:00:0c:07:ac:0e

Discussion 0
Questions 44

Refer to the exhibit. An engineer tries to log in to router R1. Which configuration enables a successful login?

A)

B)

C)

D)

Options:

A.  

Option A

B.  

Option B

C.  

Option C

D.  

Option D

Discussion 0
Questions 45

What is one main REST security design principle?

Options:

A.  

separation of privilege

B.  

password hashing

C.  

confidential algorithms

D.  

OAuth

Discussion 0
Questions 46

Refer to the exhibit.

An engineer configures the BGP adjacency between R1 and R2, however, it fails to establish Which action resolves the issue?

Options:

A.  

Change the network statement on R1 to 172.16 10.0

B.  

Change the remote-as number for 192 168.100.11.

C.  

Enable synchronization on R1 and R2

D.  

Change the remote-as number on R1 to 6500.

Discussion 0
Questions 47

What does the number in an NTP stratum level represent?

Options:

A.  

The number of hops it takes to reach the master time server.

B.  

The number of hops it takes to reach the authoritative time source.

C.  

The amount of offset between the device clock and true time.

D.  

The amount of drift between the device clock and true time.

Discussion 0
Questions 48

A customer wants to use a single SSID to authenticate loT devices using different passwords. Which Layer 2 security type must be configured in conjunction with Cisco ISE to achieve this requirement?

Options:

A.  

Fast Transition

B.  

Central Web Authentication

C.  

Cisco Centralized Key Management

D.  

Identity PSK

Discussion 0
Questions 49

Refer to the exhibit.

Object tracking has been configured for VRRP-enabled routers Edge-01 and Edge-02 Which commands cause Edge-02 to preempt Edge-01 in the event that interface G0/0 goes down on Edge-01?

A)

B)

C)

D)

Options:

A.  

Option A

B.  

Option B

C.  

Option C

D.  

Option D

Discussion 0
Questions 50

What is a characteristics of a vSwitch?

Options:

A.  

supports advanced Layer 3 routing protocols that are not offered by a hardware switch

B.  

enables VMs to communicate with each other within a virtualized server

C.  

has higher performance than a hardware switch

D.  

operates as a hub and broadcasts the traffic toward all the vPorts

Discussion 0
Questions 51

Which method displays text directly into the active console with a synchronous EEM applet policy?

Options:

A.  

event manager applet boom

event syslog pattern 'UP'

action 1.0 gets 'logging directly to console'

B.  

event manager applet boom

event syslog pattern 'UP'

action 1.0 syslog priority direct msg 'log directly to console'

C.  

event manager applet boom

event syslog pattern 'UP'

action 1.0 puts 'logging directly to console'

D.  

event manager applet boom

event syslog pattern 'UP'

action 1.0 string 'logging directly to console'

Discussion 0
Questions 52

Which benefit is provided by the Cisco DNA Center telemetry feature?

Options:

A.  

provides improved network security

B.  

inventories network devices

C.  

aids In the deployment network configurations

D.  

improves the user experience

Discussion 0
Questions 53

Refer to the exhibit.

What are two effect of this configuration? (Choose two.)

Options:

A.  

Inside source addresses are translated to the 209.165.201.0/27 subnet.

B.  

It establishes a one-to-one NAT translation.

C.  

The 10.1.1.0/27 subnet is assigned as the inside global address range.

D.  

The 209.165.201.0/27 subnet is assigned as the outside local address range.

E.  

The 10.1.1.0/27 subnet is assigned as the inside local addresses.

Discussion 0
Questions 54

Refer to the exhibit.

Which command set is needed to configure and verify router R3 to measure the response time from router R3 to the file server located in the data center?

A)

B)

C)

D)

Options:

A.  

Option A

B.  

Option B

C.  

Option C

D.  

Option D

Discussion 0
Questions 55

Which protocol is implemented to establish secure control plane adjacencies between Cisco SD-WAN nodes?

Options:

A.  

IKF

B.  

TLS

C.  

IPsec

D.  

ESP

Discussion 0
Questions 56

By default, which virtual MAC address Goes HSRP group 25 use?

Options:

A.  

05:5c:5e:ac:0c:25

B.  

04:16:6S:96:1C:19

C.  

00:00:0c:07:ac:19

D.  

00:00:0c:07:ac:25

Discussion 0
Questions 57

What is one characteristic of the Cisco SD-Access control plane?

Options:

A.  

It is based on VXLAN technology.

B.  

Each router processes every possible destination and route

C.  

It allows host mobility only in the wireless network.

D.  

It stores remote routes in a centralized database server

Discussion 0
Questions 58

Drag anti drop the characteristics from the ten onto the configuration models on the right.

Options:

Discussion 0
Questions 59

Which benefit is realized by implementing SSO?

Options:

A.  

IP first-hop redundancy

B.  

communication between different nodes for cluster setup

C.  

physical link redundancy

D.  

minimal network downtime following an RP switchover

Discussion 0
Questions 60

Refer to the exhibit.

Which command set must be applied on R1 to establish a BGP neighborship with R2 and to allow communication from R1 to reach the networks?

A)

B)

C)

D)

Options:

A.  

Option A

B.  

Option B

C.  

Option C

D.  

Option D

Discussion 0
Questions 61

Refer to the exhibit. A network engineer checks connectivity between two routers. The engineer can ping the remote endpoint but cannot see an ARP entry. Why is there no ARP entry?

Options:

A.  

The ping command must be executed in the global routing table.

B.  

Interface FastEthernet0/0 Is configured in VRF CUST-A, so the ARP entry is also in that VRF.

C.  

When VRFs are used. ARP protocol must be enabled In each VRF.

D.  

When VRFs are used. ARP protocol is disabled in the global routing table.

Discussion 0
Questions 62

Refer the exhibit.

Which configuration elects SW4 as the root bridge for VLAN 1 and puts G0/2 on SW2 into a blocking state?

A)

B)

C)

D)

Options:

A.  

Option

B.  

Option

C.  

Option

D.  

Option

Discussion 0
Questions 63

Which component transports data plane traffic across a Cisco SD-WAN network?

Options:

A.  

vSmart

B.  

vManage

C.  

cEdge

D.  

vBond

Discussion 0
Questions 64

Which function does a fabric wireless LAN controller perform In a Cisco SD-Access deployment?

Options:

A.  

manages fabric-enabled APs and forwards client registration and roaming information to the Control Plane Node

B.  

coordinates configuration of autonomous nonfabric access points within the fabric

C.  

performs the assurance engine role for both wired and wireless clients

D.  

is dedicated to onboard clients in fabric-enabled and nonfabric-enabled APs within the fabric

Discussion 0
Questions 65

An administrator is configuring NETCONF using the following XML string. What must the administrator end the request with?

Options:

A.  

]]>]]>

B.  

C.  

D.  

Discussion 0
Questions 66

Refer to the exhibit.

An engineer must configure an ERSPAN session with the remote end of the session 10.10.0.1. Which commands must be added to complete the configuration?

A)

B)

C)

D)

Options:

A.  

Option A

B.  

Option B

C.  

Option C

D.  

Option D

Discussion 0
Questions 67

Which function does a fabric AP perform in a cisco SD-access deployment?

Options:

A.  

It updates wireless clients' locations in the fabric

B.  

It connects wireless clients to the fabric.

C.  

It manages wireless clients' membership information in the fabric

D.  

It configures security policies down to wireless clients in the fabric.

Discussion 0
Questions 68

what is a benefit of using a Type 2 hypervisor instead of a Type 1 hypervisor?

Options:

A.  

better application performance

B.  

Improved security because the underlying OS is eliminated

C.  

Improved density and scalability

D.  

ability to operate on hardware that is running other OSs

Discussion 0
Questions 69

Which two Cisco SD-Access components provide communication between traditional network elements and controller layer? (choose two)

Options:

A.  

network data platform

B.  

network underlay

C.  

fabric overlay

D.  

network control platform

E.  

partner ecosystem

Discussion 0
Questions 70

Which type of tunnel Is required between two WLCs to enable Intercontroller roaming?

Options:

A.  

mobility

B.  

LWAPP

C.  

CAPWAP

D.  

iPsec

Discussion 0
Questions 71

Drag and drop the LIPS components on the left to the correct description on the right.

Options:

Discussion 0
Questions 72

Refer to the exhibit. An attacker can advertise OSPF fake routes from 172.16.20.0 network to the OSPF domain and black hole traffic. Which action must be taken to avoid this attack and still be able to advertise this subnet into OSPF?

Options:

A.  

Configure 172.16.20.0 as a stub network.

B.  

Apply a policy to filter OSPF packets on R2.

C.  

Configure a passive Interface on R2 toward 172.16.20.0.

D.  

Configure graceful restart on the 172.16.20.0 interface.

Discussion 0
Questions 73

Which configuration creates a CoPP policy that provides unlimited SSH access from dient 10.0.0.5 and denies access from all other SSH clients'?

A)

B)

C)

D)

Options:

A.  

Option A

B.  

Option B

C.  

Option C

D.  

Option D

Discussion 0
Questions 74

Refer to the exhibit.

An engineer must deny Telnet traffic from the loopback interface of router R3 to the Loopback interface of router R2 during, the weekend hours. All other traffic between the loopback interfaces of routers R3 and R2 must be allowed at all times Which command set accomplishes this task?

A)

B)

C)

D)

Options:

A.  

Option A

B.  

Option B

C.  

Option C

D.  

Option D

Discussion 0
Questions 75

How do EIGRP metrics compare to OSPF metrics?

Options:

A.  

EIGRP metrics are based on a combination of bandwidth and packet loss, and OSPF metrics are based on interface bandwidth.

B.  

EIGRP uses the Dijkstra algorithm, and OSPF uses The DUAL algorithm

C.  

The EIGRP administrative distance for external routes is 170. and the OSPF administrative distance for external routes is undefined

D.  

The EIGRP administrative distance for external routes is 170. and the OSPF administrative distance for external routes is 110

Discussion 0
Questions 76

Refer to the exhibit.

A network engineer must configure the router to use the ISE-Servers group for authentication. If both ISE servers are unavailable, the local username database must be used. If no usernames are defined in the configuration, then the enable password must be the last resort to log in. Which configuration must be applied to achieve this result?

Options:

A.  

aaa authentication login default group ISE-Servers local enable

B.  

aaa authentication login default group enable local ISE-Servers

C.  

aaa authorization exec default group ISE-Servers local enable

D.  

aaa authentication login error-enable

aaa authentication login default group enable local ISE-Servers

Discussion 0
Questions 77

What is used to validate the authenticity of the client and is sent in HTTP requests as a JSON object?

Options:

A.  

SSH

B.  

HTTPS

C.  

JWT

D.  

TLS

Discussion 0
Questions 78

Drag and drop the automation characteristics from the left onto the appropriate tools on the right.

Options:

Discussion 0
Questions 79

How does NETCONF YANG represent data structures?

Options:

A.  

as strict data structures denned by RFC 6020

B.  

in an XML tree format

C.  

in an HTML format

D.  

as modules within a tree

Discussion 0
Questions 80

Which option works with a DHCP server to return at least one WLAN management interface IP address during the discovery phase and is dependent upon the VCI of the AP?

Options:

A.  

Option 42

B.  

Option 15

C.  

Option 125

D.  

Option 43

Discussion 0
Questions 81

Which network devices secure API platform?

Options:

A.  

next-generation intrusion detection systems

B.  

Layer 3 transit network devices

C.  

content switches

D.  

web application firewalls

Discussion 0
Questions 82

Refer to the exhibit.

Which JSON syntax is derived from this data?

A)

B)

C)

D)

Options:

A.  

Option A

B.  

Option B

C.  

Option C

D.  

Option D

Discussion 0
Questions 83

Drag and drop the snippets onto the blanks within the code to construct a script that configures BGP according to the topology. Not all options are used, and some options may be used twice.

Options:

Discussion 0
Questions 84

Drag and drop the tools from the left onto the agent types on the right.

Options:

Discussion 0
Questions 85

What is the responsibility of a secondary WLC?

Options:

A.  

It shares the traffic load of the LAPs with the primary controller.

B.  

It avoids congestion on the primary controller by sharing the registration load on the LAPs.

C.  

It registers the LAPs if the primary controller fails.

D.  

It enables Layer 2 and Layer 3 roaming between Itself and the primary controller.

Discussion 0
Questions 86

Which option must be used to support a WLC with an IPv6 management address and 100 Cisco Aironet 2800 Series access points that will use DHCP to register?

Options:

A.  

43

B.  

52

C.  

60

D.  

82

Discussion 0
Questions 87

What is the recommended minimum SNR for data applications on wireless networks?

Options:

A.  

15

B.  

20

C.  

25

D.  

10

Discussion 0
Questions 88

Drag and drop the LISP components on the left to their descriptions on the right. Not all options are used.

Options:

Discussion 0
Questions 89

Refer to the exhibit.

After configuring the BGP network, an engineer verifies that the path between Servers and Server2 Is functional. Why did RouterSF choose the route from RouterDAL instead of the route from RouterCHI?

Options:

A.  

The Router-ID Tor Router DAL is lower than the Roter-ID for RouterCHI.

B.  

The route from RouterOAL has a lower MED.

C.  

BGP is not running on RouterCHI.

D.  

There is a static route in RouterSF for 10.0.0.0/24.

Discussion 0
Questions 90

Refer to the exhibit.

R1 is able to ping the R3 fa0/1 Interface. Why do the extended pings fail?

Options:

A.  

The DF bit has been set

B.  

The maximum packet size accepted by the command is 147G bytes

C.  

R2 and R3 do not have an OSPF adjacency

D.  

R3 is missing a return route to 10.99.69.0/30

Discussion 0
Questions 91

What is a characteristic of the overlay network in the Cisco SD-Access architecture?

Options:

A.  

It uses a traditional routed access design to provide performance and high availability to the network.

B.  

It consists of a group of physical routers and switches that are used to maintain the network.

C.  

It provides isolation among the virtual networks and independence from the physical network.

D.  

It provides multicast support to enable Layer 2 Hooding capability in the underlay network.

Discussion 0
Questions 92

Drag and drop the characteristics from the left onto the orchestration tools that they describe on the right.

Options:

Discussion 0
Questions 93

Refer io me exhibit.

An engineer configures the trunk and proceeds to configure an ESPAN session to monitor VLANs10. 20. and 30. Which command must be added to complete this configuration?

Options:

A.  

Device(config.mon.erspan.stc)# no filter vlan 30

B.  

Devic(config.mon.erspan.src-dst)# no vrf 1

C.  

Devic(config.mon.erspan.src-dst)# erspan id 6

D.  

Device(config.mon-erspan.Src-dst)# mtu 1460

Discussion 0
Questions 94

Drag and drop the characteristics from the left onto the routing protocols they describe on the right.

Options:

Discussion 0
Questions 95

What is the API keys option for REST API authentication?

Options:

A.  

a predetermined string that is passed from client to server

B.  

a one-time encrypted token

C.  

a username that is stored in the local router database

D.  

a credential that is transmitted unencrypted

Discussion 0
Questions 96

Drag and drop the Cisco SD-Access solution areas from the left onto the protocols they use on the right.

Options:

Discussion 0
Questions 97

Which VXLAN component is used to encapsulate and decapsulate Ethernet frames?

Options:

A.  

VNI

B.  

GRE

C.  

VTEP

D.  

EVPN

Discussion 0
Questions 98

In a Cisco SD-Access wireless architecture which device manages endpoint ID to edge node bindings?

Options:

A.  

fabric control plane node

B.  

fabric wireless controller

C.  

fabric border node

D.  

fabric edge node

Discussion 0
Questions 99

Refer to the exhibit.

Which configuration must be applied to the HQ router to set up a GRE tunnel between the HQ and BR routers?

A)

B)

C)

D)

Options:

A.  

Option A

B.  

Option B

C.  

Option C

D.  

Option D

Discussion 0
Questions 100

Refer to the exhibit.

An engineer must modify the access control list EGRESS to allow all IP traffic from subnet 10.1.10.0/24 to 10.1.2.0/24. The access control list is applied in the outbound direction on router interface GigabitEthemet 0/1. Which configuration commands can the engineer use to allow this traffic without disrupting existing traffic flows?

A)

B)

C)

D)

Options:

A.  

Option A

B.  

Option B

C.  

Option C

D.  

Option D

Discussion 0
Questions 101

Which two operations are valid for RESTCONF? (Choose two.)

Options:

A.  

HEAD

B.  

REMOVE

C.  

PULL

D.  

PATCH

E.  

ADD

F.  

PUSH

Discussion 0
Questions 102

Which algorithms are used to secure REST API from brute attacks and minimize the impact?

Options:

A.  

SHA-512 and SHA-384

B.  

MD5 algorithm-128 and SHA-384

C.  

SHA-1, SHA-256, and SHA-512

D.  

PBKDF2, BCrypt, and SCrypt

Discussion 0
Questions 103

Refer to the exhibit.

Which configuration establishes EBGP neighborship between these two directly connected neighbors and exchanges the loopback network of the two routers through BGP?

A)

B)

C)

D)

Options:

A.  

Option A

B.  

Option B

C.  

Option C

D.  

Option D

Discussion 0
Questions 104

Which devices does Cisco DNA Center configure when deploying an IP-based access control policy?

Options:

A.  

All devices integrating with ISE

B.  

selected individual devices

C.  

all devices in selected sites

D.  

all wired devices

Discussion 0
Questions 105

Refer to the exhibit.

A network engineer configures OSPF and reviews the router configuration. Which interface or interface or interface are able to establish OSPF adjacency?

Options:

A.  

GigabitEthemet0/1 and GigabitEthernet0/1.40

B.  

only GigabitEthernet0/1

C.  

only GigabttEthernet0/0

D.  

Gigabit Ethernet0/0 and GigabitEthemet0/1

Discussion 0
Questions 106

A company has an existing Cisco 5520 HA cluster using SSO. An engineer deploys a new single Cisco Catalyst 9800 WLC to test new features. The engineer successfully configures a mobility tunnel between the 5520 cluster and 9800 WLC. Client connected to the corporate WLAN roam seamlessly between access points on the 5520 and 9800 WLC. After a failure on the primary 5520 WLC, all WLAN services remain functional; however, Client roam between the 5520 and 9800 controllers without dropping their connection. Which feature must be configured to remedy the issue?

Options:

A.  

mobility MAC on the 5520 cluster

B.  

mobility MAC on the 9800 WLC

C.  

new mobility on the 5520 cluster

D.  

new mobility on the 9800 WLC

Discussion 0
Questions 107

What does the cisco DNA REST response indicate?

Options:

A.  

Cisco DNA Center has the Incorrect credentials for cat3850-1

B.  

Cisco DNA Center is unable to communicate with cat9000-1

C.  

Cisco DNA Center has the incorrect credentials for cat9000-1

D.  

Cisco DNA Center has the Incorrect credentials for RouterASR-1

Discussion 0
Questions 108

What are two characteristics of VXLAN? (Choose two)

Options:

A.  

It uses VTEPs to encapsulate and decapsulate frames.

B.  

It has a 12-bit network identifier

C.  

It allows for up to 16 million VXLAN segments

D.  

It lacks support for host mobility

E.  

It extends Layer 2 and Layer 3 overlay networks over a Layer 2 underlay.

Discussion 0
Questions 109

In a wireless Cisco SD-Access deployment, which roaming method is used when a user moves from one access point to another on a different access switch using a single WLC?

Options:

A.  

Layer 3

B.  

inter-xTR

C.  

auto anchor

D.  

fast roam

Discussion 0
Questions 110

Refer to the exhibit. A network engineer troubleshoots an issue with the port channel between SW1 and SW2. which command resolves the issue?

A)

B)

C)

D)

Options:

A.  

Option A

B.  

Option B

C.  

Option C

D.  

Option D

Discussion 0
Questions 111

What is one difference between saltstack and ansible?

Options:

A.  

SaltStack uses an API proxy agent to program Cisco boxes on agent mode, whereas Ansible uses a Telnet connection

B.  

SaltStack uses the Ansible agent on the box, whereas Ansible uses a Telnet server on the box

C.  

SaltStack is constructed with minion, whereas Ansible is constructed with YAML

D.  

SaltStack uses SSH to interact with Cisco devices, whereas Ansible uses an event bus

Discussion 0
Questions 112

Drag and drop the LISP components from the left onto the function they perform on the right. Not all options are used.

Options:

Discussion 0
Questions 113

Drag and drop the characteristics from the left onto the protocols they apply to on the right?

Options:

Discussion 0
Questions 114

Refer to the exhibit.

What is the Json syntax that is formed from the data?

Options:

A.  

{Name: Bob Johnson, Age: 75, Alive: true, Favorite Foods: [Cereal, Mustard, Onions]}

B.  

{"Name": "Bob Johnson", "Age": 75, "Alive": true, "Favorite Foods": ["Cereal", "Mustard", "Onions"]}

C.  

{"˜Name': "˜Bob Johnson', "˜Age': 75, "˜Alive': True, "˜Favorite Foods': "˜Cereal', "˜Mustard', "˜Onions'}

D.  

{"Name": "Bob Johnson", "Age": Seventyfive, "Alive": true, "Favorite Foods": ["Cereal", "Mustard", "Onions"]}

Discussion 0
Questions 115

Which benefit is offered by a cloud infrastructure deployment but is lacking in an on-premises deployment?

Options:

A.  

efficient scalability

B.  

virtualization

C.  

storage capacity

D.  

supported systems

Discussion 0
Questions 116

What is the difference between CEF and process switching?

Options:

A.  

CEF processes packets that are too complex for process switching to manage.

B.  

CEF is more CPU-intensive than process switching.

C.  

CEF uses the FIB and the adjacency table to make forwarding decisions, whereas process switching punts each packet.

D.  

Process switching is faster than CEF.

Discussion 0
Questions 117

Running the script causes the output in the exhibit. Which change to the first line of the script resolves the error?

Options:

A.  

from ncclient import

B.  

import manager

C.  

from ncclient import*

D.  

import ncclient manager

Discussion 0
Questions 118

Refer to the exhibit.

An engineer is troubleshooting a connectivity issue and executes a traceoute. What does the result confirm?

Options:

A.  

The destination server reported it is too busy

B.  

The protocol is unreachable

C.  

The destination port is unreachable

D.  

The probe timed out

Discussion 0
Questions 119

When a wireless client roams between two different wireless controllers, a network connectivity outage is experience for a period of time. Which configuration issue would cause this problem?

Options:

A.  

Not all of the controllers in the mobility group are using the same mobility group name.

B.  

Not all of the controllers within the mobility group are using the same virtual interface IP address.

C.  

All of the controllers within the mobility group are using the same virtual interface IP address.

D.  

All of the controllers in the mobility group are using the same mobility group name.

Discussion 0
Questions 120

Refer to the exhibit. An engineer has configured Cisco ISE to assign VLANs to clients based on their method of authentication, but this is not working as expected. Which action will resolve this issue?

Options:

A.  

require a DHCP address assignment

B.  

utilize RADIUS profiling

C.  

set a NAC state

D.  

enable AAA override

Discussion 0
Questions 121

Refer to the exhibit.

An engineer must create a configuration that executes the show run command and then terminates the session when user CCNP legs in. Which configuration change is required?

Options:

A.  

Add the access-class keyword to the username command

B.  

Add the access-class keyword to the aaa authentication command

C.  

Add the autocommand keyword to the username command

D.  

Add the autocommand keyword to the aaa authentication command

Discussion 0
Questions 122

How does an on-premises infrastructure compare to a cloud infrastructure?

Options:

A.  

On-premises can increase compute power faster than cloud

B.  

On-premises requires less power and cooling resources than cloud

C.  

On-premises offers faster deployment than cloud

D.  

On-premises offers lower latency for physically adjacent systems than cloud.

Discussion 0
Questions 123

Refer to the exhibit. An engineer attempts to create a configuration to allow the Blue VRF to leak into the global routing table, but the configuration does not function as expected. Which action resolves this issue?

Options:

A.  

Change the access-list destination mask to a wildcard.

B.  

Change the source network that Is specified in access-list 101.

C.  

Change the route-map configuration to VRF_BLUE.

D.  

Change the access-list number in the route map

Discussion 0
Questions 124

Which encryption hashing algorithm does NTP use for authentication?

Options:

A.  

SSL

B.  

MD5

C.  

AES128

D.  

AES256

Discussion 0
Questions 125

Refer to exhibit.

VLANs 50 and 60 exist on the trunk links between all switches All access ports on SW3 are configured for VLAN 50 and SW1 is the VTP server Which command ensures that SW3 receives frames only from VLAN 50?

Options:

A.  

SW1 (config)#vtp pruning

B.  

SW3(config)#vtp mode transparent

C.  

SW2(config)=vtp pruning

D.  

SW1 (config >»vtp mode transparent

Discussion 0
Questions 126

When configuration WPA2 Enterprise on a WLAN, which additional security component configuration is required?

Options:

A.  

NTP server

B.  

PKI server

C.  

RADIUS server

D.  

TACACS server

Discussion 0
Questions 127

Which AP mode allows an engineer to scan configured channels for rogue access points?

Options:

A.  

sniffer

B.  

monitor

C.  

bridge

D.  

local

Discussion 0
Questions 128

Refer to the exhibit.

What does the snippet of code achieve?

Options:

A.  

It creates a temporary connection to a Cisco Nexus device and retrieves a token to be used for API calls.

B.  

It opens a tunnel and encapsulates the login information, if the host key is correct.

C.  

It opens an ncclient connection to a Cisco Nexus device and maintains it for the duration of the context.

D.  

It creates an SSH connection using the SSH key that is stored, and the password is ignored.

Discussion 0
Questions 129

At which Layer does Cisco DNA Center support REST controls?

Options:

A.  

EEM applets or scripts

B.  

Session layer

C.  

YMAL output from responses to API calls

D.  

Northbound APIs

Discussion 0
Questions 130

Refer to the exhibit. Which action completes the configuration to achieve a dynamic continuous mapped NAT for all users?

Options:

A.  

Configure a match-host type NAT pool

B.  

Reconfigure the pool to use the 192.168 1 0 address range

C.  

Increase the NAT pool size to support 254 usable addresses

D.  

Configure a one-to-one type NAT pool

Discussion 0
Questions 131

Which data is properly formatted with JSON?

A)

B)

C)

D)

Options:

A.  

Option A

B.  

Option B

C.  

Option C

D.  

Option D

Discussion 0
Questions 132

Refer to the exhibit.

Which type of antenna is show on the radiation patterns?

Options:

A.  

Dipole

B.  

Yagi

C.  

Patch

D.  

Omnidirectional

Discussion 0
Questions 133

Drag and drop the characteristics from the left onto the routing protocols they describe on the right.

Options:

Discussion 0
Questions 134

Which line must be added in the Python function to return the JSON object {"cat_9k": “FXS193202SE")?

A)

B)

C)

D)

Options:

A.  

Option A

B.  

Option B

C.  

Option C

D.  

Option D

Discussion 0
Questions 135

Which function in handled by vManage in the cisco SD-WAN fabric?

Options:

A.  

Establishes BFD sessions to test liveliness of links and nodes.

B.  

Distributes polices that govern data forwarding.

C.  

Performs remote software upgrades for WAN Edge vSmart and vBond.

D.  

Establishes iPsec tunnels with nodes

Discussion 0
Questions 136

Which technology provides a secure communication channel for all traffic at Layer 2 of the OSI model?

Options:

A.  

MACsec

B.  

IPsec

C.  

SSL

D.  

Cisco Trustsec

Discussion 0
Questions 137

After a redundant route processor failure occurs on a Layer 3 device, which mechanism allows for packets to be forwarded from a neighboring router based on the most recent tables?

Options:

A.  

BFD

B.  

RPVST+

C.  

RP failover

D.  

NSF

Discussion 0
Questions 138

What is one benefit of implementing a VSS architecture?

Options:

A.  

It provides multiple points of management for redundancy and improved support

B.  

It uses GLBP to balance traffic between gateways.

C.  

It provides a single point of management for improved efficiency.

D.  

It uses a single database to manage configuration for multiple switches

Discussion 0
Questions 139

which entity is a Type 1 hypervisor?

Options:

A.  

Oracle VM VirtualBox

B.  

VMware server

C.  

Citrix XenServer

D.  

Microsoft Virtual PC

Discussion 0
Questions 140

What is a characteristic of YANG?

Options:

A.  

It is a Cisco proprietary language that models NETCONF data

B.  

It allows model developers to create custom data types

C.  

It structures data in an object-oriented fashion to promote model reuse

D.  

It provides loops and conditionals to control now within models

Discussion 0
Questions 141

Refer to Exhibit.

MTU has been configured on the underlying physical topology, and no MTU command has been configured on the tunnel interfaces. What happens when a 1500-byte IPv4 packet traverses the GRE tunnel from host X to host Y, assuming the DF bit is cleared?

Options:

A.  

The packet arrives on router C without fragmentation.

B.  

The packet is discarded on router A

C.  

The packet is discarded on router B

D.  

The packet arrives on router C fragmented.

Discussion 0
Questions 142

Refer to the exhibit.

SwitchC connects HR and Sales to the Core switch However, business needs require that no traffic from the Finance VLAN traverse this switch Which command meets this requirement?

A)

B)

C)

D)

Options:

A.  

Option A

B.  

Option B

C.  

Option C

D.  

Option D

Discussion 0
Questions 143

Drag and drop the wireless elements on the left to their definitions on the right.

Options:

Discussion 0
Questions 144

What are two differences between the RIB and the FIB? (Choose two.)

Options:

A.  

The FIB is derived from the data plane, and the RIB is derived from the FIB.

B.  

The RIB is a database of routing prefixes, and the FIB is the Information used to choose the egress interface for each packet.

C.  

FIB is a database of routing prefixes, and the RIB is the information used to choose the egress interface for each packet.

D.  

The FIB is derived from the control plane, and the RIB is derived from the FIB.

E.  

The RIB is derived from the control plane, and the FIB is derived from the RIB.

Discussion 0
Questions 145

What is the differences between TCAM and the MAC address table?

Options:

A.  

The MAC address table is contained in TCAM ACL and QoS information is stored in TCAM

B.  

The MAC address table supports partial matches. TCAM requires an exact match

C.  

Router prefix lookups happens in CAM. MAC address table lookups happen in TCAM.

D.  

TCAM is used to make Layer 2 forwarding decisions CAM is used to build routing tables

Discussion 0
Questions 146

How is MSDP used to interconnect multiple PIM-SM domains?

Options:

A.  

MSDP depends on BGP or multiprotocol BGP for mterdomam operation

B.  

MSDP SA request messages are used to request a list of active sources for a specific group

C.  

SDP allows a rendezvous point to dynamically discover active sources outside of its domain

D.  

MSDP messages are used to advertise active sources in a domain

Discussion 0
Questions 147

Which two threats does AMP4E have the ability to block? (Choose two.)

Options:

A.  

DDoS

B.  

ransomware

C.  

Microsoft Word macro attack

D.  

SQL injection

E.  

email phishing

Discussion 0
Questions 148

While configuring an IOS router for HSRP with a virtual IP of 10 1.1.1. an engineer sees this log message.

Which configuration change must the engineer make?

Options:

A.  

Change the HSRP group configuration on the local router to 1.

B.  

Change the HSRP virtual address on the local router to 10.1.1.1.

C.  

Change the HSRP virtual address on the remote router to 10.1.1.1.

D.  

Change the HSRP group configuration on the remote router to 1.

Discussion 0
Questions 149

Drag and drop the DHCP messages that are exchanged between a client and an AP into the order they are exchanged on the right.

Options:

Discussion 0
Questions 150

Refer to the exhibit.

Which HTTP JSON response does the python code output give?

Options:

A.  

NameError: name 'json' is not defined

B.  

KeyError 'kickstart_ver_str'

C.  

7.61

D.  

7.0(3)I7(4)

Discussion 0
Questions 151

Refer to the exhibit. POSTMAN is showing an attempt to retrieve network device information from Cisco DNA Center API. What is the issue?

Options:

A.  

The URI string is incorrect

B.  

The token has expired.

C.  

Authentication has failed

D.  

The JSON payload contains the incorrect UUID

Discussion 0
Questions 152

What is a characteristic of MACsec?

Options:

A.  

802.1AE provides encryption and authentication services

B.  

802.1AE is bult between the host and switch using the MKA protocol, which negotiates encryption keys based on the master session key from a successful 802.1X session

C.  

802.1AE is bult between the host and switch using the MKA protocol using keys generated via the Diffie-Hellman algorithm (anonymous encryption mode)

D.  

802.1AE is negotiated using Cisco AnyConnect NAM and the SAP protocol

Discussion 0
Questions 153

Refer to the exhibit.

An engineer must ensure that all traffic leaving AS 200 will choose Link 2 as the exit point. Assuming that all BGP neighbor relationships have been formed and that the attributes have not been changed on any of the routers, which configuration accomplish task?

Options:

A.  

R4(config-router)bgp default local-preference 200

B.  

R3(config-router)neighbor 10.1.1.1 weight 200

C.  

R3(config-router)bgp default local-preference 200

D.  

R4(config-router)nighbor 10.2.2.2 weight 200

Discussion 0
Questions 154

“HTTP/1.1 204 content” is returned when cur –I –x delete command is issued. Which situation has occurred?

Options:

A.  

The object could not be located at the URI path.

B.  

The command succeeded in deleting the object

C.  

The object was located at the URI, but it could not be deleted.

D.  

The URI was invalid

Discussion 0
Questions 155

What are two benefits of YANG? (Choose two.)

Options:

A.  

It enforces the use of a specific encoding format for NETCONF.

B.  

It collects statistical constraint analysis information.

C.  

It enables multiple leaf statements to exist within a leaf list.

D.  

It enforces configuration semantics.

E.  

It enforces configuration constraints.

Discussion 0
Questions 156

Refer to the exhibit. Which configuration must be applied to R to enable R to reach the server at 172.16.0.1?

A)

B)

C)

D)

Options:

A.  

Option A

B.  

Option B

C.  

Option C

D.  

Option D

Discussion 0
Questions 157

Refer to the exhibit.

A network engineer configures a GRE tunnel and enters the show Interface tunnel command. What does the output confirm about the configuration?

Options:

A.  

The keepalive value is modified from the default value.

B.  

Interface tracking is configured.

C.  

The tunnel mode is set to the default.

D.  

The physical interface MTU is 1476 bytes.

Discussion 0
Questions 158

An engineer has deployed a single Cisco 5520 WLC with a management IP address of 172.16.50.5/24. The engineer must register 50 new Cisco AIR-CAP2802I-E-K9 access points to the WLC using DHCP option 43. The access points are connected to a switch in VLAN 100 that uses the 172.16.100.0/24 subnet. The engineer has configured the DHCP scope on the switch as follows:

The access points are failing to join the wireless LAN controller. Which action resolves the issue?

Options:

A.  

configure option 43 Hex F104.AC10.3205

B.  

configure option 43 Hex F104.CA10.3205

C.  

configure dns-server 172.16.50.5

D.  

configure dns-server 172.16.100.1

Discussion 0
Questions 159

Which method of account authentication does OAuth 2.0 within REST APIs?

Options:

A.  

username/role combination

B.  

access tokens

C.  

cookie authentication

D.  

basic signature workflow

Discussion 0
Questions 160

Refer to the exhibit. After configurating an IPsec VPN, an engineer enters the show command to verify the ISAKMP SA status. What does the status show?

Options:

A.  

ISAKMP SA is authenticated and can be used for Quick Mode.

B.  

Peers have exchanged keys, but ISAKMP SA remains unauthenticated.

C.  

VPN peers agreed on parameters for the ISAKMP SA

D.  

ISAKMP SA has been created, but it has not continued to form.

Discussion 0
Questions 161

Refer to the exhibit. An engineer configures a new HSRP group. While reviewing the HSRP status, the engineer sees the logging message generated on R2. Which is the cause of the message?

Options:

A.  

The same virtual IP address has been configured for two HSRP groups

B.  

The HSRP configuration has caused a spanning-tree loop

C.  

The HSRP configuration has caused a routing loop

D.  

A PC is on the network using the IP address 10.10.1.1

Discussion 0
Questions 162

Refer to the exhibit.

An engineer configures monitoring on SW1 and enters the show command to verify operation. What does the output confirm?

Options:

A.  

SPAN session 1 monitors activity on VLAN 50 of a remote switch

B.  

SPAN session 2 only monitors egress traffic exiting port FastEthernet 0/14.

C.  

SPAN session 2 monitors all traffic entering and exiting port FastEthernet 0/15.

D.  

RSPAN session 1 is incompletely configured for monitoring

Discussion 0
Questions 163

A network engineer configures BGP between R1 and R2. Both routers use BGP peer group CORP and are set up to use MD5 authentication. This message is logged to the console of router R1:

Which two configuration allow peering session to from between R1 and R2? Choose two.)

Options:

A.  

R1(config-router)#neighbor 10.10.10.1 peer-group CORP R1(config-router)#neighbor CORP password Cisco

B.  

R2(config-router)#neighbor 10.120.10.1 peer-group CORP R2(config-router)#neighbor CORP password Cisco

C.  

R2(config-router)#neighbor 10.10.10.1 peer-group CORP R2(config-router)#neighbor PEER password Cisco

D.  

R1(config-router)#neighbor 10.120.10.1 peer-group CORP R1(config-router)#neighbor CORP password Cisco

E.  

R2(config-router)#neighbor 10.10.10.1 peer-group CORP R2(config-router)#neighbor CORP password Cisco

Discussion 0
Questions 164

Which new enhancement was implemented in Wi-Fi 6?

Options:

A.  

Wi-Fi Protected Access 3

B.  

4096 Quadrature Amplitude Modulation Mode

C.  

Channel bonding

D.  

Uplink and Downlink Orthogonal Frequency Division Multiple Access

Discussion 0
Questions 165

Drag and drop the snippets onto the blanks within the code to construct a script that shows all logging that occurred on the appliance from Sunday until 9:00 p.m Thursday Not all options are used.

Options:

Discussion 0
Questions 166

Drag and drop the snippets onto the blanks within the code to construct a script that advertises the network prefix 192.168.5.0/24 into a BGP session. Not all options are used

Options:

Discussion 0
Questions 167

What does the Cisco DNA Center use to enable the delivery of applications through a network and to yield analytics for innovation?

Options:

A.  

process adapters

B.  

Command Runner

C.  

intent-based APIs

D.  

domain adapters

Discussion 0
Questions 168

By default, which virtual MAC address does HSRP group 16 use?

Options:

A.  

c0:41:43:64:13:10

B.  

00:00:0c 07:ac:10

C.  

00:05:5c:07:0c:16

D.  

05:00:0c:07:ac:16

Discussion 0
Questions 169

A vulnerability assessment highlighted that remote access to the switches is permitted using unsecure and unencrypted protocols Which configuration must be applied to allow only secure and reliable remote access for device administration?

Options:

A.  

line vty 0 15

login local

transport input none

B.  

line vty 0 15

login local

transport input telnet ssh

C.  

line vty 0 15

login local

transport input ssh

D.  

line vty 0 15

login local

transport input all

Discussion 0
Questions 170

Drag and drop the characteristics from the left onto the orchestration tools that they describe on the right.

Options:

Discussion 0
Questions 171

Based on the router's API output in JSON format below, which Python code will display the value of the "hostname" key?

A)

B)

C)

D)

Options:

A.  

Option

B.  

Option

C.  

Option

D.  

Option

Discussion 0
Questions 172

Drag and drop the characteristics from the left onto the deployment models on the right.

Options:

Discussion 0
Questions 173

A network engineer is enabling HTTPS access to the core switch, which requires a certificate to be installed on the switch signed by the corporate certificate authority Which configuration commands are required to issue a certificate signing request from the core switch?

A)

B)

C)

D)

Options:

A.  

Option A

B.  

Option B

C.  

Option C

D.  

Option D

Discussion 0
Questions 174

In a Cisco SD-WAN solution, which two functions are performed by OMP? (Choose two.)

Options:

A.  

advertisement of network prefixes and their attributes

B.  

configuration of control and data policies

C.  

gathering of underlay infrastructure data

D.  

delivery of crypto keys

E.  

segmentation and differentiation of traffic

Discussion 0
Questions 175

Refer to the exhibit.

All switches are configured with the default port priority value. Which two commands ensure that traffic from PC1 is forwarded over Gi1/3 trunk port between DWS1 and DSW2? (Choose two)

Options:

A.  

DSW2(config-if)#spanning-tree port-priority 16

B.  

DSW2(config)#interface gi1/3

C.  

DSW1(config-if)#spanning-tree port-priority 0

D.  

DSW1(config) #interface gi1/3

E.  

DSW2(config-if)#spanning-tree port-priority 128

Discussion 0
Questions 176

A client device roams between access points located on different floors in an atrium. The access points are Joined to the same controller and configured in local mode. The access points are in different AP groups and have different IP addresses, but the client VLAN in the groups is the same. Which type of roam occurs?

Options:

A.  

inter-controller

B.  

inter-subnet

C.  

intra-VLAN

D.  

intra-controller

Discussion 0
Questions 177

Which feature does Cisco TrustSec use to provide scalable, secure communication throughout a network?

Options:

A.  

security group tag ACL assigned to each port on a switch

B.  

security group tag number assigned to each port on a network

C.  

security group tag number assigned to each user on a switch

D.  

security group tag ACL assigned to each router on a network

Discussion 0
Questions 178

Which threat defence mechanism, when deployed at the network perimeter, protects against zero-day attacks?

Options:

A.  

intrusion prevention

B.  

stateful inspection

C.  

sandbox

D.  

SSL decryption

Discussion 0
Questions 179

Which antenna type should be used for a site-to-site wireless connection?

Options:

A.  

Omnidirectional

B.  

dipole

C.  

patch

D.  

Yagi

Discussion 0
Questions 180

Refer to the exhibit.

An engineer must add the SNMP interface table to the NetFlow protocol flow records. Where should the SNMP table option be added?

Options:

A.  

under the interface

B.  

under the flow record

C.  

under the flow monitor

D.  

under the flow exporter

Discussion 0
Questions 181

Drag and drop the characteristics from the left onto the routing protocols they describe on the right.

Options:

Discussion 0
Questions 182

Which Python code snippet must be added to the script to save the returned configuration as a JSON-formatted file?

A)

B)

C)

D)

Options:

A.  

Option A

B.  

Option B

C.  

Option C

D.  

Option D

Discussion 0
Questions 183

Refer to the exhibit. Router BRDR-1 is configured to receive the 0.0.0.0/0 and 172.17.1.0/24 network via BGP and advertise them into OSPF are 0. An engineer has noticed that the OSPF domain is receiving only the 172.17.1.0/24 route and default route 0.0.0.0/0 is still missing. Which configurating must engineer apply to resolve the problem?

Options:

A.  

Option A

B.  

Option B

C.  

Option C

D.  

Option D

Discussion 0
Questions 184

Drag and drop the snippets onto the blanks within the code to construct a script that adds a prefix list to a route map and sets the local preference. Not all options are used

Options:

Discussion 0
Questions 185

Which protocol infers that a YANG data model is being used?

Options:

A.  

SNMP

B.  

NX-API

C.  

REST

D.  

RESTCONF

Discussion 0
Questions 186

Which two items are found in YANG data models? (Choose two.)

Options:

A.  

HTTP return codes

B.  

rpc statements

C.  

JSON schema

D.  

container statements

E.  

XML schema

Discussion 0
Questions 187

What is a characteristic of Cisco DNA Northbound APIs?

Options:

A.  

They simplify the management of network infrastructure devices.

B.  

They enable automation of network infrastructure based on intent.

C.  

They utilize RESTCONF.

D.  

They utilize multivendor support APIs.

Discussion 0
Questions 188

Refer to the exhibit.

An engineer must configure HSRP for VLAN 1000 on SW2. The secondary switch must immediately take over the role of active router If the interlink with the primary switch fails. Which command set completes this task?

A)

B)

C)

D)

Options:

A.  

Option A

B.  

Option B

C.  

Option C

D.  

Option D

Discussion 0
Questions 189

In a Cisco StackWise Virtual environment, which planes are virtually combined in the common logical switch?

Options:

A.  

management and data

B.  

control and management

C.  

control, and forwarding

D.  

control and data

Discussion 0
Questions 190

Refer to the exhibit.

Which IP address becomes the active next hop for 192.168.102 0/24 when 192.168.101.2 fails?

Options:

A.  

192.168.101.18

B.  

192.168.101.6

C.  

192.168.101.10

D.  

192.168.101.14

Discussion 0
Questions 191

What are two considerations when using SSO as a network redundancy feature? (Choose two)

Options:

A.  

both supervisors must be configured separately

B.  

the multicast state is preserved during switchover

C.  

must be combined with NSF to support uninterrupted Layer 2 operations

D.  

must be combined with NSF to support uninterrupted Layer 3 operations

E.  

requires synchronization between supervisors in order to guarantee continuous connectivity

Discussion 0
Questions 192

Refer to the exhibit.

An engineer must configure a SPAN session. What is the effect of the configuration?

Options:

A.  

Traffic sent on VLANs 10, 11, and 12 is copied and sent to interface g0/1.

B.  

Traffic sent on VLANs 10 and 12 only is copied and sent to interface g0/1.

C.  

Traffic received on VLANs 10, 11, and 12 is copied and sent to Interface g0/1.

D.  

Traffic received on VLANs 10 and 12 only is copied and sent to interface g0/1.

Discussion 0
Questions 193

In a Cisco SD-Access environment, which function is performed by the border node?

Options:

A.  

Connect uteri and devices to the fabric domain.

B.  

Group endpoints into IP pools.

C.  

Provide reachability information to fabric endpoints.

D.  

Provide connectivity to traditional layer 3 networks.

Discussion 0
Questions 194

What is one role of the VTEP in a VXLAN environment?

Options:

A.  

to forward packets to non-LISP sites

B.  

to encapsulate the tunnel

C.  

to maintain VLAN configuration consistency

D.  

to provide EID-to-RLOC mapping

Discussion 0
Questions 195

Drag and drop the automation characteristics from the left onto the corresponding tools on the right.

Options:

Discussion 0
Questions 196

A customer deploys a new wireless network to perform location-based services using Cisco DNA Spaces The customer has a single WLC located on-premises in a secure data center. The security team does not want to expose the WLC to the public Internet. Which solution allows the customer to securely send RSSI updates to Cisco DNA Spaces?

Options:

A.  

Implement Cisco Mobility Services Engine

B.  

Replace the WLC with a cloud-based controller.

C.  

Perform tethering with Cisco DNA Center.

D.  

Deploy a Cisco DNA Spaces connector as a VM.

Discussion 0
Questions 197

Refer to the exhibit. Cisco IOS routers R1 and R2 are interconnected using interface Gi0/0. Which configuration allows R1 and R2 to form an OSPF neighborship on interface Gi0/0?

Options:

A.  

Option A

B.  

Option B

C.  

Option C

D.  

Option D

Discussion 0
Questions 198

An engineer is configuring RADIUS-Based Authentication with EAP MS-CHAPv2 is configured on a client device.

Which outer method protocol must be configured on the ISE to support this

authentication type?

Options:

A.  

EAP-TLS

B.  

PEAP

C.  

LDAP

D.  

EAP-FAST

Discussion 0
Questions 199

Which element is unique to a Type 2 hypervisor?

Options:

A.  

memory

B.  

VM OS

C.  

host OS

D.  

host hardware

Discussion 0
Questions 200

Refer to the exhibit.

Which configuration must be applied for the TACACS+ server to grant access-level rights to remote users?

Options:

A.  

R1(config)# aaa authentication login enable

B.  

R1(config)# aaa authorization exec default local if-authenticated

C.  

R1(config)# aaa authorization exec default group tacacs+

D.  

R1(config)# aaa accounting commands 15 default start-stop group tacacs+

Discussion 0
Questions 201

Users have reported an issue connecting to a server over the network. A workstation was recently added to the network and configured with a shared USB printer. Which of the following is most likely causing the issue?

Options:

A.  

The switch is oversubscribed and cannot handle the additional throughput.

B.  

The printer is tying up the server with DHCP discover messages.

C.  

The web server's back end was designed for only single-threaded applications.

D.  

The workstation was configured with a static IP that is the same as the server.

Discussion 0
Questions 202

Which function is performed by vSmart in the Cisco SD-WAN architecture?

Options:

A.  

distribution of IPsec keys

B.  

Redistribution between OMP and other routing protocols

C.  

facilitation of NAT detection and traversal

D.  

execution of localized policies

Discussion 0
Questions 203

Which technology reduces the implementation of STP and leverages both unicast and multicast?

Options:

A.  

VSS

B.  

VXLAN

C.  

VPC

D.  

VLAN

Discussion 0
Questions 204

What function does VXLAN perform in a Cisco SD-Access deployment?

Options:

A.  

data plane forwarding

B.  

control plane forwarding

C.  

systems management and orchestration

D.  

policy plane forwarding

Discussion 0
Questions 205

Refer to the exhibit.

These commands have been added to the configuration of a switch Which command flags an error if it is added to this configuration?

Options:

A.  

monitor session 1 source interface port-channel 6

B.  

monitor session 1 source vlan 10

C.  

monitor session 1 source interface FatEtheret0/1 x

D.  

monitor session 1 source interface port-channel 7,port-channel8

Discussion 0
Questions 206

Reter to the exhibit.

A client requests a new SSID that will use web-based authentication and external RADIUS servers. Which Layer 2 security mode must be selected?

Options:

A.  

WPA + WPA2

B.  

WPA2 + WPA3

C.  

Static WEP

D.  

None

Discussion 0
Questions 207

Refer to the exhibit.

Which action must be taken to configure a WLAN for WPA2-AES with PSK and allow only 802.l1r-capable clients to connect?

Options:

A.  

Change Fast Transition to Adaptive Enabled and enable FT * PSK

B.  

Enable Fast Transition and FT + PSK.

C.  

Enable Fast Transition and PSK

D.  

Enable PSK and FT + PSK.

Discussion 0
Questions 208

An engineer receives a report that an application exhibits poor performance. On the switch where the server is connected, this syslog message is visible:

SW_MATM4-MACFLAP_N0HF: Host 0054.3831.8253 in vlan 14 is flapping between port GUAM and port Gi1/0/2.

What is causing the problem?

Options:

A.  

wrong SFP+ and cable connected between the server and the switch

B.  

undesirable load-balancing configuration on the switch

C.  

failed NIC on the server

D.  

invalid port channel configuration on the switch

Discussion 0
Questions 209

What is a characteristics of Cisco SD-WAN?

Options:

A.  

operates over DTLS/TLS authenticated and secured tunnels

B.  

requires manual secure tunnel configuration

C.  

uses unique per-device feature templates

D.  

uses control connections between routers

Discussion 0
Questions 210

Which configuration enables a device to be configured via NETCONF over SSHv2?

A)

B)

C)

D)

Options:

A.  

Option A

B.  

Option B

C.  

Option C

D.  

Option D

Discussion 0
Questions 211

A network engineer wants to configure console access to a router without using AAA so that the privileged exec mode is entered directly after a user provides the correct login credentials. Which action achieves this goal?

Options:

A.  

Configure login authentication privileged on line con 0.

B.  

Configure a local username with privilege level 15.

C.  

Configure privilege level 15 on line con 0.

D.  

Configure a RADIUS or TACACS+ server and use it to send the privilege level.

Discussion 0
Questions 212

Refer to the exhibit. Which router is elected as the VRRP primary virtual router?

Options:

A.  

Router B

B.  

Router D

C.  

Router C

D.  

Router A

Discussion 0
Questions 213

In a campus network design, what ate two benefits of using BFD tor failure detection? (Choose two.)

Options:

A.  

BFD provides path failure detection in less than a second.

B.  

BFD is an efficient way to reduce memory and CPU usage.

C.  

BFD provides fault tolerance by enabling multiple routers to appear as a single virtual router.

D.  

BFD speeds up routing convergence time.

E.  

BFD enables network peers to continue forwarding packets in the event of a restart.

Discussion 0
Questions 214

What is a benefit of using segmentation with TrustSec?

Options:

A.  

Packets sent between endpoints on a LAN are encrypted using symmetric key cryptography.

B.  

Firewall rules are streamlined by using business-level profiles.

C.  

Integrity checks prevent data from being modified in transit.

D.  

Security group tags enable network segmentation.

Discussion 0
Questions 215

An engineer must configure GigabitEthernet 0/0 for VRRP group 65. The rouler must assume the primary rote when it has the highest priority in the group. Which command set must be applied?

A)

B)

C)

D)

Options:

A.  

Option A

B.  

Option B

C.  

Option C

D.  

Option D

Discussion 0
Questions 216

Based on the router's API output In JSON format below, which Python code will display the value of the 'role' key?

Options:

A.  

Option A

B.  

Option B

C.  

Option C

D.  

Option D

Discussion 0
Questions 217

Refer to the exhibit. Which configuration is required to summarize the Area 2 networks that are advertised to Area 0?

Options:

A.  

Option A

B.  

Option B

C.  

Option C

D.  

Option D

Discussion 0
Questions 218

A network administrator for a small office is adding a passive IDS to its network switch for the purpose of inspecting network traffic. Which of the following should the administrator use?

Options:

A.  

SNMPtrap

B.  

Port mirroring

C.  

Syslog collection

D.  

API integration

Discussion 0
Questions 219

Which hypervisor requires a host OS to run and is not allowed to directly access the hosts hardware and resources?

Options:

A.  

native

B.  

bare metal

C.  

type 1

D.  

type 2

Discussion 0
Questions 220

Refer to the exhibit. Traffic is not passing between SW1 and SW2. Which action fixes the issue?

Options:

A.  

Configure LACP mode on S1 to passive.

B.  

Configure switch port mode to ISL on S2.

C.  

Configure PAgP mode on S1 to desirable.

D.  

Configure LACP mode on S1 to active.

Discussion 0
Questions 221

Refer to the exhibit.

Which GRE tunnel configuration command is missing on R2?

Options:

A.  

tunnel source 192.181.2

B.  

tunnel source 172.16.1.0

C.  

tunnel source 200.1.1.1

D.  

tunnel destination 200.1.1.1

Discussion 0
Questions 222

Drag and drop the characteristics from the left onto the corresponding infrastructure deployment models on the right.

Options:

Discussion 0
Questions 223

Which solution should be used in a high-density wireless environment to increase bandwidth for each user?

Options:

A.  

Increase antenna size

B.  

Increase the mandatory minimum data rate.

C.  

Increase the cell size of each AP.

D.  

Increase TX power.

Discussion 0
Questions 224

What are two characteristics of Cisco SD-Access elements? (Choose two.)

Options:

A.  

The border node is required for communication between fabric and nonfabric devices.

B.  

Traffic within the fabric always goes through the control plane node.

C.  

Fabric endpoints are connected directly to the border node.

D.  

The control plane node has the full RLOC-to-EID mapping database.

E.  

The border node has the full RLOC-to-EID mapping database.

Discussion 0
Questions 225

Drag and drop the automation characteristics from the left onto the corresponding tools on the right. Not all options are used.

Options:

Discussion 0
Questions 226

Relet lo Ibe exhibit.

An ertgineer must modify the existing configuration so that R2 can take over as the primary router when serial interface 0/0.1 on R1 goes down. Whtch command must the engineer apply''

Options:

A.  

R2W standby 100 track 26 decrement 10

B.  

R2# standby 100 preempt

C.  

R2# track 26 interface SerialWO.1 line-protocol

D.  

R2# standby 100 priority 100

Discussion 0
Questions 227

Refer to the exhibit.

Which two commands ensure that DSW1 becomes the root bridge for VLAN 10 and 20? (Choose two.)

Options:

A.  

spanning-tree mst 1 priority 1

B.  

spanning-tree mstp vlan 10.20 root primary

C.  

spanning-tree mil 1 root primary

D.  

spanning-tree mst 1 priority 4096

E.  

spanning-tree mst vlan 10.20 priority root

Discussion 0
Questions 228

Which mobility role is assigned to a client in the client table of the new controller after a Layer 3 roam?

Options:

A.  

anchor

B.  

foreign

C.  

mobility

D.  

transparent

Discussion 0
Questions 229

An engineer is connected to a Cisco router through a Telnet session. Which command must be issued to view the logging messages from the current session as soon as they are generated by the router?

Options:

A.  

logging buffer

B.  

service timestamps log uptime

C.  

logging host

D.  

terminal monitor

Discussion 0
Questions 230

Refer to the exhibit.

Hosts PC1 PC2 and PC3 must access resources on Serve 1. An engineer

configures NAT on Router R1 1e enable the communication and enters the show command to verify operation Which IP address is used by the hosts when they communicate globally to Server1?

Options:

A.  

155.1.1.1

B.  

randorm addresses in the 155.1.1.0/24 range

C.  

their own address in the 10.10.10.0/24 rance

D.  

155.1.1.5

Discussion 0
Questions 231

An engineer must use flexible NetFlow on a group of switches. To prevent overloading of the flow collector, if the flow is idle for 20 seconds, the flow sample should be exported. Which command set should be applied?

A)

B)

C)

D)

Options:

A.  

Option A

B.  

Option B

C.  

Option C

D.  

Option D

Discussion 0
Questions 232

: 262 DRAG DROP

Drag and drop the snippets onto the blanks within the code to construct a script that brings up the failover Ethernet port if the primary port goes down and also shuts down the failover port when the primary returns to service. Not all options are used.

Options:

Discussion 0
Questions 233

Which two new security capabilities are introduced by using a next-generation firewall at the Internet edge? (Choose two.)

Options:

A.  

DVPN

B.  

NAT

C.  

stateful packet inspection

D.  

application-level inspection

E.  

integrated intrusion prevention

Discussion 0
Questions 234

Refer to the exhibit.

What is achieved by this Python script?

Options:

A.  

It counts JSON data from a website.

B.  

It loads JSON data into an HTTP request.

C.  

It reads JSON data into a formatted list.

D.  

It converts JSON data to an HTML document.

Discussion 0
Questions 235

By default, which virtual MAC address does HSRP group 22 use?

Options:

A.  

c0:42:01:67:05:16

B.  

c0:07:0c:ac:00:22

C.  

00:00:0c:07:ac:16

D.  

00:00:0c:07:ac:22

Discussion 0
Questions 236

A network administrator received reports that a 40Gb connection is saturated. The only server the administrator can use for data collection in that location has a 10Gb connection to the network. Which of the following is the best method to use on the server to determine the source of the saturation?

Options:

A.  

Port mirroring

B.  

Log aggregation

C.  

Flow data

D.  

Packet capture

Discussion 0
Questions 237

Which IP SLA operation requires the IP SLA responder to be configured on the remote end?

Options:

A.  

TCP connect

B.  

ICMP echo

C.  

ICMP jitter

D.  

UDP jitter

Discussion 0
Questions 238

How do stratum levels relate to the distance from a time source?

Options:

A.  

Stratum 1 devices are connected directly to an authoritative time source.

B.  

Stratum 15 devices are connected directly to an authoritative time source

C.  

Stratum 0 devices are connected directly to an authoritative time source.

D.  

Stratum 15 devices are an authoritative time source.

Discussion 0
Questions 239

What is a benefit of Cisco TrustSec in a multilayered LAN network design?

Options:

A.  

Policy or ACLS are nor required.

B.  

There is no requirements to run IEEE 802.1X when TrustSec is enabled on a switch port.

C.  

Applications flows between hosts on the LAN to remote destinations can be encrypted.

D.  

Policy can be applied on a hop-by-hop basis.

Discussion 0
Questions 240

How do the RIB and the FIB differ?

Options:

A.  

FIB contains routes learned through a dynamic routing protocol, and the RIB contains routes that are static or directly connected.

B.  

RIB contains the interface for a destination, and the FIB contains the next hop information.

C.  

FIB is derived from the control plane, and the RIB is derived from the data plane.

D.  

RIB is derived from the control plane, and the FIB is derived from the RIB.

Discussion 0
Questions 241

Drag and drop the LISP components on the left to the correct description on the right.

Options:

Discussion 0
Questions 242

Which two methods are used to interconnect two Cisco SD-Access Fabric sites? (Choose two.)

Options:

A.  

SD-Access transit

B.  

fabric interconnect

C.  

wireless transit

D.  

IP-based transit

E.  

SAN transit

Discussion 0
Questions 243

Drag and drop the characteristics from the left onto the switching architectures on the right.

Options:

Discussion 0
Questions 244

Refer to the exhibit. Link 1 uses a copper connection and link 2 uses a fiber connection. The fiber port must be the primary port for all forwarding. The output of the show spanning-tree command on SW2 shows that the fiber port is blocked by Spanning Tree. After entering the spanning-tree port-priority 32 command on G0/1 on SW2, the port remains blocked. Which command should be entered on the ports connected to Link 2 is resolve the issue?

Options:

A.  

Enter spanning-tree port-priority 64 on SW2

B.  

Enter spanning-tree port-priority 224 on SW1.

C.  

Enter spanning-tree port-priority 4 on SW2.

D.  

Enter spanning-tree port-priority 32 on SW1.

Discussion 0
Questions 245

What is the function of the fabric control plane node in a Cisco SD-Access deployment?

Options:

A.  

It is responsible for policy application and network segmentation in the fabric

B.  

It performs traffic encapsulation and security profiles enforcement in the fabric

C.  

It holds a comprehensive database that tracks endpoints and networks in the fabric

D.  

It provides integration with legacy nonfabric-enabled environments

Discussion 0
Questions 246

Refer to the exhibit.

The inside and outside interfaces u configuration of this device have been correctly identified. What is the effect of this configuration?

Options:

A.  

dynamic NAT

B.  

NAT64

C.  

PAT

D.  

static NAT

Discussion 0
Questions 247

In a wireless network environment, what is calculated using the numerical values of the transmitter power level, cable loss, and antenna gain?

Options:

A.  

RSSI

B.  

dBI

C.  

SNR

D.  

EIRP

Discussion 0
Questions 248

Drag and drop the characteristics from the left onto the deployment models on the right Not all options are used.

Options:

Discussion 0
Questions 249

What is the result when an active route processor fails that combines NSF with SSO?

Options:

A.  

An NSF-capable device immediately updates the standby route processor RIB without churning the network.

B.  

The standby route processor immediately takes control and forwards packets along known routes.

C.  

An NSF-aware device immediately updates the standby route processor RIB without churning the network.

D.  

The standby route processor temporarily forwards packets until route convergence is complete.

Discussion 0
Questions 250

When a DNS host record is configured for a new Cisco AireOS WLC, which hostname must be added to allow APs to successfully discover the WLC?

Options:

A.  

CONTROLLER-CAPWAP-CISCO

B.  

CISCO-CONTROLLER-CAPWAP

C.  

CAPWAP-CISCO-CONTROLLER

D.  

CISCO-CAPWAP-CONTROLLER

Discussion 0
Questions 251

An engineer uses the Design workflow to create a new network infrastructure in Cisco DNA Center. How is the physical network device hierarchy structured?

Options:

A.  

by organization

B.  

by location

C.  

by hostname naming convention

D.  

by role

Discussion 0
Questions 252

Refer to the exhibit.

An engineer configures a trunk between SW1 and SW2 but tagged packets are not passing. Which action fixes the issue?

Options:

A.  

Configure SW1 with dynamic auto mode on interface FastEthernet0/1.

B.  

Configure the native VLAN to be the same VLAN on both switches on interface FastEthernet0/1.

C.  

Configure SW2 with encapsulation dot1q on interface FastEthernet0/1.

D.  

Configure FastEthernet0/1 on both switches for static trunking.

Discussion 0
Questions 253

Refer to the exhibit. What is the result of this Python code?

Options:

A.  

1

B.  

0

C.  

7

D.  

7.5

Discussion 0