350-601: Implementing and Operating Cisco Data Center Core Technologies (DCCOR) Part 5
Question #: 241
Topic #: 1
Refer to the exhibit.
What is the result of implementing this configuration?
A. The switch queries the TACACS+ server by using an encrypted text PAP login.
B. The TACACS+ server uses the type-6 encrypted format.
C. The switch queries the TACACS+ server by using a clear text PAP login.
D. The timeout value on the TACACS+ server is 10 seconds.
Selected Answer: A
Question #: 242
Topic #: 1
Refer to the exhibit.
Which setting must be configured to prevent the reuse of passwords?
A. Change Interval
B. No Change Interval
C. History Count
D. Change Count
Selected Answer: C
Question #: 243
Topic #: 1
Port security is statically configured on a Cisco Nexus 7700 Series switch and F3 line card. The switch is configured with an Advanced Services license. Which two actions delete secured MAC addresses from the interface? (Choose two.)
A. The address must be removed from the configuration.
B. Shutdown and then no shutdown must be run on the interface.
C. The device must be restarted manually.
D. The address must reach the age limit that is configured for the interface.
E. The interface must be converted to a routed port.
Selected Answer: AE
Question #: 244
Topic #: 1
An engineer is configuring AAA authentication on a Cisco MDS 9000 Series switch. The LDAP server is located under the IP 10.10.2.2. The data sent to the LDAP server should be encrypted. Which command should be used to meet these requirements?
A. ldap-server 10.10.2.2 port 443
B. ldap-server 10.10.2.2 key SSL_KEY
C. ldap-server host 10.10.2.2 key SSL_KEY
D. ldap-server host 10.10.2.2 enable-ssl
Selected Answer: D
Question #: 245
Topic #: 1
Refer to the exhibit. What is the result of implementing the configuration?
A. The RADIUS server timeout value is 15 milliseconds.
B. RADIUS traffic is sourced from the VLAN 200 interface.
C. Users specify the RADIUS server when they log in.
D. Only the RADIUS server is used for authentication.
Selected Answer: C
Question #: 246
Topic #: 1
Refer to the exhibit. Which action is taken to ensure that the relay agent forwards the DHCP BOOTREQUEST packet to a DHCP server?
A. Configure the IP address of the DHCP server.
B. Verify the DHCP snooping bindings.
C. Configure the interface of the DHCP server as untrusted.
D. Enable the DHCP relay agent.
Selected Answer: A
Question #: 247
Topic #: 1
Refer to the exhibit. A network engineer requires remote access via SSH to a Cisco MDS 9000 Series Switch. The solution must support secure access using the local user database when the RADIUS servers are unreachable from the switches. Which command meets these requirements?
A. aaa authentication none
B. aaa authentication login default group radius
C. aaa authentication login default fallback error local
D. aaa authentication login default group local
Selected Answer: C
Question #: 248
Topic #: 1
A network engineer needs to configure system logging on the Cisco MDS Series switch. The messages must be displayed with the severity level of `warning` and above. For security reasons, the users must be logged out of the console after 5 minutes of inactivity. Which configuration must be applied to meet these requirements?
A. MDS-A(config)# logging console 5 MDS-A(config-console)# exec-timeout 300
B. MDS-A(config)# line console MDS-A(config-console)# speed 38400 MDS-A(config-console)# exec-timeout 5 MDS-A(config)# logging console 4
C. MDS-A(config)# logging line 4 MDS-A(config-console)# session-limit 300
D. MDS-A(config)# console MDS-A(config-console)# speed 38400 MDS-A(config-console)# session-limit 5 MDS-A(config)# logging console 5
Selected Answer: B
Question #: 249
Topic #: 1
A network administrator must perform a system upgrade on a Cisco MDS 9000 Series Switch. Due to the recent changes by the security team:
* The AAA server is unreachable.
* All TCP communication between the MDS 9000 Series Switch and AAA servers is disabled.
Which actions must be used to perform the upgrade?
A. Log in locally to the MDS 9000 Series Switch using a network-admin role and download the upgrade files from the remote TFTP server.
B. Log in locally to the MDS 9000 Series Switch using a server-admin role and download the upgrade files from the remote FTP server.
C. Log in to a server storing the upgrade files remotely using a server-admin role and download the files to the MDS 9000 Series Switch using SFTP.
D. Log in to a server storing the upgrade files remotely using a network-admin role and download the files to the MDS 9000 Series Switch using HTTP.
Selected Answer: A
Question #: 250
Topic #: 1
A network engineer must enable port security on all Cisco MDS Series Switches in the fabric. The requirement is to avoid the extensive manual configuration of the switch ports. Which action must be taken to meet these requirements?
A. Enable the auto-learning port security feature.
B. Enable the auto-learning port security feature on a per-VSAN basis.
C. Activate CFS distribution and the auto-learning port security feature.
D. Activate CFS distribution and the auto-learning port security feature on a per-VSAN basis.
Selected Answer: D
Question #: 251
Topic #: 1
An engineer must configure the HSRP protocol between two Cisco Nexus 9000 Series Switches. This configuration is present on Nexus A.
The final HSRP configuration must meet these requirements:
* The HSRP communication must be secured on both switches.
* Both switches must support more than 300 groups.
Which two commands must be added to the HSRP configuration on Nexus A to complete these requirements? (Choose two.)
A. authentication text 1020
B. hsrp version 1
C. authenticate md5 key-chain NHRP-KEYS
D. hsrp version 2
E. authentication text 1010
Selected Answer: C
Question #: 252
Topic #: 1
An engineer must implement Strict Unicast Reverse Path Forwarding mode for IPv4 packets on the Etnerret1/1 interface on the Cisco Nexus 9500 Series Switch.
Which configuration achieves this goal?
A. interlace Ethernet1/1 ip address 172.16.10.1/24 ip verify unicast source reachable-via rx
B. interface Ethernet1/1 ip address 172.16.10.1/24 ip verify unicast source any
C. interface Ethernet1/1 ip address 172.16.10.1/24 ip verify unicast source reachable-via any
D. interface Ethernet1/1 ip address 172.16.10.1/24 ip verify unicast source rx
Selected Answer: A
Question #: 253
Topic #: 1
A network engineer is configuring the Cisco UCS service profile template with Ansible using this code: hostname: 192.168.10.23 username: cisco password: f718c4329405726531f6247ff982 name: DCE-CTRL template_type: updating-template uuid_pool: UUID-POOL storage_pronte: DCE-StgProf maintenance_policy: default server_pool: Container-Pool host_firmware_package: 4.1(1a) bios_policy: Docker
Which attribute must be used to apply the iSCSI initiator identifiers to all iSCSI vNICs for the service profiles derived from the service template?
A. san_connectivity_policy
B. lan_connectivity_policy
C. boot_policy
D. iqn_pool
Selected Answer: D
Question #: 254
Topic #: 1
DRAG DROP –
A network engineer must implement RBAC on Cisco MDS 9000 Series Multilayer Switches.
Drag and drop the Cisco MDS 9000 Series roles from the left onto the categories they belong to on the right.
Select and Place:
Suggestion Answer:
Question #: 255
Topic #: 1
An engineer must configure RBAC in Cisco UCS Manager in an existing data center environment.
Which two roles are suitable for configuring LAN connectivity policies? (Choose two.)
A. server-profile
B. network-admin
C. operations
D. enable
E. admin
Selected Answer: BE
Question #: 256
Topic #: 1
An engineer is enabling port security on a Cisco MDS 9000 Series Switch.
Which feature of enabling port security on a Cisco MDS 9000 Series Switch must be considered?
A. It is distributed by using Cisco Fabric Services.
B. It authorizes only the configured sWWN to participate in the fabric.
C. It always learns about switches that are logging in.
D. It binds the fabric at the switch level.
Selected Answer: B
Question #: 257
Topic #: 1
DRAG DROP –
An engineer is implementing security on the Cisco MDS 9000 switch.
Drag and drop the descriptions from the left onto the correct security features on the right.
Select and Place:
Suggestion Answer:
Question #: 258
Topic #: 1
An engineer has a primary fabric that is named UCS-A and a secondary fabric that is named UCS-B. A certificate request that has a subject name of sjc2016 for a keyring that is named kr2016 needs to be created. The cluster IP address is 10.68.68.68.
Which command set creates this certificate request?
A. UCS-A # scope keyring kr2016 UCS-A /keyring # create certreq 10.68.68.68 sjc2016 UCS-A /keyring* # commit-buffer
B. UCS-B # scope keyring kr2016 UCS-B /keyring # create certreq ip 10.68.68.68 subject-name sjc2016 UCS-B /keyring* # commit-both
C. UCS-B# scope security UCS-B /security # scope keyring kr2016 UCS-B /security/keyring # set certreq 10.68.68.68 sjc2016 UCS-B /security/keyring* # commit-both
D. UCS-A# scope security UCS-A /security # scope keyring kr2016 UCS-A /security/keyring # create certreq ip 10.68.68.68 subject-name sjc2016 UCS-A /security/keyring* # commit-buffer
Selected Answer: D
Question #: 259
Topic #: 1
A company provides applications and database hosting services to multiple customers using isolated infrastructure-as-a-service services within the same data center environment. The environment is based on Cisco MDS 9000 Series Switches. The requirement is to manage the environment by using Fibre Channel
Security Protocol and to enable user authentication when the centralized AAA server is unreachable. All communication between the MDS switches and the remote servers must be encrypted. Which command set must be used to meet these requirements?
A. aaa group server radius RadiusServer1 aaa authentication login default RadiusServer1
B. aaa group server tacacs+ TacacsServer1 aaa authentication dhchap default group TacacsServer1
C. aaa group server radius RadiusServer1 aaa authentication dhchap default group RadiusServer1
D. aaa group server tacacs+ TacacsServer1 aaa authentication login console TacacsServer1
Selected Answer: B
Question #: 260
Topic #: 1
A customer undergoes an IT security review assessment. The auditor must have read-only access to the Cisco Nexus 9000 Series Switch to perform the configuration review. The customer implements this security role for the auditor: role name audit rule 1 permit command * rule 2 – Output omitted — username auditor password C4SAFF1B05EB1968$c0 role audit
Which configuration snippet must complete the configuration?
A. deny command configure terminal
B. deny command write *
C. permit command show *
D. permit command enable
Selected Answer: A
Question #: 261
Topic #: 1
An engineer must implement a solution that prevents untrusted DHCP servers from compromising the network. The feature must be configured on a Cisco Nexus
7000 Series Switch and applied to VLAN 10. The legitimate DHCP servers are connected to interface Ethernet 2/4. Which configuration set must be used to meet these requirements?
A. n7k-1(config)# ip dhcp snooping vlan 10 n7k-1(config)# interface Ethernet2/4 n7k-1(config-if)# ip dhcp snooping verify vlan 10
B. n7k-1(config)# ip dhcp snooping verify n7k-1(config)# interface Ethernet2/4 n7k-1(config-if)# ip dhcp snooping verify vlan 10
C. n7k-1(config)# ip dhcp snooping vlan 10 n7k-1(config)# interface Ethernet2/4 n7k-1(config-if)# ip dhcp snooping trust
D. n7k-1(config)# ip dhcp snooping verify n7k-1(config)# vlan configuration 10 n7k-1(config-vlan)# ip dhcp snooping trust
Selected Answer: C
Question #: 262
Topic #: 1
An engineer implements a Cisco UCS C-Series Server that must adhere to these security requirements:
✑ Unencrypted communication must be disabled.
✑ The session timeout must not exceed 15 minutes.
✑ Unencrypted traffic must be automatically diverted.
✑ CLI-based management must use nondefault ports.
Which configuration set meets these requirements?
A. SSH Enabled SSH Port: 8022 SSH Timeout: 1200 IPMI over LAN Enabled
B. HTTP Port: 80 / HTTPS Port: 443 Session Timeout: 900 Redirect HTTP to HTTPS Enabled SSH Port: 2022
C. Redfish Enabled checked Redfish Port: 443 SSH Enabled checked HTTPS Port: 8443
D. XML API Enabled HTTP Port: 8080 / HTTPS Port: 8443 IPMI over LAN Enabled Randomized Encryption Key
Selected Answer: B
Question #: 263
Topic #: 1
An engineer must apply AAA configuration on a Cisco MDS 9000 Series Switch. The solution must meet these conditions:
✑ It must use a challenge-response authentication protocol that uses MD5 hashing with an incrementally changing identifier.
✑ The RADIUS configuration must be automatically shared with other MDS switches in the environment.
The RADIUS server is already defined. Which command set completes the configuration?
A. aaa authentication login chap enable radius distribute radius commit
B. aaa authentication login pap enable distribute radius radius-server host 10.8.8.0 auth-port 1821
C. aaa authentication login mschapv2 enable radius propagate radius authentication port 1821
D. aaa authentication login mschap enable radius commit radius-server host 10.8.8.0
Selected Answer: A
Question #: 264
Topic #: 1
DRAG DROP –
An engineer must configure remote authentication on a Cisco UCS system. The user password must be encrypted before it is sent to the authentication server.
The company security policy requires the server to be based on an open standard. Drag and drop the UCS CLI AAA configuration commands from the left into the order in which they must be implemented on the right. Not all commands are used.
Select and Place:
Suggestion Answer:
Question #: 265
Topic #: 1
Refer to the exhibit. An engineer is creating a SPAN session to send a copy of all the Fabric-A VSAN 11 traffic on N5K_1 to the monitoring laptop. The configuration that presented has already been applied to Cisco UCS Manager. Which action competes the configuration?
A. Create a SAN traffic monitoring session.
B. Set VLAN 11 as the traffic destination.
C. Activate a NetFlow monitoring session.
D. Select VSAN 1 as the source of traffic.
Selected Answer: A
Question #: 266
Topic #: 1
DRAG DROP –
Refer to the exhibit. The Cisco Nexus Series Switches SW1, SW2, and SW3 are connected via Layer 2 copper interfaces. An engineer implements loop prevention standard IEEE 802.1w on each VLAN to provide faster recovery from network changes or failures. The implementation has these requirements:
✑ Interfaces that are connected to Layer 2 hosts must not receive STP BPDUs.
✑ The implementation must detect unidirectional links due to one-way traffic twisted-pair links.
✑ Bridge assurance must be enabled between SW2 and SW3.
✑ The Layer 2 domain must be protected from superior BPDUs that arrive from external switches.
Drag and drop the code snippets from the right onto the blanks in the code on the left to complete the configuration for SW3. Not all code snippets are used.
Select and Place:
Suggestion Answer:
Question #: 267
Topic #: 1
Which virtualization feature is provided by network-attached storage?
A. raw device passthrough
B. VM cluster shared ask
C. hypervisor host boot LUN
D. ALUA path redirection
Selected Answer: A
Question #: 268
Topic #: 1
An engineer must suggest deployment model for a newly developed application. The engineer has a small starting budget and lacks technical knowledge and infrastructure to implement storage, operating system, and database services to support the application deployment. The engineer also needs usage data related to the service and the ability to elastically scale the deployment as customer demands grow. Which two models must be used to meet the requirements? (Choose two.)
A. infrastructure as a service
B. public cloud
C. software as a service
D. private cloud
E. platform as a service
Selected Answer: BE
Question #: 269
Topic #: 1
DRAG DROP –
An engineer must configure Cisco UCS Manager to accept only HTTPS connections that use TLS 1.2. The cipher security level must be high and the length of the keyring key value must be 2048 bits. Drag and drop the code snippets from the right onto the blanks in the code on the left to accomplish these goals. Not all commands are used.
Select and Place:
Suggestion Answer:
Question #: 270
Topic #: 1
A network administrator’s creating a custom Django self-service portal that runs on a Linux server to automate the creation of new VLANS on Cisco UCS
Manager. Which feature must be installed and configures on the server?
A. Cisco DNA Center API
B. Cisco AppDynamics
C. Cisco UCS Python SDK
D. Cisco UCS PowerTool Suite
Selected Answer: C
Question #: 271
Topic #: 1
An engineer must configure a backup and restore of Cisco UCS Manager during the weekend maintenance windows. The configuration must be restored to its original state on Monday morning. The end users can make changes only to the Service Profile configuration. Which set of actions meets these requirements?
A. Schedule a system backup to run at the start of every weekend and manually import the backup on Monday morning.
B. Schedule a logical backup to run at the star of every weekend and manually import the backup on Monday morning.
C. Schedule a system backup to run at the start of every weekend and schedule the import of the backup to run on Monday morning.
D. Schedule a logical backup to run at the start of every weekend and schedule the import of the backup to run on Monday morning.
Selected Answer: B
Question #: 272
Topic #: 1
Due to a newly announced security advisory, a company has been informed that they must update the configuration of 500 network devices that are deployed in their network. The engineering team must assist the operations team to prepare for this update. The operations team does not have direct access to the network devices and must login via a Linux server. This is the first time that the team is making a network-wide configuration and must change all devices without first installing additional software on the network devices. The operations team is unfamiliar with automation and scripting technologies. Which automation tool must be used to accomplish this goal?
A. Chef
B. SaltStack
C. Ansible
D. Puppet
Selected Answer: C
Question #: 273
Topic #: 1
Refer to the exhibit. The MDS-EDGE-Switch and MDS-Core-Switch are configured with NPV and NPIV features. The FLOGI from Cisco UCS is received by the
MDS-Core-Switch on interface fc1/2. An engineer tried to move all traffic between the MDS-EDGE-Switch and MDS-Core-Switch from interface fc1/2 to fc1/3, but the attempt failed. Which set of actions completes the configuration?
A. Shut down fc1/1 in the MDS-EDGE-Switch. Re-apply the command. Enable interface fc1/1.
B. Disable the NPIV feature in the MDS-EDGE-Switch. Re-enable the NPIV feature. Disable interface fc1/3.
C. Disable the NPV feature in the MDS-EDGE-Switch. Re-enable the NPV feature. Disable interface fc1/1.
D. Shutdown fc1/3 in the MDS-EDGE-Switch. Re-apply the command. Enable interface fc1/3.
Selected Answer: B
Question #: 274
Topic #: 1
An engineer needs to install a new package on a Cisco Nexus 9000 Series Switch. What the impact of running the install commit command on the switch?
A. The switch is restarted after the upgrade is complete.
B. The previous package that was in use is deleted from bootflash.
C. The package is used after the switch is restarted.
D. The package is used in the running configuration.
Selected Answer: C
Question #: 275
Topic #: 1
An engineer must configure Cisco Nexus 9000 Series Switches for Cisco UCS Director integration. The configuration must enable automated onboarding of the switches as they come online. For security purposes, the switches must have the bare minimum of connection methods enabled. The connection protocol must allow authentication through credentials. Which protocol must be configured on the switches to allow automated onboarding?
A. SNMP
B. Telnet
C. HTTPS
D. SSH
Selected Answer: D
Question #: 276
Topic #: 1
Which two actions should be performed before upgrading the infrastructure and firmware of multiple UCS blades? (Choose two.)
A. Get Full State and All Configuration backup files before beginning the upgrade.
B. Verify if the bootflash on the fabric interconnects in the Cisco UCS has at least 10% available space.
C. Verify if the bootflash on the fabric interconnects in the Cisco UCS has at least 15% available space.
D. Enable Smart Call Home feature during the firmware upgrade process.
E. Run the Check Conformance feature to verify that all your components are running the compatible firmware version after the upgrade.
Selected Answer: AC
Question #: 277
Topic #: 1
Refer to the exhibit. A user must be granted management access to the Cisco Nexus 9000 Series Switch using AAA servers. The RADIUS servers are configured to accept login requests from the same Layer 2 subnet of the switch. The user must be permitted to log in with these requirements:
✑ RADIUS server 1 must be used to log in via a console.
✑ RADIUS server 2 must be used to login via SSH.
Which two actions meet these requirements? (Choose two.)
A. Configure the authentication login to use group RAD1 for console and group RAD2 for remote access.
B. Change the dead timer for RAD1 and RAD2 to 1 minute.
C. Set the RADIUS source interface to be mgmt0 for group RAD1 and VLAN 22 for group RAD2.
D. Configure AAA to send the accounting traffic to RAD1 and RAD2.
E. Enable command authorization to RAD1 and RAD2 for all successful logins.
Selected Answer: A
Question #: 278
Topic #: 1
Refer to the exhibit. A storage engineer must monitor the traffic from the file server to the FC analyzer. The file server and the database use the same storage array. Which configuration must be applied to the Cisco MDS 9000 Series Switch to accomplish this goal?
A. MDS-9000(config)# span session 1 MDS-9000(config-span)# destination interface port-channel 2 MDS-9000(config-span)# source interface fc1/1
B. MDS-9000(config)# span session 1 MDS-9000(config-span)# destination interface fc1/3 MDS-9000(config-span)# source interface port-channel 1
C. MDS-9000(config)# span session 1 MDS-9000(config-span)# destination interface vsan 100 MDS-9000(config-span)# source interface port-channel 1
D. MDS-9000(config)# span session 1 MDS-9000(config-span)# destination interface port-channel 2 MDS-9000(config-span)# source interface vsan 100
Selected Answer: B
Question #: 279
Topic #: 1
DRAG DROP –
An engineer must configure a control plane policy on a Cisco Nexus 9000 Series Switch that is located at IP 192.168.20.1 that meets these requirements:
✑ Only HTTP, RDP, and ICMP traffic is permitted from subnet 192.168.10.0/24.
✑ The committed information rate must be 54000 pps.
✑ The burst size must be 128 packets.
✑ Any other traffic must be dropped.
Drag and drop the code snippets from the bottom onto the blanks in the code on the top to complete the configuration. Not all code snippets are used.
Select and Place:
Suggestion Answer:
Question #: 280
Topic #: 1
A Cisco Nexus 7000 Series switch runs VXLAN, and interface Ethernet 7/30 is configured as a trunk port. Which command set configures the switch to act as a gateway for VLAN 50? interface Ethernet7/30 no switchport no shutdown service instance 1 vni no shutdown encapsulation profile VSI_50_TO_500 default
A. encapsulation profile vni VSI_50_TO_500 dot1q 50 vni 500 bridge-domain 50 member vni 500 interface Bdi50 ip address 10.50.50.51/24
B. encapsulation profile vni VSI_50_TO_500 dot1q 500 vni 50 bridge-domain 500 member vni 50 interface Bdi500 ip address 10.50.50.51/24
C. encapsulation profile vni VSI_50_TO_500 dot1q 500 vni 50 bridge-domain 500 member vni 50 interface Vlan500 ip address 10.50.50.51/24
D. encapsulation profile vni VSI_50_TO_500 dot1q 50 vni 500 bridge-domain 50 member vni 500 interface Vlan50 ip address 10.50.50.51/24
Selected Answer: A
Question #: 281
Topic #: 1
Refer to the exhibit. An engineer is troubleshooting intermittent connect issues between the client PC and the DHCP server. What does the last package captured from the Cisco Nexus 2000 Series Switch indicate?
A. The client receives an IP address from the DHCP server.
B. The DHCP server sends an IP address via a broadcast message.
C. The client sends a unicast message to receive an IP address from the DCHP server.
D. The DCHP server releases the IP address from the client.
Selected Answer: D
Question #: 282
Topic #: 1
A network engineer must deploy a configuration backup policy to the Cisco UCS Manager. The file generated from this backup must have a snapshot of the entire system that should be used to restore the system during disaster recovery. The backup file must be transferred insecurely by using the TCP protocol. Which configuration backup settings meet these requirements?
A. Type: Full State Protocol: FTP
B. Type: System Configuration Protocol: TFTP
C. Type: All Configuration Protocol: SCP
D. Type: Logical Configuration Protocol: SFTP
Selected Answer: A
Question #: 283
Topic #: 1
What is a benefit of using the Cisco UCS Lightweight upgrade feature?
A. A soft reboot is available for the fabric interconnects.
B. The firmware version of a component is updated only when it has been modified.
C. All servers are rebooted to push the latest updates.
D. Security updates are scheduled with the next reboot of the fabric interconnects.
Selected Answer: B
Question #: 284
Topic #: 1
An engineer must configure a Cisco UCS domain for monitoring and management by the Cisco Intersight SaaS platform. After the setup is complete, administrators must have full control to configure the device through Cisco UCS Manager and Intersight. Which set of actions accomplishes this task?
A. Configure Device Connector Access Mode as Allow Control in Device Consol. Claim the device on Intersight as UCSM Managed Mode.
B. Configure Device Connector Access Mode as Allow Control in Cisco UCS Manager. Claim the device on Intersight as UCSM Managed Mode.
C. Configure Device Connector Access Mode as Allow Control in Device Console. Claim the device on Intersight as Intersight Managed Mode.
D. Configure Device Connector Access Mode as Allow Control in Cisco UCS Manager. Claim the device on Intersight as Intersight Managed Mode.
Selected Answer: B
Question #: 285
Topic #: 1
An engineer implements a Python script inside a Cisco Bash shell. The script contains this dictionary object:
Which command must be used to add the ‘N9K-Spine-2’: ‘1498323434’ element to the switch_id list dictionary?
A. switch_id_list += {ג€N9K-Spine-2ג€: ג€1498323434ג€}
B. switch_id_list = [ג€N9K-Spine-2ג€: ג€1498323434ג€]
C. switch_id_list.append({ג€N9K-Spine-2ג€: ג€1498323434ג€})
D. switch_id_list.update({ג€N9K-Spine-2ג€: ג€1498323434ג€})
Selected Answer: D
Question #: 286
Topic #: 1
DRAG DROP –
A network engineer must configure FCoE on an interface of a Cisco MDS 9000 Series Switch. It should be used for mapping between VLAN 600 and VLAN 6.
Drag and drop the commands from the bottom into their implementation order in the FCoE configuration. Not all commands are used.
Select and Place:
Suggestion Answer:
Question #: 287
Topic #: 1
Refer to the exhibit. The gateway of Server1 is in the VLAN 100 SVI on N5K-1 and the gateway of Server 2 is in the VLAN 200 SVI on N5K-2. Server 1 must connect to Server 2 using unidirectional traffic. Which action accomplishes this requirement?
A. Configure access VLAN 100 on interface Ethernet 1/2 on N5K-2.
B. Create a static route in VRF WEB for the subnet of Server 2 on N5K-1.
C. Assign VRF WEB membership to interfaces VLAN 150 and 200 on N5K-2
D. Add VLAN 100 and 200 to the allowed VLANs list on the Ethernet 1/1 interface on N5K-1.
Selected Answer: B
Question #: 288
Topic #: 1
An engineer configures a storage environment for a customer with high-security standards. The secure environment is configured in VSAN 50. The customer wants to maintain a configuration and active databases and prevent unauthorized switches from joining the fabric. Additionally, the switches must prevent rogue device from connecting to their ports by automatically learning the WWPNs of the ports connected to them for the first time. Which configuration sets must be used to meet these requirements? (Choose two.)
A. fcsp enable fcsp auto-active
B. fcsp dhchap hash md5 sha1
C. fabric-binding activate vsan 50 force
D. clear fabric-binding activate vsan 50 fabric-binding activate vsan 50
E. port-security enable port-security activate vsan 50
Selected Answer: CE
Question #: 289
Topic #: 1
Refer to the exhibit. A secure server that provides services to EPG-2 must be placed in EPG-1. The remaining EPGs `” EPG-2, EPG-3, and EPG-4 `” must communicate without any contracts. Which set of actions accomplishes this goal?
A. Exclude EPG-2, EPG-3, and EPG-4 from the preferred group. Configure a contract between EPG-1 and EPG-3.
B. Exclude EPG-2, EPG-3, and EPG-4 from the preferred group. Configure a contract between EPG-2 and EPG-3.
C. Include EPG-2, EPG-3, and EPG-4 in the preferred group. Configure a contract between EPG-1 and EPG-2.
D. Include EPG-1 and EPG-2 in the preferred group. Configure a contract between EPG-2 and EPG-3.
Selected Answer: C
Question #: 290
Topic #: 1
The Cisco UCS blade chassis must send SNMPv3 traps to a network monitoring system. The SNMP trap messages should be authenticated and have protection from disclosure. Which SNMP security privilege level should be configured?
A. priv
B. noAuth
C. auth
D. noPriv
Selected Answer: A
Question #: 291
Topic #: 1
Refer to the exhibit. An engineer must implement VXLAN with anycast gateway. To accomplish this, an engineer must set up PIM Source-Specific Multicast for host reachability. Which IP address must be applied to interface loopback1 to accomplish this goal?
A. 10.10.0.1/32
B. 10.255.0.100
C. 10.10.0.2/32
D. 255.0.0.1/8
Selected Answer: B
Question #: 292
Topic #: 1
An engineer must configure a Cisco UCS blade system that is managed by Cisco UCS Manager. All four connected interfaces between the blade system and the fabric interconnects must be used. Additionally, the connectivity must tolerate any link failure between the I/O module and the fabric interconnects. Which action accomplishes these requirements?
A. Configure chassis/FEX discovery policy action to four links.
B. Configure port aggregation with LACP policy set to default.
C. Configure Link Group Preference to Port Channel.
D. Configure Firmware Auto Sync Server policy to Auto Acknowledge.
Selected Answer: C
Question #: 293
Topic #: 1
What is an advantage of NAS compared to SAN?
A. It provides lossless throughput.
B. It offers enhanced NFS features.
C. It functions in an existing IP environment.
D. It offers enhanced security features.
Selected Answer: C
Question #: 294
Topic #: 1
DRAG DROP –
A network engineer must implement a telemetry solution to collect real-time structured data in a large-scale network. Drag and drop the actions from the left into the order on the right to implement the solution. Not all actions are used.
Select and Place:
Suggestion Answer:
Question #: 295
Topic #: 1
Where does the witness VM reside in a Cisco HyperFlex Edge deployment?
A. HyperFlex Data Platform
B. local HyperFlex datastore
C. Windows application
D. Cisco Intersight
Selected Answer: D
Question #: 296
Topic #: 1
An engineer must implement protection against ICMP DoS attacks on a Cisco Nexus 9000 Series Switch. The requirement is to rate-limit ICMP without denying all other ICMP traffic. The ICMP traffic currently passing through the Cisco Nexus 9000 device must not be affected. Which configuration accomplishes these goals?
A. Reconfigure the Layer 3 interfaces to be in the non-default VRF and ICMP broadcast storm control.
B. Create an access list deny ICMP traffic and apply it to all interfaces in the inside direction.
C. Apply a control plane service policy that matches all ICMP traffic to drop the traffic that exceeds the threshold.
D. Configure SNMP traps to send the ICMP notification if the CPU utilization is more than 90%.
Selected Answer: C
Question #: 297
Topic #: 1
A network engineer must determine the cooling requirements for a Cisco UCS C-Series Rack Server. The server with PCIe cards is configured with a fan configuration policy. Which configuration should be used for the fan policy of the server?
A. server # scope chassis server /chassis # scope fan-policy server /chassis/fan-policy # set fan-policy balanced server /chassis/fan-policy* # commit
B. server # scope chassis server /chassis # scope fan-policy server /chassis/fan-policy # set fan-policy high-power server /chassis/fan-policy* # commit
C. server # scope chassis server /server # scope fan-policy server /server/fan-policy # set fan-policy acoustic server /server/fan-policy* # commit
D. server # scope server server /server # scope fan-policy server /server/fan-policy # set fan-policy low-power server /server/fan-policy* # commit
Selected Answer: B
Question #: 298
Topic #: 1
Refer to the exhibit. A developer must create a Bash script that performs a Chef Client reload in the event of a system reset. Which command completes the script?
A. killproc -n $pidfile $exec -SIGHUP
B. killproc -pi $pidfile $exec -HUP
C. killproc -p $pidfile $exec -HUP
D. killproc -n $pidfile $exec -HUP
Selected Answer: C
Question #: 299
Topic #: 1
An engineer must implement a new VRF that permits communication between all endpoint groups (EPGs) by default. The new EPGs and bridge domains (BDs) that are created in the new VRF must not require additional configuration to permit traffic between the newly created EPGs or BDs. Which action accomplishes this goal?
A. Provide and consume a permit any contract on the VRF level.
B. Create a VRF in the common tenant.
C. Place all EPGs in the preferred group.
D. Implement a global contract.
Selected Answer: A
Question #: 300
Topic #: 1
An engineer is implementing traffic monitoring for a server vNIC that is configured with fabric failover enabled. The requirement is for the traffic to be sent to an analyzer, even during a failure of one of the fabric interconnects. The analyzer is connected to unconfigured Ethernet ports on both fabric interconnects. Which configuration accomplishes this task?
A. Create two traffic monitoring sessions with different names, one per fabric. Connect an analyzer on each FI as the destination for the monitoring session local to the FI.
B. Create two traffic monitoring sessions with the same name, one per fabric. Connect the analyzer connected to FI-A as the destination for both monitoring sessions.
C. Create two traffic monitoring sessions with different names, one per fabric. Connect the analyzer connected to FI-B as the destination for both monitoring sessions.
D. Create two traffic monitoring sessions with the same name, one per fabric. Connect an analyzer on each FI as the destination for the monitoring session local to that FI.
Selected Answer: D
