300-410: Implementing Cisco Enterprise Advanced Routing and Services (ENARSI) Part 3
Question #: 121
Topic #: 1
Refer to the exhibit. Which control plane policy limits BGP traffic that is destined to the CPU to 1 Mbps and ignores BGP traffic that is sent at higher rate?
A. policy-map SHAPE_BGP
B. policy-map LIMIT_BGP
C. policy-map POLICE_BGP
D. policy-map COPP
Selected Answer: D
Question #: 122
Topic #: 1
Which statement about IPv6 RA Guard is true?
A. It does not offer protection in environments where IPv6 traffic is tunneled.
B. It cannot be configured on a switch port interface in the ingress direction.
C. Packets that are dropped by IPv6 RA Guard cannot be spanned.
D. It is not supported in hardware when TCAM is programmed.
Selected Answer: A
Question #: 123
Topic #: 1
An engineer must configure a Cisco router to initiate secure connections from the router to other devices in the network but kept failing.
Which two actions resolve the issue? (Choose two.)
A. Configure transport input ssh command on the console.
B. Configure a domain name.
C. Configure a crypto key to be generated.
D. Configure a source port for the SSH connection to initiate.
E. Configure a TACACS+ server and enable it.
Selected Answer: BC
Question #: 124
Topic #: 1
When configuring Control Plane Policing on a router to protect it from malicious traffic, an engineer observes that the configured routing protocols start flapping on that device.
Which action in the Control Plane Policy prevents this problem in a production environment while achieving the security objective?
A. Set the conform-action and exceed-action to transmit initially to test the ACLs and transmit rates and apply the Control Plane Policy in the output direction.
B. Set the conform-action and exceed-action to transmit initially to test the ACLs and transmit rates and apply the Control Plane Policy in the input direction.
C. Set the conform-action to transmit and exceed-action to drop to test the ACLs and transmit rates and apply the Control Plane Policy in the input direction.
D. Set the conform-action to transmit and exceed-action to drop to test the ACLs and transmit rates and apply the Control Plane Policy in the output direction.
Selected Answer: B
Question #: 125
Topic #: 1
In which two ways does the IPv6 First-Hop Security Binding Table operate? (Choose two.)
A. by IPv6 HSRP to make sure neighbors are authenticated before being used as gateways
B. by various IPv6 guard features to validate the data link layer address
C. by the recovery mechanism to recover the binding table in the event of a device reboot
D. by IPv6 routing protocols to securely build neighborships without the need of authentication
E. by storing hashed keys for IPsec tunnels for the built-in IPsec features
Selected Answer: BC
Question #: 126
Topic #: 1
Refer to the exhibit. The engineer configured and connected Router2 to Router1. The link came up but could not establish a Telnet connection to Router1 IPv6 address of 2001:DB8::1.
Which configuration allows Router2 to establish a Telnet connection to Router1?
A. ipv6 unicast-routing
B. permit ICMPv6 on access list INGRESS for Router2 to obtain IPv6 address
C. permit ip any any on access list EGRESS2 on Router1
D. IPv6 address on GigabitEthernet0/0
Selected Answer: B
Question #: 127
Topic #: 1
An engineer configured Reverse Path Forwarding on an interface and noticed that the routes are dropped when a route lookup fails on that interface for a prefix that is available in the routing table.
Which interface configuration resolves the issue?
A. ip verify unicast source reachable-via l2-src
B. ip verify unicast source reachable-via allow-default
C. ip verify unicast source reachable-via any
D. ip verify unicast source reachable-via rx
Selected Answer: C
Question #: 128
Topic #: 1
Refer to the exhibit. When monitoring an IPv6 access list, an engineer notices that the ACL does not have any hits and is causing unnecessary traffic through the interface
Which command must be configured to resolve the issue?
A. ip access-group INTERNET in
B. ipv6 traffic-filter INTERNET in
C. ipv6 access-class INTERNET in
D. access-class INTERNET in
Selected Answer: B
Question #: 129
Topic #: 1
Which configuration feature should be used to block rogue router advertisements instead of using the IPv6 Router Advertisement Guard feature?
A. VACL blocking broadcast frames from nonauthorized hosts
B. PVLANs with promiscuous ports associated to route advertisements and isolated ports for nodes
C. PVLANs with community ports associated to route advertisements and isolated ports for nodes
D. IPv4 ACL blocking route advertisements from nonauthorized hosts
Selected Answer: B
Question #: 130
Topic #: 1
Refer to the exhibit.
Which action resolves the failed authentication attempt to the router?
A. Configure aaa authorization console global command
B. Configure aaa authorization console command on line vty 0 4
C. Configure aaa authorization login command on line console 0
D. Configure aaa authorization login command on line vty 0 4
Selected Answer: A
Question #: 131
Topic #: 1
Refer to the exhibit. A network administrator logs into the router using TACACS+ username and password credentials, but the administrator cannot run any privileged commands.
Which action resolves the issue?
A. Configure the username from a local database
B. Configure TACACS+ synchronization with the Active Directory admin group
C. Configure an authorized IP address for this user to access this router
D. Configure full access for the username from TACACS+ server
Selected Answer: D
Question #: 132
Topic #: 1
Refer to the exhibit. AAA server 10.1.1.1 is configured with the default authentication and accounting settings, but the switch cannot communicate with the server.
Which action resolves this issue?
A. Correct the timeout value.
B. Match the authentication port.
C. Correct the shared secret.
D. Match the accounting port.
Selected Answer: B
Question #: 133
Topic #: 1
Refer to the exhibit. R1 is being monitored using SNMP and monitoring devices are getting only partial information.
What action should be taken to resolve this issue?
A. Modify the CoPP policy to increase the configured exceeded limit for SNMP.
B. Modify the access list to include snmptrap.
C. Modify the CoPP policy to increase the configured CIR limit for SNMP.
D. Modify the access list to add a second line to allow udp any any eq snmp.
Selected Answer: B
Question #: 134
Topic #: 1
Refer to the exhibit. A client is concerned that passwords are visible when running this show archive log config all.
Which router configuration is needed to resolve this issue?
A. MASS-RTR(config)#aaa authentication arap
B. MASS-RTR(config-archive-log-cfg)#password encryption aes
C. MASS-RTR(config)#service password-encryption
D. MASS-RTR(config-archive-log-cfg)#hidekeys
Selected Answer: D
Question #: 135
Topic #: 1
Refer to the exhibit. BGP is flapping after the CoPP policy is applied.
What are the two solutions to fix the issue? (Choose two.)
A. Configure a higher value for CIR under the Class COPP-CRITICAL-7600.
B. Configure a higher value for CIR under the default class to allow more packets during peak traffic.
C. Configure BGP in the COPP-CRITICAL-7600 ACL.
D. Configure IP CEF for CoPP policy and BGP to work.
E. Configure a three-color policer instead of two-color policer under Class COPP-CRITICAL-7600.
Selected Answer: BC
Question #: 136
Topic #: 1
What are two functions of IPv6 Source Guard? (Choose two.)
A. It works independent from IPv6 neighbor discovery.
B. It denies traffic from unknown sources or unallocated addresses.
C. It uses the populated binding table to allow legitimate traffic.
D. It denies traffic by inspecting neighbor discovery packets for specific patterns.
E. It blocks certain traffic by inspecting DHCP packets for specific sources.
Selected Answer: BC
Question #: 137
Topic #: 1
Refer to the exhibit. Which two actions restrict access to router R1 by SSH? (Choose two.)
A. Remove class-map ANY from service-policy CoPP.
B. Configure transport output ssh on line vty and remove sequence 20 from access list 100.
C. Configure transport input ssh on line vty and remove sequence 30 from access list 100.
D. Remove sequence 10 from access list 100 and add sequence 20 deny tcp any any eq telnet to access list 199.
E. Configure transport output ssh on line vty and remove sequence 10 from access list 199.
Selected Answer: AC
Question #: 138
Topic #: 1
Refer to the exhibit. Which action resolves intermittent connectivity observed with the SNMP trap rackets?
A. Decrease the committed burst size of the mgmt class map.
B. Increase the CIR of the mgmt class map.
C. Add one new entry in the ACL 120 to permit the UDP port 161.
D. Add a new class map to match TCP traffic.
Selected Answer: B
Question #: 139
Topic #: 1
DRAG DROP –
Refer to the exhibit. Drag and drop the credentials from the left onto the remote login information on the right to resolve a failed login attempt to vtys. Not all credentials are used.
Select and Place:
Suggestion Answer:
Question #: 140
Topic #: 1
Refer to the exhibit. A network administrator wants to block all traffic toward the Internet after business hours and on weekends. When the administrator applies an access list on interface Gi0/1, all traffic is blocked and there is no access to the Internet at any time.
Which action resolves the issue?
A. Add the permit ip any any time-range no-conn statement after the deny udp any any time-range no-conn command in the access list.
B. Add the permit ip any any statement after the deny icmp any any time-range no-conn command in the access list.
C. Add the permit allowed time-range no-conn statement after the deny icmp any any time-range no-conn command in the access list.
D. Add the permit ip any any time-range no-conn statement after the deny icmp any any time-range no-conn command in the access list.
Selected Answer: B
Question #: 141
Topic #: 1
Refer to the exhibit. An IPv6 network was newly deployed in the environment, and the help desk reports that R3 cannot SSH to the R2s Loopback interface.
Which action resolves the issue?
A. Modify line 10 of the access list to permit instead of deny.
B. Remove line 60 from the access list.
C. Modify line 30 of the access list to permit instead of deny.
D. Remove line 70 from the access list.
Selected Answer: C
Question #: 142
Topic #: 1
Refer to the exhibit. An IT staff member comes into the office during normal office hours and cannot access devices through SSH.
Which action should be taken to resolve this issue?
A. Modify the access list to use the correct IP address.
B. Configure the correct time range.
C. Modify the access list to correct the subnet mask.
D. Configure the access list in the outbound direction.
Selected Answer: A
Question #: 143
Topic #: 1
Refer to the exhibit.
A network administrator is trying to access a branch router using TACACS+ username and password credentials, but the administrator cannot log in to the router because the WAN connectivity is down. The branch router has following AAA configuration: aaa new-model aaa authorization commands 15 default group tacacs+ aaa accounting commands 1 default stop-only group tacacs+ aaa accounting commands 15 default stop-only group tacacs+ tacacs-server host 10.100.50.99 tacacs-server key Ci$co123
Which command will resolve this problem when WAN connectivity is down?
A. aaa authentication login console group tacacs+ enable
B. aaa authentication login default group tacacs+ local
C. aaa authentication login default group tacacs+ enable
D. aaa authentication login default group tacacs+ console
Selected Answer: B
Question #: 144
Topic #: 1
Refer to the exhibit.
An engineer is troubleshooting failed access by contractors to the business application server via Telnet or HTTP during the weekend.
Which configuration resolves the issue?
A. R1 no access-list 101 permit tcp 10.3.3.0 0.0.0.255 host 10.1.1.3 eq telnet time-range Contractor
B. R1 time-range Contractor no periodic weekdays 8:00 to 16:30 periodic daily 8:00 to 16:30
C. R4 time-range Contractor no periodic weekdays 17:00 to 23:59 periodic daily 8:00 to 16:30
D. R4 no access-list 101 permit tcp 10.3.3.0 0.0.0.255 host 10.1.1.3 eq telnet time-range Contractor
Selected Answer: B
Question #: 145
Topic #: 1
What are two characteristics of IPv6 Source Guard? (Choose two.)
A. requires the user to configure a static binding
B. used in service provider deployments to protect DDoS attacks
C. requires that validate prefix be enabled
D. requires IPv6 snooping on Layer 2 access or trunk ports
E. recovers missing binding table entries
Selected Answer: AD
Question #: 146
Topic #: 1
DRAG DROP –
Drag and drop the IPv6 first hop security device roles from the left onto the corresponding descriptions on the right.
Select and Place:
Suggestion Answer:
Question #: 147
Topic #: 1
The network administrator configured R1 for Control Plane Policing so that the inbound Telnet traffic is policed to 100 kbps. This policy must not apply to traffic coming in from 10.1.1.1/32 and 172.16.1.1/32. The administrator has configured this: access-list 101 permit tcp host 10.1.1.1 any eq 23 access-list 101 permit tcp host 172.16.1.1 any eq 23
!
class-map CoPP-TELNET
match access-group 101
!
policy-map PM-CoPP
class CoPP-TELNET
police 100000 conform transmit exceed drop
!
control-plane
service-policy input PM-CoPP
The network administrator is not getting the desired results.
Which set of configurations resolves this issue?
A. no access-list 101 access-list 101 deny tcp host 10.1.1.1 any eq 23 access-list 101 deny tcp host 172.16.1.1 any eq 23 access-list 101 permit ip any any
B. control-plane no service-policy input PM-CoPP ! interface Ethernet 0/0 service-policy input PM-CoPP
C. no access-list 101 access-list 101 deny tcp host 10.1.1.1 any eq 23 access-list 101 deny tcp host 172.16.1.1 any eq 23 access-list 101 permit ip any any ! Interface E 0/0 service-policy input PM-CoPP
D. control-plane no service-policy input PM-CoPP service-policy input PM-CoPP
Selected Answer: A
Question #: 148
Topic #: 1
Refer to the exhibit. A network administrator successfully logs in to a switch using SSH from a RADIUS server. When the network administrator uses a console port to access the switch, the RADIUS server returns shell:priv-lvl=15″ and the switch asks to enter the enable command. When the command is entered, it gets rejected.
Which command set is used to troubleshoot and resolve this issue?
A. line con 0 aaa authorization console privl5 ! line vty 0 4 authorization exec
B. line con 0 aaa authorization console ! line vty 0 4 authorization exec
C. line con 0 aaa authorization console authorization priv15 ! line vty 0 4 transport input ssh
D. line con 0 aaa authorization console authorization exec ! line vty 0 4 transport input ssh
Selected Answer: D
Question #: 149
Topic #: 1
Refer to the exhibit. An engineer is troubleshooting a TACACS problem.
Which action resolves the issue?
A. Configure a matching TACACS server IP.
B. Configure a matching preshared key.
C. Generate authentication from a relative source interface.
D. Apply a configured AAA profile to the VTY.
Selected Answer: B
Question #: 150
Topic #: 1
The network administrator configured CoPP so that all HTTP and HTTPS traffic from the administrator device located at 172.16 1.99 toward the router CPU is limited to 500 kbps. Any traffic that exceeds this limit must be dropped. access-list 100 permit ip host 172.16.1.99 any
!
class-map CM-ADMIN
match access-group 100
!
policy-map PM-COPP
class CM-ADMIN
police 500000 conform-action transmit
!
interface E0/0
service-policy input PM-COPP
CoPP failed to capture the desired traffic and the CPU load is getting higher.
Which two configurations resolve the issue? (Choose two.)
A. interface E0/0 no service-policy input PM-COPP ! control-plane service-policy input PM-COPP
B. policy-map PM-COPP class CM-ADMIN no police 500000 conform-action transmit police 500 conform-action transmit ! control-plane service-policy input PM-COPP
C. no access-list 100 access-list 100 permit tcp host 172.16.1.99 any eq 80
D. no access-list 100 access-list 100 permit tcp host 172.16.1.99 any eq 80 access-list 100 permit tcp host 172.16.1.99 any eq 443
E. policy-map PM-COPP class CM-ADMIN no police 500000 conform-action transmit police 500 conform-action transmit
Selected Answer: A
Question #: 151
Topic #: 1
Refer to the exhibit. While monitoring VTY access to a router, an engineer notices that the router does not have any filter and anyone can access the router with username and password even though an ACL is configured.
Which command resolves this issue?
A. access-class INTERNET in
B. ip access-group INTERNET in
C. ipv6 traffic-filter INTERNET in
D. ipv6 access-class INTERNET in
Selected Answer: D
Question #: 152
Topic #: 1
Refer to the exhibit. An engineer is trying to connect to R1 via Telnet with no success.
Which configuration resolves the issue?
A. tacacs server prod address ipv4 10.221.10.10 exit
B. ip route 10.221.10.10 255.255.255.255 ethernet 0/1
C. ip route 10.221.0.11 255.255.255.255 ethernet 0/1
D. tacacs server prod address ipv4 10.221.10.11 exit
Selected Answer: D
Question #: 153
Topic #: 1
An engineer is trying to copy an IOS file from one router to another router by using TFTP.
Which two actions are needed to allow the file to copy? (Choose two.)
A. Copy the file to the destination router with the copy tftp: flash: command
B. Enable the TFTP server on the source router with the tftp-server flash: command
C. TFTP is not supported in recent IOS versions, so an alternative method must be used
D. Configure a user on the source router with the username tftp password tftp command
E. Configure the TFTP authentication on the source router with the tftp-server authentication local command
Selected Answer: AB
Question #: 154
Topic #: 1
Refer to the exhibit. Users report that IP addresses cannot be acquired from the DHCP server. The DHCP server is configured as shown. About 300 total nonconcurrent users are using this DHCP server, but none of them are active for more than two hours per day.
Which action fixes the issue within the current resources?
A. Modify the subnet mask to the network 192.168.1.0 255.255.254.0 command in the DHCP pool
B. Configure the DHCP lease time to a smaller value
C. Configure the DHCP lease time to a bigger value
D. Add the network 192.168.2.0 255.255.255.0 command to the DHCP pool
Selected Answer: B
Question #: 155
Topic #: 1
Refer to the exhibit. ISP 1 and ISP 2 directly connect to the Internet. A customer is tracking both ISP links to achieve redundancy and cannot see the Cisco IOS IP
SLA tracking output on the router console.
Which command is missing from the IP SLA configuration?
A. Start-time 00:00
B. Start-time 0
C. Start-time immediately
D. Start-time now
Selected Answer: D
Question #: 156
Topic #: 1
Refer to the exhibit. An administrator noticed that after a change was made on R1, the timestamps on the system logs did not match the clock.
What is the reason for this error?
A. An authentication error with the NTP server results in an incorrect timestamp.
B. The keyword localtime is not defined on the timestamp service command.
C. The NTP server is in a different time zone.
D. The system clock is set incorrectly to summer-time hours.
Selected Answer: B
Question #: 157
Topic #: 1
DRAG DROP –
Drag and drop the DHCP messages from the left onto the correct uses on the right.
Select and Place:
Suggestion Answer:
Question #: 158
Topic #: 1
A network engineer is investigating a flapping (up/down) interface issue on a core switch that is synchronized to an NTP server. Log output currently does not show the time of the flap.
Which command allows the logging on the switch to show the time of the flap according to the clock on the device?
A. service timestamps log uptime
B. clock summer-time mst recurring 2 Sunday mar 2:00 1 Sunday nov 2:00
C. service timestamps log datetime localtime show-timezone
D. clock calendar-valid
Selected Answer: C
Question #: 159
Topic #: 1
When provisioning a device in Cisco DNA Center, the engineer sees the error message `Cannot select the device. Not compatible with template`.
What is the reason for the error?
A. The template has an incorrect configuration.
B. The software version of the template is different from the software version of the device.
C. The changes to the template were not committed.
D. The tag that was used to filter the templates does not match the device tag.
Selected Answer: D
Question #: 160
Topic #: 1
While working with software images, an engineer observes that Cisco DNA Center cannot upload its software image directly from the device.
Why is the image not uploading?
A. The device must be resynced to Cisco DNA Center.
B. The software image for the device is in install mode.
C. The device has lost connectivity to Cisco DNA Center.
D. The software image for the device is in bundle mode
Selected Answer: B
Question #: 161
Topic #: 1
An engineer configured the wrong default gateway for the Cisco DNA Center enterprise interface during the install.
Which command must the engineer run to correct the configuration?
A. sudo maglev-config update
B. sudo maglev install config update
C. sudo maglev reinstall
D. sudo update config install
Selected Answer: A
Question #: 162
Topic #: 1
DRAG DROP –
Drag and drop the SNMP attributes in Cisco IOS devices from the left onto the correct SNMPv2c or SNMPv3 categories on the right.
Select and Place:
Suggestion Answer:
Question #: 163
Topic #: 1
Refer to the exhibit. An administrator that is connected to the console does not see debug messages when remote users log in.
Which action ensures that debug messages are displayed for remote logins?
A. Enter the transport input ssh configuration command.
B. Enter the terminal monitor exec command.
C. Enter the logging console debugging configuration command.
D. Enter the aaa new-model configuration command.
Selected Answer: D
Question #: 164
Topic #: 1
Refer to the exhibit. Network operations cannot read or write any configuration on the device with this configuration from the operations subnet.
Which two configurations fix the issue? (Choose two.)
A. Configure SNMP rw permission in addition to community ciscotest.
B. Modify access list 1 and allow operations subnet in the access list.
C. Modify access list 1 and allow SNMP in the access list.
D. Configure SNMP rw permission in addition to version 1.
E. Configure SNMP rw permission in addition to community ciscotest 1.
Selected Answer: AB
Question #: 165
Topic #: 1
Refer to the exhibit. Why is the remote NetFlow server failing to receive the NetFlow data?
A. The flow exporter is configured but is not used.
B. The flow monitor is applied in the wrong direction.
C. The flow monitor is applied to the wrong interface.
D. The destination of the flow exporter is not reachable.
Selected Answer: A
Question #: 166
Topic #: 1
Refer to the exhibit. An engineer has successfully set up a floating static route from the BRANCH router to the HQ network using HQ_R1 as the primary default gateway. When the g0/0 goes down on HQ_R1, the branch network cannot reach the HQ network 192.168.20.0/24.
Which configuration resolves the issue?
A. HQ_R3(config)# ip sla responder HQ_R3(config)# ip sla responder icmp-echo 172.16.35.1
B. BRANCH(config)# ip sla 1 BRANCH(config-ip-sla)# icmp-echo 192.168.100.2
C. HQ_R3(config)# ip sla responder HQ_R3(config)# ip sla responder icmp-echo 172.16.35.5
D. BRANCH(config)# ip sla 1 BRANCH(config-ip-sla)# icmp-echo 192.168.100.1
Selected Answer: D
Question #: 167
Topic #: 1
An engineer configured a DHCP server for Cisco IP phones to download its configuration from a TFTP server, but the IP phones failed to load the configuration.
What must be configured to resolve the issue?
A. BOOTP port 67
B. DHCP option 66
C. BOOTP port 68
D. DHCP option 69
Selected Answer: B
Question #: 168
Topic #: 1
Refer to the exhibit. The remote server is failing to receive the NetFlow data.
Which action resolves the issue?
A. Modify the flow transport command transport udp 2055 to move under flow monitor profile.
B. Modify the interface command to ip flow monitor FLOW-MONITOR-1 input.
C. Modify the udp port under flow exporter profile to ip transport udp 4739.
D. Modify the flow record command record v4_r1 to move under flow exporter profile.
Selected Answer: B
Question #: 169
Topic #: 1
Refer to the exhibit. A network administrator configured NTP on a Cisco router to get synchronized time for system and logs from a unified time source. The configuration did not work as desired.
Which service must be enabled to resolve the issue?
A. Enter the service timestamps log datetime clock-period global command.
B. Enter the service timestamps log datetime synchronize global command.
C. Enter the service timestamps log datetime console global command.
D. Enter the service timestamps log datetime localtime global command.
Selected Answer: D
Question #: 170
Topic #: 1
Refer to the exhibits. An engineer filtered messages based on severity to minimize log messages. After applying the filter, the engineer noticed that it filtered required messages as well.
Which action must the engineer take to resolve the issue?
A. Configure syslog level 2.
B. Configure syslog level 3.
C. Configure syslog level 4.
D. Configure syslog level 5.
Selected Answer: D
Question #: 171
Topic #: 1
An engineer is troubleshooting on the console session of a router and turns on multiple debug commands. The console screen is filled with scrolling debug messages that none of the commands can be verified if entered correctly or display any output.
Which action allows the engineer to see entered console commands while still continuing the analysis of the debug messages?
A. Configure the term no mon command globally.
B. Configure the logging synchronous level all command.
C. Configure the logging synchronous command.
D. Configure the no logging console debugging command globally.
Selected Answer: C
Question #: 172
Topic #: 1
Refer to the exhibit. The DHCP client is unable to receive an IP address from the DHCP server. RouterB is configured as follows:
Which command is required on the fastethernet 0/0 interface of RouterB to resolve this issue?
A. RouterB(config-if)#ip helper-address 172.16.1.1
B. RouterB(config-if)#ip helper-address 255.255.255.255
C. RouterB(config-if)#ip helper-address 172.16.1.2
D. RouterB(config-if)#ip helper-address 172.31.1.1
Selected Answer: C
Question #: 173
Topic #: 1
Refer to the exhibit. A network administrator added one router in the Cisco DNA Center and checked its discovery and health from the Network Health Dashboard.
The network administrator observed that the router is still showing up as unmonitored.
What must be configured on the router to mount it in the Cisco DNA Center?
A. Configure router with SNMPv2c or SNMPv3 traps
B. Configure router with the telemetry data
C. Configure router with routing to reach Cisco DNA Center
D. Configure router with NetFlow data
Selected Answer: B
Question #: 174
Topic #: 1
Refer to the exhibit. NTP is configured across the network infrastructure and Cisco DNA Center. An NTP issue was reported on the Cisco DNA Center at 17:15.
Which action resolves the issue?
A. Reset the NTP server to resolve any synchronization issues for all devices
B. Check and resolve reachability between Cisco DNA Center and the NTP server
C. Check and resolve reachability between the WLC and the NTP server
D. Check and configure NTP on the WLC and synchronize with Cisco DNA Center
Selected Answer: C
Question #: 175
Topic #: 1
Refer to the exhibit. PC-2 failed to establish a Telnet connection to the terminal server.
Which configuration resolves the issue?
A. Gateway-Router(config)#ipv6 access-list Default_Access Gateway-Router(config-ipv6-acl)#sequence 25 permit tcp host 2018:DB1:A:B::2 host 2018:DB1:A:C::1 eq telnet
B. Gateway-Router(config)#ipv6 access-list Default_Access Gateway-Router(config-ipv6-acl)#no sequence 20 Gateway-Router(config-ipv6-acl)#sequence 5 permit tcp host 2018:DB1:A:B::2 host 2018:DB1:A:C::1 eq telnet
C. Gateway-Router(config)#ipv6 access-list Default_Access Gateway-Router(config-ipv6-acl)#permit tcp host 2018:DB1:A:B::2 host 2018:DB1:A:C::1 eq telnet
D. Gateway-Router(config)#ipv6 access-list Default_Access Gateway-Router(config-ipv6-acl)#sequence 15 permit tcp host 2018:DB1:A:B::2 host 2018:DB1:A:C::1 eq telnet
Selected Answer: D
Question #: 176
Topic #: 1
Refer to the exhibit. A network administrator enables DHCP snooping on the Cisco Catalyst 3750-X switch and configures the uplink port (Port-channel2) as a trusted port. Clients are not receiving an IP address, but when DHCP snooping is disabled, clients start receiving IP addresses.
Which global command resolves the issue?
A. ip dhcp relay information trust portchannel2
B. ip dhcp snooping
C. ip dhcp snooping trust
D. no ip dhcp snooping information option
Selected Answer: D
Question #: 177
Topic #: 1
A customer reports to the support desk that they cannot print from their PC to the local printer id:123456789.
Which tool must be used to diagnose the issue using Cisco DNA Center Assurance?
A. device trace
B. ACL trace
C. path trace
D. application trace
Selected Answer: C
Question #: 178
Topic #: 1
An engineer configured SNMP notifications sent to the management server using authentication and encrypting data with DES. An error in the response PDU is received as “UNKNOWNUSERNAME, WRONGDIGEST”.
Which action resolves the issue?
A. Configure the correct authentication password using SNMPv3 authNoPriv.
B. Configure correct authentication and privacy passwords using SNMPv3 authPriv.
C. Configure correct authentication and privacy passwords using SNMPv3 authNoPriv.
D. Configure the correct authentication password using SNMPv3 authPriv.
Selected Answer: B
Question #: 179
Topic #: 1
Refer to the exhibit. A network administrator is discovering a Cisco Catalyst 9300 and a Cisco WLC 3504 in Cisco DNA Center. The Catalyst 9300 is added successfully. However, the WLC is showing the error “uncontactable” when the administrator tries to add it in Cisco DNA Center.
Which action discovers WLC in Cisco DNA Center successfully?
A. Delete the WLC 3504 from Cisco DNA Center and add it to Cisco DNA Center again.
B. Add the WLC 3504 under the hierarchy of the Catalyst 9300 connected devices.
C. Copy the .cert file from the Cisco DNA Center on the USB and upload it to the WLC 3504.
D. Copy the .pem file from the Cisco DNA Center on the USB and upload it to the WLC 3504.
Selected Answer: D
Question #: 180
Topic #: 1
Refer to the exhibit. A user cannot SSH to the router.
What action must be taken to resolve this issue?
A. Configure transport input ssh
B. Configure transport output ssh
C. Configure ip ssh version 2
D. Configure ip ssh source-interface loopback0
Selected Answer: A
