350-401: Implementing Cisco Enterprise Network Core Technologies (ENCOR) Part 9
Question #: 561
Topic #: 1
What is one main REST security design principle?
A. separation of privilege
B. password hashing
C. confidential algorithms
D. OAuth
Selected Answer: A
Question #: 562
Topic #: 1
Refer to the exhibit. R1 has a BGP neighborship with a directly connected router on interface Gi0/0. Which command set is applied between the iterations of show ip bgp 2.2.2.2?
A. R1(config)#no ip route 192.168.50.2 255.255.255.255 Gi0/0
B. R1(config)#ip route 2.2.2.2 255.255.255.255 192.168.50.2
C. R1(config)#router bgp 65002 R1(config-router)#neighbor 192.168.50.2 shutdown
D. R1(config)#router bgp 65001 R1(config-router)#neighbor 192.168.50.2 shutdown
Selected Answer: B
Question #: 563
Topic #: 1
After a redundant route processor failure occurs on a Layer 3 device, which mechanism allows for packets to be forwarded from a neighboring router based on the most recent tables?
A. BFD
B. RP failover
C. NSF
D. RPVST+
Selected Answer: C
Question #: 564
Topic #: 1
By default, which virtual MAC address does HSRP group 15 use?
A. c0:42:31:98:86:0f
B. 05:af:1c:0f:ac:15
C. 00:00:0c:07:ac:0f
D. 05:5e:ac:07:0c:0f
Selected Answer: C
Question #: 565
Topic #: 1
An engineer must provide wireless coverage in a square office. The engineer has only one AP and believes that it should be placed it in the middle of the room.
Which antenna type should the engineer use?
A. directional
B. polarized
C. omnidirectional
D. Yagi
Selected Answer: C
Question #: 566
Topic #: 1
Which technology reduces the implementation of STP and leverages both unicast and multicast?
A. VLAN
B. VPC
C. VXLAN
D. VSS
Selected Answer: C
Question #: 567
Topic #: 1
A customer has recently implemented a new wireless infrastructure using WLC-5520s at a site directly next to a large commercial airport. Users report that they intermittently lose Wi-Fi connectivity, and troubleshooting reveals it is due to frequent channel changes. Which two actions fix this issue? (Choose two.)
A. Enable DFS channels because they are immune to radar interference.
B. Restore the DCA default settings because this automatically avoids channel interference.
C. Remove UNII-2 and Extended UNII-2 channels from the 5 Ghz channel list.
D. Disable DFS channels to prevent interference with Doppler radar.
E. Configure channels on the UNII-2 and the Extended UNII-2 sub-bands of the 5 Ghz band only.
Selected Answer: CD
Question #: 568
Topic #: 1
Refer to the exhibit.
Which GRE tunnel configuration command is missing on R2?
A. tunnel source 172.16.1.0
B. tunnel source 200.1.1.1
C. tunnel destination 200.1.1.1
D. tunnel source 192.168.1.2
Selected Answer: B
Question #: 569
Topic #: 1
The Gig0/0 interface of two routers is directly connected with a 1G Ethernet link. Which configuration must be applied to the interface of both routers to establish an OSPF adjacency without maintaining a DR/BDR relationship?
A. interface Gig0/0 ip ospf network non-broadcast
B. interface Gig0/0 ip ospf network point-to-multipoint
C. interface Gig0/0 ip ospf network point-to-point
D. interface Gig0/0 ip ospf network broadcast
Selected Answer: C
Question #: 570
Topic #: 1
Refer to the exhibit.
An engineer configures VRRP and issues the show commands to verify operation. What does the engineer confirm about VRRP group 1 from the output?
A. Communication between VRRP members is encrypted using MD5.
B. There is no route to 10.10.1.1/32 in R2’s routing table.
C. R1 is primary if 10.10.1.1/32 is in its routing table.
D. If R1 reboots, R2 becomes the primary virtual router until R2 reboots.
Selected Answer: C
Question #: 571
Topic #: 1
DRAG DROP –
Drag and drop the Cisco SD-Access solution areas from the left onto the protocols they use on the right.
Select and Place:
Suggestion Answer:
Question #: 572
Topic #: 1
DRAG DROP –
Drag and drop the characteristics from the left onto the routing protocols they describe on the right.
Select and Place:
Suggestion Answer:
Question #: 573
Topic #: 1
DRAG DROP –
An engineer is working with the Cisco DNA Center API. Drag and drop the methods from the left onto the actions that they are used for on the right.
Select and Place:
Suggestion Answer:
Question #: 574
Topic #: 1
DRAG DROP –
Drag and drop the characteristics from the left onto the QoS components they describe on the right.
Select and Place:
Suggestion Answer:
Question #: 575
Topic #: 1
Refer to the exhibit. An administrator troubleshoots intermittent connectivity from internal hosts to an external public server. Some internal hosts can connect to the server while others receive an ICMP Host Unreachable message, and these hosts change over time. What is the cause of this issue?
A. The NAT ACL and NAT pool share the same name.
B. The translation does not use address overloading.
C. The NAT ACL does not match all internal hosts.
D. The NAT pool netmask is excessively wide.
Selected Answer: B
Question #: 576
Topic #: 1
What is the function of the LISP map resolver?
A. to connect a site to the LISP-capable part of a core network publish the EID-to-RLOC mappings for the site, and respond to map-request messages
B. to advertise routable non-LISP traffic from one address family to LISP sites in a different address family
C. to send traffic to non-LISP sites when connected to a service provider that does not accept nonroutable EIDs as packet sources
D. to decapsulate map-request messages from ITRs and forward the messages to the MS
Selected Answer: D
Question #: 577
Topic #: 1
Refer to the exhibit. An attacker can advertise OSPF fake routes from 172.16.20.0 network to the OSPF domain and black hole traffic. Which action must be taken to avoid this attack and still be able to advertise this subnet into OSPF?
A. Configure 172.16.20.0 as a stub network.
B. Configure graceful restart on the 172.16.20.0 interface.
C. Configure a passive interface on R2 toward 172.16.20.0.
D. Apply a policy to filter OSPF packets on R2.
Selected Answer: C
Question #: 578
Topic #: 1
Refer to the exhibit. What is the result when a switch that is running PVST+ is added to this network?
A. Both switches operate in the PVST+ mode.
B. Spanning tree is disabled automatically on the network.
C. Both switches operate in the Rapid PVST+ mode.
D. DSW2 operates in Rapid PVST + and the new switch operates in PVST+.
Selected Answer: D
Question #: 579
Topic #: 1
Which protocol is responsible for data plane forwarding in a Cisco SD-Access deployment?
A. IS-IS
B. OSPF
C. VXLAN
D. LISP
Selected Answer: C
Question #: 580
Topic #: 1
Refer to the exhibit. Which Python code parses the response and prints “18:32:21.474 UTC Sun Mar 10 2019”?
A. print(response[‘result’][0](‘simple_time’])
B. print(response[‘result’][‘body’]( ‘simple_time’])
C. print(response[‘body’][‘simple_time’])
D. print(response[‘jsonrpc’][‘body’][ ‘simple_time’])
Selected Answer: B
Question #: 581
Topic #: 1
Refer to the exhibit. An engineer configures the trunk and proceeds to configure an ESPAN session to monitor VLANs 10, 20, and 30. Which command must be added to complete this configuration?
A. Device(config-mon-erspan-src-dst)# no vrf 1
B. Device(config-mon-erspan-src)# no filter vlan 30
C. Device(config-mon-erspan-src-dst)# mtu 1460
D. Device(config-mon-erspan-src-dst}# erspan-id 6
Selected Answer: B
Question #: 582
Topic #: 1
An administrator is configuring NETCONF using the following XML string. What must the administrator end the request with?
A. ]]>]]>
B.
C.
D.
Selected Answer: A
Question #: 583
Topic #: 1
Which Python snippet should be used to store the devices data structure in a JSON file?
A.
B.
C.
D.
Selected Answer: A
Question #: 584
Topic #: 1
A large campus network has deployed two wireless LAN controllers to manage the wireless network WLC1 and WLC2 have been configured as mobility peers. A client device roams from AP1 on WLC1 to AP2 on WLC2, but the controller’s client interfaces are on different VLANs. How do the wireless LAN controllers handle the inter-subnet roaming?
A. WLC1 marks the client with an anchor entry in its own database. The database entry is copied to the new controller and marked with a foreign entry on WLC2.
B. WLC2 marks the client with an anchor entry in its own database. The database entry is copied to the new controller and marked with a foreign entry on WLC1.
C. WLC1 marks the client with a foreign entry in its own database. The database entry is copied to the new controller and marked with an anchor entry on WLC2.
D. WLC2 marks the client with a foreign entry in its own database. The database entry is copied to the new controller and marked with an anchor entry on WLC1.
Selected Answer: A
Question #: 585
Topic #: 1
By default, which virtual MAC address does HSRP group 25 use?
A. 04:30:83:88:4c:19
B. 00:00:0c:07:ac:25
C. 05:5c:5e:ac:0c:25
D. 00:00:0c:07:ac:19
Selected Answer: D
Question #: 586
Topic #: 1
In a Cisco Catalyst switch equipped with two supervisor modules an administrator must temporarily remove the active supervisor from the chassis to perform hardware maintenance on it. Which mechanism ensures that the active supervisor removal is not disruptive to the network operation?
A. VRRP
B. HSRP
C. NSF/NSR
D. SSO
Selected Answer: D
Question #: 587
Topic #: 1
DRAG DROP –
Drag and drop the snippets onto the blanks within the code to create an EEM script that adds an entry to a locally stored text file with a timestamp when a configuration change is made. Not all options are used.
Suggestion Answer:
Question #: 588
Topic #: 1
Which function does a fabric AP perform in a Cisco SD-Access deployment?
A. It updates wireless clients’ locations in the fabric.
B. It connects wireless clients to the fabric.
C. It manages wireless clients’ membership information in the fabric.
D. It configures security policies down to wireless clients in the fabric.
Selected Answer: B
Question #: 589
Topic #: 1
Refer to the exhibit. What is the effect of introducing the sampler feature into the Flexible NetFlow configuration on the router?
A. NetFlow updates to the collector are sent 50% less frequently.
B. Every second IPv4 packet is forwarded to the collector for inspection.
C. CPU and memory utilization are reduced when compared with what is required for full NetFlow.
D. The resolution of sampling data increases, but it requires more performance from the router.
Selected Answer: C
Question #: 590
Topic #: 1
DRAG DROP
–
Drag and drop the snippets onto the blanks within the code to construct a script that configures a loopback interface with an IP address. Not all options are used.
Suggestion Answer:
Question #: 591
Topic #: 1
A.
B.
C.
D.
Selected Answer: C
Question #: 592
Topic #: 1
Refer to the exhibit. An engineer has configured an IP SLA for UDP echos. Which command is needed to start the IP SLA to lest every 30 seconds and continue until stopped?
A. ip sla schedule 100 life forever
B. ip sla schedule 30 start-time now life forever
C. ip sla schedule 100 start-time now life 30
D. ip sla schedule 100 start-time now life forever
Selected Answer: D
Question #: 593
Topic #: 1
What is the calculation that is used to measure the radiated power of a signal after it has gone through the radio, antenna cable, and antenna?
A. mW
B. ERIP
C. dBm
D. dBi
Selected Answer: B
Question #: 594
Topic #: 1
Which Quality of Service (QoS) mechanism is used to identify traffic flow and to use DSCP, IP Precedence values, and MPLS EXP bits to create different priority levels?
A. Policing
B. Marking
C. Queueing
D. Classification
Selected Answer: D
Question #: 595
Topic #: 1
What are two valid modes that Cisco Express Forwarding can operate in? (Choose two.)
A. Central CEF mode
B. Dense CEF mode
C. Sparse CEF mode
D. Distributed CEF mode
E. Routed CEF mode
Selected Answer: AD
Question #: 596
Topic #: 1
You need to weigh the pros and cons of deploying a premise-based data center versus using a cloud-based data center deployment. What is an advantage of using a premise-based solution? (Choose two.)
A. Lower application latency for end users
B. Easily scalable
C. Lower capital costs
D. Reduced deployment times
E. Increased control over the environment
Selected Answer: AE
Question #: 597
Topic #: 1
Which Quality of Service (QoS) mechanism allows for the creation of multiple levels of QoS policy, providing a more granular degree of traffic management?
A. Policing
B. H-QoS
C. Congestion avoidance
D. Dual Policy
Selected Answer: B
Question #: 598
Topic #: 1
Which Quality of Service (QoS) mechanism allows the network administrator to control the maximum rate of traffic received or sent on a given interface?
A. Policing
B. Marking
C. Queueing
D. Classification
Selected Answer: A
Question #: 599
Topic #: 1
Refer to the following two images regarding QoS Traffic Shaping and Traffic Policing:
Image A:
Image B:
Based on the images, which of the following are true? (Choose two.)
A. Image A depicts the result of Traffic Shaping
B. Image A depicts the result of Traffic Policing
C. Image B depicts the result of Traffic Shaping
D. Image B depicts the result of Traffic Policing
Selected Answer: BC
Question #: 600
Topic #: 1
In a Cisco SD-Access fabric architecture, which of the following are valid device roles (Choose three.)
A. Control Plane Node
B. Access routing device
C. Edge Node
D. Border Node
E. Distributed Node
Selected Answer: ACD
Question #: 601
Topic #: 1
Which of the following are valid statements when configuring Nonstop Forwarding (NSF) with Stateful Switchover (SSO) on a Cisco device? (Choose two.)
A. supports multicast routing protocols
B. Supports IPv4 and IPv6
C. Nonstop Forwarding requires SSO to also be configured
D. HSRP is not supported with NSF/SSO
E. Improper implementation of NSF/SSO can result in routing loops
Selected Answer: CD
Question #: 602
Topic #: 1
In a Cisco SD-Access wireless network, which device is used as an entry and exit point in and out of the fabric?
A. fabric edge node
B. control plane node
C. fabric border node
D. fabric access points
Selected Answer: C
Question #: 603
Topic #: 1
The Overlay Management Protocol (OMP) is used as the control plane protocol and forms peers between the VSmart Controller and the SD-WAN edge devices. OMP is responsible for advertising which three types of routes in the SD-WAN network? (Choose three.)
A. OMP routes
B. TLOCs
C. MP-BGP
D. LISP routes
E. Service routes
Selected Answer: ABE
Question #: 604
Topic #: 1
Which of the following are the three components of the three-tier hierarchical networking model used in the classical Cisco networks design? (Choose three.)
A. Distribution
B. Core
D. Access
E. Leaf
F. Spine
Selected Answer: ABD
Question #: 605
Topic #: 1
Which of the following are the two components of the two-tier modern data center design? (Choose two.)
A. Distribution
B. Core
D. Access
E. Leaf
F. Spine
Selected Answer: EF
Question #: 606
Topic #: 1
In a Cisco SD-WAN network, which VPN Identifier is reserved for carrying out-of-band network management traffic?
A. VPN 0
B. VPN 1
C. VPN 512
D. VPN 514
Selected Answer: C
Question #: 607
Topic #: 1
In a Cisco SD-WAN network, which VPN Identifier is reserved as the transport VPN, carrying control traffic?
A. VPN 0
B. VPN 1
C. VPN 512
D. VPN 514
Selected Answer: A
Question #: 608
Topic #: 1
Which Cisco SD-WAN component acts as a single pane of glass for management and offers centralized fault, performance, accounting, and configuration management?
A. vBond
B. vEdge
C. vSmart
D. vManage
Selected Answer: D
Question #: 609
Topic #: 1
You need to implement a First Hop Redundancy Protocol (FHRP) in a dual stack (IPv4 and IPV6) environment that utilizes devices from multiple different vendors. Which protocol best meets these needs?
A. HSRP
B. GLBP
C. VRRPv1
D. VRRPv2
Selected Answer: D
Question #: 610
Topic #: 1
A wireless client roams from one Access Point to another Access Point using a different switch in a Cisco SD-Access network. If only a single Wireless Lan Controller in involved, what roaming methods is being used?
A. L3 roaming
B. inter-xTR
C. auto anchor
D. bridged roaming
Selected Answer: B
Question #: 611
Topic #: 1
In a Cisco SD-Access network where VXLAN is used for encapsulating data packets, what is the minimum MTU setting that devices should be configured with?
A. 1492
B. 1500
C. 1518
D. 1550
Selected Answer: D
Question #: 612
Topic #: 1
Which Cisco Locator/ID Separation Protocol (LISP) device receives packets from remote site facing devices and either decapsulates the LISP packets or routes them natively?
A. ITR
B. ETR
C. MS
D. MR
Selected Answer: B
Question #: 613
Topic #: 1
Which of the following statements regarding the use of Bidirectional Forwarding Detection (BFD) in a Cisco SD-WAN environment are true?
A. BFD cannot be disabled on SD-WAN routers.
B. OSPFv3 is not supported with BFD.
C. In addition to link failure detection, it is also used to measure loss and latency used by application aware routing.
D. Is not typically enabled for OMP.
E. Does not support BGP.
Selected Answer: AC
Question #: 614
Topic #: 1
Which of the following statements are true regarding the Link Management Protocol (LMP) when used in the Cisco Stackwise virtual link? (Choose two.)
A. It determines the switch priority.
B. It negotiates the version of the virtual header
C. It verifies link integrity via bidirectional forwarding
D. It performs auto discovery of other active Stackwise switches
Selected Answer: BC
Question #: 615
Topic #: 1
You have configured router R1 with multiple VRF’s in order to support multiple customer VPN networks. If you wanted to see the best path for the 10.2.1.0.24 route in VRF Green, what command would you use?
A. show ip route vrf Green 10.2.1.0
B. show ip route 10.2.1.0 vrf Green
C. show route all 10.2.1.0
D. show ip route 10.2.1.0 Green
Selected Answer: A
Question #: 616
Topic #: 1
Which of the following are benefits from implementing the use of VXLAN’s in a network? (Choose two)
A. Increased scalability since VXLAN extends the IF field to 24 bits, providing up to 16 million unique ID values.
B. Makes the implementation of Spanning Tree more efficient.
C. Can be used to replace layer 3 routing protocols and increase routing efficiency at layer 2.
D. Supports Equal Cost Multi-pathing (ECMP) so that load balancing over multiple links can be used.
Selected Answer: AD
Question #: 617
Topic #: 1
Which component of TCP defines the maximum packet size that a host interface is able to accept on ingress?
A. MTU
B. PATH MTU
C. Window size
D. MRU
Selected Answer: D
Question #: 618
Topic #: 1
Which of the following are examples of Type 2 hypervisors? (Choose three.)
A. VMware ESXi
B. Oracle VirtualBox
C. Oracle Solaris Zones
D. Microsoft Hyper-V
E. Microsoft Virtual PC
Selected Answer: BCE
Question #: 619
Topic #: 1
EIRP (Effective Isotropic Radiated Power) is the actual amount of signal leaving the antenna. It is a measurement value in db and is based on which three components? (Choose three.)
A. Transmit Power
B. RSSI
C. Cable Loss
D. Antenna Gain
E. SNR
Selected Answer: ACD
Question #: 620
Topic #: 1
A switch is attached to router R1 on its gig 0/0 interface. Fort security reasons, you want to prevent R1 from sending OSPF hellos to the switch. Which command should be enabled to accomplish this?
A. R1(config-router)#ip ospf hello disable
B. R1(config-router)#ip ospf hello-interval 0
C. R1(config)#passive-interface Gig 0/0
D. R1(config-router)#passive-interface Gig 0/0
Selected Answer: D
Question #: 621
Topic #: 1
What are some of the key differences between HSRPv1 and HSRPv2? (Choose two.)
A. HSRPv1 uses the multicast address of 224.0.0.102 while HSRPv2 uses 225.0.0.2.
B. HSRP uses a group range of 0-255, while HSRP uses a group range of 0-4095.
C. HSRPv1 uses seconds based timers, while HSRPv2 uses milliseconds based timers.
D. HSRPv1 provides support for IPv6, while HSRPv2 supports IPv4 only.
Selected Answer: BC
Question #: 622
Topic #: 1
Which of the following are valid Port Aggregation Protocol (PAgP) modes? (Choose two.)
A. On
B. Active
C. Passive
D. Auto
E. Desirable
Selected Answer: DE
Question #: 623
Topic #: 1
Which of the following are true statements regarding the Virtual Router Redundancy Protocol (VRRP) feature? (Choose two.)
A. Pre-emption is enabled by default
B. The router priority is a configurable value from 0-4095
C. MD5 authentication is supported with VRRP
D. Secondary IP addresses are supported with VRRP
E. VRRP can only be used with Cisco devices
Selected Answer: AD
Question #: 624
Topic #: 1
You want to securely implement the Network Time Protocol (NTP) on your network. What two mechanisms are available to secure NTP? (Choose two.)
A. IPSec communication
B. MD5 authentication keys
C. Role based access control (RBAC)
D. access-group configuration
Selected Answer: BD
Question #: 625
Topic #: 1
Which Cisco EIGRP K-values are set to zero by default? (Choose three.)
A. Bandwidth
B. Load
C. Total Delay
D. Reliability
E. MTU
Selected Answer: BDE
Question #: 626
Topic #: 1
What are the four stages of obtaining an IP address lease from a DHCP server?
A. Discover, Offer, Release, Renew
B. Discover, Obtain, Request, Renew
C. Determine, Obtain, Release, Acknowledge
D. Discover, Offer, Request, Acknowledge
Selected Answer: D
Question #: 627
Topic #: 1
A new multicast server is being added to an existing PIM Sparse mode network. Which device in this network must the new server register with before its multicast traffic can be dispersed throughout the network?
A. IGMP Querier
B. Local PIM router
C. Local IGMP switch
D. Rendezvous Point (RP)
Selected Answer: D
Question #: 628
Topic #: 1
You want to create a policy that allows all TCP traffic in the port range of 20 to 110, except for telnet traffic, which should be dropped. Which of the following access control lists will accomplish this?
A. deny tcp any any eq 22
permit tcp any any gt 20 lt 110
B. permit tcp any any range 22 443
deny tcp any any eq 23
C. deny tcp any any eq 23
permit tcp any any
D. deny tcp any any eq 23
permit tcp any any range 20 110
Selected Answer: D
Question #: 629
Topic #: 1
In a Cisco SD-Access network architecture, what is the role of the Fabric Edge Node?
A. It manages endpoint to device relationships
B. It connects external layer 3 networks to the SDA fabric
C. It connects wired endpoints to the SDA fabric
D. It connects wireless endpoints to the SDA fabric
Selected Answer: C
Question #: 630
Topic #: 1
Which of the following are features typically only found in a Next Generation (NextGen) firewall? (Choose two.)
A. Network Address Translation (NAT)
B. Secure remote access VPN (RA VPN)
C. Deep packet inspection
D. reputation based malware detection
E. IPSec site-to-site VPN
Selected Answer: CD
