Efficiently Pass 350-401 Exam With Cisco 350-401 Exam Dumps [2022].pdf - ITPrepare

Please enable JavaScript to view the full PDF

Cisco 350-401 Implementing and Operating Cisco Enterprise Network Core Technologies (ENCOR) 1. What is used to perform OoS packet classification? A. the Options field in the Layer 3 header B. the Type field in the Layer 2 frame C. the Flags field in the Layer 3 header D. the TOS field in the Layer 3 header Answer: D Explanation: Type of service, when we talk about PACKET, means layer 3 2.Refer to the exhibit. 2] 02 [2 ps um D m xa E 1 40 0- 35 co is C h it W m xa E 1 40 0- 35 s as P ly nt ie Communication between London and New York is down. ic ff Which command set must be applied to the NewYork switch to resolve the issue? E A) B) C) 2] 02 [2 ps um D m xa E 1 40 0- 35 co D) is C h it W m xa E 1 40 0- 35 s as P ly nt ie ic ff E A. Option A B. Option B C. Option C D. Option D Answer: D 3.Refer to the exhibit. 2] 02 [2 ps um D Which configuration allows Customer2 hosts to access the FTP server of Customer1 m xa that has the IP address of 192.168.1.200? E 1 A. ip route vrf Customer1 172.16.1.0 255.255.255.0 172.16.1.1 global 40 0- ip route vrf Customer2 192.168.1.200 255.255.255.255 192.168.1.1 global 35 ip route 192.168.1.0 255.255.255.0 Vlan10 co is ip route 172.16.1.0 255.255.255.0 Vlan20 C h B. ip route vrf Customer1 172.16.1.0 255.255.255.0 172.16.1.1 Customer2 it W ip route vrf Customer2 192.168.1.200 255.255.255.255 192.168.1.1 Customer1 m xa C. ip route vrf Customer1 172.16.1.0 255.255.255.0 172.16.1.1 Customer1 E ip route vrf Customer2 192.168.1.200 255.255.255.255 192.168.1.1 Customer2 1 40 D. ip route vrf Customer1 172.16.1.1 255.255.255.255 172.16.1.1 global 0- 35 ip route vrf Customer2 192.168.1.200 255.255.255.0 192.168.1.1 global s as ip route 192.168.1.0 255.255.255.0 Vlan10 P ip route 172.16.1.0 255.255.255.0 Vlan20 ly nt Answer: A ie ic ff E 4.Which measurement is used from a post wireless survey to depict the cell edge of the access points? A. SNR B. Noise C. RSSI D. CCI Answer: C Explanation: Coverage defines the ability of wireless clients to connect to a wireless AP with a signal strength and quality high enough to overcome the effects of RF interference. The edge of the coverage for an AP is based on the signal strength and SNR measured as the client device moves away from the AP. The signal strength required for good coverage varies dependent on the specific type of client devices and applications on the network. To accommodate the requirement to support wireless Voice over IP (VoIP), refer to the RF guidelines specified in the Cisco 7925G Wireless IP Phone Deployment Guide. The minimum recommended wireless signal strength for voice applications is -67 dBm and the minimum SNR is 25 dB. The first step in the analysis of a post site survey is to verify the ‘Signal Coverage’. The signal coverage is measured in dBm. You can adjust the color-coded signal gauge to your minimum-allowed signal level to view areas where there are sufficient and insufficient coverage. The example in Figure 8 shows blue, green, and yellow 2] areas in the map have signal coverage at -67 dBm or better. The areas in grey on the 02 [2 coverage maps have deficient coverage. Source from Cisco ps https://www.cisco.com/c/en/us/td/docs/wireless/technology/vowlan/troubleshooting/vo um wlan_troubleshoot/8_Site_Survey_RF_Design_Valid.html D m xa E 1 40 5.Which AP mode allows an engineer to scan configured channels for rogue access 0- 35 points? co A. sniffer is C B. monitor h it C. bridge W m D. local xa Answer: B E 1 40 0- 35 6. How does the RIB differ from the FIB? s as A. The RIB is used to create network topologies and routing tables. The FIB is a list of P ly routes to particular network destinations. nt ie B. The FIB includes many routes a single destination. The RIB is the best route to a ic ff single destination. E C. The RIB includes many routes to the same destination prefix. The FIB contains only the best route D. The FIB maintains network topologies and routing tables. The RIB is a Iist of routes to particular network destinations. Answer: A Explanation: RIB is derived from the control plane, FIB is used for forwarding. 7.Refer to the exhibit. 2] 02 [2 ps um D m xa E 1 40 0- 35 co is C h it W m xa E 1 40 0- 35 s as P ly nt ie ic ff E Based on the configuration in this WLAN security setting. Which method can a client use to authenticate to the network? A. text string B. username and password C. certificate D. RADIUS token Answer: A 8.An engineer must configure HSRP group 300 on a Cisco IOS router. When the router is functional, it must be the must be the active HSRP router. The peer router has been configured using the default priority value. Which command set is required? A) B) 2] 02 [2 ps um D m C) xa E 1 40 0- 35 co is C D) h it W m xa E 1 40 0- 35 s as A. Option A P B. Option B ly nt C. Option C ie ic D. Option D ff E Answer: B 9.DRAG DROP Drag and drop the characteristics from the left onto the routing protocols they describe on the right. Answer: E ff ic ie nt 10.Refer to the exhibit. ly P as s 35 0- 40 1 E xa m W it h C is co 35 0- 40 1 E xa m D um ps [2 02 2] Which type of antenna is show on the radiation patterns? 2] 02 A. Dipole [2 B. Yagi ps C. Patch um D D. Omnidirectional m xa Answer: A E 1 40 0- 35 11.Refer to the exhibit. co is C h it W m xa E 1 40 0- What does the snippet of code achieve? 35 A. It creates a temporary connection to a Cisco Nexus device and retrieves a token to s as be used for API calls. P ly B. It opens a tunnel and encapsulates the login information, if the host key is correct. nt ie C. It opens an ncclient connection to a Cisco Nexus device and maintains it for the ic ff duration of the context. E D. It creates an SSH connection using the SSH key that is stored, and the password is ignored. Answer: C Explanation: ncclient is a Python library that facilitates client-side scripting and application development around the NETCONF protocol. The above Python snippet uses the ncclient to connect and establish a NETCONF session to a Nexus device (which is also a NETCONF server). 12.What is one fact about Cisco SD-Access wireless network deployments? A. The access point is part of the fabric underlay B. The WLC is part of the fabric underlay C. The access point is part the fabric overlay D. The wireless client is part of the fabric overlay Answer: C 13.Refer to the exhibit. 2] 02 [2 ps um D m xa E After configurating an IPsec VPN, an engineer enters the show command to verify the 1 40 ISAKMP SA status. 0- What does the status show? 35 co A. ISAKMP SA is authenticated and can be used for Quick Mode. is B. Peers have exchanged keys, but ISAKMP SA remains unauthenticated. C h it C. VPN peers agreed on parameters for the ISAKMP SA W D. ISAKMP SA has been created, but it has not continued to form. m xa Answer: A E 1 Explanation: 40 0- The ISAKMP SA has been authenticated. If the router initiated this exchange, this 35 state transitions immediately to QM_IDLE, and a Quick Mode exchange begins. s as https://www.ciscopress.com/articles/article.asp?p=606584 P ly nt ie ic ff 14. When configuration WPA2 Enterprise on a WLAN, which additional security E component configuration is required? A. NTP server B. PKI server C. RADIUS server D. TACACS server Answer: C 15.Which method creates an EEM applet policy that is registered with EEM and runs on demand or manually? A. event manager applet ondemand event register action 1.0 syslog priority critical msg „This is a message from ondemand‟ B. event manager applet ondemand event manual action 1.0 syslog priority critical msg „This is a message from ondemand‟ C. event manager applet ondemand event none action 1.0 syslog priority critical msg „This is a message from ondemand‟ D. event manager applet ondemand action 1.0 syslog priority critical msg „This is a message from ondemand‟ Answer: C Explanation: 2] An EEM policy is an entity that defines an event and the actions to be taken when that 02 [2 event occurs. There are two types of EEM policies: an applet or a script. An applet is ps a simple form of policy that is defined within the CLI configuration. answer 'event um manager applet ondemand event register action 1.0 syslog priority critical msg ‘This is D m a message from ondemand’ <="" p="" style="box-sizing: border-box;"> xa E There are two ways to manually run an EEM policy. EEM usually schedules and runs 1 40 policies on the 0- 35 basis of an event specification that is contained within the policy itself. The event co none command allows EEM to identify an EEM policy that can be manually triggered. is C To run the policy, use either the action policy command in applet configuration mode h it or the event manager run command in privileged EXEC mode. W m Reference: https://www.cisco.com/c/en/us/td/docs/ios- xa xml/ios/eem/configuration/xe-3s/eem-xe-3s-book/eem-policy-cli.html E 1 40 0- 35 16.Refer to the exhibit. s as P ly nt ie ic ff E A network engineer is configuring OSPF between router R1 and router R2. The engineer must ensure that a DR/BDR election does not occur on the Gigabit Ethernet interfaces in area 0. Which configuration set accomplishes this goal? A. R1(config-if)interfaceGi0/0 R1(config-if)ipospf network point-to-point R2(config-if)interface Gi0/0 R2(config-if)ipospf network point-to-point B. R1(config-if)interfaceGi0/0 R1(config-if)ipospf network broadcast R2(config-if)interface Gi0/0 R2(config-if)ipospf network broadcast C. R1(config-if)interfaceGi0/0 R1(config-if)ipospf database-filter all out 2] R2(config-if)interface Gi0/0 02 [2 R2(config-if)ipospf database-filter all out ps D. R1(config-if)interfaceGi0/0 um R1(config-if)ipospf priority 1 D m R2(config-if)interface Gi0/0 xa E R2(config-if)ipospf priority 1 1 40 Answer: A 0- 35 Explanation: co Broadcast and Non-Broadcast networks elect DR/BDR while Point-topoint/ multipoint is C do not elect DR/BDR. Therefore we have to set the two Gi0/0 interfaces to point-to- h it point or point-to-multipoint network to ensure that a DR/BDR election does not occur. W m xa E 1 40 0- 35 s as P ly 17.Which command set configures RSPAN to capture outgoing traffic from VLAN 3 on nt ie interface GigabitEthernet 0/3 while ignoring other VLAN traffic on the same interface? ic ff A. monitor session 2 source interface gigabitethernet0/3 tx E monitor session 2 filter vlan3 B. monitor session 2 source interface gigabitethernet0/3 rx monitor session 2 filter vlan3 C. monitor session 2 source interface gigabitethernet0/3 tx monitor session 2 filter vlan 1 - 2, 4 C4094 D. monitor session 2 source interface gigabitethernet0/3 rx: monitor session 2 filter vlan 1 - 2, 4 C4094 Answer: A 18.An engineer is troubleshooting the Ap join process using DNS. Which FQDN must be resolvable on the network for the access points to successfully register to the WLC? A. wlcbostname.domain.com B. cisco-capwap-controller.domain.com C. ap-manager.domain.com D. primary-wlc.domain.com Answer: B Explanation: DNS: If you have configured your DHCP server to provide both option 006 (DNS server address) and option 015 (domain name) information, the AP can obtain WLC addresses from the DNS server. The process works as follows: 2] 02 [2 19.Which statement about TLS is accurate when using RESTCONF to write ps configurations on network devices? um A. It requires certificates for authentication D m B. It is provided using NGINX acting as a proxy web server xa E C. It is used for HTTP and HTTPS requests 1 40 D. It is not supported on Cisco devices 0- 35 Answer: B co is C h it 20. Refer to the exhibit. W m xa E 1 40 0- 35 s as P ly nt ie ic ff E 2] 02 [2 ps um D m xa E 1 40 0- 35 co is C h it W m xa E 1 40 0- 35 s as P ly nt ie ic ff E Which command must be applied to R2 fo r an OSPF neighborship to form? A. network 20.1.1.2.0.0.0.0 area 0 B. network 20.1.1.2 255.255.0.0. area 0 C. network 20.1.1.2.0.0.255.255 area 0 D. network 20.1.1.2 255.255.255 area 0 Answer: A Explanation: The network 20.0.0.0 0.0.0.255 area 0 command on R2 did not cover the IP address of Fa1/1 interface of R2 so OSPF did not run on this interface. Therefore we have to use the command network 20.1.1.2 0.0.255.255 area 0 to turn on OSPF on this interface. Note: The command network 20.1.1.2 0.0.255.255 area 0 can be used too so this answer is also correct but answer C is the best answer here. The network 0.0.0.0 255.255.255.255 area 0 command on R1 will run OSPF on all active 21.Refer to the exhibit. 2] 02 [2 ps um D m xa E 1 40 0- 35 co is C h it W m xa E 1 40 0- 35 s as P ly nt ie ic ff E An engineer must ensure that all traffic leaving AS 200 will choose Link 2 as the exit point. Assuming that all BGP neighbor relationships have been formed and that the attributes have not been changed on any of the routers, which configuration accomplish task? A. R4(config-router)bgp default local-preference 200 B. R3(config-router)neighbor 10.1.1.1 weight 200 C. R3(config-router)bgp default local-preference 200 D. R4(config-router)nighbor 10.2.2.2 weight 200 Answer: A Explanation: Local preference is an indication to the AS about which path has preference to exit the AS in order to reach a certain network. A path with a higher local preference is preferred. The default value for local preference is 100. Unlike the weight attribute, which is only relevant to the local router, local preference is an attribute that routers exchange in the same AS. The local preference is set with the “bgp default local-preference value” command. 2] In this case, both R3 & R4 have exit links but R4 has higher local-preference so R4 02 [2 will be chosen as the preferred exit point from AS 200. ps um D m 22. Refer to the exhibit. xa E 1 40 0- 35 co is C h it W m xa An engineer must modify the access control list EGRESS to allow all IP traffic from E subnet 10.1.10.0/24 to 10.1.2.0/24. The access control list is applied in the outbound 1 40 direction on router interface GigabitEthemet 0/1. 0- 35 Which configuration commands can the engineer use to allow this traffic without s as disrupting existing traffic flows? P ly A) nt ie ic ff E B) C) 2] 02 [2 ps um D m xa E 1 40 0- 35 co is C h it W m xa D) E 1 40 0- 35 s as P ly nt ie ic ff E A. Option A B. Option B C. Option C D. Option D Answer: B 23.Refer to the exhibit. 2] 02 [2 ps um D m xa E 1 40 0- 35 co is C Security policy requires all idle-exec sessions to be terminated in 600 seconds. h it W Which configuration achieves this goal? m A. line vty 0 15 xa E absolute-timeout 600 1 40 B. line vty 0 15 0- 35 exec-timeout s C. line vty 01 5 as P exec-timeout 10 0 ly nt D. line vty 0 4 ie ic exec-timeout 600 ff E Answer: C 24. Which protocol does REST API rely on to secure the communication channel? A. TCP B. HTTPS C. SSH D. HTTP Answer: B Explanation: The REST API accepts and returns HTTP (not enabled by default) or HTTPS messages that contain JavaScript Object Notation (JSON) or Extensible Markup Language (XML) documents. You can use any programming language to generate the messages and the JSON or XML documents that contain the API methods or Managed Object (MO) descriptions. Reference: https://www.cisco.com/c/en/us/td/docs/switches/datacenter/aci/apic/sw/2-x /rest_cfg/2_1_x/b_Cisco_APIC_REST_API_Configuration_Guide/b_Cisco_APIC_RE ST_ API_Configuration_Guide_chapter_01.html 25.What is the function of a VTEP in VXLAN? A. provide the routing underlay and overlay for VXLAN headers B. dynamically discover the location of end hosts in a VXLAN fabric 2] C. encapsulate and de-encapsulate traffic into and out of the VXLAN fabric 02 [2 D. statically point to end host locations of the VXLAN fabric ps Answer: C um D m xa E 26. Refer to the exhibit. 1 40 0- 35 co is C h it W m xa E 1 40 0- 35 s as P ly nt ie ic ff E 2] 02 [2 ps um D m xa E 1 40 0- 35 co is C h it W m xa E 1 40 An engineer must deny Telnet traffic from the loopback interface of router R3 to the 0- 35 loopback interface of router R2 during the weekend hours. All other traffic between s as the loopback interfaces of routers R3 and R2 must be allowed at all times. P Which command accomplish this task? ly nt A. R3(config)#time-range WEEKEND ie ic R3(config-time-range)#periodic Saturday Sunday 00:00 to 23:59 ff E R3(config)#access-list 150 deny tcp host 10.3.3.3 host 10.2.2.2 eq 23 time-range WEEKEND R3(config)#access-list 150 permit ip any any time-range WEEKEND R3(config)#interface Gi0/1 R3(config-if)#ip access-group 150 out B. R1(config)#time-range WEEKEND R1(config-time-range)#periodic Friday Sunday 00:00 to 00:00 R1(config)#access-list 150 deny tcp host 10.3.3.3 host 10.2.2.2 eq 23 time-range WEEKEND R1(config)#access-list 150 permit ip any any R1(config)#interface Gi0/1 R1(config-if)#ip access-group 150 in C. R1(config)#time-range WEEKEND R1(config-time-range)#periodic weekend 00:00 to 23:59 R1(config)#access-list 150 deny tcp host 10.3.3.3 host 10.2.2.2 eq 23 time-range WEEKEND R1(config)#access-list 150 permit ip any any R1(config)#interface Gi0/1 R1(config-if)#ip access-group 150 in D. R3(config)#time-range WEEKEND R3(config-time-range)#periodic weekend 00:00 to 23:59 R3(config)#access-list 150 deny tcp host 10.3.3.3 host 10.2.2.2 eq 23 time-range WEEKEND R3(config)#access-list 150 permit ip any any time-range WEEKEND R3(config)#interface Gi0/1 R3(config-if)#ip access-group 150 out Answer: C 2] Explanation: 02 [2 We cannot filter traffic that is originated from the local router (R3 in this case) so we ps can only configure the ACL on R1 or R2. “Weekend hours” means from Saturday um morning through Sunday night so we have to configure: “periodic weekend 00:00 to D m 23:59”. xa E Note: The time is specified in 24-hour time (hh:mm), where the hours range from 0 to 1 40 23 and the minutes range from 0 to 59. 0- 35 co is C 27.Which encryption hashing algorithm does NTP use for authentication? h it A. SSL W m B. MD5 xa C. AES128 E 1 D. AES256 40 0- Answer: B 35 Explanation: s as An example of configuring NTP authentication is shown below: P ly Router1(config)#ntp authentication-key 2 md5 itexamanswers nt ie Router1(config)#ntp authenticate ic ff Router1(config)#ntp trusted-key 2 E 28.Refer to the exhibit. 2] 02 [2 ps um D m xa E 1 40 0- What are two effects of this configuration? (Choose two.) 35 A. R1 becomes the active router. co is B. R1 becomes the standby router. C h C. If R2 goes down, R1 becomes active but reverts to standby when R2 comes back it W online. m xa D. If R1 goes down. R2 becomes active and remains the active device when R1 E comes back online. 1 40 E. If R1 goes down, R2 becomes active but reverts to standby when R1 comes back 0- 35 online. s as Answer: A, D P ly nt ie ic 29.Which method of account authentication does OAuth 2.0 within REST APIs? ff E A. username/role combination B. access tokens C. cookie authentication D. basic signature workflow Answer: B Explanation : The most common implementations of OAuth (OAuth 2.0) use one or both of these tokens: + access token: sent like an API key, it allows the application to access a user’s data; optionally, access tokens can expire. + refresh token: optionally part of an OAuth flow, refresh tokens retrieve a new access token if they have expired. OAuth2 combines Authentication and Authorization to allow more sophisticated scope and validity control. 30.What does the cisco DNA REST response indicate? 2] 02 [2 ps um D m xa E 1 40 0- 35 co is C h it W m xa E 1 40 0- 35 s as P ly nt ie ic ff E E ff ic ie nt ly P as s 35 0- 40 1 E xa m W it h C is co 35 0- 40 1 E xa m D um ps [2 02 2] A. Cisco DNA Center has the Incorrect credentials for cat3850-1 B. Cisco DNA Center is unable to communicate with cat9000-1 C. Cisco DNA Center has the incorrect credentials for cat9000-1 D. Cisco DNA Center has the Incorrect credentials for RouterASR-1 Answer: C 31. DRAG DROP Drag and drop the threat defense solutions from the left onto their descriptions on the right. 2] 02 [2 ps um D m xa E 1 40 0- 35 co is C h it W m xa E 1 40 0- 35 Answer: s as P ly nt ie ic ff E 2] 02 [2 ps um D m 32.In a Cisco SD-Access solution, what is the role of the Identity Services Engine? xa A. It is leveraged for dynamic endpoint to group mapping and policy definition. E 1 40 B. It provides GUI management and abstraction via apps that share context. 0- C. it is used to analyze endpoint to app flows and monitor fabric status. 35 D. It manages the LISP EID database. co is Answer: A C h it W m xa 33.Refer to the exhibit. E 1 40 0- 35 s as P ly nt ie ic ff E 2] 02 [2 ps um D m xa E 1 40 0- 35 co is C h it W m xa E 1 40 0- 35 s as P Which troubleshooting a routing issue, an engineer issues a ping from S1 to S2. ly nt When two actions from the initial value of the TTL? (Choose two.) ie ic A. The packet reaches R3, and the TTL expires ff E B. R2 replies with a TTL exceeded message C. R3 replies with a TTL exceeded message. D. The packet reaches R2 and the TTL expires E. R1 replies with a TTL exceeded message F. The packet reaches R1 and the TTL expires. Answer: AD Explanation: Source MAC in the capture is VMWare, MAC is Cisco. Routers first check the TTL before any further process, subtract 1 at R1. Send to R2, subtract and you have ZERO. Discard packet and reply with ICMP Time Exceeded message from that point, don't even bother checking the Route table for further processing. 34.Refer to exhibit. VLANs 50 and 60 exist on the trunk links between all switches All access ports on SW3 are configured for VLAN 50 and SW1 is the VTP server. 2] Which command ensures that SW3 receives frames only from VLAN 50? 02 A. SW1 (config)#vtp pruning [2 ps B. SW3(config)#vtp mode transparent um C. SW2(config)=vtp pruning D m D. SW1 (config >»vtp mode transparent xa Answer: A E 1 40 Explanation: 0- SW3 does not have VLAN 60 so it should not receive traffic for this VLAN (sent from 35 co SW2). is Therefore we should configure VTP Pruning on SW3 so that SW2 does not forward C h VLAN 60 traffic to SW3. Also notice that we need to configure pruning on SW1 (the it W VTP Server), not SW2. m xa E 1 40 0- 35. Refer to the exhibit. 35 s as P ly nt ie ic ff E 2] 02 [2 ps um D m xa E 1 40 0- 35 co is C h it W m xa E 1 40 0- 35 s as P ly nt ie ic ff E Which configuration change will force BR2 to reach 209 165 201 0/27 via BR1? A. Set the weight attribute to 65.535 on BR1 toward PE1. B. Set the local preference to 150 on PE1 toward BR1 outbound C. Set the MED to 1 on PE2 toward BR2 outbound. D. Set the origin to igp on BR2 toward PE2 inbound. Answer: C Explanation: 2] 02 [2 ps um D m xa MED Attribute: E 1 + Optional nontransitive attribute (nontransitive means that we can only advertise 40 0- MED to routers that are one AS away) 35 + Sent through ASes to external BGP neighbors co is + Lower value is preferred (it can be considered the external metric of a route) C h + Default value is 0 it W m xa E 36.What is the data policy in a Cisco SD-WAN deployment? 1 40 A. list of ordered statements that define node configurations and authentication used 0- 35 within the SD-WAN overlay s as B. Set of statements that defines how data is forwarded based on IP packet P ly information and specific VPNs nt ie C. detailed database mapping several kinds of addresses with their corresponding ic location ff E D. group of services tested to guarantee devices and links liveliness within the SD- WAN overlay Answer: B 37.Which TCP setting is tuned to minimize the risk of fragmentation on a GRE/IP tunnel? A. MTU B. Window size C. MRU D. MSS Answer: D Explanation: The TCP Maximum Segment Size (TCP MSS) defines the maximum amount of data that a host is willing to accept in a single TCP/IP datagram. This TCP/IP datagram might be fragmented at the IP layer. The MSS value is sent as a TCP header option only in TCP SYN segments. Each side of a TCP connection reports its MSS value to the other side. Contrary to popular belief, the MSS value is not negotiated between hosts. The sending host is required to limit the size of data in a single TCP segment Test 350-401 to a value less than or equal to the MSS reported by the receiving host. TCP MSS takes care of fragmentation at the two endpoints of a TCP connection, but it does not handle the case where there is a smaller MTU link in the middle between these two endpoints. PMTUD was developed in order to avoid fragmentation in the path between the endpoints. It is