350-401: Implementing Cisco Enterprise Network Core Technologies (ENCOR) Part 4
Question #: 211
Topic #: 1
How are the different versions of IGMP compatible?
A. IGMPv2 is compatible only with IGMPv2.
B. IGMPv3 is compatible only with IGMPv3.
C. IGMPv2 is compatible only with IGMPv1.
D. IGMPv3 is compatible only with IGMPv1
Selected Answer: C
Question #: 212
Topic #: 1
Which measurement is used from a post wireless survey to depict the cell edge of the access points?
A. SNR
B. Noise
C. RSSI
D. CCI
Selected Answer: C
Question #: 213
Topic #: 1
If a client’s radio device receives a signal strength of -67 dBm and the noise floor is -85 dBm, what is the SNR value?
A. 15 dB
B. 16 dB
C. 18 dB
D. 20 dB
Selected Answer: C
Question #: 214
Topic #: 1
Which AP mode allows an engineer to scan configured channels for rogue access points?
A. monitor
B. bridge
C. local
D. sniffer
Selected Answer: A
Question #: 215
Topic #: 1
Refer to the exhibit. While troubleshooting a routing issue, an engineer issues a ping from S1 to S2. Which two actions result from the initial value of the TTL?
(Choose two.)
A. The packet reaches R2, and the TTL expires.
B. R1 replies with a TTL exceeded message.
C. The packet reaches R3, and the TTL expires.
D. R2 replies with a TTL exceeded message.
E. R3 replies with a TTL exceeded message.
F. The packet reaches R1, and the TTL expires.
Selected Answer: CE
Question #: 216
Topic #: 1
What is the wireless Received Signal Strength Indicator?
A. the value given to the strength of the wireless signal received compared to the noise level
B. the value of how strong the wireless signal is leaving the antenna using transmit power, cable loss, and antenna gain
C. the value of how much wireless signal is lost over a defined amount of distance
D. the value of how strong a wireless signal is received, measured in dBm
Selected Answer: D
Question #: 217
Topic #: 1
Which two operational modes enable an AP to scan one or more wireless channels for rogue access points and at the same time provide wireless services to clients? (Choose two.)
A. monitor
B. rogue detector
C. FlexConnect
D. sniffer
E. local
Selected Answer: CE
Question #: 218
Topic #: 1
Refer to the exhibit. An engineer attempts to configure a trunk between switch SW1 and switch SW2 using DTP, but the trunk does not form. Which command should the engineer apply to switch SW2 to resolve this issue?
A. switchport nonegotiate
B. no switchport
C. switchport mode dynamic desirable
D. switchport mode access
Selected Answer: C
Question #: 219
Topic #: 1
An engineer is troubleshooting the AP join process using DNS. Which FQDN must be resolvable on the network for the access points to successfully register to the WLC?
A. wlchostname.domain.com
B. cisco-capwap-controller.domain.com
C. ap-manager.domain.com
D. primary-wlc.domain.com
Selected Answer: B
Question #: 220
Topic #: 1
Which new enhancement was implemented in Wi-Fi 6?
A. Uplink and Downlink Orthogonal Frequency Division Multiple Access
B. Channel bonding
C. Wi-Fi Protected Access 3
D. 4096 Quadrature Amplitude Modulation Mode
Selected Answer: A
Question #: 221
Topic #: 1
Which device makes the decision for a wireless client to roam?
A. wireless client
B. wireless LAN controller
C. access point
D. WCS location server
Selected Answer: A
Question #: 222
Topic #: 1
An engineer configures GigabitEthernet 0/1 for VRRP group 115. The router must assume the primary role when it has the highest priority in the group.
Which command set is required to complete this task?
interface GigabitEthernet0/1
ip address 10.10.10.2 255.255.255.0
vrrp 115 ip 10.10.10.1
vrrp 115 authentication 407441579
A. Router(config if)# vrrp 115 track 1 decrement 100 Router(config-if)# vrrp 115 preempt
B. Router(config-if)# vrrp 115 priority 100
C. Router(config-if)# vrrp 115 track 1 decrement 10 Router(config-if)# vrrp 115 preempt
D. Router(config-if)# standby 115 priority 100 Router(config-if)# standby 115 preempt
Selected Answer: C
Question #: 223
Topic #: 1
How is MSDP used to interconnect multiple PIM-SM domains?
A. MSDP allows a rendezvous point to dynamically discover active sources outside of its domain.
B. MSDP SA request messages are used to request a list of active sources for a specific group.
C. MSDP depends on BGP or multiprotocol BGP for interdomain operation.
D. MSDP messages are used to advertise active sources in a domain.
Selected Answer: A
Question #: 224
Topic #: 1
If the noise floor is -90 dBm and the wireless client is receiving a signal of גˆ’75 dBm, what is the SNR?
A. 15
B. 1.2
C. גˆ’165
D. .83
Selected Answer: A
Question #: 225
Topic #: 1
Refer to the exhibit.
The EtherChannel between SW2 and SW3 is not operational. Which action resolves this issue?
A. Configure the channel-group mode on SW3 Gi0/0 and Gi0/1 to active.
B. Configure the mode on SW2 Gi0/0 to trunk.
C. Configure the channel-group mode on SW2 Gi0/0 and Gi0/1 to on.
D. Configure the mode on SW2 Gi0/1 to access.
Selected Answer: B
Question #: 226
Topic #: 1
Refer to the exhibit.
Which action completes the configuration to achieve a dynamic continuous mapped NAT for all users?
A. Reconfigure the pool to use the 192.168.1.0 address range.
B. Configure a match-host type NAT pool.
C. Increase the NAT pool size to support 254 usable addresses.
D. Configure a one-to-one type NAT pool.
Selected Answer: B
Question #: 227
Topic #: 1
How does EIGRP differ from OSPF?
A. EIGRP is more prone to routing loops than OSPF.
B. EIGRP uses more CPU and memory than OSPF.
C. EIGRP has a full map of the topology, and OSPF only knows directly connected neighbors.
D. EIGRP supports equal or unequal path cost, and OSPF supports only equal path cost.
Selected Answer: D
Question #: 228
Topic #: 1
Which AP mode allows a supported AP to function like a WLAN client would, associating and identifying client connectivity issues?
A. client mode
B. SE-connect mode
C. sensor mode
D. sniffer mode
Selected Answer: C
Question #: 229
Topic #: 1
A client device roams between wireless LAN controllers that are mobility peers. Both controllers have dynamic interfaces on the same client VLAN. Which type of roam is described?
A. intra-VLAN
B. inter-controller
C. intra-controller
D. inter-subnet
Selected Answer: A
Question #: 230
Topic #: 1
Which component does Cisco Threat Defense use to measure bandwidth, application performance, and utilization?
A. TrustSec
B. Advanced Malware Protection for Endpoints
C. NetFlow
D. Cisco Umbrella
Selected Answer: C
Question #: 231
Topic #: 1
Which IP SLA operation requires the IP SLA responder to be configured on the remote end?
A. UDP jitter
B. ICMP jitter
C. TCP connect
D. ICMP echo
Selected Answer: A
Question #: 232
Topic #: 1
Refer to the exhibit. What does the error message relay to the administrator who is trying to configure a Cisco IOS device?
A. The device received a valid NETCONF request and serviced it without error.
B. The NETCONF running datastore is currently locked.
C. A NETCONF request was made for a data model that does not exist.
D. A NETCONF message with valid content based on the YANG data models was made, but the request failed.
Selected Answer: C
Question #: 233
Topic #: 1
Which three methods does Cisco DNA Center use to discover devices? (Choose three.)
A. CDP
B. SNMP
C. LLDP
D. ping
E. NETCONF
F. a specified range of IP addresses
Selected Answer: A
Question #: 234
Topic #: 1
Which statement about TLS is accurate when using RESTCONF to write configurations on network devices?
A. It is used for HTTP and HTTPS requests.
B. It requires certificates for authentication.
C. It is provided using NGINX acting as a proxy web server.
D. It is not supported on Cisco devices.
Selected Answer: C
Question #: 235
Topic #: 1
What do Cisco DNA southbound APIs provide?
A. interface between the controller and the consumer
B. RESTful API interface for orchestrator communication
C. interface between the controller and the network devices
D. NETCONF API interface for orchestrator communication
Selected Answer: C
Question #: 236
Topic #: 1
Which statement about an RSPAN session configuration is true?
A. Only one session can be configured at a time.
B. A special VLAN type must be used as the RSPAN destination.
C. A filter must be configured for RSPAN sessions.
D. Only incoming traffic can be monitored.
Selected Answer: B
Question #: 237
Topic #: 1
Which feature must be configured to allow packet capture over Layer 3 infrastructure?
A. RSPAN
B. ERSPAN
C. VSPAN
D. IPSPAN
Selected Answer: B
Question #: 238
Topic #: 1
Refer to the exhibit.
What is the result when a technician adds the monitor session 1 destination remote vlan 223 command?
A. The RSPAN VLAN is replaced by VLAN 223.
B. RSPAN traffic is sent to VLANs 222 and 223.
C. An error is flagged for configuring two destinations.
D. RSPAN traffic is split between VLANs 222 and 223.
Selected Answer: A
Question #: 239
Topic #: 1
Refer to the exhibit. An engineer configures monitoring on SW1 and enters the show command to verify operation. What does the output confirm?
A. RSPAN session 1 is incompletely configured for monitoring.
B. RSPAN session 1 monitors activity on VLAN 50 of a remote switch.
C. SPAN session 2 monitors all traffic entering and exiting port FastEthernet 0/15.
D. SPAN session 2 only monitors egress traffic exiting port FastEthernet 0/14.
Selected Answer: A
Question #: 240
Topic #: 1
A network is being migrated from IPv4 to IPv6 using a dual-stack approach. Network management is already 100% IPv6 enabled.
In a dual-stack network with two dual-stack NetFlow collectors, how many flow exporters are needed per network device in the flexible NetFlow configuration?
A. 1
B. 2
C. 4
D. 8
Selected Answer: B
Question #: 241
Topic #: 1
A network engineer is configuring Flexible NetFlow and enters these commands. sampler NetFlow1 mode random one-out-of 100 interface fastethernet 1/0 flow-sampler NetFlow1
What are two results of implementing this feature instead of traditional NetFlow? (Choose two.)
A. Only the flows of top 100 talkers are exported.
B. CPU and memory utilization are reduced.
C. The number of packets to be analyzed are reduced.
D. The data export flow is more secure.
E. The accuracy of the data to be analyzed is improved.
Selected Answer: BC
Question #: 242
Topic #: 1
Refer to the exhibit. An engineer must add the SNMP interface table to the NetFlow protocol flow records. Where should the SNMP table option be added?
A. under the interface
B. under the flow record
C. under the flow monitor
D. under the flow exporter
Selected Answer: D
Question #: 243
Topic #: 1
A network administrator is implementing a routing configuration change and enables routing debugs to track routing behavior during the change. The logging output on the terminal is interrupting the command typing process.
Which two actions can the network administrator take to minimize the possibility of typing commands incorrectly? (Choose two.)
A. Configure the logging synchronous global configuration command.
B. Configure the logging synchronous command under the vty.
C. Increase the number of lines on the screen using the terminal length command.
D. Configure the logging delimiter feature.
E. Press the TAB key to reprint the command in a new line.
Selected Answer: BE
Question #: 244
Topic #: 1
When using TLS for syslog, which configuration allows for secure and reliable transportation of messages to its default port?
A. logging host 10.2.3.4 vrf mgmt transport tcp port 514
B. logging host 10.2.3.4 vrf mgmt transport udp port 514
C. logging host 10.2.3.4 vrf mgmt transport tcp port 6514
D. logging host 10.2.3.4 vrf mgmt transport udp port 6514
Selected Answer: C
Question #: 245
Topic #: 1
Refer to this output.
R1# *Feb 14 37:09:53.129: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/1, changed state to up
What is the logging severity level?
A. notification
B. emergency
C. critical
D. alert
Selected Answer: A
Question #: 246
Topic #: 1
An engineer reviews a router’s logs and discovers the following entry. What is the event’s logging severity level?
Router# *Jan 01 38:24:04.401: %LINK-3-UPDOWN: Interface GigabitEthernet0/1, changed state to up
A. error
B. warning
C. informational
D. notification
Selected Answer: A
Question #: 247
Topic #: 1
Refer to the exhibit.
An engineer must configure a SPAN session.
What is the effect of the configuration?
A. Traffic received on VLANs 10, 11, and 12 is copied and sent to interface g0/1.
B. Traffic sent on VLANs 10 and 12 only is copied and sent to interface g0/1.
C. Traffic sent on VLANs 10, 11, and 12 is copied and sent to interface g0/1.
D. Traffic received on VLANs 10 and 12 only is copied and sent to interface g0/1.
Selected Answer: A
Question #: 248
Topic #: 1
Refer to the exhibit.
These commands have been added to the configuration of a switch.
Which command flags an error if it is added to this configuration?
A. monitor session 1 source interface port-channel 6
B. monitor session 1 source vlan 10
C. monitor session 1 source interface FastEthemet0/1 rx
D. monitor session 1 source interface port-channel 7, port-channel 8
Selected Answer: B
Question #: 249
Topic #: 1
Which method does Cisco DNA Center use to allow management of non-Cisco devices through southbound protocols?
A. It creates device packs through the use of an SDK.
B. It uses an API call to interrogate the devices and register the returned data.
C. It obtains MIBs from each vendor that details the APIs available.
D. It imports available APIs for the non-Cisco device in a CSV format.
Selected Answer: A
Question #: 250
Topic #: 1
Refer to the exhibit. Cisco DNA Center has obtained the username of the client and the multiple devices that the client is using on the network. How is Cisco DNA
Center getting these context details?
A. Those details are provided to Cisco DNA Center by the Identity Services Engine.
B. The administrator had to assign the username to the IP address manually in the user database tool on Cisco DNA Center.
C. Cisco DNA Center pulled those details directly from the edge node where the user connected.
D. User entered those details in the Assurance app available on iOS and Android devices.
Selected Answer: A
Question #: 251
Topic #: 1
Which command set configures RSPAN to capture outgoing traffic from VLAN 3 on interface GigabitEthernet 0/3 while ignoring other VLAN traffic on the same interface?
A. monitor session 2 source interface gigabitethernet0/3 rx monitor session 2 filter vlan 3
B. monitor session 2 source interface gigabitethernet0/3 rx monitor session 2 filter vlan 1 – 2, 4 – 4094
C. monitor session 2 source interface gigabitethernet0/3 tx monitor session 2 filter vlan 3
D. monitor session 2 source interface gigabitethernet0/3 tx monitor session 2 filter vlan 1- 2, 4 – 4094
Selected Answer: C
Question #: 252
Topic #: 1
Refer to the exhibit. What is required to configure a second export destination for IP address 192.168.10.1?
A. Specify a different UDP port.
B. Specify a different TCP port.
C. Configure a version 5 flow-export to the same destination.
D. Specify a different flow ID.
E. Specify a VRF.
Selected Answer: A
Question #: 253
Topic #: 1
Refer to the exhibit. After implementing the configuration, 172.20.20.2 stops replying to ICMP echos, but the default route fails to be removed. What is the reason for this behavior?
A. The threshold value is wrong.
B. The source-interface is configured incorrectly.
C. The destination must be 172.30.30.2 for icmp-echo.
D. The default route is missing the track feature.
Selected Answer: D
Question #: 254
Topic #: 1
Refer to the exhibit.
An engineer is troubleshooting a connectivity issue and executes a traceroute. What does the result confirm?
A. The destination port is unreachable.
B. The probe timed out.
C. The destination server reported it is too busy.
D. The protocol is unreachable.
Selected Answer: B
Question #: 255
Topic #: 1
Which Cisco DNA Center application is responsible for group-based access control permissions?
A. Provision
B. Design
C. Assurance
D. Policy
Selected Answer: D
Question #: 256
Topic #: 1
An engineer is concerned with the deployment of a new application that is sensitive to inter-packet delay variance. Which command configures the router to be the destination of jitter measurements?
A. Router(config)# ip sla responder udp-connect 172.29.139.134 5000
B. Router(config)# ip sla responder tcp-connect 172.29.139.134 5000
C. Router(config)# ip sla responder udp-echo 172.29.139.134 5000
D. Router(config)# ip sla responder tcp-echo 172.29.139.134 5000
Selected Answer: C
Question #: 257
Topic #: 1
Which NGFW mode blocks flows crossing the firewall?
A. tap
B. inline
C. passive
D. inline tap
Selected Answer: B
Question #: 258
Topic #: 1
How does Cisco TrustSec enable more flexible access controls for dynamic networking environments and data centers?
A. uses flexible NetFlow
B. assigns a VLAN to the endpoint
C. classifies traffic based on advanced application recognition
D. classifies traffic based on the contextual identity of the endpoint rather than its IP address
Selected Answer: D
Question #: 259
Topic #: 1
Which feature does Cisco TrustSec use to provide scalable, secure communication throughout a network?
A. security group tag ACL assigned to each port on a switch
B. security group tag number assigned to each user on a switch
C. security group tag number assigned to each port on a network
D. security group tag ACL assigned to each router on a network
Selected Answer: C
Question #: 260
Topic #: 1
Which technology provides a secure communication channel for all traffic at Layer 2 of the OSI model?
A. SSL
B. Cisco TrustSec
C. MACsec
D. IPsec
Selected Answer: C
Question #: 261
Topic #: 1
An engineer is configuring local web authentication on a WLAN. The engineer chooses the Authentication radio button under the Layer 3 Security options for Web
Policy.
Which device presents the web authentication for the WLAN?
A. ISE server
B. RADIUS server
C. anchor WLC
D. local WLC
Selected Answer: D
Question #: 262
Topic #: 1
Which method does the enable secret password option use to encrypt device passwords?
A. MD5
B. PAP
C. CHAP
D. AES
Selected Answer: A
Question #: 263
Topic #: 1
On which protocol or technology is the fabric data plane based in Cisco SD-Access fabric?
A. VXLAN
B. LISP
C. Cisco TrustSec
D. IS-IS
Selected Answer: A
Question #: 264
Topic #: 1
What is the difference between the enable password and the enable secret password when service password encryption is enabled on an IOS device?
A. The enable secret password is protected via stronger cryptography mechanisms.
B. The enable password cannot be decrypted.
C. The enable password is encrypted with a stronger encryption method.
D. There is no difference and both passwords are encrypted identically.
Selected Answer: A
Question #: 265
Topic #: 1
Which access control list allows only TCP traffic with a destination port range of 22-443, excluding port 80?
A. deny tcp any any eq 80 permit tcp any any gt 21 lt 444
B. permit tcp any any range 22 443 deny tcp any any eq 80
C. permit tcp any any eq 80
D. deny tcp any any eq 80 permit tcp any any range 22 443
Selected Answer: D
Question #: 266
Topic #: 1
A network administrator applies the following configuration to an IOS device: aaa new-model aaa authentication login default local group tacacs+
What is the process of password checks when a login attempt is made to the device?
A. A TACACS+ server is checked first. If that check fails, a local database is checked.
B. A TACACS+ server is checked first. If that check fails, a RADIUS server is checked. If that check fails, a local database is checked.
C. A local database is checked first. If that check fails, a TACACS+ server is checked. If that check fails, a RADIUS server is checked.
D. A local database is checked first. If that check fails, a TACACS+ server is checked.
Selected Answer: D
Question #: 267
Topic #: 1
Refer to the exhibit.
Assuming the WLC’s interfaces are not in the same subnet as the RADIUS server, which interface would the WLC use as the source for all RADIUS-related traffic?
A. the controller management interface
B. the controller virtual interface
C. the interface specified on the WLAN configuration
D. any interface configured on the WLC
Selected Answer: C
Question #: 268
Topic #: 1
Which component of the Cisco Cyber Threat Defense solution provides user and flow context analysis?
A. Cisco Firepower and FireSIGHT
B. Cisco Stealthwatch system
C. Advanced Malware Protection
D. Cisco Web Security Appliance
Selected Answer: B
Question #: 269
Topic #: 1
An engineer must protect their company against ransomware attacks.
Which solution allows the engineer to block the execution stage and prevent file encryption?
A. Use Cisco Firepower and block traffic to TOR networks.
B. Use Cisco AMP deployment with the Malicious Activity Protection engine enabled.
C. Use Cisco Firepower with Intrusion Policy and snort rules blocking SMB exploitation.
D. Use Cisco AMP deployment with the Exploit Prevention engine enabled.
Selected Answer: B
Question #: 270
Topic #: 1
Refer to the exhibit.
An engineer must deny Telnet traffic from the loopback interface of router R3 to the loopback interface of router R2 during the weekend hours. All other traffic between the loopback interfaces of routers R3 and R2 must be allowed at all times.
Which command set accomplishes this task?
A. R3(config)#time-range WEEKEND R3(config-time-range)#periodic Saturday Sunday 00:00 to 23:59 R3(config)#access-list 150 deny tcp host 10.3.3.3 host 10.2.2.2 eq 23 time-range WEEKEND R3(config)#access-list 150 permit ip any any time-range WEEKEND R3(config)#interface G0/1 R3(config-if)#ip access-group 150 out
B. R1(config)#time-range WEEKEND R1(config-time-range)#periodic weekend 00:00 to 23:59 R1(config)#access-list 150 deny tcp host 10.3.3.3 host 10.2.2.2 eq 23 time-range WEEKEND R1(config)#access-list 150 permit ip any any R1(config)#interface G0/1 R1(config-if)#ip access-group 150 in
C. R3(config)#time-range WEEKEND R3(config-time-range)#periodic weekend 00:00 to 23:59 R3(config)#access-list 150 permit tcp host 10.3.3.3 host 10.2.2.2 eq 23 time-range WEEKEND R3(config)#access-list 150 permit ip any any time-range WEEKEND R3(config)#interface G0/1 R3(config-if)#ip access-group 150 out
D. R1(config)#time-range WEEKEND R1(config-time-range)#periodic Friday Sunday 00:00 to 00:00 R1(config)#access-list 150 deny tcp host 10.3.3.3 host 10.2.2.2 eq 23 time-range WEEKEND R1(config)#access-list 150 permit ip any any R1(config)#interface G0/1 R1(config-if)#ip access-group 150 in
Selected Answer: A
Question #: 271
Topic #: 1
Refer to the exhibit. PC-1 must access the web server on port 8080. To allow this traffic, which statement must be added to an access control list that is applied on
SW2 port G0/0 in the inbound direction?
A. permit tcp host 172.16.0.2 host 192.168.0.5 eq 8080
B. permit tcp host 192.168.0.5 host 172.16.0.2 eq 8080
C. permit tcp host 192.168.0.5 eq 8080 host 172.16.0.2
D. permit tcp host 192.168.0.5 lt 8080 host 172.16.0.2
Selected Answer: C
Question #: 272
Topic #: 1
What is the result of applying this access control list?
ip access-list extended STATEFUL
10 permit tcp any any established
20 deny ip any any
A. TCP traffic with the URG bit set is allowed.
B. TCP traffic with the SYN bit set is allowed.
C. TCP traffic with the ACK bit set is allowed.
D. TCP traffic with the DF bit set is allowed.
Selected Answer: C
Question #: 273
Topic #: 1
Which outbound access list, applied to the WAN interface of a router, permits all traffic except for http traffic sourced from the workstation with IP address
10.10.10.1?
A. ip access-list extended 200 deny tcp host 10.10.10.1 eq 80 any permit ip any any
B. ip access-list extended 10 deny tcp host 10.10.10.1 any eq 80 permit ip any any
C. ip access-list extended NO_HTTP deny tcp host 10.10.10.1 any eq 80
D. ip access-list extended 100 deny tcp host 10.10.10.1 any eq 80 permit ip any any
Selected Answer: D
Question #: 274
Topic #: 1
Refer to the exhibit. An engineer must create a configuration that executes the show run command and then terminates the session when user CCNP logs in.
Which configuration change is required?
A. Add the access-class keyword to the username command.
B. Add the autocommand keyword to the aaa authentication command.
C. Add the access-class keyword to the aaa authentication command.
D. Add the autocommand keyword to the username command.
Selected Answer: D
Question #: 275
Topic #: 1
Refer to the exhibit. An engineer configures CoPP and enters the show command to verify the implementation. What is the result of the configuration?
A. All traffic will be policed based on access-list 120.
B. If traffic exceeds the specified rate, it will be transmitted and remarked.
C. Class-default traffic will be dropped.
D. ICMP will be denied based on this configuration.
Selected Answer: A
Question #: 276
Topic #: 1
DRAG DROP –
Drag and drop the threat defense solutions from the left onto their descriptions on the right.
Select and Place:
Suggestion Answer:
Question #: 277
Topic #: 1
Refer to the exhibit.
What is the effect of this configuration?
A. The device will allow users at 192.168.0.202 to connect to vty lines 0 through 4 using the password ciscotestkey.
B. The device will authenticate all users connecting to vty lines 0 through 4 against TACACS+.
C. The device will allow only users at 192.168.0.202 to connect to vty lines 0 through 4.
D. When users attempt to connect to vty lines 0 through 4, the device will authenticate them against TACACS+ if local authentication fails.
Selected Answer: B
Question #: 278
Topic #: 1
Which deployment option of Cisco NGFW provides scalability?
A. inline tap
B. high availability
C. clustering
D. tap
Selected Answer: C
Question #: 279
Topic #: 1
DRAG DROP –
Drag and drop the REST API authentication methods from the left onto their descriptions on the right.
Select and Place:
Suggestion Answer:
Question #: 280
Topic #: 1
In a Cisco SD-Access solution, what is the role of the Identity Services Engine?
A. It is leveraged for dynamic endpoint to group mapping and policy definition.
B. It provides GUI management and abstraction via apps that share context.
C. It is used to analyze endpoint to app flows and monitor fabric status.
D. It manages the LISP EID database.
Selected Answer: A
