If you are looking for free 350-401 dumps than here we have some sample question answers available. You can prepare from our Cisco 350-401 exam questions notes and prepare exam with this practice test. Check below our updated 350-401 exam dumps.
DumpsGroup are top class study material providers and our inclusive range of 350-401 Real exam questions would be your key to success in Cisco CCNP Enterprise Certification Exam in just first attempt. We have an excellent material covering almost all the topics of Cisco 350-401 exam. You can get this material in Cisco 350-401 PDF and 350-401 practice test engine formats designed similar to the Real Exam Questions. Free 350-401 questions answers and free Cisco 350-401 study material is available here to get an idea about the quality and accuracy of our study material.
Sample Question 4
Which technology enables a redundant supervisor engine to take over when the primary
supervisor engine fails?
A. NSF B. graceful restart C. SSO D. FHRP
Answer: C
Sample Question 5
Which two pieces of information are necessary to compute SNR? (Choose two.)
A. transmit power B. noise floor C. EIRP D. antenna gain E. RSSI
Answer: B,E
Sample Question 6
Which technology enables a redundant supervisor engine to take over when the primary
supervisor engine fails?
A. NSF B. graceful restart C. SSO D. FHRP
Answer: C
Sample Question 7
Which Quality of Service (QoS) mechanism allows the network administrator to control the
maximum rate of traffic received or sent on a given interface?
A. Policing B. Marking C. Queueing D. Classification
Answer: A Explanation: Traffic Policing In general, traffic policing allows you to control the maximum rate of traffic sent or received on an interface and to partition a network into multiple priority levels or class of service (CoS).
Sample Question 8
By default, which virtual MAC address does HSRP group 41 use?
A. 0c:5e:ac:07:0c:29 B. 00:05:0c:07:ac:41 C. 004:41:73:18:84:29 D. 00:00:0c:07:ac:29
Answer: D
Sample Question 9
By default, which virtual MAC address does HSRP group 12 use?
A. 00 5e0c:07:ac:12 B. 05:44:33:83:68:6c C. 00:00:0c:07:ac:0c D. 00:05:5e:00:0c:12
Answer: C
Sample Question 10
Which collection contains the resources to obtain a list of fabric nodes through the vManage API?
A. device management B. administration C. device inventory D. monitoring
Answer: C Explanation: The collection that contains the resources to obtain a list of fabric nodes through the vManage API is the device inventory collection. This collection can be accessed through the Cisco Encor Documents and provides resources such as the Fabric Visualization, Device List, and Fabric Node Inventory APIs. These APIs can be used to obtain information about the fabric nodes, such as the device inventory, status, and version.
Sample Question 11
An engineer is describing QoS to a client. Which two facts apply to traffic policing? (Choose
two.)
A. Policing adapts to network congestion by queuing excess traffic B. Policing should be performed as close to the destination as possible C. Policing drops traffic that exceeds the defined rate D. Policing typically delays the traffic, rather than drops it E. Policing should be performed as close to the source as possible
Answer: C,E
Sample Question 12
In a Cisco SD-Access environment, which function is performed by the border node?
A. Connect uteri and devices to the fabric domain. B. Group endpoints into IP pools. C. Provide reachability information to fabric endpoints. D. Provide connectivity to traditional layer 3 networks.
Answer: D
Sample Question 13
Why would a customer implement an on-premises solution instead of a cloud solution?
A. On-premises Offers greater compliance for government regulations than cloud B. On-premises offers greater scalability than cloud. C. On-premises oilers shorter deployment time than cloud. D. On-premises is more secure man cloud.
Answer: D
Sample Question 14
In which way are EIGRP and OSPF similar?
A. They both support unequal-cost load balancing B. They both support MD5 authentication for routing updates. C. They nave similar CPU usage, scalability, and network convergence times. D. They both support autosummarization
Answer: C
Sample Question 15
What are two benefits of implementing a traditional WAN instead of an SD-WAN solution?
(Choose two.)
A. comprehensive configuration standardization B. lower control plane abstraction C. simplify troubleshooting D. faster fault detection E. lower data plane overhead
Answer: B,D
Sample Question 16
Which security measure mitigates a man-in-the-middle attack of a REST API?
A. SSL certificates B. biometric authentication C. password hash D. non repudiotion feature
Answer: A
Sample Question 17
Which Python library is used to work with YANG data models via NETCONF?
A. Postman B. requests C. nccllent D. cURL
Answer: C
Sample Question 18
What is the function of vBond in a Cisco SD-WAN deployment?
A. initiating connections with SD-WAN routers automatically B. pushing of configuration toward SD-WAN routers C. onboarding of SD-WAN routers into the SD-WAN overlay D. gathering telemetry data from SD-WAN routers
Answer: C
Sample Question 19
Which two methods are used to interconnect two Cisco SD-Access Fabric sites? (Choose
two.)
A. SD-Access transit B. fabric interconnect C. wireless transit D. IP-based transit E. SAN transit
Answer: A,D
Sample Question 20
Which two methods are used to assign security group tags to the user in a Cisco Trust Sec
architecture? (Choose two )
A. modular QoS B. policy routing C. web authentication D. DHCP E. IEEE 802.1x
Answer: C,E
Sample Question 21
Which authorization framework gives third-party applications limited access to HTTP
services?
A. iPsec B. Basic Auth C. GRE D. OAuth 2.0
Answer: D
Sample Question 22
What is the purpose of the weight attribute in an EID-lo-RLOC mapping?
A. it indicates the preference for using LISP over native IP connectivity. B. it determines the administrative distance of LISP generated routes in the RIB C. It identifies the preferred RLOC address family. D. it indicates the load-balancing ratio between CTRs of 9m earns priority.
Answer: D
Sample Question 23
Which two new security capabilities are introduced by using a next-generation firewall at
the Internet edge? (Choose two.)
A. DVPN B. NAT C. stateful packet inspection D. application-level inspection E. integrated intrusion prevention
Answer: D,E
Sample Question 24
An engineer must configure router R1 to validate user logins via RADIUS and fall back to
the local user database if the RADIUS server is not available. Which configuration must be
applied?
A. aaa authorization exec default radius local B. aaa authorization exec default radius C. aaa authentication exec default radius local D. aaa authentication exec default radius
Answer: C
Sample Question 25
Which two steps are required for a complete Cisco DNA Center upgrade? (Choose two.)
A. golden image selection B. automation backup C. proxy configuration D. application updates E. system update
Answer: D,E
Sample Question 26
What does the destination MAC on the outer MAC header identify in a VXLAN packet?
A. thee emote spine B. the next hop C. the leaf switch D. the remote switch
Answer: B
Sample Question 27
Which unit of measure is used to measure wireless RF SNR?
A. mW B. bBm C. dB D. dBi
Answer: C
Sample Question 28
A network engineer wants to configure console access to a router without using AAA so
that the privileged exec mode is entered directly after a user provides the correct login
credentials. Which action achieves this goal?
A. Configure login authentication privileged on line con 0. B. Configure a local username with privilege level 15. C. Configure privilege level 15 on line con 0. D. Configure a RADIUS or TACACS+ server and use it to send the privilege level.
Answer: C
Sample Question 29
Which QoS queuing method transmits packets out of the interface in the order the packets
arrive?
A. custom B. weighted- fair C. FIFO D. priority
Answer: C
Sample Question 30
What does the Cisco DNA Center Authentication API provide?
A. list of global issues that are logged in Cisco DNA Center B. access token to make calls to Cisco DNA Center C. list of VLAN names D. dent health status
Answer: B
Sample Question 31
What is one method for achieving REST API security?
A. using built-in protocols known as Web Services Security B. using a combination of XML encryption and XML signatures C. using a MD5 hash to verify the integrity D. using HTTPS and TLS encryption
Answer: D
Sample Question 32
What is a characteristic of a traditional WAN?
A. low complexity and high overall solution scale B. centralized reachability, security, and application policies C. operates over DTLS and TLS authenticated and secured tunnels D. united data plane and control plane
Answer: D
Sample Question 33
Which LISP component decapsulates messages and forwards them to the map server
responsible for the egress tunnel routers?
A. Ingress Tunnel Router B. Map Resolver C. Proxy ETR D. Router Locator
Answer: B
Sample Question 34
When a DNS host record is configured for a new Cisco AireOS WLC, which hostname
must be added to allow APs to successfully discover the WLC?
A. CONTROLLER-CAPWAP-CISCO B. CISCO-CONTROLLER-CAPWAP C. CAPWAP-CISCO-CONTROLLER D. CISCO-CAPWAP-CONTROLLER
Answer: D
Sample Question 35
What is one being of implementing a data modetag language?
A. accuracy of the operations performed B. uses XML style of data formatting C. machine-oriented logic and language-facilitated processing. D. conceptual representation to simplify interpretation.
Answer: A
Sample Question 36
What do Chef and Ansible have in common?
A. They rely on a declarative approach. B. They rely on a procedural approach. C. They use YAML as their primary configuration syntax. D. They are clientless architectures.
Answer: B
Sample Question 37
An engineer must implement a configuration to allow a network administrator to connect to
the console port of a router and authenticate over the network. Which command set should
the engineer use?
A. aaa new-model
aaa authentication login default enable B. aaa new-model aaa authentication login console local C. aaa new-model aaa authentication login console group radius D. aaa new-model aaa authentication enable default
Answer: B
Sample Question 38
Which device is responsible for finding EID-to-RLOC mappings when traffic is sent to a
LISP-capable site?
A. map server B. map resolver C. ingress tunnel router D. egress tunnel router
Answer: C
Sample Question 39
How does Cisco Express Forwarding switching differ from process switching on Cisco
devices?
A. Cisco Express Forwarding switching uses adjacency tables built by the CDP protocol,
and process switching uses the routing table. B. Cisco Express Forwarding switching uses dedicated hardware processors, and process switching uses the main processor. C. Cisco Express Forwarding swithing saves memory by storing adjacency tables in dedicated memory on the line cards, and process switching stores all tables in the main memory. D. Cisco Express Forwarding switching uses a proprietary protocol based on IS-IS for MAC address lookup, and process switching uses the MAC address table.
Answer: C
Sample Question 40
Which element is unique to a Type 2 hypervisor?
A. memory B. VM OS C. host OS D. host hardware
Answer: C
Sample Question 41
What is a characteristics of Cisco SD-WAN?
A. operates over DTLS/TLS authenticated and secured tunnels B. requires manual secure tunnel configuration C. uses unique per-device feature templates D. uses control connections between routers
Answer: A
Sample Question 42
Which solution supports end to end line-rate encryption between two sites?
A. IPsec B. TrustSec C. MACseC D. GRE
Answer: A
Sample Question 43
Which two features are available only in next-generation firewalls? (Choose two.)
A. virtual private network B. deep packet inspection C. stateful inspection D. application awareness E. packet filtering
Answer: C,D
Sample Question 44
Which action limits the total amount of memory and CPU that is used by a collection of
VMs?
A. Place the collection of VMs in a resource pool. B. Place the collection of VMs in a vApp. C. Limit the amount of memory and CPU that is available to the cluster. D. Limit the amount of memory and CPU that is available to the individual VMs.
Answer: A
Sample Question 45
What is a benefit of Cisco TrustSec in a multilayered LAN network design?
A. Policy or ACLS are nor required. B. There is no requirements to run IEEE 802.1X when TrustSec is enabled on a switch port. C. Applications flows between hosts on the LAN to remote destinations can be encrypted. D. Policy can be applied on a hop-by-hop basis.
Answer: C
Sample Question 46
Which mechanism can be used to enforce network access authentication against an AAA
server if the endpoint does not support the 802.1X supplicant functionality?
A. private VLANs B. port security C. MAC Authentication Bypass D. MACsec
Answer: C
Sample Question 47
What does the statement print(format(0.8, '.0%')) display?
A. 80% B. 8% C. .08% D. 8.8%
Answer: B
Sample Question 48
In a wireless network environment, what is calculated using the numerical values of the
transmitter power level, cable loss, and antenna gain?
A. RSSI B. dBI C. SNR D. EIRP
Answer: B
Sample Question 49
How is traffic classified when using Cisco TrustSec technology?
A. with the VLAN B. with the MAC address C. with the IP address D. with the security group tag
Answer: D
Sample Question 50
A switch is attached to router R1 on its gig 0/0 interface. Fort security reasons, you want to
prevent R1 from sending OSPF hellos to the switch. Which command should be enabled to
accomplish this?
A. R1(config-router)#ip ospf hello disable B. R1(config-router)#ip ospf hello-interval 0 C. R1(config)#passive-interface Gig 0/0 D. R1(config-router)#passive-interface Gig 0/0
Answer: D
Sample Question 51
What is one role of the VTEP in a VXLAN environment?
A. to forward packets to non-LISP sites B. to encapsulate the tunnel C. to maintain VLAN configuration consistency D. to provide EID-to-RLOC mapping
Answer: B
Sample Question 52
Which device, in a LISP routing architecture, receives and de-encapsulates LISP traffic for
endpoints within a LISP-capable site?
A. MR B. ETR C. OMS D. ITR
Answer: B
Sample Question 53
A company recently decided to use RESTCONF instead of NETCONF and many of their
NETCONF scripts contain the operation
(operation=”create”).Which RESTCONF operation must be used to replace
these statements?
A. POST B. GET C. PUT D. CREATE
Answer: A
Sample Question 54
A customer has 20 stores located throughout a city. Each store has a single Cisco access
point managed by a central WLC. The customer wants to gather analysis for users in each
store. Which technique supports these requirements?
A. angle of arrival B. hyperlocation C. trilateration D. presence
Answer: B
Sample Question 55
What is one characteristic of Cisco DNA Center and vManage northbound APIs?
A. They push configuration changes down to devices. B. They implement the RESTCONF protocol. C. They exchange XML-formatted content. D. They implement the NETCONF protocol.
Answer: B
Sample Question 56
What is a benefit of using segmentation with TrustSec?
A. Packets sent between endpoints on a LAN are encrypted using symmetric key
cryptography. B. Firewall rules are streamlined by using business-level profiles. C. Integrity checks prevent data from being modified in transit. D. Security group tags enable network segmentation.
Answer: B
Sample Question 57
Which DNS lookup does an AP perform when attempting CAPWAP discovery?
A. CAPWAP-CONTROLLER.Iocal B. CISCO-CAPWAP-CONTROLLER.Iocal C. CISCO-DNA-CONTROLLER.Iocal D. CISCO-CONTROLLER.Iocal
Answer: B
Sample Question 58
Which mobility role is assigned to a client in the client table of the new controller after a
Layer 3 roam?
A. anchor B. foreign C. mobility D. transparent
Answer: D
Sample Question 59
What is an advantage of utilizing data models in a multivendor environment?
A. lowering CPU load incurred to managed devices B. improving communication security with binary encoded protocols C. facilitating a unified approach to configuration and management D. removing the distinction between configuration and runtime state data
Answer: C
Sample Question 60
Which two results occur if Cisco DNA center loses connectivity to devices in the SDACCESS fabric? (Choose two
A. All devices reload after detecting loss of connection to Cisco DNA Center B. Already connected users are unaffected, but new users cannot connect C. User connectivity is unaffected D. Cisco DNA Center is unable to collect monitoring data in Assurance E. Users lose connectivity
Answer: C,D
Sample Question 61
Which of the following are examples of Type 2 hypervisors? (Choose three.)
A. VMware ESXi B. Oracle VirtualBox C. Oracle Solaris Zones D. Microsoft Hyper-V E. Microsoft Virtual PC
Answer: B,C,E
Sample Question 62
When is GLBP preferred over HSRP?
A. When encrypted helm are required between gateways h a single group. B. When the traffic load needs to be shared between multiple gateways using a single virtual IP. C. When the gateway routers are a mix of Cisco and non-Cisco routers D. When clients need the gateway MAC address lo Be the same between multiple gateways
Answer: B
Sample Question 63
A customer has a pair of Cisco 5520 WLCs set up in an SSO cluster to manage all APs.
Guest traffic is anchored to a Cisco 3504 WLC located in a DMZ. Which action is needed to
ensure that the EolP tunnel remains in an UP state in the event of failover on the SSO
cluster?
A. Configure back-to-back connectivity on the RP ports. B. Enable default gateway reachability check. C. Use the same mobility domain on all WLCs. D. Use the mobility MAC when the mobility peer is configured.
Answer: B
Sample Question 64
How do cloud deployments compare to on-premises deployments?
A. Cloud deployments provide a better user experience across world regions, whereas onpremises deployments depend upon region-specific conditions B. Cloud deployments are inherently unsecure. whereas a secure architecture is mandatory for on-premises deployments. C. Cloud deployments mandate a secure architecture, whereas on-premises deployments are inherently unsecure. D. Cloud deployments must include automation infrastructure, whereas on-premises deployments often lack the ability for automation.
Answer: B
Sample Question 65
Which language defines the structure or modelling of data for NETCONF and RESTCONF?
A. YAM B. YANG C. JSON D. XML
Answer: B
Sample Question 66
Which two actions, when applied in the LAN network segment, will facilitate Layer 3
CAPWAP discovery for lightweight AP? Choose two.)
A. Enable port security on the switch port. B. Configure an IP helper-address on the router interface. C. Utilize DHCP option 17. D. Configure WLC IP address LAN switch. E. Utilize DHCP option 43.
Answer: A,E
Sample Question 67
Which two results occur if Cisco DNA Center loses connectivity to devices in the SDAccess fabric? (Choose two)
A. Cisco DNA Center is unable to collect monitoring data in Assurance. B. All devices reload after detecting loss of connection to Cisco DNA Center. C. Already connected users are unaffected, but new users cannot connect D. Users lose connectivity. E. User connectivity is unaffected.
Answer: A,E
Sample Question 68
Which two functions is an edge node responsible for? (Choose two.)
A. provides multiple entry and exit points for fabric traffic B. provides the default exit point for fabric traffic C. provides the default entry point for fabric traffic D. provides a host database that maps endpoint IDs to a current location E. authenticates endpoints
Answer: A,D
Sample Question 69
Which hypervisor requires a host OS to run and is not allowed to directly access the hosts
hardware and resources?
A. native B. bare metal C. type 1 D. type 2
Answer: D
Sample Question 70
What is a client who is running 802.1x for authentication reffered to as?
A. supplicant B. NAC device C. authenticator D. policy enforcement point
Answer: A
Sample Question 71
In lhe Cisco DNA Center Image Repository, what is a golden image?
A. The latest software image that is available for a specific device type B. The Cisco recommended software image for a specific device type. C. A software image that is compatible with multiple device types. D. A software image that meets the compliance requirements of the organization.
Answer: B
Sample Question 72
Where is the wireless LAN controller located in a mobility express deployment?
A. There is no wireless LAN controller in the network. B. The wireless LAN controller is embedded into the access point. C. The wireless LAN controller exists in the cloud. D. The wireless LAN controller exists in a server that is dedicated for this purpose.
Answer: B
Sample Question 73
Which access control feature does MAB provide?
A. user access based on IP address B. allows devices to bypass authenticate* C. network access based on the physical address of a device D. simultaneous user and device authentication
Answer: C
Sample Question 74
What is the function of the fabric control plane node in a Cisco SD-Access deployment?
A. It is responsible for policy application and network segmentation in the fabric B. It performs traffic encapsulation and security profiles enforcement in the fabric C. It holds a comprehensive database that tracks endpoints and networks in the fabric D. It provides integration with legacy nonfabric-enabled environments
Answer: C
Sample Question 75
Which two parameters are examples of a QoS traffic descriptor? (Choose two)
A. MPLS EXP bits B. bandwidth C. DSCP D. ToS E. packet size
Answer: A,C
Sample Question 76
An engineer must create a new SSID on a Cisco 9800 wireless LAN controller. The client
has asked to use a pre-shared key for authentication Which profile must the engineer edit
to achieve this requirement?
A network monitoring system uses SNMP polling to record the statistics of router interfaces
The SNMP queries work as expected until an engineer installs a new interface and reloads
the router After this action, all SNMP queries for the router fail What is the cause of this
issue?
A. The SNMP community is configured incorrectly B. The SNMP interface index changed after reboot. C. The SNMP server traps are disabled for the interface index D. The SNMP server traps are disabled for the link state.
Answer: B
Sample Question 78
How does Cisco Trustsec enable more flexible access controls for dynamic networking
environments and data centers?
A. uses flexible NetFlow B. assigns a VLAN to the endpoint C. classifies traffic based an the contextual identity of the endpoint rather than its IP address D. classifies traffic based on advanced application recognition
Answer: C
Sample Question 79
In a Cisco StackWise Virtual environment, which planes are virtually combined in the
common logical switch?
A. management and data B. control and management C. control, and forwarding D. control and data
Answer: B
Sample Question 80
What does the LAP send when multiple WLCs respond to the CISCO_CAPWAPCONTROLLER.localdomain hostname during the CAPWAP discovery and join process?
A. broadcast discover request B. join request to all the WLCs C. unicast discovery request to each WLC D. Unicast discovery request to the first WLS that resolves the domain name
Answer: C Explanation: The AP will attempt to resolve the DNS name CISCO-CAPWAPCONTROLLER.localdomain. When the AP is able to resolve this name to one or more IP addresses, the AP sends a unicast CAPWAP Discovery Message to the resolved IP address(es). Each WLC that receives the CAPWAP Discovery Request Message replies with a unicast CAPWAP Discovery Response to the AP. Reference: https://www.cisco.com/c/en/us/support/docs/wireless/4400-series-wireless-lancontrollers/107606-dns-...
Sample Question 81
How is a data modeling language used?
A. To enable data lo be easily structured, grouped, validated, and replicated B. To represent finite and well-defined network elements that cannot be changed C. To model the flows of unstructured data within the infrastructure D. To provide human readability to scripting languages
Answer: A
Sample Question 82
A vulnerability assessment highlighted that remote access to the switches is permitted
using unsecure and unencrypted protocols Which configuration must be applied to allow
only secure and reliable remote access for device administration?
A. line vty 0 15 login local transport input none B. line vty 0 15 login local transport input telnet ssh C. line vty 0 15 login local transport input ssh D. line vty 0 15 login local transport input all
Answer: C
Sample Question 83
What is a characteristics of a vSwitch?
A. supports advanced Layer 3 routing protocols that are not offered by a hardware switch B. enables VMs to communicate with each other within a virtualized server C. has higher performance than a hardware switch D. operates as a hub and broadcasts the traffic toward all the vPorts
Answer: B
Sample Question 84
When does a Cisco StackWise primary switch lose its role?
A. when a stack member fails B. when the stack primary is reset C. when a switch with a higher priority is added to the stack D. when the priority value of a stack member is changed to a higher value
Answer: C
Sample Question 85
Which activity requires access to Cisco DNA Center CLI?
A. provisioning a wireless LAN controller B. creating a configuration template C. upgrading the Cisco DNA Center software D. graceful shutdown of Cisco DNA Center
Answer: D
Sample Question 86
An engineer is configuring RADIUS-Based Authentication with EAP. MS-CHAPv2 is
configured on a client device. Which outer method protocol must be configured on the ISE
to support this authentication type?
A. EAP-TLS B. EAP-FAST C. LDAP D. PEAP
Answer: D
Sample Question 87
Which router is elected the IGMP Querier when more than one router is in the same LAN
segment?
A. The router with the shortest uptime B. The router with the lowest IP address C. The router with the highest IP address D. The router with the longest uptime
Answer: B
Sample Question 88
A customer has a wireless network deployed within a multi-tenant building. The network
provides client access, location-based services, and is monitored using Cisco DNA Center.
The security department wants to locate and track malicious devices based on threat
signatures. Which feature is required for this solution?
A. Cisco aWIPS policies on the WLC B. Cisco aWIPS policies on Cisco DNA Center C. malicious rogue rules on the WLC D. malicious rogue rules on Cisco DNA Center
Answer: B
Sample Question 89
In a Cisco SD-Access fabric, which control plane protocol is used for mapping and
resolving endpoints?
A. DHCP B. VXLAN C. SXP D. LISP
Answer: D
Sample Question 90
What is the rose of the vSmart controller in a Cisco SD-WN environment?
A. it performs authentication and authorization B. it manages the control plane. C. it is the centralized network management system D. it manages the data plane
Answer: B
Sample Question 91
How do EIGRP metrics compare to OSPF metrics?
A. EIGRP metrics are based on a combination of bandwidth and packet loss, and OSPF metrics are based on interface bandwidth. B. EIGRP uses the Dijkstra algorithm, and OSPF uses The DUAL algorithm C. The EIGRP administrative distance for external routes is 170. and the OSPF administrative distance for external routes is undefined D. The EIGRP administrative distance for external routes is 170. and the OSPF administrative distance for external routes is 110
Answer: A
Sample Question 92
A network administrator is preparing a Python scrip to configure a Cisco IOS XE-based
device on the network. The administrator is worried that colleagues will make changes to
the device while the script is running. Which operation of he in client manager prevent
colleague making changes to the device while the scrip is running?
A. m.lock(config=’running’) B. m.lock(target=’running’) C. m.freeze(target=’running’) D. m.freeze(config=’running’)
Answer: B
Sample Question 93
What is a characteristic of a Type I hypervisor?
A. It is installed on an operating system and supports other operating systems above it. B. It is referred to as a hosted hypervisor. C. Problems in the base operating system can affect the entire system. D. It is completely independent of the operating system.
Answer: D
Sample Question 94
Which two methods are used by an AP that is typing to discover a wireless LAN controller?
(Choose two.)
A. Cisco Discovery Protocol neighbour B. broadcasting on the local subnet C. DNS lookup cisco-DNA-PRIMARY.localdomain D. DHCP Option 43 E. querying other APs
Answer: B,D
Sample Question 95
Which protocol is implemented to establish secure control plane adjacencies between
Cisco SD-WAN nodes?
A. IKF B. TLS C. IPsec D. ESP
Answer: B
Sample Question 96
By default, which virtual MAC address does HSRP group 30 use?
A. 00:05:0c:07:ac:30 B. 00:00:0c:07:ac:1e C. 05:0c:5e:ac:07:30 D. 00:42:18:14:05:1e
Answer: B
Sample Question 97
Which free application has the ability to make REST calls against Cisco DNA Center?
A. API Explorer B. REST Explorer C. Postman D. Mozilla
Answer: C
Sample Question 98
Which signal strength and noise values meet the minimum SNR for voice networks?
A. signal strength -67 dBm, noise 91 dBm B. signal strength -69 dBm, noise 94 dBm C. signal strength -68 dBm, noise 89 dBm D. signal strength -66 dBm, noise 90 dBm
Answer: A
Sample Question 99
How is a data modelling language used?
A. To enable data to be easily structured, grouped, validated, and replicated. B. To represent finite and well-defined network elements that cannot be changed. C. To model the flows of unstructured data within the infrastructure D. To provide human readability to scripting languages
Answer: A
Sample Question 100
.........
A. S2 is configured as LACP. Change the channel group mode to passive B. S2 is configured with PAgP. Change the channel group mode to active. C. S1 is configured with LACP. Change the channel group mode to on D. S1 is configured as PAgP. Change the channel group mode to desirable
Answer: B
Sample Question 101
A company requires a wireless solution to support its mam office and multiple branch
locations. All sites have local Internet connections and a link to the main office lor corporate
connectivity. The branch offices are managed centrally. Which solution should the
company choose?
A. Cisco United Wireless Network B. Cisco DNA Spaces C. Cisco Catalyst switch with embedded controller D. Cisco Mobility Express
Answer: B
Sample Question 102
Which technology reduces the implementation of STP and leverages both unicast and
multicast?
A. VSS B. VXLAN C. VPC D. VLAN
Answer: B
Sample Question 103
What is the result when an active route processor fails that combines NSF with SSO?
A. An NSF-capable device immediately updates the standby route processor RIB without churning the network. B. The standby route processor immediately takes control and forwards packets along known routes. C. An NSF-aware device immediately updates the standby route processor RIB without churning the network. D. The standby route processor temporarily forwards packets until route convergence is complete.
Answer: B
Sample Question 104
What is difference between TCAM and the MAC address table?
A. TCAM is used to make Lalyer 2 forwarding decisions CAM is used to build routing tables. B. The MAC address table supports partial matches .TCAM requires an exact match. C. The MAC address table is contained in CAM.ACL and QoS information is stored in TCAM. D. Router prefix lookups happens in CAM.MAC address table lookups happen in TCAM.
Answer: D
Sample Question 105
Which two characteristics apply to the endpoint security aspect of the Cisco Threat
Defense architecture? (Choose two.)
A. detect and black ransomware in email attachments B. outbound URL analysis and data transfer controls C. user context analysis D. blocking of fileless malware in real time E. cloud-based analysis of threats
Answer: B,D
Sample Question 106
How does SSO work with HSRP to minimize network disruptions?
A. It enables HSRP to elect another switch in the group as the active HSRP switch. B. It ensures fast failover in the case of link failure. C. It enables data forwarding along known routes following a switchover, white the routing protocol reconverges. D. It enables HSRP to failover to the standby RP on the same device.
Answer: D
Sample Question 107
A customer wants to connect a device to an autonomous Cisco AP configured as a WGB.
The WGB is configured properly: however, it fails to associate to a CAPWAP- enabled AP.
Which change must be applied in the advanced WLAN settings to resolve this issue?
A. Enable Aironet IE. B. Enable passive client. C. Disable AAA override. D. Disable FlexConnect local switching.
Answer: A
Sample Question 108
Which component handles the orchestration plane of the Cisco SD-WAN?
A. vBond B. cSmart C. vManage D. WAN Edge
Answer: A
Sample Question 109
An engineer is connected to a Cisco router through a Telnet session. Which command
must be issued to view the logging messages from the current session as soon as they are
generated by the router?
A. logging buffer B. service timestamps log uptime C. logging host D. terminal monitor
Answer: D
Sample Question 110
What is the recommended minimum SNR for Voice applications for networks?
Which QoS feature uses the IP Precedence bits in the ToS field of the IP packet header to
partition traffic into different priority levels?
A. marking B. shaping C. policing D. classification
Answer: D
Sample Question 112
Witch two actions provide controlled Layer 2 network connectivity between virtual machines
running on the same hypervisor? (Choose two.)
A. Use a single trunk link to an external Layer2 switch. B. Use a virtual switch provided by the hypervisor. C. Use a virtual switch running as a separate virtual machine. D. Use a single routed link to an external router on stick. E. Use VXLAN fabric after installing VXLAN tunneling drivers on the virtual machines.
An engineer is configuring RADIUS-Based Authentication with EAP MS-CHAPv2 is
configured on a client device.
Which outer method protocol must be configured on the ISE to support this
authentication type?
A. EAP-TLS B. PEAP C. LDAP D. EAP-FAST
Answer: D
Sample Question 114
Which there application has the ability to make REST calls against Cisco DNA Center?
A. API Explorer B. REST Explorer C. Postman D. Mozilla
Answer: C
Sample Question 115
By default, which virtual MAC address does HSRP group 15 use?
A. 05:5e:ac:07:0c:0f B. c0:42:34:03:73:0f C. 00:00:0c:07:ac:0f D. 05:af:1c:0f:ac:15
Answer: C
Sample Question 116
Which definition describes JWT in regard to REST API security?
A. an encrypted JSON token that is used for authentication B. an encrypted JSON token that is used for authorization C. an encoded JSON token that is used to securely exchange information D. an encoded JSON token that is used for authentication
Answer: D Explanation: JWT: JSON Web Tokens are an open and standard (RFC 7519) way for you to represent your user's identity securely during a two-party interaction. That is to say, when two systems exchange data you can use a JSON Web Token to identify your user without having to send private credentials on every request.
Sample Question 117
An engineer is configuring Local WebAuth on a Cisco Wireless LAN Controller. According
to RFC 5737, WHICH VIRTUAL IP address must be used in this configuration?
A. 192.0.2.1 B. 172.20.10.1 C. 1.1.1.1 D. 192.168.0.1
Answer: A
Sample Question 118
Which NTP mode must be activated when using a Cisco router as an NTP authoritative
server?
A. primary B. server C. broadcast client D. peer
Answer: D
Sample Question 119
A system must validate access rights to all its resources and must not rely on a cached
permission matrix. If the access level to a given resource is revoked but is not reflected in
the permission matrix, the security is violated. Which term refers to this REST security
design principle?
A. economy of mechanism B. complete mediation C. separation of privilege D. least common mechanism
Answer: B Explanation: A system should validate access rights to all its resources to ensure that they are allowed and should not rely on the cached permission matrix. If the access level to a given resource is being revoked, but that is not being reflected in the permission matrix, it would be violating security. https://medium.com/strike-sh/rest-security-design-principles-434bd6ee57ea
Sample Question 120
Which protocol is responsible for data plane forwarding in a Cisco SD-Access deployment?
A. VXLAN B. IS-IS C. OSPF D. LISP
Answer: A
Sample Question 121
Which two results occur if Cisco DNA Center loses connectivity to devices in the SDAccess fabric? (Choose two)
A. Cisco DNA Center is unable to collect monitoring data in Assurance. B. All devices reload after detecting loss of connection to Cisco DNA Center. C. Already connected users are unaffected, but new users cannot connect D. Users lose connectivity. E. User connectivity is unaffected.
Answer: A,E
Sample Question 122
A Cisco DNA Center REST API sends a PUT to the /dna/intent/api/v1/network-device
endpoint A response code of 504 is received What does the code indicate?
A. The response timed out based on a configured interval B. The user does not have authorization to access this endpoint. C. The username and password are not correct D. The web server is not available
Answer: A
Sample Question 123
Which two security features are available when implementing NTP? (Choose two.)
A. symmetric server passwords B. dock offset authentication C. broadcast association mode D. encrypted authentication mechanism E. access list-based restriction scheme
Answer: D,E
Sample Question 124
Why is an AP joining a different WLC than the one specified through option 43?
A. The WLC is running a different software version. B. The API is joining a primed WLC C. The AP multicast traffic unable to reach the WLC through Layer 3. D. The APs broadcast traffic is unable to reach the WLC through Layer 2.
Answer: B
Sample Question 125
In a Cisco SD-WAN solution, how Is the health of a data plane tunnel monitored?
A. with IP SLA B. ARP probing C. using BFD D. with OMP
Answer: C
Sample Question 126
In a Cisco SD-Access solution, which protocol is used by an extended node to connect to asingle edge node?
A. The RIB is used to make IP source prefix-based switching decisions B. The FIB is where all IP routing information is stored C. The RIB maintains a mirror image of the FIB D. The FIB is populated based on RIB content
Answer: D
Explanation: CEF uses a Forwarding Information Base (FIB) to make IP destination prefixbased switching decisions. The FIB is conceptually similar to a routing table or information
base. It maintains a mirror image of the forwarding information contained in the IP routing
table. When routing or topology changes occur in the network, the IP routing table is
updated, and those changes are reflected in the FIB. The FIB maintains next-hop address
information based on the information in the IP routing table. Because there is a one-to-one
correlation between FIB entries and routing table entries, the FIB contains all known routes
and eliminates the need for route cache maintenance that is associated with earlier
switching paths such as fast switching and optimum
switching.
Note: In order to view the Routing information base (RIB) table, use the “show ip route”
command. To view the Forwarding Information Base (FIB), use the “show ip cef” command.
RIB is in Control plane while FIB is in Data plane.
Sample Question 128
Which method does Cisco DNA Center use to allow management of non-Cisco devicesthrough southbound protocols?
A. It creates device packs through the use of an SDK B. It uses an API call to interrogate the devices and register the returned data. C. It obtains MIBs from each vendor that details the APIs available. D. It imports available APIs for the non-Cisco device in a CSV format.
Answer: A
Explanation: Cisco DNA Center allows customers to manage their non-Cisco devices
through the use of a Software Development Kit (SDK) that can be used to create Device
If a client's radio device receives a signal strength of -67 dBm and the noise floor is -85
dBm, what is the SNR value?
A. 15 dB B. 16 dB C. 18 dB D. 20 dB
Answer: C
Sample Question 130
Which deployment option of Cisco NGFW provides scalability?
A. tap B. clustering C. inline tap D. high availability
Answer: B
Explanation:
Clustering lets you group multiple Firepower Threat Defense (FTD) units together as a
single logical device. Clustering is only supported for the FTD device on the Firepower
9300 and the Firepower 4100 series. A cluster provides all the convenience of a single
device (management, integration into a network) while achieving the increased throughput
and redundancy of multiple devices.}
Sample Question 131
How does the EIGRP metric differ from the OSPF metric?
A. The EIGRP metric is calculated based on bandwidth only. The OSPF metric iscalculated on delay only. B. The EIGRP metric is calculated based on delay only. The OSPF metric is calculated onbandwidth and delay. C. The EIGRP metric Is calculated based on bandwidth and delay. The OSPF metric iscalculated on bandwidth only. D. The EIGRP metric Is calculated based on hop count and bandwidth. The OSPF metric is calculated on bandwidth and delay.
Answer: C
Explanation:
By default, EIGRP metric is calculated:
metric = bandwidth + delay
While OSPF is calculated by:
OSPF metric = Reference bandwidth / Interface bandwidth in bps
(Or Cisco uses 100Mbps (108) bandwidth as reference bandwidth. With this bandwidth, our
equation would be:
Cost = 108/interface bandwidth in bps)
Sample Question 132
Which NGFW mode block flows crossing the firewall?
A. Passive B. Tap C. Inline tap D. Inline
Answer: D
Explanation:
Firepower Threat Defense (FTD) provides six interface modes which are: Routed,
Which technology uses network traffic telemetry, contextual information, and file reputationto provide insight into cyber threats?
A. threat defense B. security services C. security intelligence D. segmentation
Answer: C
Sample Question 135
In a Cisco SD-WAN solution, which two functions are performed by OMP? (Choose two.)
A. advertisement of network prefixes and their attributes B. configuration of control and data policies C. gathering of underlay infrastructure data D. delivery of crypto keys E. segmentation and differentiation of traffic
Answer: A,B
Explanation: OMP is the control protocol that is used to exchange routing, policy, and
management information between Cisco vSmart Controllers and Cisco IOS XE SD-WAN
devices in the overlay network. These devices automatically initiate OMP peering sessions
between themselves, and the two IP end points of the OMP session are the system IP
addresses of the two devices.
Sample Question 136
A customer transitions a wired environment to a Cisco SD-Access solution. The customerdoes not want to integrate the wireless network with the fabric. Which wireless deploymentapproach enables the two systems to coexist and meets the customer requirement?
A. Deploy the APs in autonomous mode B. Deploy the wireless network over the top of the fabric C. Deploy a separate network for the wireless environment D. Implement a Cisco DNA Center to manage the two networks
Answer: B
Sample Question 137
What is the function of cisco DNA center in a cisco SD-access deployment?
A. It is responsible for routing decisions inside the fabric B. It is responsible for the design, management, deployment, provisioning and assuranceof the fabric network devices. C. It possesses information about all endpoints, nodes and external networks related to thefabric D. It provides integration and automation for all nonfabric nodes and their fabriccounterparts.
Answer: B
Sample Question 138
What does a northbound API accomplish?
A. programmatic control of abstracted network resources through a centralized controller B. access to controlled network resources from a centralized node C. communication between SDN controllers and physical switches D. controlled access to switches from automated security applications
Answer: A
Sample Question 139
Which solution do laaS service providers use to extend a Layer 2 segment across a Layer3 network?
A. VLAN B. VTEP C. VXLAN D. VRF
Answer: C
Sample Question 140
Which solution do laaS service providers use to extend a Layer 2 segment across a Layer3 network?