0% found this document useful (0 votes)

764 views275 pages

Cisco 350-401 v2024-10-22 q429

The document outlines various questions related to Cisco's 350-401 exam, covering topics such as BGP peering, WLAN configurations, and Cisco SD-WAN components. It includes multiple-choice questions with correct answers and explanations for each. The content is designed to help candidates prepare for the Implementing Cisco Enterprise Network Core Technologies certification exam.

Uploaded by

amith roy

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

764 views275 pages

Cisco 350-401 v2024-10-22 q429

Uploaded by

amith roy

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

You are on page 1/ 275

Cisco.350-401.v2024-10-22.

q429

Exam Code: 350-401

Exam Name: Implementing Cisco Enterprise Network Core Technologies (350-401 ENCOR)
Certification Provider: Cisco
Free Question Number: 429
Version: v2024-10-22
# of views: 120
# of Questions views: 4722
https://www.freecram.net/torrent/Cisco.350-401.v2024-10-22.q429.html

NEW QUESTION: 1
What is one primary REST security design principle?
A. fail-safe defaults
B. password hash
C. adding a timestamp in requests
D. OAuth
Answer: A (LEAVE A REPLY)
Reference: https://yurisubach.com/2017/04/04/restful-api-security-principles/"Fail-safe defaultsAccess to any
resource (like API endpoint) should be denied by default. Access granted only in case of specific permission.

NEW QUESTION: 2
Refer to the exhibit.

What does the snippet of code achieve?

A. It creates a temporary connection to a Cisco Nexus device and retrieves a token to be used for API calls.
B. It opens a tunnel and encapsulates the login information, if the host key is correct.
C. It opens an ncclient connection to a Cisco Nexus device and maintains it for the duration of the context.
D. It creates an SSH connection using the SSH key that is stored, and the password is ignored.
Answer: (SHOW ANSWER)
The code snippet establishes an ncclient connection to a Cisco Nexus device. The ncclient library in Python is
used for NETCONF protocol operations with network devices. The connect method from the manager class is
used here to create a session with the device, which is maintained for the duration of the 'with' block, ensuring
proper resource management and closure of the session. References := Implementing and Operating Cisco
Service Provider Network Core Technologies
NEW QUESTION: 3
Which LISP infrastructure device provides connectivity between non-sites and LISP sites by receiving non-LISP
traffic with a LISP site destination?
A. PETR
B. PITR
C. map resolver
D. map server
Answer: (SHOW ANSWER)
The LISP infrastructure device that provides connectivity between non-LISP sites and LISP sites by receiving
non-LISP traffic with a LISP site destination is the Proxy Ingress Tunnel Router (PITR). The PITR attracts non-
LISP traffic destined for LISP sites and encapsulates this traffic to Egress Tunnel Routers (ETRs) at LISP sites.
References := Cisco: LISP Functional Overview

NEW QUESTION: 4
Why would a small or mid-size business choose a cloud solution over an on-premises solution?
A. Cloud provides higher data security than on-premises.
B. Cloud provides more control over the implementation process than on-premises.
C. Cloud provides greater ability for customization than on-premises.
D. Cloud provides lower upfront cost than on-premises.
Answer: (SHOW ANSWER)
Small or mid-size businesses often opt for cloud solutions due to the lower upfront costs compared to on-
premises solutions. Cloud services typically offer a subscription model allowing businesses to scale resources
according to their needs, avoiding large capital expenditures required for on-premises infrastructure.

NEW QUESTION: 5
Refer to the exhibit.
An engineer attempts to establish BGP peering between router CORP and two ISP routers. What is the root
cause for the failure between CORP and ISP#2?
A. Router ISP#2 is configured to use SHA-1 authentication.
B. There is a password mismatch between router CORP and router ISP#2.
C. Router CORP is configured with an extended access control list.
D. MD5 authorization is configured incorrectly on router ISP#2.
Answer: (SHOW ANSWER)
The failure of BGP peering between router CORP and ISP#2 is due to a password mismatch. BGP peering
requires both routers to have matching passwords if password authentication is configured. If the passwords do
not match, the BGP session will not be established, and the routers will not exchange routes.

NEW QUESTION: 6
In a Cisco SD-Access solution, what is the role of the Identity Services Engine?
A. It is leveraged for dynamic endpoint to group mapping and policy definition.
B. It provides GUI management and abstraction via apps that share context.
C. it is used to analyze endpoint to app flows and monitor fabric status.
D. It manages the LISP EID database.
Answer: (SHOW ANSWER)
The Identity Services Engine (ISE) in a Cisco SD-Access solution plays a crucial role in security and access
control. It acts as a centralized policy management platform that enables the creation and enforcement of
access policies for endpoint devices. ISE uses information such as user identity, device type, and other context
to dynamically map endpoints to specific groups, thus defining the access levels and permissions for each
device within the network. This ensures that only authorized users and devices can access certain network
resources, enhancing the overall security posture.
References := Implementing and Operating Cisco Service Provider Network Core Technologies (SPCOR)

NEW QUESTION: 7
Which device, in a LISP routing architecture, receives and de-encapsulates LISP traffic for endpoints within a
LISP-capable site?
A. MR
B. ETR
C. OMS
D. ITR
Answer: (SHOW ANSWER)
In a Locator/ID Separation Protocol (LISP) routing architecture, the Egress Tunnel Router (ETR) is responsible
for receiving and de-encapsulating LISP traffic for endpoints within a LISP-capable site. The ETR registers its
EID prefixes and RLOCs with the Map-Server and responds to map requests received from the Map-Server. On
the data plane side, an ETR receives packets from core-facing interfaces, de-encapsulates them, and delivers
them to local EIDs at the site.

NEW QUESTION: 8
A network engineer configures BGP between R1 and R2. Both routers use BGP peer group CORP and are set
up to use MD5 authentication. This message is logged to the console of router R1:

Which two configuration allow peering session to from between R1 and R2? Choose two.)
A. R1(config-router)#neighbor 10.10.10.1 peer-group CORP R1(config-router)#neighbor CORP password
Cisco
B. R2(config-router)#neighbor 10.120.10.1 peer-group CORP R2(config-router)#neighbor CORP password
Cisco
C. R2(config-router)#neighbor 10.10.10.1 peer-group CORP R2(config-router)#neighbor PEER password Cisco
D. R1(config-router)#neighbor 10.120.10.1 peer-group CORP R1(config-router)#neighbor CORP password
Cisco
E. R2(config-router)#neighbor 10.10.10.1 peer-group CORP R2(config-router)#neighbor CORP password Cisco
Answer: (SHOW ANSWER)
The error message indicates an MD5 authentication failure between the two BGP peers. The IP addresses
involved are 10.10.10.1 and 10.120.10.1, which should correspond to R1 and R2 respectively. The correct
configurations to resolve this issue would be to ensure that both routers are configured with the same password
for MD5 authentication within the same peer group CORP.
Option A is correct because it configures R1 with the CORP peer group and sets the password to "Cisco" for
MD5 authentication.
Option E is correct because it configures R2 with a neighbor in the CORP peer group at IP address 10.10.10.1
(which should be R1) and sets the password to "Cisco" for MD5 authentication.
References := Implementing and Operating Cisco Service Provider Network Core Technologies

NEW QUESTION: 9
Which two Cisco SD-WAN components exchange OMP information?
A. vAnaiytlcs
B. vSmart
C. WAN Edge
D. vBond
E. vManage
Answer: (SHOW ANSWER)
In the Cisco SD-WAN architecture, the Overlay Management Protocol (OMP) is used to exchange routing,
policy, and management information between the vSmart controllers and the WAN Edge routers. The vSmart
controller acts as a central orchestrator that communicates with each WAN Edge router to distribute policies
and maintain a cohesive network state. References: Implementing and Operating Cisco Service Provider
Network Core Technologies (SPCOR) - Official Certification Guide

NEW QUESTION: 10

A. It eliminates the need for an underlying operating system.

B. Its main task is to manage hardware resources between different operating systems
C. Problems in the base operating system can affect the entire system.
D. It is completely independent of the operating system
Answer: (SHOW ANSWER)
A Type 2 hypervisor, also known as a hosted hypervisor, is installed on top of the host's operating system. It
relies on the host OS to manage and interact with the hardware. Consequently, any issues that arise in the
base operating system, such as crashes or security vulnerabilities, can potentially impact all the virtual
machines running on the hypervisor. This is in contrast to a Type 1 hypervisor, which operates directly on the
hardware and is therefore less dependent on an underlying OS456.
References:
* AWS: Type 1 vs Type 2 Hypervisors - Difference Between Hypervisor Types4.
* phoenixNAP: What is a Hypervisor? Types of Hypervisors 1 & 25.
* MUO: Hypervisor Type 1 vs. Type 2: What Is the Difference, and Does It Matter?

NEW QUESTION: 11
An engineer must configure a new WLAN that allows a user to enter a passphrase and provides forward
secrecy as a security measure. Which Layer 2 WLAN configuration is required on the Cisco WLC?
A. WPA2 Personal
B. WPA3 Enterprise
C. WPA3 Personal
D. WPA2 Enterprise
Answer: (SHOW ANSWER)
WPA3 Personal is the correct configuration for a WLAN that requires a passphrase for user access and
provides forward secrecy, which ensures that session keys cannot be compromised even if the long-term secret
keys are compromised. WPA3 enhances security over WPA2 by using the Simultaneous Authentication of
Equals (SAE) protocol, which replaces the Pre-Shared Key (PSK) exchange mechanism. References:
Implementing and Operating Cisco Service Provider Network Core Technologies (SPCOR) training

NEW QUESTION: 12
What is the function of vBond in a Cisco SD-WAN deployment?
A. initiating connections with SD-WAN routers automatically
B. pushing of configuration toward SD-WAN routers
C. onboarding of SD-WAN routers into the SD-WAN overlay
D. gathering telemetry data from SD-WAN routers
Answer: (SHOW ANSWER)
The function of vBond in a Cisco SD-WAN deployment is to onboard SD-WAN routers into the SD-WAN
overlay. vBond orchestrates the establishment of control connections between the controllers and the SD-WAN
routers, ensuring initial authentication and facilitating the joining process of the routers to the SD-WAN fabric.

NEW QUESTION: 13
Refer to the exhibit. An engineer has configured Cisco ISE to assign VLANs to clients based on their method of
authentication, but this is not working as expected. Which action will resolve this issue?
A. require a DHCP address assignment
B. utilize RADIUS profiling
C. set a NAC state
D. enable AAA override
Answer: (SHOW ANSWER)
In Cisco Identity Services Engine (ISE), when you want to assign VLANs to clients based on their method of
authentication, you must enable the AAA Override option in the authorization profile settings. This allows
attributes such as VLAN ID, Access Control Lists (ACLs), and session timeout values received in RADIUS
accept messages from Cisco ISE to override the interface configuration on the network access device. Without
enabling AAA Override, the network device will not apply the VLAN assignments specified by ISE during
authentication.

NEW QUESTION: 14
Which unit of measure is used to measure wireless RF SNR?
A. mW
B. bBm
C. dB
D. dBi
Answer: (SHOW ANSWER)
Wireless RF SNR (Signal to Noise Ratio) is measured in decibels (dB). It quantifies the clarity of the signal
received by comparing the level of the desired signal to the level of background noise. A higher SNR indicates
that the signal is clearer and less affected by noise. References := Implementing and Operating Cisco Service
Provider Network Core Technologies

NEW QUESTION: 15
What is one method for achieving REST API security?
A. using built-in protocols known as Web Services Security
B. using a combination of XML encryption and XML signatures
C. using a MD5 hash to verify the integrity
D. using HTTPS and TLS encryption
Answer: (SHOW ANSWER)
REST API security is best achieved through the use of HTTPS and TLS encryption, which ensures that data
transmitted between the client and server is encrypted and secure from interception or tampering.
References := Implementing and Operating Cisco Service Provider Network Core Technologies

NEW QUESTION: 16
Which action is the vSmart controller responsible for in a Cisco SO-WAN deployment?
A. manage, maintain, and gather configuration and status for nodes within me SD-WAN fabric
B. gather telemetry data from WAN Edge routes
C. distribute security information for tunnel establishment between WAN Edge routers
D. onboard WAN Edge nodes into the SD-WAN fabric
Answer: (SHOW ANSWER)

NEW QUESTION: 17
A network engineer configures a WLAN controller with increased security for web access. There is IP
connectivity with the WLAN controller, but the engineer cannot start a management session from a web
browser. Which action resolves the issued
A. Disable JavaScript on the web browser
B. Disable Adobe Flash Player
C. Use a browser that supports 128-bit or larger ciphers.
D. Use a private or incognito session.
Answer: (SHOW ANSWER)
When a network engineer is unable to start a management session from a web browser despite having IP
connectivity with the WLAN controller, it indicates a security protocol issue. Modern web access security often
requires browsers to support strong encryption ciphers. In this case, using a browser that supports 128-bit or
larger ciphers ensures that the browser can handle the secure web access protocols implemented by the
WLAN controller.

NEW QUESTION: 18
Which tunnel type al'ows clients to perform a seamless Layer 3 roam between a Cisco AireOS WLC and a
Cisco IOS XE WLC?
A. Ethernet over IP
B. IPsec
C. Mobility
D. VPN
Answer: (SHOW ANSWER)
The Mobility tunnel type allows for seamless Layer 3 roaming between different wireless LAN controllers, such
as Cisco AireOS WLC and Cisco IOS XE WLC. This tunnel type enables clients to maintain their IP address
and session continuity while moving across different access points managed by these controllers.
References: Implementing and Operating Cisco Service Provider Network Core Technologies (SPCOR) training
materials

NEW QUESTION: 19
Why does the vBond orchestrator have a public IP?
to enable vBond to team the public IP of WAN Edge devices that are behind NAT gateways or in private
address space
A. to facilitate downloading and distribution of operational and security patches
B. to allow for global reachability from all WAN Edges in the Cisco SD-WAN and
C. to facilitate NAT traversal to provide access
D. to Cisco Smart Licensing servers for license enablement
Answer: C (LEAVE A REPLY)
The vBond orchestrator in Cisco SD-WAN architecture is assigned a public IP address to facilitate NAT
traversal. This is crucial for establishing secure connections with WAN Edge devices that are located behind
NAT gateways or within private address spaces, ensuring that all devices can communicate effectively within
the SD-WAN network1.
References := Implementing and Operating Cisco Service Provider Network Core Technologies (SPCOR) v1.0
training material1

NEW QUESTION: 20

A. logging host 10.2.3.4 vrf mgmt transport tcp port 6514

B. logging host 10.2.3.4 vrf mgmt transport udp port 6514
C. logging host 10.2.3.4 vrf mgmt transport tcp port 514
D. logging host 10.2.3.4 vrf mgmt transport udp port 514
Answer: (SHOW ANSWER)
When using Transport Layer Security (TLS) for secure syslog transmission, the configuration should specify
TCP as the transport protocol because it provides reliable message delivery. The default port for secure syslog
over TLS is 6514, not the standard syslog port 514, which is typically used for unencrypted syslog over UDP.
References: General knowledge of network security protocols and syslog transportation methods.

NEW QUESTION: 21
Which there application has the ability to make REST calls against Cisco DNA Center?
A. API Explorer
B. REST Explorer
C. Postman
D. Mozilla
Answer: (SHOW ANSWER)
Postman is an application that has the ability to make REST calls against Cisco DNA Center. It is a popular tool
used by developers and network engineers to test and develop APIs. Postman allows users to send HTTP
requests to RESTful APIs and view the responses, making it an ideal tool for interacting with Cisco DNA
Center's REST APIs. References := Introduction to Cisco DNA Center REST APIs

NEW QUESTION: 22
Refer to the exhibit.

The administrator troubleshoots an EtherChannel that keeps moving to err-disabled. Which two actions must be
taken to resolve the issue? (Choose two.)
A. Reload the switch to force EtherChannel renegotiation
B. Ensure that interfaces Gi1/0/2 and Gi1/0/3 connect to the same neighboring switch.
C. Ensure that the switchport parameters of Port channel1 match the parameters of the port channel on the
neighbor switch
D. Ensure that the corresponding port channel interface on the neighbor switch is named Port-channel1.
E. Ensure that the neighbor interfaces of Gi1/0/2 and Gi/0/3 are configured as members of the same
EtherChannel
Answer: (SHOW ANSWER)
Causes of Errdisable
This feature was first implemented in order to handle special collision situations in which the switch detected
excessive or late collisions on a port. Excessive collisions occur when a frame is dropped because the switch
encounters 16 collisions in a row. Late collisions occur after every device on the wire should have recognized
that the wire was in use. Possible causes of these types of errors include:
* A cable that is out of specification (either too long, the wrong type, or defective)
* A bad network interface card (NIC) card (with physical problems or driver problems)
* A port duplex misconfiguration
A port duplex misconfiguration is a common cause of the errors because of failures to negotiate the speed and
duplex properly between two directly connected devices (for example, a NIC that connects to a switch). Only
half-duplex connections should ever have collisions in a LAN. Because of the carrier sense multiple access
(CSMA) nature of Ethernet, collisions are normal for half duplex, as long as the collisions do not exceed a small
percentage of traffic.

NEW QUESTION: 23
What are two differences between the RIB and the FIB? (Choose two.)
A. The FIB is derived from the data plane, and the RIB is derived from the FIB.
B. The RIB is a database of routing prefixes, and the FIB is the Information used to choose the egress interface
for each packet.
C. FIB is a database of routing prefixes, and the RIB is the information used to choose the egress interface for
each packet.
D. The FIB is derived from the control plane, and the RIB is derived from the FIB.
E. The RIB is derived from the control plane, and the FIB is derived from the RIB.
Answer: (SHOW ANSWER)
The RIB (Routing Information Base) is a database of routing prefixes that includes all learned routes, such as
those from dynamic routing protocols, static routes, and directly connected routes. The FIB (Forwarding
Information Base), on the other hand, is used to make IP destination prefix-based switching decisions and
contains only the best path as determined by the routing protocol, which is used to forward packets12345.
References := Cisco documentation and learning resources on RIB and FIB.

NEW QUESTION: 24
Refer to the exhibit.
An engineer must ensure that all traffic leaving AS 200 will choose Link 2 as an entry point. Assuming that all
BGP neighbor relationships have been formed and that the attributes have not been changed on any of the
routers, which configuration accomplish task?

A. Option A
B. Option B
C. Option C
D. Option D
Answer: (SHOW ANSWER)
To ensure that all traffic leaving AS 200 chooses Link 2 as the entry point, the engineer can manipulate the
BGP attributes to make path via Link 2 more preferable. In this case, prepending AS numbers to the route
advertisement will make the path appear longer and thus less preferable through Link 1. By applying route-map
PREPEND with additional AS numbers on R3 for neighbor 10.1.1.1 (Link 1) and not doing so for neighbor
10.2.2.2 (Link 2), it will cause traffic to prefer entering through Link 2 which appears to have a shorter AS path.
References: = This explanation is based on common BGP practices covered in Cisco's Implementing and
Operating Cisco Service Provider Network Core Technologies (SPCOR) curriculum, where manipulating BGP
attributes such as AS_PATH is discussed as a method for influencing routing decisions.

NEW QUESTION: 25
An engineer must configure the strongest password authentication to locally authenticate on a router. Which
configuration must be used?

A. Option A
B. Option B
C. Option C
D. Option D
Answer: (SHOW ANSWER)
The strongest password authentication for local router access would be one that uses a strong encryption
algorithm to hash the password. In Cisco routers, this can be achieved by using the "username [username]
secret" command followed by a complex password string which is then encrypted using a strong hashing
algorithm like SHA-256 or MD5. References: Implementing and Operating Cisco Service Provider Network
Core Technologies (SPCOR) v1.1 Reference: https://community.cisco.com/t5/networking-
documents/understanding-the-differences-between-the-c

NEW QUESTION: 26
What is a client who is running 802.1x for authentication reffered to as?
A. supplicant
B. NAC device
C. authenticator
D. policy enforcement point
Answer: (SHOW ANSWER)
In the context of 802.1x authentication, the client device attempting to gain access to the network is referred to
as the supplicant. The supplicant is responsible for providing the necessary credentials to the authenticator,
which is typically a network access device like a switch or wireless access point, to validate its identity and
grant network access. References: The SPCOR course objectives include understanding the roles of different
entities in 802.1x authentication, including the supplicant, authenticator, and authentication server3

NEW QUESTION: 27
Drag and drop the Cisco SD-Access solution areas from the left onto the protocols they use on the right.

Answer:

Explanation:

NEW QUESTION: 28
Refer to the exhibit.
An engineer must modify the access control list EGRESS to allow all IP traffic from subnet 10.1.10.0/24 to
10.1.2.0/24. The access control list is applied in the outbound direction on router interface GigabitEthemet 0/1.
Which configuration commands can the engineer use to allow this traffic without disrupting existing traffic flows?

D.
Answer: (SHOW ANSWER)
The configuration commands in option C correctly specify the source subnet as 10.1.10.0 with the wildcard
mask 0.0.0.255 and the destination subnet as 10.1.2.0 with the wildcard mask 0.0.0.255. This allows all IP
traffic from the source subnet to the destination subnet as required. The commands are entered in the global
configuration mode, modifying the existing EGRESS access control list without disrupting other traffic flows.
References: The information is based on the Implementing and Operating Cisco Service Provider Network Core
Technologies (SPCOR) course

NEW QUESTION: 29

Refer to the exhibit. Which two configurations enable R1 and R2 to advertise routes into OSPF? (Choose two)
A.

E.
Answer: (SHOW ANSWER)
To enable R1 and R2 to advertise routes into OSPF, the configurations must include the network command
under OSPF configuration mode specifying the network to be advertised along with the appropriate wildcard
mask and area ID. Additionally, the interfaces that connect R1 and R2 should be configured with the ip ospf
command to include them in the OSPF process. References := The Implementing and Operating Cisco Service
Provider Network Core Technologies (SPCOR) course covers OSPF configuration and optimization in a
Service Provider network infrastructure, which includes the use of the network and ip ospf commands for route
advertisement

NEW QUESTION: 30

A. a predetermined string that is passed from client to server

B. a one-time encrypted token
C. a username that is stored in the local router database
D. a credential that is transmitted unencrypted
Answer: (SHOW ANSWER)
API keys are a simple method used to authenticate an application or user when making API calls. They are a
predetermined string that the client includes in the request header, which the server uses to recognize the API
call and verify that it has the permissions to access the requested resources. API keys are not encrypted
tokens, nor are they related to local router databases or transmitted unencrypted credentials.

NEW QUESTION: 31
Why is an AP joining a different WLC than the one specified through option 43?
A. The WLC is running a different software version.
B. The API is joining a primed WLC
C. The AP multicast traffic unable to reach the WLC through Layer 3.
D. The APs broadcast traffic is unable to reach the WLC through Layer 2.
Answer: (SHOW ANSWER)
An AP may join a different WLC than the one specified through option 43 if it has been primed to join another
WLC. Priming is the process of pre-configuring an AP with specific WLC details, such as the IP address, so that
when the AP boots up, it knows which controller to join. If an AP is primed to a specific WLC, it will ignore
DHCP option 43 and attempt to join the primed WLC. References: Cisco Community, Cisco Community, Cisco
Documentation

NEW QUESTION: 32
Simulation 04
Answer:
See the Solution below.
Explanation:
R1
Router ospf 1
Int loop0
Ip ospf 1 area 0
Int et0/0
Ip ospf 1 area 0
Ip ospf network point-to-point
Copy run start
R2
Router ospf 1
Int loop0
Ip ospf 1 area 0
Int et0/0
Ip ospf 1 area 0
Ip ospf network point-to-point
Copy run start
Verification:-
NEW QUESTION: 33
Refer to the exhibit.
An engineer must allow all users in the 10.2.2.0/24 subnet to access the Internet. To conserve address space
the public Interface address of 209 165 201.1 must be used for all external communication. Which command
set accomplishes these requirements?

B.
C.

D.
Answer: (SHOW ANSWER)
The task requires configuring NAT (Network Address Translation) to allow all users in the subnet 10.2.2.0/24 to
access the Internet using a single public IP address, which is 209.165.201.1, for all external communication.
This is typically done using PAT (Port Address Translation), also known as NAT overload, which allows multiple
private IP addresses to be mapped to a single public IP address but with different port numbers.
The correct command set would include defining an access list that specifies the local subnet, configuring the
router's inside interface that connects to the local network with ip nat inside, configuring the outside interface
with ip nat outside, and then specifying the NAT rule that uses PAT by referring to the access list and indicating
overload.
Option C is likely correct because it includes these elements:
* An access control list (ACL) that permits traffic from the 10.2.2.0/24 subnet.
* The ip nat inside command applied to an internal interface.
* The ip nat outside command applied to an external interface.
* A NAT rule that matches traffic permitted by the ACL and translates it using the IP address of the external
interface with overload enabled.

NEW QUESTION: 34
Refer to the exhibit.
Which IP address becomes the active next hop for 192.168.102 0/24 when 192.168.101.2 fails?
A. 192.168.101.18
B. 192.168.101.6
C. 192.168.101.10
D. 192.168.101.14
Answer: (SHOW ANSWER)
The active next hop IP address for the subnet 192.168.102.0/24 when the primary IP address 192.168.101.2
fails would be 192.168.101.6. This is based on the IP routing protocols and redundancy mechanisms such as
HSRP, VRRP, or GLBP, which are designed to provide high availability by allowing multiple routers to work
together to present the appearance of a single virtual router to the hosts on the LAN. The specific active next
hop would depend on the priority and tracking configuration of these protocols on the routers in question.
References: Implementing and Operating Cisco Service Provider Network Core Technologies (SPCOR) training
material provides a comprehensive guide on configuring, verifying, troubleshooting, and optimizing next-
generation, Service Provider IP network infrastructures, including details on high-availability mechanisms and
IP routing protocols1

NEW QUESTION: 35
Which two methods are used to assign security group tags to the user in a Cisco Trust Sec architecture?
(Choose two )
A. modular QoS
B. policy routing
C. web authentication
D. DHCP
E. IEEE 802.1x
Answer: (SHOW ANSWER)
In Cisco TrustSec architecture, security group tags (SGTs) are assigned to users to enforce security policies.
DHCP and IEEE 802.1x are two methods used for this purpose. DHCP can be used to assign SGTs based on
the IP address assigned to a user, while IEEE 802.1x leverages user authentication to dynamically assign
SGTs. Modular QoS and policy routing are not directly involved in the assignment of SGTs; they are used for
other purposes such as traffic management and route selection based on policies.
References:
* Understanding Cisco TrustSec4
* Cisco TrustSec Configuration Guide5

NEW QUESTION: 36
Drag and drop the descriptions from the left onto the routing protocol they describe on the right.

Answer:

Explanation:
NEW QUESTION: 37
Which two actions are recommended as security best practices to protect REST API? (Choose two.)
A. Use a password hash
B. Enable out-of-band authentication
C. Use TACACS+ authentication
D. Use SSL for encryption
E. Enable dual authentication of the session
Answer: (SHOW ANSWER)

NEW QUESTION: 38
Refer to the exhibit.

An engineer attempts to bundle interface Gi0/0 into the port channel, but it does not function as expected.
Which action resolves the issue?
A. Configure channel-group 1 mode active on interface Gi0/0.
B. Configure no shutdown on interface Gi0/0
C. Enable fast LACP PDUs on interface Gi0/0.
D. Set LACP max-bundle to 2 on interface Port-channeM
Answer: (SHOW ANSWER)
In the context of Cisco devices, when configuring a port channel with LACP (Link Aggregation Control
Protocol), both ends of the port-channel must be set to compatible modes for the LACP bundle to form
successfully. The exhibit shows that interface Gi0/1 is in an active state (SA flag), which means it is actively
sending LACP packets. For Gi0/0 to join the bundle, it also needs to be set to either active or passive mode.
Since we want it to function as expected and form a port-channel, setting it to 'active' will ensure that it sends
LACP packets and attempts to negotiate with other LACP-enabled ports.

NEW QUESTION: 39
Drag and drop the descriptions of the VSS technology from the left to the right. Not all options are used.
Answer:

Explanation:
Graphical user interface Description automatically generated

NEW QUESTION: 40
A. LISP
B. CTS
C. SGT
D. VRF
Answer: A (LEAVE A REPLY)
The Cisco SD-Access control plane is based on the Locator/ID Separation Protocol (LISP). LISP allows for the
separation of the identity and location of network endpoints, which simplifies the management of devices and
users within the network.

NEW QUESTION: 41
What is a VPN in a Cisco SD-WAN deployment?
A. common exchange point between two different services
B. attribute to identify a set of services offered in specific places in the SD-WAN fabric
C. virtualized environment that provides traffic isolation and segmentation in the SD-WAN fabric
D. virtual channel used to carry control plane information
Answer: (SHOW ANSWER)
A VPN in a Cisco SD-WAN deployment refers to a virtualized environment that provides traffic isolation and
segmentation within the SD-WAN fabric. This allows for the creation of secure, encrypted tunnels across the
network, ensuring that data traffic is kept separate and secure from other network traffic. References
:= Implementing and Operating Cisco Service Provider Network Core Technologies (SPCOR)

NEW QUESTION: 42
What is one main REST security design principle?
A. separation of privilege
B. password hashing
C. confidential algorithms
D. OAuth
Answer: (SHOW ANSWER)
The REST security design principle of separation of privilege requires that granting permissions to an entity
should not be based solely on a single condition. Instead, a combination of conditions based on the type of
resource is a better approach. This principle helps in mitigating the risk of unauthorized access by ensuring that
permissions are granular and context-dependent. References: REST Security Design Principles - Medium1.
Separation of Privilege: Granting permissions to an entity should not be purely based on a single condition, a
combination of conditions based on the type of resource is a better idea.
https://restfulapi.net/security-essentials/#:~:text=REST%20Security%20Design%20Principles&text=Least%20P

NEW QUESTION: 43
Which two GRE features are configured to prevent fragmentation? (Choose two.)
A. TCP MSS
B. PMTUD
C. DF bit Clear
D. MTU ignore
E. IP MTU
F. TCP window size
Answer: A,B (LEAVE A REPLY)
To prevent fragmentation in GRE tunnels, two features are configured: TCP MSS (Maximum Segment Size)
and PMTUD (Path Maximum Transmission Unit Discovery). TCP MSS adjusts the maximum segment size of
TCP packets to ensure they don't exceed the MTU, avoiding fragmentation. PMTUD discovers the path MTU
between two IP hosts, so that IP packets can be fragmented at the source to avoid fragmentation within the
network. References := Resolve IPv4 Fragmentation, MTU, MSS, and PMTUD Issues with GRE and IPsec -
Cisco, GRE Tunnel MTU, Interface MTU, and Fragmentation - Cisco Community

NEW QUESTION: 44
Which RF value represents the decline of the RF signal amplitude over a given distance?
A. signal-to-noise ration
B. effective isotropic racketed power
C. free space path loss
D. received signal strength indicator
Answer: (SHOW ANSWER)
The RF value representing the decline of the RF signal amplitude over a given distance is known as free space
path loss (FSPL). FSPL quantifies the loss of signal strength that occurs when an electromagnetic wave travels
through a clear path (free space) without obstacles that could cause reflection or diffraction. It's a critical factor
in designing wireless networks to ensure adequate signal coverage and strength.
References: Implementing and Operating Cisco Service Provider Network Core Technologies (SPCOR) training
materials1

NEW QUESTION: 45
Drag and drop the snippets onto the blanks within the code to construct a script that configures BGP according
to the topology. Not all options are used, and some options may be used twice.
Answer:

Explanation:
Graphical user interface, text, application, email Description automatically generated
NEW QUESTION: 46
In a Cisco SD-Access fabric, which control plane protocol is used for mapping and resolving endpoints?
A. DHCP
B. VXLAN
C. SXP
D. LISP
Answer: (SHOW ANSWER)
In Cisco SD-Access fabric, LISP (Locator/ID Separation Protocol) is used for mapping and resolving endpoints.
LISP creates a separate Identity namespace (Endpoint IDs or EIDs) from the Routing Locator namespace
(RLOCs). This separation provides an improved mechanism for traffic routing among various endpoints within
the network. References := Implementing and Operating Cisco Service Provider Network Core Technologies
(SPCOR)

NEW QUESTION: 47
In a three-tier hierarchical campus network design, which action is a design best-practice for the core layer?
A. provide QoS prioritization services such as marking, queueing, and classification for critical network traffic
B. provide redundant Layer 3 point-to-point links between the core devices for more predictable and faster
convergence
C. provide advanced network security features such as 802. IX, DHCP snooping, VACLs, and port security
D. provide redundant aggregation for access layer devices and first-hop redundancy protocols such as VRRP
Answer: (SHOW ANSWER)
In a three-tier hierarchical campus network design, the core layer should provide high-speed, reliable backbone
connectivity and fast convergence. Redundant Layer 3 point-to-point links between core devices ensure that
there is no single point of failure and that the network can quickly adapt to changes, maintaining service
availability and performance. References: Cisco's Design Best Practices for Enterprise Networks (as part of
Cisco's CCDA certification)

NEW QUESTION: 48

Reler to the exhibit. An engineer a configuring WebAuth on a Cisco Catalyst 9000 Series WIC. The engineer
has purchased a third-party certificate using the FQDN of the WLC as the CN and intends to use bit on the
WebAuth splash page What must be configured so that the clients do not receive a certificate error?
A. Virtual IPv4 Address must be set to a routatte address
B. Virtual IPv4 Hostname must match the CN of the certificate.
C. Trustpoint must be set to the management certificate of the WLC.
D. Web Au!h Interoepl HTTPs must be enabled.
Answer: (SHOW ANSWER)
When configuring WebAuth on a Cisco Catalyst 9000 Series WLC, it is crucial to ensure that clients do not
receive a certificate error when they are redirected to the WebAuth splash page. To achieve this, the Virtual
IPv4 Hostname must match the Common Name (CN) of the certificate used for the WebAuth page. This is
because the client's browser will check the CN on the certificate against the hostname it is connecting to. If
there is a mismatch, the browser will flag a certificate error, warning the user of a potential security risk. By
matching the Virtual IPv4 Hostname with the CN, the certificate validation process will pass, and clients will not
encounter a certificate error.

NEW QUESTION: 49
Refer to the exhibit.

An engineer must permit traffic from these networks and block all other traffic An informational log message
should be triggered when traffic enters from these prefixes Which access list must be used?
A. access-list acl_subnets permit ip 10.0.32.0 0 0.0.255 log
B. access-list acl_subnets permit ip 10.0.32.0 0.0.7.255 log
C. access-list acl_subnets permit ip 10.0.32.0 0.0.7.255 access-list acl_subnets deny ip any log
D. access-list acl_subnets permit ip 10.0.32.0 255.255.248.0 log
Answer: (SHOW ANSWER)
The task is to create an access list that allows traffic from a specific range of networks while logging the traffic.
The networks in question span from 10.0.32.0/24 to 10.0.39.0/24. To summarize these networks into a single
entry, we use a subnet mask that encompasses all the individual /24 networks. The correct summary uses the
wildcard mask 0.0.7.255, which corresponds to the subnet mask 255.255.248.0. This wildcard mask allows for
all addresses from 10.0.32.0 to 10.0.39.255, which includes all the specified networks.

NEW QUESTION: 50

A. Not all of the controllers in the mobility group are using the same mobility group name.
B. Not all of the controllers within the mobility group are using the same virtual interface IP address.
C. All of the controllers within the mobility group are using the same virtual interface IP address.
D. All of the controllers in the mobility group are using the same mobility group name.
Answer: (SHOW ANSWER)
When wireless clients roam between different wireless controllers, they should experience seamless
connectivity if the controllers are correctly configured. A common configuration issue that can cause a network
connectivity outage during roaming is when the controllers in the mobility group do not have the same virtual
interface IP address. The virtual interface is used by the controllers to exchange mobility messages and
manage client state information. If the virtual interface IP addresses are not consistent across the mobility
group, the controllers cannot properly communicate, leading to potential outages during client roaming.

NEW QUESTION: 51
What do Cisco DNA southbound APIs provide?
A. Interface between the controller and the network devices
B. NETCONF API interface for orchestration communication
C. RESful API interface for orchestrator communication
D. Interface between the controller and the consumer
Answer: (SHOW ANSWER)
Cisco DNA southbound APIs are used to provide an interface between the controller (such as Cisco DNA
Center) and the network devices it manages. These APIs allow for communication from the controller down to
the devices to facilitate configuration, management, monitoring, and operations. References: Implementing and
Operating Cisco Service Provider Network Core Technologies (SPCOR) v1.0 - Southbound APIs in Cisco DNA
documentation.
The Southbound API is used to communicate with network devices.
Graphical user interface, text, application, chat or text message Description automatically generated

NEW QUESTION: 52
Which two methods are used to reduce the AP coverage area? (Choose two)
A. Reduce channel width from 40 MHz to 20 MHz
B. Disable 2.4 GHz and use only 5 GHz.
C. Reduce AP transmit power.
D. Increase minimum mandatory data rate
E. Enable Fastlane
Answer: (SHOW ANSWER)
Reducing the AP transmit power will decrease the range of the signal, thereby reducing the coverage area.
This is effective in controlling the spread of the wireless signal to only the desired areas. Increasing the
minimum mandatory data rate effectively shrinks the cell size because only clients capable of higher data rates
will be able to connect, which typically requires them to be closer to the AP.

NEW QUESTION: 53
By default, which virtual MAC address does HSRP group 32 use?
A. 00:5e:0c:07:ac:20
B. 04:18:20:83:2e:32
C. 05:5e:5c:ac:0c:32
D. 00:00:0c:07:ac:20
Answer: (SHOW ANSWER)
HSRP (Hot Standby Router Protocol) is a Cisco proprietary redundancy protocol for establishing a fault-tolerant
default gateway. The protocol establishes a framework between network routers in order to achieve default
gateway failover if the primary gateway becomes inaccessible, by assigning a virtual MAC address to the group
of routers participating in HSRP. By default, HSRP group 32 uses the virtual MAC address 00:00:0c:07:ac:20.
This address is composed of the Cisco OUI (Organizationally Unique Identifier)
00:00:0c, followed by the HSRP identifier 07:ac, and finally the HSRP group number in hexadecimal, which for
group 32 is 20. References: Cisco's official documentation on HSRP

NEW QUESTION: 54
Which JSON script is properly formatted?

A.
B.

D.
Answer: A (LEAVE A REPLY)
JSON (JavaScript Object Notation) is a lightweight data-interchange format that is easy for humans to read and
write, and easy for machines to parse and generate. A properly formatted JSON script should have key-value
pairs with keys and string values enclosed in double quotation marks, and objects enclosed in curly braces {}.
Arrays should be enclosed in square brackets [], and each key-value pair should be separated by a comma,
except for the last pair in an object or array.

NEW QUESTION: 55
Reler to the exhibit The EtherChannel between SW1 and SW2 is not operational. Which a coon will resolve the
issue?
A. Configure channel-group 1 mode active on GVO and G1 1 of SW2.
B. Configure twitchport trunk encapsulation dot1q on SW1 and SW2.
C. Configure channel-group 1 mode active on Gl'O and GM of SW1 .
D. Configure switchport mode dynamic desirable on SW1 and SW2
Answer: (SHOW ANSWER)
The issue with the EtherChannel between SW1 and SW2 not being operational could be due to a
misconfiguration of the channel-group mode. Configuring both ends of the EtherChannel to be in active mode
ensures that LACP (Link Aggregation Control Protocol) is actively negotiating between both switches to
establish the EtherChannel link. References: Configuring EtherChannels

NEW QUESTION: 56
Which component transports data plane traffic across a Cisco SD-WAN network?
A. vSmart
B. vManage
C. cEdge
D. vBond
Answer: (SHOW ANSWER)
In a Cisco SD-WAN network, the data plane traffic is transported by the cEdge devices. These devices are
responsible for the forwarding of packets across the network, ensuring that data reaches its intended
destination. The cEdge operates at the network edge and is a critical component in the Cisco SD-WAN
architecture, handling the actual transmission of data packets.

NEW QUESTION: 57
Drag and drop the descriptions from the left onto the QoS components they describe on the right.

Answer:

Explanation:
Graphical user interface, text, application, email Description automatically generated

NEW QUESTION: 58
In a wireless network environment, what is calculated using the numerical values of the transmitter power level,
cable loss, and antenna gain?
A. RSSI
B. dBI
C. SNR
D. EIRP
Answer: (SHOW ANSWER)
EIRP (Effective Isotropic Radiated Power) is calculated using the numerical values of the transmitter power
level, cable loss, and antenna gain. It represents the power level that would be required if the antenna were an
ideal isotropic radiator, which radiates power equally in all directions. The EIRP is a critical factor in determining
the range and strength of the wireless signal.

NEW QUESTION: 59
In a Cisco SD-Access environment, which function is performed by the border node?
A. Connect uteri and devices to the fabric domain.
B. Group endpoints into IP pools.
C. Provide reachability information to fabric endpoints.
D. Provide connectivity to traditional layer 3 networks.
Answer: D (LEAVE A REPLY)
In a Cisco SD-Access environment, the border node is responsible for providing connectivity to traditional Layer
3 networks outside of the SD-Access fabric. It acts as an intermediary, facilitating communication between
endpoints within the fabric domain and external networks or services while maintaining the policy enforcement
and security features of SD-Access.
References: Implementing and Operating Cisco Service Provider Network Core Technologies source
documents or study guide.

NEW QUESTION: 60

Refer to the exhibit. PC-1 must access the web server on port 8080. To allow this traffic, which statement must
be added to an access control list that is applied on SW2 port G0/0 in the inbound direction?
A. permit host 172.16.0.2 host 192.168.0.5 eq 8080
B. permit host 192.168.0.5 host 172.16.0.2 eq 8080
C. permit host 192.168.0.5 eq 8080 host 172.16.0.2
D. permit host 192.168.0.5 it 8080 host 172.16.0.2
Answer: (SHOW ANSWER)
In Cisco routers, to allow traffic from a specific source to a specific destination on a particular port, the access
control list (ACL) needs to specify the source IP address, the destination IP address, and the destination port
number that needs to be accessed. Since PC-1 with IP address 172.16.0.2 is trying to access the web server
on port 8080 at IP address 192.168.0.5, the ACL applied inbound on SW2's G0/0 interface should permit traffic
from PC-1 to reach the web server's specific port. References: Implementing and Operating Cisco Service
Provider Network Core Technologies (SPCOR) training materials.

NEW QUESTION: 61
Which type of antenna is designed to provide a 360-degree radiation pattern?
A. omnidirectional
B. Yagi
C. patch
D. directional
Answer: (SHOW ANSWER)

NEW QUESTION: 62
Refer to the exhibit.

An engineer must allow R1 to advertise the 192 168.1 0/24 network to R2 R1 must perform this action without
sending OSPF packets to SW1 Which command set should be applied?

C.
D.
Answer: (SHOW ANSWER)
To advertise the 192.168.1.0/24 network to R2 without sending OSPF packets to SW1, the engineer must
configure OSPF in such a way that it includes the network in the OSPF advertisements to R2 but excludes it
from being advertised to SW1. This can typically be achieved by manipulating OSPF network types or using
OSPF passive-interface commands to prevent OSPF updates from being sent out through the interface
connected to SW1.

NEW QUESTION: 63
What is a characteristic of a traditional WAN?
A. low complexity and high overall solution scale
B. centralized reachability, security, and application policies
C. operates over DTLS and TLS authenticated and secured tunnels
D. united data plane and control plane
Answer: (SHOW ANSWER)
Traditional WANs are characterized by centralized reachability, security, and application policies. This means
that the WAN is managed from a central location, allowing for consistent policy enforcement and simplification
of the network structure. Traditional WANs do not operate over DTLS and TLS tunnels; instead, they rely on
dedicated leased lines, MPLS, or other types of connections that provide point-to-point connectivity. The data
plane and control plane are typically integrated in traditional WAN devices, such as routers, which handle both
forwarding data packets and the routing protocols that manage path selection.
References:
* Traditional WAN Design Summary - Cisco1
* The 2015 Guide to WAN Architecture & Design - Cisco2
* Traditional WAN vs. SD-WAN: Everything You Need to Know3

NEW QUESTION: 64
Drag and drop the characteristics from the left onto the deployment models on the right Not all options are
used.
Answer:

Explanation:

NEW QUESTION: 65
Refer to the exhibit.
Assuming the WLC's interfaces are not in the same subnet as the RADIUS server, which interface would the
WLC use as the source for all RADIUS-related traffic?
A. the interface specified on the WLAN configuration
B. any interface configured on the WLC
C. the controller management interface
D. the controller virtual interface
Answer: (SHOW ANSWER)
In a Cisco Wireless LAN Controller (WLC) setup, the controller management interface is used as the source for
all RADIUS-related traffic when the interfaces are not in the same subnet as the RADIUS server. This interface
is specifically designated for in-band management of the device, system traffic, and RADIUS-related
communication, ensuring secure and reliable authentication and authorization services. References
:= Implementing and Operating Cisco Service Provider Network Core Technologies

NEW QUESTION: 66
Refer to the exhibit. An engineer builds an EEM script to apply an access list. Which statement must be added
to complete the script?
A. event none
B. action 2.1 cli command "ip action 3.1 ell command 101''
C. action 6.0 ell command ''ip access-list extended 101''
D. action 6.0 cli command ''ip access-list extended 101"
Answer: (SHOW ANSWER)
The script is missing an event to trigger the EEM applet. In Cisco EEM (Embedded Event Manager), an event is
a specific occurrence on a network device that is detected by EEM. The "event none" statement is used in EEM
scripts when the applet is not triggered by any system events but can be manually run. In this case, since the
script aims to apply an access list, it doesn't need to be triggered automatically by any system events but can
be invoked as required.
References: Implementing and Operating Cisco Service Provider Network Core Technologies source
documents or study guide

NEW QUESTION: 67
What is a characteristic of YANG?
A. It is a Cisco proprietary language that models NETCONF data
B. It allows model developers to create custom data types
C. It structures data in an object-oriented fashion to promote model reuse
D. It provides loops and conditionals to control now within models
Answer: (SHOW ANSWER)
YANG (Yet Another Next Generation) is a data modeling language used to model configuration and state data
for network devices and services. It is not a Cisco proprietary language; rather, it is an open standard
developed by the IETF. YANG allows model developers to create custom data types, which is essential for
ensuring that models accurately represent the data they are intended to configure or monitor. This flexibility in
defining data types is one of the key characteristics that makes YANG a powerful tool for network modeling.
YANG models are structured in a modular fashion, which promotes reuse of models across different
implementations and vendors. While YANG does structure data in an object-oriented way, the ability to create
custom data types is a distinct characteristic that sets it apart from other data modeling languages.

NEW QUESTION: 68
Refer to the exhibit.
What is output by this code?
A. 8 7 6 5
B. -4 -5 -6 -7
C. -1 -2-3-4
D. 4 5 6 7
Answer: (SHOW ANSWER)
The code snippet provided in the exhibit is a simple Python program that initializes a variable count with the
value of 8. It then enters a while loop that continues executing as long as count is greater than 4. Inside the
loop, it prints the current value of count and then decrements count by one each iteration. As a result, it will
print the numbers 8, 7, 6, and 5 before count becomes less than or equal to four and the loop terminates.

NEW QUESTION: 69
Which NGFW mode block flows crossing the firewall?
A. Passive
B. Tap
C. Inline tap
D. Inline
Answer: (SHOW ANSWER)
In inline mode, the Cisco Next-Generation Firewall (NGFW) actively blocks flows crossing the firewall. This
mode allows the NGFW to intercept and analyze traffic in real-time, applying security policies and rules to
permit or deny traffic, thus providing active network security enforcement.
References: Cisco Firepower Next-Generation Firewall (NGFW) Data Sheet1.

NEW QUESTION: 70

Refer to the exhibit. Which command set must be added to permit and log all traffic that comes from
172.20.10.1 in interface GigabitEthernet0/1 without impacting the functionality of the access list?
A. Option A
B. Option B
C. Option C
D. Option D
Answer: (SHOW ANSWER)
Option B is the correct answer because it specifically permits and logs all traffic that comes from IP address
172.20.10.1 on interface GigabitEthernet0/1 without impacting the functionality of the access list. The command
set in Option B is:
Router(config)#access-list 100 seq 5 permit ip host 172.20.10.1 any log Router(config)#interface
GigabitEthernet0/1 Router(config-if)#access-group 100 in This command set adds a sequence to the access list
(seq 5) that allows traffic from IP address 172.20.10.1, logs this traffic, and applies this access list to incoming
traffic on interface GigabitEthernet0/1.

NEW QUESTION: 71
How does the RIB differ from the FIB?
A. The RIB is used to create network topologies and routing tables. The FIB is a list of routes to particular
network destinations.
B. The FIB includes many routes a single destination. The RIB is the best route to a single destination.
C. The RIB includes many routes to the same destination prefix. The FIB contains only the best route
D. The FIB maintains network topologies and routing tables. The RIB is a Iist of routes to particular network
destinations.
Answer: (SHOW ANSWER)
The Routing Information Base (RIB) is a data table stored in a router or a networked computer that lists the
routes to particular network destinations, and in some cases, metrics (distances) associated with those routes.
The RIB contains all the routes learned via static configuration or dynamic routing protocols, such as BGP,
OSPF, etc. On the other hand, the Forwarding Information Base (FIB) is used by the router to make forwarding
decisions and contains only the best route to each destination prefix, which has been selected by the routing
protocol algorithms from the RIB. The FIB is optimized for fast lookup to expedite the forwarding process23.
References:
* "RIB vs FIB differences?" from Network Engineering Stack Exchange2.
* "What is the difference between the RIB and FIB?" from Cisco Learning Network

NEW QUESTION: 72
Refer to the exhibit.

What are two effects of this configuration? (Choose two.)

A. R1 becomes the active router.
B. R1 becomes the standby router.
C. If R2 goes down, R1 becomes active but reverts to standby when R2 comes back online.
D. If R1 goes down. R2 becomes active and remains the active device when R1 comes back online.
E. If R1 goes down, R2 becomes active but reverts to standby when R1 comes back online.
Answer: (SHOW ANSWER)
The configuration shows that R1 and R2 are configured for HSRP (Hot Standby Router Protocol). R1 has a
higher priority (120) than R2 (110), so R1 becomes the active router. If R1 goes down, R2 will become active
because of its lower priority but will not revert back to standby when R1 comes back online due to preemption
not being configured. References := Implementing and Operating Cisco Service Provider Network Core
Technologies source documents or study guide

NEW QUESTION: 73
An engineer configures GigabitEthernet 0/1 for VRRP group 115. The router must assume the primary role
when it has the highest priority in the group. Which command set is required to complete this task?
A. Option A
B. Option B
C. Option C
D. Option D
Answer: (SHOW ANSWER)
In VRRP (Virtual Router Redundancy Protocol), the router with the highest priority will become the master
router for the group, provided it is higher than any other router in the group. The default priority is 100, and it
can be set up to 255. The command vrrp <group-number> priority <priority-value> is used to set the priority of a
VRRP group on an interface. To ensure that a router with a higher priority takes over as soon as it comes
online, you should also use the preempt command which enables the VRRP router to become master if it has a
higher priority than the current master. References: Implementing and Operating Cisco Service Provider
Network Core Technologies (SPCOR) training materials.

NEW QUESTION: 74
Refer to the exhibit.

Which configuration enables fallback to local authentication and authorization when no TACACS+ server is
available?
A. Router(config)# aaa authentication login default local Router(config)# aaa authorization exec default local
B. Router(config)# aaa authentication login default group tacacs+ local Router(config)# aaa authorization exec
default group tacacs+ local
C. Router(config)# aaa fallback local
D. Router(config)# aaa authentication login FALLBACK local Router(config)# aaa authorization exec
FALLBACK local
Answer: (SHOW ANSWER)
The correct configuration for fallback to local authentication and authorization when no TACACS+ server is
available is to specify 'local' as the secondary method after 'group tacacs+'. This ensures that if the TACACS+
server cannot be reached, the router will use the local database for authentication and authorization.

NEW QUESTION: 75
Which measure is used by an NTP server to indicate its closeness to the authoritative time source?
A. latency
B. hop count
C. time zone
D. stratum
Answer: (SHOW ANSWER)
The measure used by an NTP server to indicate its closeness to the authoritative time source is called the
stratum level. NTP operates hierarchically with several server levels, known as strata. The lower the stratum
number, the closer the server is to an authoritative time source, which ensures efficient propagation of time
information throughout the network hierarchy.
References: The information provided here is based on the search results from authoritative sources discussing
NTP server configurations and best practices

NEW QUESTION: 76

Refer to the exhibit. Which set of commands is required to configure and verify the VRF for Site 1 Network A on
router R1?
A. Option A
B. Option B
C. Option C
D. Option D
Answer: D (LEAVE A REPLY)
The process of configuring a VRF on a Cisco router generally includes the following steps:
* Enable IP routing if not already enabled.
* Create the VRF instance using the ip vrf command.
* Assign a unique RD to the VRF using the rd command within the VRF configuration mode.
* Associate the VRF with a specific interface using the ip vrf forwarding command in interface configuration
mode.
* Assign an IP address to the interface.
* Verify the configuration using the show ip vrf or show ip route vrf command.
References: For detailed instructions and examples, refer to the Implementing and Operating Cisco Service
Provider Network Core Technologies (SPCOR) source book and study guide, which provide comprehensive
coverage of VRF configuration and verification on Cisco routers.

Valid 350-401 Dumps shared by ExamDiscuss.com for Helping Passing 350-401 Exam! ExamDiscuss.com
now offer the newest 350-401 exam dumps, the ExamDiscuss.com 350-401 exam questions have been
updated and answers have been corrected get the newest ExamDiscuss.com 350-401 dumps with Test
Engine here: https://www.examdiscuss.com/Cisco/exam/350-401/premium/ (1282 Q&As Dumps, 35%OFF
Special Discount Code: freecram)
NEW QUESTION: 77
Drag and drop the LIPS components on the left to the correct description on the right.

Answer:

Explanation:

NEW QUESTION: 78
How does the Cisco SD-Access control plane simplify traditional routing environments?
A. Routing adjacencies are no longer required.
B. Full routing tables are shared and ensure that all routers know all paths within the underlay fabric and
overlay.
C. Separation of EID and RLOC reduces the size of routing tables.
D. Routers query all routes to the map server.
Answer: (SHOW ANSWER)
Cisco SD-Access control plane simplifies traditional routing environments by using Locator/ID Separation
Protocol (LISP). LISP separates the endpoint identifiers (EIDs) from the routing locators (RLOCs), which
reduces the size of routing tables as routers only need to know the RLOCs for routing, not the EIDs1234.
References: Cisco SD-Access Solution Design Guide1.

NEW QUESTION: 79
Refer to the exhibit How was spanning-tree configured on this interface?
A. By entering the command spanning-tree portfast trunk in the interface configuration mode.
B. By entering the command spanning-tree portfast in the interface configuration mode
C. By entering the command spanning-tree mst1 vlan 10,20,30,40 in the global configuration mode
D. By entering the command spanning-tree vlan 10,20,30,40 root primary in the interface configuration mode
Answer: (SHOW ANSWER)
The exhibit shows the configuration of spanning-tree on an interface with all VLANs (VLAN0010, VLAN0020,
VLAN0030, VLAN0040) in a Designated Forwarding state and Type as Point-to-Point Edge.
This configuration is consistent with the enabling of PortFast on the interface. PortFast is enabled by entering
the command spanning-tree portfast in the interface configuration mode. PortFast causes a switch or trunk port
to enter the spanning tree forwarding state immediately, bypassing the listening and learning states.
References: Implementing and Operating Cisco Service Provider Network Core Technologies Study Guide

NEW QUESTION: 80

A.
B.

D.
Answer: (SHOW ANSWER)
The correct configuration to restrict the amount of SSH traffic that a router accepts to 100 kbps involves
creating a policy map that specifies the maximum bandwidth for the class of traffic. This is done by defining a
class map to match the SSH traffic, then creating a policy map that uses the police command to set the rate
limit. The policy map is then applied to the control plane to enforce the limit on SSH traffic.
References: The information is based on the Implementing and Operating Cisco Service Provider Network Core
Technologies (SPCOR) source book CoPP protects the route processor on network devices by treating route
processor resources as a separate entity with its own ingress interface (and in some implementations, egress
also). CoPP is used to police traffic that is destined to the route processor of the router such as:
+ routing protocols like OSPF, EIGRP, or BGP.
+ Gateway redundancy protocols like HSRP, VRRP, or GLBP.
+ Network management protocols like telnet, SSH, SNMP, or RADIUS.
Therefore we must apply the CoPP to deal with SSH because it is in the
management plane. CoPP must be put under "control-plane" command.

NEW QUESTION: 81

Refer to Ihe exhibit. An engineer must update the existing configuation to achieve these resu ts:
* Only administrators from the 192.168 1.0.'?4 subnet can access the vty lines.
* Access to the vty lines using clear-text protocols is prohibited.
Which command set should be appled?

A.
B.

D.
Answer: (SHOW ANSWER)
The command set in Option C correctly applies an access list to permit only the specified subnet to access the
VTY lines. Additionally, it specifies the use of secure protocols by enabling transport input ssh, which prohibits
clear-text protocols like telnet.

NEW QUESTION: 82
What is the role of the RP in PIM sparse mode?
A. The RP responds to the PIM join messages with the source of requested multicast group
B. The RP maintains default aging timeouts for all multicast streams requested by the receivers.
C. The RP acts as a control-plane node and does not receive or forward multicast packets.
D. The RP is the multicast that is the root of the PIM-SM shared multicast distribution tree.
Answer: (SHOW ANSWER)
In Protocol Independent Multicast sparse mode (PIM-SM), the Rendezvous Point (RP) plays a crucial role in
the multicast distribution architecture. The RP acts as a central point in the network where multicast sources
send their traffic. This traffic is then distributed to the receivers down a shared distribution tree. The RP is
essentially the root of this shared tree and is vital for starting new sessions with sources and receivers. It is
important to note that the RP is required only in networks running PIM-SM, as it is designed to efficiently
manage multicast traffic by forwarding it only to network segments with active receivers that have explicitly
requested the data. This contrasts with PIM Dense Mode (PIM-DM), where multicast traffic is initially flooded to
all segments of the network, and unwanted traffic is pruned back12.
References:
* Cisco's "Configuring a Rendezvous Point" document provides an overview and configuration examples for
RPs in PIM-SM networks1.
* The "IP Multicast: PIM Configuration Guide - PIM Allow RP" document from Cisco details the configuration of
the PIM Allow RP feature in PIM-SM domains2

NEW QUESTION: 83
Simulation 07
Answer:
See the solution below.
Explanation:
Sw1
Config t
Archive
Log config
Logging enable
Notify syslog
R1
Config t
Ip flow-top-talkers
Match source address 172.16.2.1/30
Int et0/2
Ip flow ingress
Copy run start

NEW QUESTION: 84
If the maximum power level assignment for global TPC 802.11a/n/ac is configured to 10 dBm, which power
level effectively doubles the transmit power?
A. 13dBm
B. 14 dBm
C. 17dBm
D. 20 dBm
Answer: (SHOW ANSWER)
Suppose a transmitter is configured for a power level of 10 dBm. A cable with 5-dB loss connects the
transmitter to an antenna with an 8-dBi gain. The resulting EIRP of the system is EIRP = 10 dBm - 5 dB + 8 dBi
= 13 dBm.

NEW QUESTION: 85
Which of the following fiber connector types is the most likely to be used on a network interface card?
A. LC
B. SC
C. ST
D. MPO
Answer: (SHOW ANSWER)
The LC (Lucent Connector) is commonly used on network interface cards due to its compact size and secure
locking mechanism. It is well-suited for high-density connections, such as those found in data centers and
telecommunications environments.

NEW QUESTION: 86
Refer to the exhibit.
A company requires that all wireless users authenticate using dynamic key generation. Which configuration
must be applied?
A. AP(config-if-ssid)# authentication open wep wep_methods
B. AP(config-if-ssid)# authentication dynamic wep wep_methods
C. AP(config-if-ssid)# authentication dynamic open wep_dynamic
D. AP(config-if-ssid)# authentication open eap eap_methods
Answer: (SHOW ANSWER)
Dynamic key generation is a security feature used in wireless networks to provide each user with a unique
encryption key, which is dynamically generated and distributed by the authentication server. This method
enhances security by ensuring that even if one key is compromised, it does not affect the security of other
users' connections. The correct command to configure an access point (AP) to require wireless users to
authenticate using dynamic key generation is AP(config-if-ssid)# authentication dynamic open wep_dynamic.
This command sets the AP to use dynamic WEP (Wired Equivalent Privacy) keys along with open
authentication.
References: The information is based on the Implementing and Operating Cisco Service Provider Network Core
Technologies (SPCOR) training

NEW QUESTION: 87
A network administrator is designing a new network for a company that has frequent power spikes. The
company wants to ensure that employees can the best solution for the administrator to recommend?
A. Generator
B. Cold site
C. Redundant power supplies
D. Uninterruptible power supply
Answer: D (LEAVE A REPLY)
An uninterruptible power supply (UPS) is the best solution to ensure continuous power to the network
equipment during power spikes and outages. A UPS provides immediate backup power and allows for a safe
shutdown of equipment, preventing data loss and hardware damage.

NEW QUESTION: 88
Which component of the Cisco Cyber Threat Defense solution provides user and flow context analysis?
A. Cisco Firepower and FireSIGHT
B. Cisco Stealth watch system
C. Advanced Malware Protection
D. Cisco Web Security Appliance
Answer: (SHOW ANSWER)
The Cisco Stealthwatch system is the component of the Cisco Cyber Threat Defense solution that provides
user and flow context analysis. This system offers broad visibility across the network and is designed to analyze
and understand network behaviors, detect anomalies, and provide insights into network traffic patterns. It
leverages NetFlow data to perform security monitoring, application visibility, and control, as well as incident
response. By analyzing the flow data, Stealthwatch can identify malicious activities and potential threats within
the network, enabling a more proactive defense posture.
References: The information is based on the Cisco Cyber Threat Defense v2.0 Design Guide

NEW QUESTION: 89
A network engineer wants to configure console access to a router without using AAA so that the privileged exec
mode is entered directly after a user provides the correct login credentials. Which action achieves this goal?
A. Configure login authentication privileged on line con 0.
B. Configure a local username with privilege level 15.
C. Configure privilege level 15 on line con 0.
D. Configure a RADIUS or TACACS+ server and use it to send the privilege level.
Answer: (SHOW ANSWER)
To configure console access to a router without using AAA and to ensure that the privileged exec mode is
entered directly after providing the correct login credentials, a local username with privilege level 15 should be
configured. This is because privilege levels define the commands that users can access on the router. By
setting a user to privilege level 15, they are granted full access to all the router's commands, including those in
privileged exec mode, without the need to enter the enable command.

NEW QUESTION: 90

A. an encrypted JSON token that is used for authentication

B. an encrypted JSON token that is used for authorization
C. an encoded JSON token that is used to securely exchange information
D. an encoded JSON token that is used for authentication
Answer: (SHOW ANSWER)
JWT, or JSON Web Token, is an encoded JSON token that is used to securely exchange information between
parties. It is a compact, URL-safe means of representing claims to be transferred between two parties. The
claims in a JWT are encoded as a JSON object that is used as the payload of a JSON Web Signature (JWS)
structure or as the plaintext of a JSON Web Encryption (JWE) structure, enabling the claims to be digitally
signed or integrity protected with a Message Authentication Code (MAC) and/or encrypted.
References := Implementing and Operating Cisco Service Provider Network Core Technologies (SPCOR)

NEW QUESTION: 91
Which activity requires access to Cisco DNA Center CLI?
A. provisioning a wireless LAN controller
B. creating a configuration template
C. upgrading the Cisco DNA Center software
D. graceful shutdown of Cisco DNA Center
Answer: C (LEAVE A REPLY)
Access to Cisco DNA Center CLI is required when upgrading the Cisco DNA Center software. The CLI provides
a direct interface to the underlying system, allowing for detailed control and monitoring of the upgrade process.
It is essential for executing commands that may not be available through the graphical user interface (GUI),
ensuring a precise and controlled software upgrade. References: The official Cisco documentation outlines the
procedure for upgrading Cisco DNA Center software via CLI, detailing the necessary steps and precautions to
take during the process

NEW QUESTION: 92
Drag and drop the characteristics from the left onto the technology types on the right.
Answer:

Explanation:
Orchestration
Orchestration means arranging or coordinating multiple systems. It's also used to mean "running the same
tasks on a bunch of servers at once, but not necessarily all of them." Configuration Management Config
Management is part of provisioning. Basically, that's using a tool like Chef, Puppet or Ansible to configure our
server. "Provisioning" often implies it's the first time we do it. Config management usually happens repeatedly.
Configuration management (CM) is a systems engineering process for establishing and maintaining
consistency of a product's performance, functional, and physical attributes with its requirements, design, and
operational information throughout its life Configuration management is all about bringing consistency in the
infrastructure.
Configuration Orchestration vs Configuration Management
The first thing that should be clarified is the difference between "configuration orchestration" and
"configuration management" tools, both of which are considered IaC tools and are included on this list.
Configuration orchestration tools, which include Terraform and AWS CloudFormation, are designed to
automate the deployment of servers and other infrastructure. Configuration management tools like Chef,
Puppet, and the others on this list help configure the software and systems on this infrastructure that has
already been provisioned.

NEW QUESTION: 93
An engineer must configure AAA on a Cisco 9800 WLC for central web authentication Which two commands
are needed to accomplish this task? (Choose two.)
A. Option A
B. Option B
C. Option C
D. Option D
E. Option E
Answer: (SHOW ANSWER)
To configure AAA for central web authentication on a Cisco 9800 WLC, you typically need to define the
RADIUS server and create an authorization method list. The RADIUS server holds the authentication and
authorization policies, while the method list specifies the sequence of methods to be used for authorization.

NEW QUESTION: 94
A network administrator is implementing a routing configuration change and enables routing debugs to track
routing behavior during the change. The logging output on the terminal is interrupting the command typing
process. Which two actions can the network administrator take to minimize the possibility of typing commands
incorrectly? (Choose two.)
A. Configure the logging synchronous global configuration command
B. Configure the logging delimiter feature
C. Configure the logging synchronous command under the vty
D. Press the TAB key to reprint the command in a new line
E. increase the number of lines on the screen using the terminal length command
Answer: (SHOW ANSWER)
To minimize the possibility of typing commands incorrectly during routing debugs, the network administrator can
configure the logging synchronous global configuration command and the logging synchronous command
under the vty. These actions help manage the logging output on the terminal, preventing it from interrupting the
command typing process3. References: Cisco exam emulator

NEW QUESTION: 95
Drag and drop characteristics of PIM dense mode from the left to the right.
Answer:

Explanation:
A picture containing diagram Description automatically generated
PIM-DM supports only source trees - that is, (S,G) entries-and cannot be used to build a shared distribution
tree.
Reference:
https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipmulti_pim/configuration/xe-16-5/imc-pim-xe-16-5-book/im
PIM dense mode (PIM-DM) uses a push model to flood multicast traffic to every corner of the network. This
push model is a brute-force method of delivering data to the receivers. This method would be efficient in certain
deployments in which there are active receivers on every subnet in the network. PIM-DM initially floods
multicast traffic throughout the network. Routers that have no downstream neighbors prune the unwanted
traffic. This process repeats every 3 minutes.
A rendezvous point (RP) is required only in networks running Protocol Independent Multicast sparse mode
(PIM-SM).
In PIM dense mode (PIM-DM), multicast traffic is initially flooded to all segments of the network. Routers that
have no downstream neighbors or directly connected receivers prune back the unwanted traffic.

NEW QUESTION: 96
What is one difference between EIGRP and OSPF?
A. OSPF is a Cisco proprietary protocol, and EIGRP is an IETF open standard protocol.
B. OSPF uses the DUAL distance vector algorithm, and EIGRP uses the Dijkstra link-state algorithm
C. EIGRP uses the variance command lot unequal cost load balancing, and OSPF supports unequal cost
balancing by default.
D. EIGRP uses the DUAL distance vector algorithm, and OSPF uses the Dijkstra link-state algorithm
Answer: (SHOW ANSWER)
EIGRP (Enhanced Interior Gateway Routing Protocol) uses the Diffusing Update Algorithm (DUAL) to calculate
the shortest path to each network and allows for unequal cost load balancing with the variance command.
OSPF (Open Shortest Path First), on the other hand, uses the Dijkstra algorithm to build a shortest-path tree for
each route and does not support unequal cost load balancing by default. References: The Implementing and
Operating Cisco Service Provider Network Core Technologies (SPCOR) source book would contain more
information on the differences between EIGRP and OSPF, including their algorithms and load balancing
capabilities.

NEW QUESTION: 97
Which element enables communication between guest VMs within a virtualized environment?
A. hypervisor
B. vSwitch
C. virtual router
D. pNIC
Answer: (SHOW ANSWER)
The vSwitch, or virtual switch, is the component that enables communication between guest VMs within a
virtualized environment. It operates at the data link layer (Layer 2) of the OSI model and allows virtual machines
on the same host to communicate with each other as if they were connected to the same physical switch. The
vSwitch can also connect to physical switches to facilitate communication between VMs and the external
network.
References:
* The concept of vSwitch is covered in the Cisco course "Implementing and Operating Cisco Service Provider
Network Core Technologies (SPCOR)" where it discusses the role of virtualization in modern network
environments.
* Additional information can be found in the Cisco documentation and training materials available on the Cisco
Learning Network Store, specifically in the course materials for SPCOR.

NEW QUESTION: 98
Drag and drop the characteristics from the left onto the infrastructure deployment models on the right.

Answer:
Explanation:
Graphical user interface, text, application Description automatically generated

NEW QUESTION: 99
Refer to the exhibit.
Which HTTP request produced the REST API response that was returned by Cisco DNA Center?
A. fetch /network-device?macAddress=ac:4a:56:6c:7c:00
B. POST/network-device?macAddress=ac:4a:56:6c:7c:00
C. GET/network-device?macAddress=ac:4a:56:6c:7c:00
Answer: (SHOW ANSWER)
The REST API response in the exhibit was returned by Cisco DNA Center as a result of an HTTP GET request.
This can be inferred from the "200 OK" status code, which typically indicates that the server has successfully
processed the request for information. In this case, information about a network device with a specific MAC
address is being requested. References := Cisco Service Provider Network Core Technologies

NEW QUESTION: 100

Refer to the exhibit.
Which configuration must be applied to the HQ router to set up a GRE tunnel between the HQ and BR routers?

D.
Answer: (SHOW ANSWER)
The configuration required to set up a GRE tunnel between the HQ and BR routers is found in Option C. This
configuration specifies the tunnel source as the IP address of the interface on the HQ router, and the tunnel
destination as the IP address of an interface on the BR router. The ip address command assigns an IP address
to the tunnel interface itself. This setup allows for the encapsulation and de-encapsulation of traffic between the
two routers, enabling them to communicate over the GRE tunnel.

NEW QUESTION: 101

Refer to the exhibit.
An engineer is creating a Pytnon script to fetch the BGP configuration from a device using RESTCONF. What
does the output Indicate?
A. The BGP data resource identifier in the URL Incorrect.
B. There is no BGP process running on the device
C. RESTCONF is not enabled on the device.
Answer: (SHOW ANSWER)
The error message "uri keypath not found" suggests that the URI used to fetch the BGP configuration is
incorrect. This means the BGP data resource identifier in the URL is incorrect, making option A the correct
answer. The script is attempting to access a RESTCONF resource that does not exist on the server, hence the
"404 Not Found" error.
References:
* Implementing and Operating Cisco Service Provider Network Core Technologies course1234.
* Cisco Service Provider training materials567.

NEW QUESTION: 102

What is one fact about Cisco SD-Access wireless network deployments?
A. The access point is part of the fabric underlay
B. The WLC is part of the fabric underlay
C. The access point is part the fabric overlay
D. The wireless client is part of the fabric overlay
Answer: D (LEAVE A REPLY)
In Cisco SD-Access wireless network deployments, the wireless client is considered part of the fabric overlay.
The overlay network is a virtual network built on top of the underlay network. It allows for the deployment of
network services and policies that are independent of the underlying network topology. References :=
Implementing and Operating Cisco Service Provider Network Core Technologies
NEW QUESTION: 103
Drag and drop the characteristics from the left onto the routing protocols they describe on the right.

Answer:

NEW QUESTION: 104

An engineer must implement a configuration to allow a network administrator to connect to the console port of a
router and authenticate over the network. Which command set should the engineer use?
A. aaa new-model
aaa authentication login default enable
B. aaa new-model
aaa authentication login console local
C. aaa new-model aaa authentication login console group radius
D. aaa new-model aaa authentication enable default
Answer: (SHOW ANSWER)
The command set 'aaa new-model' followed by 'aaa authentication login console local' configures the router to
use the local database for authenticating network administrators connecting to the console port. This ensures
that authentication occurs over the network, providing secure access control.

NEW QUESTION: 105

How do the MAC address table and TCAM differ?
A. TCAM stores Layer 2 forwarding information, and the MAC address table stores QoS information
B. TCAM lookups can match only 1s and 0s, and MAC address lookups can match 1s. 0s, and a third
"care/don't care" state.
C. TCAM is a type of memory, and the MAC address table is a logical structure
D. TCAM is populated from the ARP file and the MAC address table is populated from the switch configuration
file
Answer: (SHOW ANSWER)

NEW QUESTION: 106

Refer to the exhibit.

After implementing the configuration 172.20.20.2 stops replaying to ICMP echoes, but the default route fails to
be removed. What is the reason for this behavior?
A. The source-interface is configured incorrectly.
B. The destination must be 172.30.30.2 for icmp-echo
C. The default route is missing the track feature
D. The threshold value is wrong.
Answer: (SHOW ANSWER)
The issue described indicates that even though 172.20.20.2 stops responding to ICMP echoes, the default
route does not get removed as expected. This suggests a problem with the tracking configuration of the route.
The correct implementation should include associating the tracked object with the routing configuration so that if
the tracked object goes down, it triggers the removal of the associated route. Since option C points out that the
default route lacks this association with tracking, it is identified as the cause of the issue.

NEW QUESTION: 107

Refer to the exhibit. An engineer attempts to configure a trunk between switch sw1 and switch SW2 using DTP,
but the trunk does not form. Which command should the engineer apply to switch SW2 to resolve this issue?
A. switchport mode dynamic desirable
B. switchport nonegotiate
C. no switchport
D. switchport mode access
Answer: (SHOW ANSWER)
In the scenario provided, both switches SW1 and SW2 are set to "dynamic auto" mode for their respective
interfaces. This mode allows the interface to become a trunk link if the connecting interface is set to trunk or
desirable mode. However, when both ends of a link are set to "dynamic auto," neither will actively attempt to
form a trunk. To resolve this issue, one of the switches needs to actively attempt to form a trunk, which can be
achieved by setting one of the interfaces to "dynamic desirable" mode using the command switchport mode
dynamic desirable.
References:
* Implementing and Operating Cisco Service Provider Network Core Technologies (SPCOR) v1.1
* Cisco's training and certification materials regarding DTP (Dynamic Trunking Protocol) and switchport modes.

NEW QUESTION: 108

What does the Cisco DNA Center use to enable the delivery of applications through a network and to yield
analytics for innovation?
A. process adapters
B. Command Runner
C. intent-based APIs
D. domain adapters
Answer: (SHOW ANSWER)
Cisco DNA Center uses intent-based APIs to enable the delivery of applications through a network and to yield
analytics for innovation. These APIs abstract the complexity of network operations and allow administrators to
express their intent, which the system then translates into the necessary configurations. This approach
simplifies network management, accelerates application delivery, and provides insights through analytics....
Reference:
https://www.cisco.com/c/en/us/products/collateral/cloud-systemsmanagement/dna-center/nb-06-dna-cent-plat-
so

NEW QUESTION: 109

Refer to the exhibit.
After running the code in the exhibit. Which step reduces the amount of data that NETCONF server returns to
the NETCONF client, to only the interface's configuration?
A. Create an XML filter as a string and pass it to get_config() method as an argument
B. Use the txml library to parse the data returned by the NETCONF server for the interface's configuration
C. Create a JSON filter as a string and pass it to the get_config() method as an argument
D. Use the JSON library to parse the data returned by the NETCONF server for the interface's configuration
Answer: (SHOW ANSWER)
In the context of NETCONF, which is an XML-based protocol used for network configuration, the most efficient
way to reduce the amount of data returned by the NETCONF server is to use an XML filter. By creating an XML
filter as a string, you can specify the exact configuration data you need, such as the interface's configuration in
this case. When this filter is passed to the get_config() method as an argument, the NETCONF server will only
return the data that matches the filter criteria, thus reducing the amount of data sent to the NETCONF client.

NEW QUESTION: 110

A. memory
B. bandwidth
C. IP address
D. processor
E. storage
F. secure access
Answer: (SHOW ANSWER)
A hypervisor is responsible for managing the virtual machines running on a host system. It must provide the
following resources to the virtual machines:
* Memory: The hypervisor allocates physical RAM to virtual machines, allowing them to operate as if they have
their own dedicated memory.
* Processor: The hypervisor schedules CPU time for virtual machines, ensuring they have the processing
power needed to run their applications.
* Storage: The hypervisor provides access to storage resources, such as hard drives or storage area networks,
so that virtual machines can store data and applications.
References: Use local resources on Hyper-V virtual machine with VMConnect2, Configure Your Resource
Allocation Settings in vSphere3.

NEW QUESTION: 111

Refer to the exhibit.
An engineer must assign an IP address of 192.168.1.1/24 to the GigabitEtherenet1 interface. Which two
commands must be added to the existing configuration to accomplish this task? (Choose two.)
A. Router(config-vrf)#ip address 192.168.1.1 255.255.255.0
B. Router(config-vrf)#address-family ipv4
C. Router(config-if)#address-family ipv4
D. Router(config-vrf)#address-family ipv6
E. Router(config-if)#ip address 192.168.1.1 255.255.255.0
Answer: (SHOW ANSWER)
To assign an IP address to the GigabitEthernet1 interface, the engineer needs to ensure that the interface is
configured to support IPv4 addressing and then assign the specific IP address. Option B,
"Router(config-vrf)#address-family ipv4", is required to specify that IPv4 addressing is being configured within
the VRF. Option E, "Router(config-if)#ip address 192.168.1.1 255.255.255.0", assigns the specific IP address
and subnet mask to the GigabitEthernet1 interface. References := The explanation can be corroborated with
information available in Cisco's official documentation and training materials for Implementing and Operating
Cisco Service Provider Network Core Technologies.

NEW QUESTION: 112

What does a northbound API accomplish?
A. programmatic control of abstracted network resources through a centralized controller
B. access to controlled network resources from a centralized node
C. communication between SDN controllers and physical switches
D. controlled access to switches from automated security applications
Answer: (SHOW ANSWER)
Northbound APIs in the context of Software-Defined Networking (SDN) provide a means for applications and
services to communicate with the SDN controller. These APIs allow for the programmatic control of network
resources that have been abstracted by the controller, enabling efficient orchestration and automation of the
network to align with the needs of different applications. This facilitates a dynamic and flexible approach to
network management that is not possible with traditional networking methods. References := What are SDN
Northbound APIs

NEW QUESTION: 113

Refer to the exhibit.

CR2 and CR3 ate configured with OSPF. Which configuration, when applied to CR1. allows CR1 to exchange
OSPF Information with CR2 and CR3 but not with other network devices or on new Interfaces that are added to
CR1?

A.
B.

D.
Answer: (SHOW ANSWER)

NEW QUESTION: 114

Refer to the exhibit.

Security policy requires all idle-exec sessions to be terminated in 600 seconds. Which configuration achieves
this goal?
A. line vty 0 15
absolute-timeout 600
B. line vty 0 15
exec-timeout
C. line vty 01 5
exec-timeout 10 0
D. line vty 0 4
exec-timeout 600
Answer: (SHOW ANSWER)
The exec-timeout command is used to configure the timeout for the exec session on a Cisco router or switch.
This command takes two arguments: the first is the timeout in minutes, and the second is the timeout in
seconds. To meet the security policy of terminating all idle-exec sessions in 600 seconds (which equals to 10
minutes), option C "line vty 0 4 exec-timeout 10 0" should be used. This configuration sets an exec timeout of
ten minutes and zero seconds on vty lines from zero to four, effectively meeting the security policy requirement.
References := For further details, you can refer to Cisco's official documentation on the exec-timeout command
here.

NEW QUESTION: 115

Refer to Exhibit.

MTU has been configured on the underlying physical topology, and no MTU command has been configured on
the tunnel interfaces. What happens when a 1500-byte IPv4 packet traverses the GRE tunnel from host X to
host Y, assuming the DF bit is cleared?
A. The packet arrives on router C without fragmentation.
B. The packet is discarded on router A
C. The packet is discarded on router B
D. The packet arrives on router C fragmented.
Answer: (SHOW ANSWER)
When a 1500-byte IPv4 packet traverses a GRE tunnel, and the DF (Don't Fragment) bit is cleared, the packet
can be fragmented if necessary. However, since the MTU on the physical interfaces underlying the tunnel is set
to 1500 bytes and there is no MTU command applied on the tunnel interfaces, the packet will not need to be
fragmented. Therefore, it will arrive at router C without fragmentation. References := Implementing and
Operating Cisco Service Provider Network Core Technologies source book and official Cisco documentation.

NEW QUESTION: 116

Drag and drop the characteristics from the left onto the routing protocols they describe on the right.
Answer:

Explanation:
Diagram Description automatically generated

NEW QUESTION: 117

AN engineer is implementing MPLS OAM to monitor traffic within the MPLS domain. Which action must the
engineer perform to prevent from being forwarded beyond the service provider domain when the LSP is down?
A. Disable IP redirects only on outbound interfaces
B. Implement the destination address for the LSP echo request packet in the 127.x.y.z/8 network
C. Disable IP redirects on all ingress interfaces
D. Configure a private IP address as the destination address of the headend router of Cisco MPLS TE.
Answer: (SHOW ANSWER)
MPLS OAM (Operations, Administration, and Maintenance) is used to monitor and troubleshoot MPLS
networks. To prevent packets from being forwarded beyond the service provider domain when the LSP (Label
Switched Path) is down, the destination address for the LSP echo request packet should be in the 127.x.y.z/8
network. This special address range is reserved for loopback and internal testing, ensuring that the packet does
not leave the local network even if the LSP is not operational. References: Implementing and Operating Cisco
Service Provider Network Core Technologies (SPCOR) v1.01.
NEW QUESTION: 118
What does Call Admission Control require the client to send in order to reserve the bandwidth?
A. SIP flow information
B. Wi-Fi multimedia
C. traffic specification
D. VoIP media session awareness
Answer: (SHOW ANSWER)
Call Admission Control (CAC) is a network feature used to ensure that voice and video traffic is given the
necessary bandwidth to maintain quality of service. CAC requires the client to send a traffic specification
(TSpec) as part of the Resource Reservation Protocol (RSVP). The TSpec defines the characteristics of the
traffic stream, allowing the network to reserve the required bandwidth and ensure that the call can be handled
with the appropriate quality.

NEW QUESTION: 119

Refer to the exhibit. What is the value of the variable list after the code is run?
A. [1, 2, 10]
B. [1, 2, 3, 10]
C. [1, 2, 10, 4]
D. [1, 10, 10, 10]
Answer: (SHOW ANSWER)
The code snippet modifies a Python list by changing the fourth element (index 3) from 4 to 10. Therefore, the
final list is [1, 2, 10, 4].

NEW QUESTION: 120

Refer to the exhibit.
What happens to access interfaces where VLAN 222 is assigned?
A. STP BPDU guard is enabled
B. A description "RSPAN" is added.
C. They are placed into an inactive state.
D. They cannot provide PoE.
Answer: (SHOW ANSWER)
VLAN 222 is configured as a Remote SPAN (RSPAN) VLAN. RSPAN allows for the monitoring of source ports
and VLANs across remote switches. While the configuration snippet does not show direct configuration on
access interfaces, typically, an RSPAN VLAN is used to carry mirrored traffic from the source to the destination.
References := Cisco RSPAN Configuration Guide

NEW QUESTION: 121

Refer to the exhibit.

An engineer must create a configuration that prevents R3from receiving the LSA about 172.16.1.4/32.Which
configuration set achieves this goal?
A. Option A
B. Option B
C. Option C
D. Option D
Answer: (SHOW ANSWER)
The goal is to prevent R3 from receiving the LSA about 172.16.1.4/32. To achieve this, a prefix-list is used to
filter out the specific LSA updates in OSPF routing. Option C shows a configuration on router R3 that denies the
prefix 172.16.1.4/32 using a prefix-list named INTO-AREA1, which is then applied to OSPF area 0 with the
'area 1 filter-list prefix INTO-AREA1 in' command. References: Implementing and Operating Cisco Service
Provider Network Core Technologies (SPCOR) v1.0 - This content can be found within the official Cisco
SPCOR study materials, where it discusses OSPF routing and route filtering using prefix lists.
Valid 350-401 Dumps shared by ExamDiscuss.com for Helping Passing 350-401 Exam! ExamDiscuss.com
now offer the newest 350-401 exam dumps, the ExamDiscuss.com 350-401 exam questions have been
updated and answers have been corrected get the newest ExamDiscuss.com 350-401 dumps with Test
Engine here: https://www.examdiscuss.com/Cisco/exam/350-401/premium/ (1282 Q&As Dumps, 35%OFF
Special Discount Code: freecram)

NEW QUESTION: 122

Which QoS queuing method transmits packets out of the interface in the order the packets arrive?
A. custom
B. weighted- fair
C. FIFO
D. priority
Answer: (SHOW ANSWER)
The QoS queuing method that transmits packets out of the interface in the order the packets arrive is First In,
First Out (FIFO). This method ensures that packets are sent in the exact same order they were received,
without any prioritization or reordering. References := Study CCNA: Quality of Service (QoS) Queues and
Queuing Explained3.

NEW QUESTION: 123

A customer wants to use a single SSID to authenticate loT devices using different passwords. Which Layer 2
security type must be configured in conjunction with Cisco ISE to achieve this requirement?
A. Fast Transition
B. Central Web Authentication
C. Cisco Centralized Key Management
D. Identity PSK
Answer: (SHOW ANSWER)
Identity Pre-Shared Key (Identity PSK) allows for the use of a single SSID to authenticate devices with different
passwords. It is a feature that enables individualized PSKs for different clients on the same SSID.
When using Identity PSK, each IoT device can have its own unique PSK while connecting to the same SSID,
which is managed through Cisco ISE (Identity Services Engine). This setup enhances security by providing
unique credentials for each device and simplifies management by reducing the number of SSIDs needed.

NEW QUESTION: 124

Which tag defines the properties to be applied to each specific WLAN?
A. RF tag
B. policy tag
C. AP tag
D. site tag
Answer: (SHOW ANSWER)
In the context of Cisco Catalyst 9800 Series Wireless Controllers, a policy tag is used to define the properties
that will be applied to each specific WLAN. The policy tag maps the WLAN profile to the policy profile, which in
turn defines the wireless characteristics of the WLAN and the network policies and switching policies for the
client2.
References := Cisco Catalyst 9800 Series Wireless Controller Software Configuration Guide

NEW QUESTION: 125

Which benefit is offered by a cloud infrastructure deployment but is lacking in an on-premises deployment?
A. efficient scalability
B. virtualization
C. storage capacity
D. supported systems
Answer: (SHOW ANSWER)
Cloud infrastructure deployments offer efficient scalability, which allows for rapid adjustment to resource needs,
typically in an automated fashion. This is a key advantage over on-premises deployments, which may require
manual intervention and physical hardware adjustments to scale.
References: The SPCOR course material covers the benefits of cloud infrastructure, emphasizing the
differences in scalability between cloud and on-premises solutions.

NEW QUESTION: 126

Which method displays text directly into the active console with a synchronous EEM applet policy?
A. event manager applet boom
event syslog pattern 'UP'
action 1.0 gets 'logging directly to console'
B. event manager applet boom
event syslog pattern 'UP'
action 1.0 syslog priority direct msg 'log directly to console'
C. event manager applet boom
event syslog pattern 'UP'
action 1.0 puts 'logging directly to console'
D. event manager applet boom
event syslog pattern 'UP'
action 1.0 string 'logging directly to console'
Answer: (SHOW ANSWER)
The correct method to display text directly into the active console with a synchronous EEM applet policy is by
using the puts command. The puts command in EEM (Embedded Event Manager) is used to output messages
to the console. In the context of the given options, option C is the correct one because it uses the puts
command to display the message 'logging directly to console' to the active console session.
References:
* Cisco Community discussion on sending 'show' command outputs to console/terminal using EEM1.
* Cisco documentation on Writing Embedded Event Manager Policies Using the Cisco IOS CLI2.
* Cisco IOS Embedded Event Manager Command Reference3.
* Question regarding the method that displays text directly into the active console with a synchronous EEM
applet policy4.
* Cisco Press article on Embedded Events Manager5

NEW QUESTION: 127

What is a characteristic of a Type I hypervisor?
A. It is installed on an operating system and supports other operating systems above it.
B. It is referred to as a hosted hypervisor.
C. Problems in the base operating system can affect the entire system.
D. It is completely independent of the operating system.
Answer: (SHOW ANSWER)
A Type I hypervisor is a layer of software installed directly on top of a physical server and its underlying
hardware. Since no other software runs between the hardware and the hypervisor, it is also called the bare-
metal hypervisor. This type of hypervisor provides excellent performance and stability because it does not run
inside another operating system but is a simple operating system designed to run virtual machines. The
physical machine the hypervisor runs on serves virtualization purposes only, making it completely independent
of any operating system. References := phoenixNAP, IBM, ITExamAnswers, Linux Handbook, GeeksforGeeks

NEW QUESTION: 128

Refer to the exhibit. What is printed to the console when this script is run?
A. a key-value pair in tuple type
B. a key-value pair in list type
C. a key-value pair in string type
D. an error
Answer: (SHOW ANSWER)
The script defines a dictionary of VLANs with their associated IP addresses and then prints each key-value pair
from this dictionary. In Python, when you iterate over a dictionary using the .keys() method and print both key
and value, it will be displayed as tuple type because it's printing two immutable elements together.
NEW QUESTION: 129
A technician is assisting a user who cannot connect to a website. The technician attempts to ping the default
gateway and DNS server of the workstation. According to troubleshooting methodology, this is an example of:
A. a divide-and-conquer approach.
B. a bottom-up approach.
C. a top-to-bottom approach.
D. implementing a solution.
Answer: (SHOW ANSWER)
This approach involves isolating the problem to a specific component or area, which in this case is the
connectivity to the default gateway and DNS server. By testing these individual elements, the technician can
determine if the issue lies within the local network or if it's related to external factors such as DNS resolution.
References: The concept of divide-and-conquer is a fundamental troubleshooting methodology discussed in the
context of network troubleshooting in the Implementing and Operating Cisco Service Provider Network Core
Technologies (SPCOR) course1.

NEW QUESTION: 130

Refer to the exhibit. A network engineer configures NAT on R1 and enters me show command to verity me
configuration What toes the output confirm?
A. The first pocket triggered NAT to add an entry to the NAT table
B. R1 is configured with NAT overload parameters.
C. A Telnet session from 160.1.1.1 to 10.1.1.10 has been initiated.
D. R1 a configured win PAT overload parameters
Answer: (SHOW ANSWER)
The exhibit shows the output of a 'show ip nat statistics' command on router R1, indicating that Port Address
Translation (PAT) overload parameters are configured. This is evident from the "pool Basi" which has two
allocated addresses, suggesting that multiple internal addresses are being translated to a single external
address using different ports, a characteristic feature of PAT overload. References: For specific references,
please consult the Implementing and Operating Cisco Service Provider source documents or study guide.

NEW QUESTION: 131

Refer to the exhibit.

An engineer configures monitoring on SW1 and enters the show command to verify operation. What does the
output confirm?
A. SPAN session 1 monitors activity on VLAN 50 of a remote switch
B. SPAN session 2 only monitors egress traffic exiting port FastEthernet 0/14.
C. SPAN session 2 monitors all traffic entering and exiting port FastEthernet 0/15.
D. RSPAN session 1 is incompletely configured for monitoring
Answer: (SHOW ANSWER)
The output would typically show that RSPAN session 1 is incompletely configured if it does not display any
source or destination ports or VLANs for monitoring. RSPAN (Remote Switched Port Analyzer) sessions are
used to monitor traffic on one or more source ports and send the monitored traffic to a destination port on a
remote switch. An incomplete configuration means that the session is not fully set up to capture and forward
traffic as intended. References := Implementing and Operating Cisco Service Provider Network Core
Technologies

NEW QUESTION: 132

What is a benefit of Cisco TrustSec in a multilayered LAN network design?
A. Policy or ACLS are nor required.
B. There is no requirements to run IEEE 802.1X when TrustSec is enabled on a switch port.
C. Applications flows between hosts on the LAN to remote destinations can be encrypted.
D. Policy can be applied on a hop-by-hop basis.
Answer: D (LEAVE A REPLY)
Cisco TrustSec enables security policies to be applied consistently across the network on a hop-by-hop basis.
This means that security policies are enforced as traffic moves through each hop in the network, ensuring that
the policies are applied throughout the LAN, regardless of the path taken by the traffic.
References: The SPCOR training materials discuss Cisco TrustSec and its role in providing comprehensive
security in a multilayered LAN network design2.

NEW QUESTION: 133

Router R1must be configured as a UDP responder on port 6336 Which configuration accomplishes this task?

A. Option A
B. Option D
C. Option C
D. Option B
Answer: (SHOW ANSWER)

NEW QUESTION: 134

Relet lo Ibe exhibit.
An ertgineer must modify the existing configuration so that R2 can take over as the primary router when serial
interface 0/0.1 on R1 goes down. Whtch command must the engineer apply''
A. R2W standby 100 track 26 decrement 10
B. R2# standby 100 preempt
C. R2# track 26 interface SerialWO.1 line-protocol
D. R2# standby 100 priority 100
Answer: (SHOW ANSWER)
To ensure R2 can take over as the primary router when the serial interface 0/0.1 on R1 goes down, the
command R2# standby 100 preempt should be used. This command allows R2 to become the active router if it
has a higher priority than the current active router. It is particularly useful in scenarios where the current active
router becomes unavailable, ensuring that network availability is maintained.

NEW QUESTION: 135

How do stratum levels relate to the distance from a time source?
A. Stratum 1 devices are connected directly to an authoritative time source.
B. Stratum 15 devices are connected directly to an authoritative time source
C. Stratum 0 devices are connected directly to an authoritative time source.
D. Stratum 15 devices are an authoritative time source.
Answer: (SHOW ANSWER)
Stratum levels indicate the distance of a network device from an authoritative time source in the Network Time
Protocol (NTP) hierarchy. A Stratum 1 device is directly connected to an authoritative time source, such as a
GPS or radio clock, making it the most accurate time server available to clients. Higher stratum levels (e.g.,
Stratum 2, Stratum 3, etc.) are further away from the authoritative source and thus have slightly less accuracy
due to network delays.

NEW QUESTION: 136

Simulation 05

Answer:
See the solution below.
Explanation:
R1
enable
Config t
Int loop0
Ip ospf 1 area 0
Int et0/0
Ip ospf 1 area 0
Ip ospf network point-to-point
copy run start
R2
Enable
Config t
Int loop0
Ip ospf 1 area 0
Int et0/0
Ip ospf 1 area 0
Ip ospf network point-to-point
Int et0/1
Ip ospf 1 area 0
Ip ospf network point-to-point
copy run start
R3
Enable
Config t
Int loop0
Ip ospf 1 area 0
Int et0/1
Ip ospf 1 area 0
Ip ospf network point-to-point
copy run start
Verification:-

Valid 350-401 Dumps shared by ExamDiscuss.com for Helping Passing 350-401 Exam! ExamDiscuss.com
now offer the newest 350-401 exam dumps, the ExamDiscuss.com 350-401 exam questions have been
updated and answers have been corrected get the newest ExamDiscuss.com 350-401 dumps with Test
Engine here: https://www.examdiscuss.com/Cisco/exam/350-401/premium/ (1282 Q&As Dumps, 35%OFF
Special Discount Code: freecram)
NEW QUESTION: 137
A network engineer must configure a switch to allow remote access for all feasible protocols. Only a password
must be requested for device authentication and all idle sessions must be terminated in 30 minutes. Which
configuration must be applied?

A. Option A
B. Option B
C. Option C
D. Option D
Answer: C (LEAVE A REPLY)
To allow remote access for all feasible protocols while only requesting a password for device authentication and
terminating all idle sessions in 30 minutes, the configuration must include setting up lines for remote access
protocols like Telnet or SSH, specifying a password for login authentication, and configuring an exec-timeout of
30 minutes. This ensures that users can remotely access the switch using various protocols, are authenticated
using a password, and that any idle sessions are automatically terminated after the specified time to maintain
security.

NEW QUESTION: 138

Which exhibit displays a valid JSON file?
A. Option A
B. Option B
C. Option C
D. Option D
Answer: (SHOW ANSWER)
The valid JSON file is the one that correctly follows the JSON format, which is a lightweight data-interchange
format that is easy for humans to read and write and easy for machines to parse and generate. The JSON
format is based on a subset of the JavaScript language, though it can be used with many other programming
languages. In the context of Cisco Service Provider Network Core Technologies, JSON files are often used for
configuration and data interchange between network devices and management systems.

NEW QUESTION: 139

Which free application has the ability to make REST calls against Cisco DNA Center?
A. API Explorer
B. REST Explorer
C. Postman
D. Mozilla
Answer: (SHOW ANSWER)
Postman is a free application that can make REST calls against Cisco DNA Center. It is widely used for API
testing and development, allowing users to send HTTP requests and analyze responses. API Explorer (A) and
REST Explorer (B) are not applications but rather features within certain platforms that assist with API
interaction. Mozilla (D) is a web browser and does not have built-in capabilities to make REST calls like
Postman does.

NEW QUESTION: 140

A. 15
B. 20
C. 25
D. 10
Answer: (SHOW ANSWER)
The recommended minimum Signal-to-Noise Ratio (SNR) for Voice applications in networks is 25 dB. This level
of SNR ensures that voice traffic has sufficient quality and clarity, reducing the likelihood of data corruption and
retransmissions. References := Cisco Meraki Documentation: Signal-to-Noise Ratio (SNR) and Wireless Signal
Strength4
https://documentation.meraki.com/MR/WiFi_Basics_and_Best_Practices/Signal-to-Noise_Ratio_(SNR)_and_W

NEW QUESTION: 141

Refer to the exhibit. What does the error message relay to the administrator who is trying to configure a Cisco
IOS device?
A. A NETCONF request was made for a data model that does not exist.
B. The device received a valid NETCONF request and serviced it without error.
C. A NETCONF message with valid content based on the YANG data models was made, but the request failed.
D. The NETCONF running datastore is currently locked.
Answer: (SHOW ANSWER)

Reference:
https://www.cisco.com/c/en/us/support/docs/storage-networking/management/200933-YANG-NETCONF-Confi
NEW QUESTION: 142

Refer to the exhibit. A network engineer must load balance traffic that comes from the NAT Router and is
destined to 10.10.110.10, to several FTP servers. Which two commands sets should be applied? (Choose two).

E.
Answer: (SHOW ANSWER)
In a Cisco network, load balancing to multiple FTP servers can be achieved using Network Address Translation
(NAT) along with load balancing techniques such as round-robin or least connections. The configuration would
involve defining a NAT pool with the IP addresses of the FTP servers and setting up appropriate NAT rules to
distribute incoming traffic among these servers. Additionally, routing protocols and interface configurations play
a role in ensuring efficient traffic distribution and failover.

NEW QUESTION: 143

What is one benefit of adopting a data modeling language?
A. augmenting management process using vendor centric actions around models
B. refactoring vendor and platform specific configurations with widely compatible configurations
C. augmenting the use of management protocols like SNMP for status subscriptions
D. deploying machine-friendly codes to manage a high number of devices
Answer: (SHOW ANSWER)
Adopting a data modeling language like YANG provides a standardized data structure, which results in
configuration scalability and consistency across different vendor and platform configurations. This
standardization allows for the refactoring of vendor and platform-specific configurations into widely compatible
configurations, facilitating easier management and automation of network devices.

NEW QUESTION: 144

Refer to the exhibit An engineer is troubleshooting a newly configured BGP peering that does not establish
What is the reason for the failure?
A. BGP peer 10 255 255 3 is not configured for peenng wth R1
B. Mandatory BOP parameters between R1 and 10 255 255 3 are mismatched
C. A firewall is blocking access to TCP port 179 on the BGP peer 10 255 255.3
D. Both BGP pern are configured for passive TCP transport
Answer: (SHOW ANSWER)
The exhibit indicates that the BGP peering is not established, which is evident from the "Destination
unreachable; gateway or host down" message when attempting to telnet to port 179 on the BGP peer
10.255.255.3 from the R1 router interface lo0 (loopback0). This message typically signifies that a firewall is
blocking access to TCP port 179, which is essential for BGP peering.

NEW QUESTION: 145

What is a characteristic of the Cisco DMA Center Template Editor feature?
A. It facilitates software upgrades lo network devices from a central point.
B. It facilitates a vulnerability assessment of the network devices.
C. It provides a high-level overview of the health of every network device.
D. It uses a predefined configuration through parameterized elements or variables.
Answer: (SHOW ANSWER)
The Cisco DNA Center Template Editor tool is a feature within the Cisco Digital Network Architecture Center
that allows for centralized management of network device configurations. It utilizes a CLI template to create and
assign configuration files to specific network profiles. This tool enables the deployment of configurations to any
device under a campus fabric through a predefined configuration using parameterized elements or variables1.

NEW QUESTION: 146

Running the script causes the output in the exhibit. Which change to the first line of the script resolves the
error?

A. from ncclient import

B. import manager
C. from ncclient import*
D. import ncclient manager
Answer: (SHOW ANSWER)
The error shown in the exhibit can be resolved by changing the first line of the script to "from ncclient import
*". This syntax is used in Python to import all modules from a package, which in this case includes the
'manager' module required for establishing a connection using ncclient.manager.connect.
References:
* Implementing and Operating Cisco Service Provider Network Core Technologies (SPCOR) training1.
* Cisco's official certification exam overview for SPCOR 350-5012.

NEW QUESTION: 147

Which two results occur if Cisco DNA center loses connectivity to devices in the SD-ACCESS fabric?
(Choose two)
A. All devices reload after detecting loss of connection to Cisco DNA Center
B. Already connected users are unaffected, but new users cannot connect
C. User connectivity is unaffected
D. Cisco DNA Center is unable to collect monitoring data in Assurance
E. Users lose connectivity
Answer: (SHOW ANSWER)
When Cisco DNA Center loses connectivity to devices in the SD-ACCESS fabric, already connected users
remain unaffected, ensuring continuous user connectivity (B). However, new users cannot connect due to the
loss of communication with Cisco DNA Center . The devices do not reload simply because of the lost
connection (A), and while Cisco DNA Center cannot collect monitoring data in Assurance (D), this does not
directly affect user connectivity. Users also do not lose connectivity (E) as the fabric continues to function for
existing connections.

NEW QUESTION: 148

Drag and drop the threat defense solutions from the left onto their descriptions on the right.

Answer:

Explanation:
NEW QUESTION: 149

Refer to the exhibit What does this Python script do?

A. enters the RAOIUS username for a specific IP address
B. writes the username for a specific IP address into a light database
C. enters the TACACS* username for a specific IP address
D. reads the username for a specific IP address from a light database
Answer: D (LEAVE A REPLY)
The Python script connects to a SQLite database and retrieves the username associated with a specific IP
address from the 'monitor_branch' table. It uses the sqlite3 library to establish a connection, execute a SQL
query to select the user where the 'loopbackip' matches the given IP, and then fetches the username.

NEW QUESTION: 150

A. EAP-TLS
B. PEAP
C. LDAP
D. EAP-FAST
Answer: (SHOW ANSWER)
For RADIUS-Based Authentication where EAP MS-CHAPv2 is configured on a client device, the outer method
protocol that must be configured on the ISE to support this authentication type is PEAP (B). PEAP
encapsulates the EAP MS-CHAPv2 within a secure TLS tunnel, providing an additional layer of protection for
the authentication process. References: The use of PEAP with EAP MS-CHAPv2 is part of the RADIUS
authentication mechanisms taught in the SPCOR training1.

NEW QUESTION: 151

In a Cisco Catalyst switch equipped with two supervisor modules an administrator must temporally remove the
active supervisor from the chassis to perform hardware maintenance on it. Which mechanism ensure that the
active supervisor removal is not disruptive to the network operation?
A. NSF/NSR
B. SSO
C. HSRP
D. VRRP
Answer: (SHOW ANSWER)
The mechanism that ensures non-disruptive operation during the active supervisor module removal in a Cisco
Catalyst switch is Stateful Switchover (SSO). SSO allows the standby supervisor module to take over the
operation seamlessly when the active supervisor is removed. This feature maintains the network state and
other important information, allowing the switch to continue operating without interruption. References: Cisco
Catalyst 9400 Series Supervisor Module Installation Note1.

NEW QUESTION: 152

Company policy restricts VLAN 10 to be allowed only on SW1 and SW2. All other VLANs can be on all three
switches. An administrator has noticed that VLAN 10 has propagated to SW3. Which configuration corrects the
issue?
A. SW1(config)#intgi1/1
SW1(config)#switchport trunk allowed vlan 1-9,11-4094
B. SW2(config)#intgi1/2
SW2(config)#switchport trunk allowed vlan 10
C. SW2(config)#int gi1/2
SW2(config)#switchport trunk allowed vlan 1-9,11-4094
D. SWl(config)#intgi1/1
SW1(config)#switchport trunk allowed vlan 10
Answer: (SHOW ANSWER)
The issue is that VLAN 10 has propagated to SW3, which is against the company policy. The company policy
allows only VLAN 10 on SW1 and SW2. To correct this issue, the allowed VLANs on the trunk link connecting
to SW3 should be configured to exclude VLAN 10. Option C accomplishes this by configuring the trunk link on
SW2 (int gi1/2) to allow all VLANs except VLAN 10 (switchport trunk allowed vlan
1-9,11-4094).
References :=
* Implementing and Operating Cisco Service Provider Network Core Technologies
* On-Demand E-Learning

NEW QUESTION: 153

Refer to the exhibit.

R2 is the neighboring router of R1. R2 receives an advertisement for network 192 168.10.50/32. Which
configuration should be applied for the subnet to be advertised with the original /24 netmask?

D.
Answer: B (LEAVE A REPLY)

NEW QUESTION: 154

A network administrator has designed a network with two multilayer switches on the distribution layer, which act
as default gateways for the end hosts. Which two technologies allow every end host in a VLAN to use both
gateways? (Choose two)
A. GLBP
B. HSRP
C. MHSRP
D. VSS
E. VRRP
Answer: (SHOW ANSWER)
GLBP (Gateway Load Balancing Protocol) and MHSRP (Multigroup Hot Standby Router Protocol) are the two
technologies that enable all end hosts in a VLAN to utilize both gateways. GLBP allows for automatic load
balancing on a single IP address, distributing client requests among all available routers. It achieves this by
assigning multiple virtual MAC addresses to a single virtual IP address, which the end hosts use as their default
gateway. MHSRP, on the other hand, is a variation of HSRP that allows for the creation of multiple HSRP
groups on a single interface, providing load balancing by assigning different groups to different end hosts.
References:
* The Cisco Community discussion on "GLBP vs HSRP" provides insights into the advantages of GLBP over
HSRP, including the ability to load balance with a single default gateway1.
* GeeksforGeeks offers a comparison of HSRP, VRRP, and GLBP, highlighting the load balancing capabilities
of GLBP2.
* ITU Online explains the suitability of HSRP for Cisco infrastructure and GLBP for optimizing both redundancy
and traffic distribution3.
* IP With Ease provides a detailed comparison of HSRP, VRRP, and GLBP, noting that GLBP is the only
protocol that provides load balancing among devices in the group4.
* Networks Training compares HSRP and VRRP, and emphasizes GLBP's unique ability to load balance traffic

NEW QUESTION: 155

Refer to the exhibit. What is achieved when this Python script is executed?
A. Each device that is looped through in the devices.txt file is put into its own list that is appended to the parent
dictionary.
B. Each device that is looped through in the devices.txt file is put into its own dictionary that is appended to the
parent list.
C. All devices that are looped through in the devices.txt file are put into a list that is appended to the parent
dictionary.
D. All devices that are looped through in the devices.txt file are put into a single dictionary that is appended to
the parent list.
Answer: (SHOW ANSWER)
The Python script provided in the exhibit reads device information from a file named "devices.txt" and
processes each line to create a dictionary for each device. The key details such as 'name', 'os-type', 'ip',
'username', and 'password' are extracted from each line and stored in individual dictionaries. These dictionaries
are then appended to a list named 'devices'. As a result, each device's information is encapsulated in its own
dictionary within the list, making it easy to iterate over and access each device's details separately.

NEW QUESTION: 156

Refer to the exhibit. What is achieved by this code?
A. It unshuts the loopback interface
B. It renames the loopback interface
C. It deletes the loopback interface
D. It displays the loopback interface
Answer: (SHOW ANSWER)
The code in the exhibit is an XML representation of a configuration for a loopback interface.
The <enabled>true</enabled> tag within the <Loopback> tags indicates that the loopback interface is being
enabled, or "unshut." In Cisco IOS, shutting down an interface means administratively disabling it, preventing it
from forwarding or receiving traffic. Conversely, unshutting an interface enables it to become active and
operational.
References:
* Implementing and Operating Cisco Service Provider Network Core Technologies (SPCOR)
* Cisco's official documentation and e-learning resources on NAT and interface configurations.

NEW QUESTION: 157

Refer to the exhibit.

These commands have been added to the configuration of a switch Which command flags an error if it is added
to this configuration?
A. monitor session 1 source interface port-channel 6
B. monitor session 1 source vlan 10
C. monitor session 1 source interface FatEtheret0/1 x
D. monitor session 1 source interface port-channel 7,port-channel8
Answer: (SHOW ANSWER)
The error will be flagged when trying to add the command "monitor session 1 source interface FatEthernet0/1
tx" because there is a typo in the interface name. It should be "FastEthernet" not "FatEthernet". In Cisco IOS,
the correct syntax and spelling are crucial for the commands to be accepted and executed. Any typos or
incorrect syntax will result in an error.

NEW QUESTION: 158

Refer to the exhibit.

Based on the configuration in this WLAN security setting, Which method can a client use to authenticate to the
network?
A. text string
B. username and password
C. certificate
D. RADIUS token
Answer: (SHOW ANSWER)
The WLAN security settings indicate that the PSK (Pre-Shared Key) is enabled, which typically requires a
passphrase or text string for authentication. However, since the question specifies that the configuration is
based on the exhibit, and without the ability to view the exhibit, it's not possible to provide a definitive answer.
Generally, if PSK is used, a text string would be the method for clients to authenticate to the network.
If 802.1X is enabled, then username and password would be used. References := Implementing and Operating
Cisco Service Provider Network Core Technologies

NEW QUESTION: 159

A wireless network engineer must configure a WPA2+WPA3 policy with the Personal security type. Which
action meets this requirement?
A. Configure the GCMP256 encryption cipher.
B. Configure the CCMP256 encryption cipher.
C. Configure the CCMP128 encryption cipher.
D. Configure the GCMP128 encryption cipher.
Answer: (SHOW ANSWER)
WPA2+WPA3 policy with Personal security type necessitates a robust encryption cipher for enhanced security.
CCMP256, being an advanced encryption standard, offers strong security, making it the appropriate choice for
this requirement..

NEW QUESTION: 160

A. data plane forwarding

B. control plane forwarding
C. systems management and orchestration
D. policy plane forwarding
Answer: (SHOW ANSWER)
VXLAN (Virtual Extensible LAN) is utilized in Cisco SD-Access deployments primarily for data plane forwarding.
It encapsulates original Ethernet frames into IP packets to transport them across the underlying infrastructure,
enabling network virtualization and effectively handling data traffic within a defined LAN segment.
References := Implementing and Operating Cisco Service Provider Network Core Technologies

NEW QUESTION: 161

Refer to the exhibit.

After configuring the BGP network, an engineer verifies that the path between Servers and Server2 Is
functional. Why did RouterSF choose the route from RouterDAL instead of the route from RouterCHI?
A. The Router-ID Tor Router DAL is lower than the Roter-ID for RouterCHI.
B. The route from RouterOAL has a lower MED.
C. BGP is not running on RouterCHI.
D. There is a static route in RouterSF for 10.0.0.0/24.
Answer: B (LEAVE A REPLY)
In BGP, the Multi-Exit Discriminator (MED) attribute is used to inform external neighbors about the preferred
path into an AS when multiple entry points exist. A lower MED value is preferred over a higher one.
Therefore, if RouterDAL advertises a route to the 10.0.0.0/24 network with a lower MED compared to
RouterCHI, RouterSF will choose the route from RouterDAL. This is assuming all other attributes are equal and
there is no more specific route or policy in place that would override the MED consideration.

NEW QUESTION: 162

Drag and drop the code snippets from the bottom onto the blanks in the script to convert a Python object into a
JSON string. Not all options are used.

Answer:
Explanation:
obj = json.JSONEncoder().encode(data)

NEW QUESTION: 163

Which wireless deployment mode uses a Flex architecture and allows Layer 2 roaming between APs without a
physical wireless controller?
A. Unified
B. autonomous mode
C. fabric
D. Cisco Mobility Express
Answer: (SHOW ANSWER)
Fabric wireless is an architecture where wireless services are provided by Cisco Wireless Controllers, which
can be deployed in the data center or any location within the network. This architecture allows Layer 2 roaming
between APs without requiring a physical controller in each location.
References: Implementing and Operating Cisco Service Provider Network Core Technologies

NEW QUESTION: 164

What is a characteristics of traffic policing?
A. lacks support for marking or remarking
B. must be applied only to outgoing traffic
C. can be applied in both traffic directions
D. queues out-of-profile packets until the buffer is full
Answer: (SHOW ANSWER)
Traffic policing is a mechanism used to control the rate of traffic in a network by applying limits to the traffic
flow. It can be applied to both incoming and outgoing traffic directions. Policing monitors the data rate and can
drop packets that exceed the defined rate or can mark them as out-of-profile for further processing. It ensures
that network resources are allocated fairly and prevents any single user or service from consuming excessive
bandwidth.
References:
* Quality of Service (QoS) Traffic Shaping and Policing3
* Difference between Traffic Policing and Traffic Shaping

NEW QUESTION: 165

Refer to the exhibit. The DevOps team noticed missing NetFlow data during peak utilization times for remote
branches. Which configuration allows for this issue to be minimized or resolved?
A. Configure NetFlow on the in and outbound directions.
B. Change the transport type from UDP to TCP.
C. Configure long byte counters when specifying a flow record.
D. Change the flow monitor to IPv6 from IPv4.
Answer: (SHOW ANSWER)
Configuring NetFlow on both inbound and outbound directions can help in capturing all the traffic flow data,
thereby minimizing or resolving the issue of missing NetFlow data during peak utilization times. This ensures
that all entering and exiting traffic is accounted for, providing a more comprehensive view of the network's
utilization.
References:
* Implementing and Operating Cisco Service Provider Network Core Technologies (SPCOR) training and
certification course1.
* Cisco Service Provider Network Core Technologies (SPCOR) v1.0 course overview2.
* Cisco 350-501 SPCOR exam topics3.

NEW QUESTION: 166

Drag and drop the code snippets from the bottom onto the blanks in the Python script to print the device model
to the screen and write JSON data to a file Not all options are used

Answer:
Explanation:
Valid 350-401 Dumps shared by ExamDiscuss.com for Helping Passing 350-401 Exam! ExamDiscuss.com
now offer the newest 350-401 exam dumps, the ExamDiscuss.com 350-401 exam questions have been
updated and answers have been corrected get the newest ExamDiscuss.com 350-401 dumps with Test
Engine here: https://www.examdiscuss.com/Cisco/exam/350-401/premium/ (1282 Q&As Dumps, 35%OFF
Special Discount Code: freecram)

NEW QUESTION: 167

A Cisco DNA Center REST API sends a PUT to the /dna/intent/api/v1/network-device endpoint A response
code of 504 is received What does the code indicate?
A. The response timed out based on a configured interval
B. The user does not have authorization to access this endpoint.
C. The username and password are not correct
D. The web server is not available
Answer: (SHOW ANSWER)
The response code of 504 indicates that the server, while acting as a gateway or proxy, did not receive a timely
response from the upstream server or some other auxiliary server it needed to access in order to complete the
request. This typically means that the request timed out. In the context of Cisco DNA Center REST API, this
could be due to network issues or the endpoint service taking too long to respond. References: Cisco DNA
Center REST API documentation2.

NEW QUESTION: 168

Refer to the exhibit.

Which HTTP JSON response does the python code output give?
A. NameError: name 'json' is not defined
B. KeyError 'kickstart_ver_str'
C. 7.61
D. 7.0(3)I7(4)
Answer: (SHOW ANSWER)
The Python code in the exhibit is likely making a request to a Cisco device's API and attempting to parse the
JSON response to extract the 'kickstart_ver_str' value. The correct answer is C, 7.61, which suggests that the
JSON response contains a dictionary with a key 'kickstart_ver_str' that has a value of '7.61'. This version
number corresponds to the kickstart version string of the Cisco NX-OS software.

NEW QUESTION: 169

Which API does Cisco DNA Center use to retrieve information about images?
A. SWIM
B. Img-Mgmt
C. PnP
D. Client Health
Answer: (SHOW ANSWER)
Cisco DNA Center utilizes the Software Image Management (SWIM) API to retrieve information about images.
This API provides a list of software images based on filter criteria, which can include parameters like image
name, version, family, and application type. The SWIM API allows users to manage all aspects of software
images, from importing and exporting to tagging and distribution.

NEW QUESTION: 170

A. BFD is used with first hop routing protocols to provide subsecond convergence.
B. BFD is more CPU-intensive than using reduced hold timers with routing protocols.
C. BFD is used with dynamic routing protocols to provide subsecond convergence.
D. BFD is used with NSF and graceful to provide subsecond convergence.
Answer: (SHOW ANSWER)
When using BFD in a network design, it is important to consider that BFD is used with dynamic routing
protocols to provide subsecond convergence. BFD is a low-overhead, short-duration method of detecting
failures in the forwarding path between two adjacent routers, which allows for rapid failure detection and quick
rerouting of traffic.

NEW QUESTION: 171

Drag and drop the characteristics from the left onto the switching architectures on the right.
Answer:

Explanation:
Graphical user interface, text, application Description automatically generated

NEW QUESTION: 172

Which configuration protects the password for the VTY lines against over-the-shoulder attacks?
A. username admin secret 7 6j809j23kpp43883500N7%e$
B. service password-encryption
C. line vty 04 password $25$FpM7182!
D. line vty 0 15 password $25$FpM71f82!
Answer: (SHOW ANSWER)
To protect the password for VTY lines against over-the-shoulder attacks, the configuration should include
'service password-encryption'. This command encrypts all plaintext passwords in the configuration file, making
them less susceptible to shoulder-surfing attacks789. References := Cisco Community discussions and Cisco's
official documentation on securing VTY lines

NEW QUESTION: 173

What is the function of the fabric control plane node in a Cisco SD-Access deployment?
A. It is responsible for policy application and network segmentation in the fabric
B. It performs traffic encapsulation and security profiles enforcement in the fabric
C. It holds a comprehensive database that tracks endpoints and networks in the fabric
D. It provides integration with legacy nonfabric-enabled environments
Answer: (SHOW ANSWER)
The fabric control plane node in a Cisco SD-Access deployment plays a critical role in the fabric's operation.
It contains a database that is essential for identifying an endpoint's location within the network. This database is
central to the fabric's functionality, as it allows for the tracking of endpoints and networks. An overloaded control
plane node that responds slowly can lead to application traffic loss on initial packets, which highlights the
importance of this node in maintaining efficient network operations.

NEW QUESTION: 174

Refer to the exhibit.
SwitchC connects HR and Sales to the Core switch However, business needs require that no traffic from the
Finance VLAN traverse this switch Which command meets this requirement?

D.
Answer: (SHOW ANSWER)
To prevent traffic from the Finance VLAN from traversing SwitchC, the appropriate command would be to
remove the VLAN associated with Finance from the allowed list on the trunk link connecting SwitchC to the
Core switch. This can be achieved by using the switchport trunk allowed vlan remove command followed by the
VLAN number. This command modifies the list of VLANs allowed on a trunk interface, effectively preventing
any traffic from the specified VLAN from passing through the trunk.

NEW QUESTION: 175

Refer to the exhibit Drag and drop the snippets into the RESTCONF request to form the request that returns
this response Not all options are used

Answer:
Explanation:

NEW QUESTION: 176

A network engineer is designing a QoS policy tor voice and video applications. Which software queuing feature
provides strict-priority servicing?
A. Class-Based Weighted Fair Queuing
B. Automatic QoS
C. Link Fragmentation
D. Low Latency Queuing
Answer: (SHOW ANSWER)

NEW QUESTION: 177

Refer to the exhibit.

The OSPF neighborship fails between two routers. What is the cause of this issue?
A. The OSPF router ID is missing on this router.
B. The OSPF process is stopped on the neighbor router.
C. There is an MTU mismatch between the two routers.
D. The OSPF router ID is missing on the neighbor router.
Answer: (SHOW ANSWER)
The OSPF neighborship fails between two routers due to an MTU mismatch. In OSPF, for a neighborship to be
established, the MTU size on the interfaces that connect neighboring routers should match. If there is a
mismatch in the MTU size, OSPF adjacency will not form. In the provided exhibit, it can be observed from the
log messages that there is an MTU mismatch error (mtu 9100 state EXSTART), indicating that this is the
reason for OSPF neighborship failure. References := Cisco - Implementing and Operating Cisco Service
Provider Network Core Technologies

NEW QUESTION: 178

What is a characteristic of a type 2 hypervisor?
A. ideal for data center
B. complicated deployment
C. ideal for client/end-user system
D. referred to as bare-metal
Answer: (SHOW ANSWER)
A type 2 hypervisor, also known as a hosted hypervisor, runs on top of a host operating system rather than
directly on the hardware. This makes it ideal for client or end-user systems where ease of use and flexibility are
more important than performance. Type 2 hypervisors are typically used for development, testing, or
educational purposes where full virtualization of the underlying hardware is not necessary.
References: Implementing and Operating Cisco Service Provider Network Core Technologies (SPCOR) course
materials1.

NEW QUESTION: 179

Refer to the exhibit.

What does the output confirm about the switch's spanning tree configuration?
A. The spanning-tree mode stp ieee command was entered on this switch
B. The spanning-tree operation mode for this switch is IEEE.
C. The spanning-tree operation mode for this switch is PVST+.
D. The spanning-tree operation mode for this switch is PVST
Answer: (SHOW ANSWER)
The output confirms that the switch is running Per-VLAN Spanning Tree Plus (PVST+), which is indicated by
the presence of a unique Spanning Tree instance for VLAN 20. PVST+ is a Cisco enhancement of the original
IEEE 802.1D Spanning Tree Protocol (STP) that provides for separate 802.1D spanning trees for each VLAN
configured in the network; this allows for better load balancing.
References: Implementing and Operating Cisco Service Provider Network Core Technologies (SPCOR) v1.1

NEW QUESTION: 180

A. line vty 0 15
login local
transport input none
B. line vty 0 15
login local
transport input telnet ssh
C. line vty 0 15
login local
transport input ssh
D. line vty 0 15
login local
transport input all
Answer: C (LEAVE A REPLY)
To ensure secure and reliable remote access for device administration, the configuration must specify SSH as
the only protocol allowed for remote access. This is achieved by using the transport input ssh command, which
configures the vty lines to accept only SSH connections, thus ensuring that all remote access is encrypted and
secure

NEW QUESTION: 181

An engineer applies this configuration to router R1. How does R1 respond when the user 'cisco' logs in?
A. It displays the startup config and then permits the user to execute commands
B. It places the user into EXEC mode and permits the user to execute any command
C. It displays the startup config and then terminates the session.
D. It places the user into EXEC mode but permits the user to execute only the show startup-config command
Answer: (SHOW ANSWER)
When the user 'cisco' logs in, router R1 will place the user into EXEC mode and permit the user to execute any
command. This is because the configuration applied to the router determines the level of access granted to the
user upon login. In Cisco routers, EXEC mode provides a higher level of access where users can execute
various commands to configure and manage the device.

NEW QUESTION: 182

Simulation 04
Configure OSPF on both routers according to the topology to achieve these goals:
Answer:
See the explanation for the solution.
Explanation:
Solution:
R1
Router ospf 1
Int loop0
Ip ospf 1 area 0
Int et0/0
Ip ospf 1 area 0
Ip ospf network point-to-point
Copy run start
R2
Router ospf 1
Int loop0
Ip ospf 1 area 0
Int et0/0
Ip ospf 1 area 0
Ip ospf network point-to-point
Copy run start
Verification:-
NEW QUESTION: 183
An engineer runs the code against an API of Cisco DMA Center, and the platform returns this output What does
the response indicate?
A. The authentication credentials are incorrect
B. The URl string is incorrect.
C. The Cisco DNA Center API port is incorrect
D. The HTTP method is incorrect
Answer: (SHOW ANSWER)
he output indicates that the HTTP method used in the API request is not supported by the Cisco DNA Center's
API endpoint. This is typically the case when the endpoint expects a different type of request method, such as
GET, POST, PUT, or DELETE, and the one used is not correct for the intended operation.
References: The Implementing and Operating Cisco Service Provider Network Core Technologies (SPCOR)
course
https://developer.mozilla.org/en-US/docs/Web/HTTP/Status

NEW QUESTION: 184

Why would an architect use an OSPF virtual link?
A. to allow a stub area to transit another stub area
B. to connect two networks that have overlapping private IP address space
C. to merge two existing Area Os through a nonbackbone
D. to connect a nonbackbone area to Area 0 through another nonbackbone area
Answer: (SHOW ANSWER)
An OSPF virtual link is used for two primary purposes:
* Linking an area that does not have a physical connection to the backbone (Area 0): In cases where it is not
possible to have a direct physical connection to the backbone area (Area 0), a virtual link allows an OSPF
router in a non-backbone area to connect to the backbone through a transit area. This transit area must have
full routing information and cannot be a stub area.
* Patching the backbone in case of discontinuity of Area 0: If there is a partitioned backbone (Area 0) due to
network changes or other reasons, a virtual link can be used to connect the two parts of the partitioned
backbone through a non-backbone area.
In summary, an OSPF virtual link helps maintain connectivity between areas when physical connections are not
feasible or when the backbone itself is partitioned12345.
References:
* Cisco Support: Configure OSPF Connection in a Virtual Link Environment
* Network Engineering Stack Exchange: Other Uses of OSPF Virtual-Link
* CiscoZine: OSPF Virtual Link
* Orhan Ergun: OSPF Virtual Link
* Cisco: Understand OSPF Areas and Virtual Links

NEW QUESTION: 185

What is the difference between a RIB and a FIB?
A. The RIB is used to make IP source prefix-based switching decisions
B. The FIB is where all IP routing information is stored
C. The RIB maintains a mirror image of the FIB
D. The FIB is populated based on RIB content
Answer: (SHOW ANSWER)
The RIB (Routing Information Base) is essentially the routing table that contains all the routes learned by a
router, including directly connected networks, static routes, and routes learned through dynamic routing
protocols. The FIB (Forwarding Information Base), also known as the forwarding table, is derived from the RIB
and contains only the best routes that are used to forward packets. The FIB is optimized for fast packet
forwarding and is what the router's data plane uses to make forwarding decisions.

NEW QUESTION: 186

Refer to the exhibit. Which two commands ensure that DSW1 becomes root bridge for VLAN 10? (Choose two)
A. DSW1(config)#spanning-tree vlan 10 priority 4096 Most Voted
B. DSW1(config)#spanning-tree vlan 10 priority root
C. DSW2(config)#spanning-tree vlan 10 priority 61440 Most Voted
D. DSW1(config)#spanning-tree vlan 10 port-priority 0
E. DSW2(config)#spanning-tree vlan 20 priority 0
Answer: (SHOW ANSWER)
To ensure that DSW1 becomes the root bridge for VLAN 10, the commands A and B should be used.
Command A DSW1(config)#spanning-tree vlan 10 priority 4096 sets the priority of DSW1 to a lower value
making it more likely to become the root bridge as in STP (Spanning Tree Protocol), the switch with the lowest
priority value becomes the root bridge. Command B DSW1(config)#spanning-tree vlan 10 priority root is a
macro that automatically sets the switch's priority to ensure it becomes the root for VLAN 10.
References := Cisco

NEW QUESTION: 187

What is a characteristic of Cisco DNA Northbound APIs?
A. They simplify the management of network infrastructure devices.
B. They enable automation of network infrastructure based on intent.
C. They utilize RESTCONF.
D. They utilize multivendor support APIs.
Answer: (SHOW ANSWER)
Cisco DNA Northbound APIs are characterized by their ability to enable automation of network infrastructure
based on intent. These APIs provide a policy-based abstraction of business intent, allowing network
administrators to focus on desired outcomes rather than the individual steps involved in achieving those
outcomes. This simplifies the management and operation of the network by automating complex processes
based on the defined business policies and intents. References: Cisco DevNet, Cisco Blogs, Cisco Live, Cisco
User Guide

NEW QUESTION: 188

Which technology provides an overlay fabric 10 connect remote locations utilizing commodity data paths and
improves network performance boosts security, and reduces costs?
A. VTEP
B. InfiniBand
C. VXLAN
D. SD-WAN
Answer: (SHOW ANSWER)

NEW QUESTION: 189

Refer to the exhibit.
On which interfaces should VRRP commands be applied to provide first hop redundancy to PC-01 and PC-02?
A. G0/0 and G0/1 on Core
B. G0/0 on Edge-01 and G0/0 on Edge-02
C. G0/1on Edge-01 and G0/1 on Edge-02
D. G0/0 and G0/1 on ASW-01
Answer: (SHOW ANSWER)
Virtual Router Redundancy Protocol (VRRP) provides first hop redundancy by allowing multiple routers to
function as a single virtual router, with one designated as the master router and others as backups. In this
exhibit, VRRP should be configured on interfaces that are connected to the same network segment as PC-01
and PC-02 for them to have redundancy in case one of their default gateways fails.
Since both PCs are in different subnets, we need VRRP configured on both Edge routers' interfaces that
connect towards ASW-01 where each PC resides. Therefore, VRRP commands should be applied on G0/0
interface of Edge-01 which connects it to ASW-01 for PC-01's subnet, and similarly on G0/0 interface of
Edge-02 which connects it to ASW-01 for PC-02's subnet. References: Implementing and Operating Cisco
Service Provider Network Core Technologies (SPCOR) v1.1

NEW QUESTION: 190

Drag and drop the characteristics from the left onto the deployment types on the right.
Answer:

Explanation:

NEW QUESTION: 191

Which option works with a DHCP server to return at least one WLAN management interface IP address during
the discovery phase and is dependent upon the VCI of the AP?
A. Option 42
B. Option 15
C. Option 125
D. Option 43
Answer: (SHOW ANSWER)
During the discovery phase of a WLAN setup, the DHCP server works in conjunction with Option 43 to provide
at least one management interface IP address to an AP. This process is dependent on the Vendor Class
Identifier (VCI) of the AP. The VCI is a unique identifier that enables the DHCP server to recognize the type of
device requesting an IP address and provide appropriate configuration information specific to that device. In
this case, Option 43 is used to return management interface IP addresses that are specific to the WLAN APs.
References:
* DHCP Option 82 - Service Provider Wi-Fi1
* IP Addressing: DHCP Configuration Guide, Cisco IOS XE Release 3SE

NEW QUESTION: 192

Drag and drop the characteristics from the left onto the routing protocols they describe on the right

Answer:

Explanation:
Graphical user interface, application Description automatically generated
NEW QUESTION: 193
An administrator configures two switches with LACP EtherChannels, but packets are not being exchanged
between the switches.
What is the reason, and what fixes the issue?
S1> enable
S1# configure terminal
S1(config)# interface port-channel 1
S1(config-if)# ip address 10.1.1.1 255.2
S1(config-if)# interface g2/0/0
S1(config-if)# no ip address
S1(config-if)# channel-group 1 mode active
S1(config-if)# exit
S1(config)# interface g4/0/0
S1(config-if)# no ip address
S1(config-if)# channel-group 1 mode active
S2> enable
S2# configure terminal
S2(config)# interface port-channel 1
$2(config-if)# ip address 10.1.1.2 255.255.255.0
S2(config-if)# interface g2/0/0
$2(config-if)# no ip address
$2(config-if)# channel-group 1 mode desirable
S2(config-if)# exit
S2(config)# interface g4/0/0
S2(config-if)# no ip address
S2(config-if)# channel-group 1 mode desirable
A. S2 is configured as LACP. Change the channel group mode to passive
B. S2 is configured with PAgP. Change the channel group mode to active.
C. S1 is configured with LACP. Change the channel group mode to on
D. S1 is configured as PAgP. Change the channel group mode to desirable
Answer: (SHOW ANSWER)
The correct answer is C because when S1 is configured with LACP (Link Aggregation Control Protocol), the
channel group mode should be set to 'on' to force the interface to channel without LACP negotiation. This is
based on the understanding of LACP operation within the Service Provider network infrastructures, where
LACP is used to aggregate multiple network interfaces into a single logical link to increase bandwidth and
provide redundancy. References: Implementing and Operating Cisco Service Provider Network Core
Technologies (SPCOR) training materials

NEW QUESTION: 194

Which two parameters are examples of a QoS traffic descriptor? (Choose two)
A. MPLS EXP bits
B. bandwidth
C. DSCP
D. ToS
E. packet size
Answer: (SHOW ANSWER)
Quality of Service (QoS) traffic descriptors are used to classify network traffic, which is essential for applying
QoS policies such as traffic shaping and policing. The MPLS EXP bits and DSCP are among the parameters
used as traffic descriptors. MPLS EXP bits are used in MPLS networks to carry QoS information, while DSCP is
used in IP networks to classify packets for QoS purposes.

NEW QUESTION: 195

Which configuration enables a device to be configured via NETCONF over SSHv2?

A.
B.

C.
D.
Answer: C (LEAVE A REPLY)
The configuration in Option C enables a device to be configured via NETCONF over SSHv2. This is evident as
it includes the "netconf ssh" command, which is essential for enabling NETCONF over SSH. The configuration
also includes other necessary commands like setting the hostname, username, and password, generating
crypto keys, and specifying the IP domain name and SSH version.

NEW QUESTION: 196

A VoIP phone is plugged in to a port but cannot receive calls. Which of the following needs to be done on the
port to address the issue?
A. Trunk all VLANs on the port.
B. Configure the native VLAN.
C. Tag the traffic to voice VLAN.
D. Disable VLANs.
Answer: C (LEAVE A REPLY)
To enable a VoIP phone to receive calls, the traffic must be tagged to the voice VLAN. This ensures that voice
traffic is separated from other types of data traffic and receives the appropriate quality of service (QoS)
treatment. Tagging the traffic allows the switch to identify and prioritize voice packets, reducing latency and
improving call quality.

NEW QUESTION: 197

Refer to the exhibit. A network engineer troubleshoots an issue with the port channel between SW1 and SW2.
which command resolves the issue?

C.
D.
Answer: (SHOW ANSWER)

NEW QUESTION: 198

Drag and drop the automation characteristics from the left onto the appropriate tools on the right.
Answer:

Explanation:

NEW QUESTION: 199

What is one characteristic of Cisco DNA Center and vManage northbound APIs?
A. They push configuration changes down to devices.
B. They implement the RESTCONF protocol.
C. They exchange XML-formatted content.
D. They implement the NETCONF protocol.
Answer: (SHOW ANSWER)
Cisco DNA Center and vManage northbound APIs are characterized by their implementation of the
RESTCONF protocol, which is a REST API interface for accessing the automation and assurance workflows of
these network management platforms3.

NEW QUESTION: 200

Refer to the exhibit.

Which two commands ensure that DSW1 becomes the root bridge for VLAN 10 and 20? (Choose two.)
A. spanning-tree mst 1 priority 1
B. spanning-tree mstp vlan 10.20 root primary
C. spanning-tree mil 1 root primary
D. spanning-tree mst 1 priority 4096
E. spanning-tree mst vlan 10.20 priority root
Answer: (SHOW ANSWER)
The question pertains to configuring DSW1 as the root bridge for VLAN 10 and 20. In the context of MST
(Multiple Spanning Tree), the priority values determine which switch becomes the root bridge, with lower values
indicating higher priority. Options A and D are correct because they set the priority for MST instance 1, which
can be mapped to VLANs 10 and 20, ensuring DSW1 has a lower priority and thus becomes the root bridge.

NEW QUESTION: 201

Based on the router's API output in JSON format below, which Python code will display the value of the
"hostname" key?

A. Option A
B. Option B
C. Option C
D. Option D
Answer: C (LEAVE A REPLY)
The correct Python code to display the value of the "hostname" key from the router's API output in JSON format
is option C. In this option, json_data = response.json() is used to parse the JSON response into a Python
dictionary. Then, print(json_data['response'][0]['hostname']) is used to print the value associated with the
"hostname" key that is nested inside a list which is the value of the "response" key.

NEW QUESTION: 202

Drag and drop the characteristics from the left onto the routing protocol they describe on the right

Answer:

Explanation:
NEW QUESTION: 203
Which characteristic distinguishes Ansible from Chef?
A. Ansible lacs redundancy support for the master server. Chef runs two masters in an active/active mode.
B. Ansible uses Ruby to manage configurations. Chef uses YAML to manage configurations.
C. Ansible pushes the configuration to the client. Chef client pulls the configuration from the server.
D. The Ansible server can run on Linux, Unix or Windows. The Chef server must run on Linux or Unix.
Answer: (SHOW ANSWER)
Ansible and Chef are both automation tools used for configuration management, but they differ in their
operation. Ansible uses a push model, where the server pushes configurations to the clients. In contrast, Chef
uses a pull model, where the clients pull configurations from the server. This operational difference is key in
distinguishing Ansible from Chef.
References: Implementing and Operating Cisco Service Provider Network Core Technologies (SPCOR) -
Section on automation tools comparison.

NEW QUESTION: 204

What is the difference between CEF and process switching?
A. CEF processes packets that are too complex for process switching to manage.
B. CEF is more CPU-intensive than process switching.
C. CEF uses the FIB and the adjacency table to make forwarding decisions, whereas process switching punts
each packet.
D. Process switching is faster than CEF.
Answer: (SHOW ANSWER)
CEF, or Cisco Express Forwarding, is a high-speed packet forwarding mechanism used in Cisco routers.
Unlike process switching, which involves the CPU making forwarding decisions for each individual packet, CEF
makes use of two key components to expedite the process:
* FIB (Forwarding Information Base): This table contains pre-computed routes for packet forwarding, allowing
for quick lookups and forwarding decisions.
* Adjacency Table: This table lists the next-hop addresses and associated Layer 2 information for all FIB
entries, enabling efficient packet transmission to the next hop.
The combination of these tables allows CEF to bypass the CPU for most forwarding decisions, significantly
reducing processing time and increasing the speed at which packets are forwarded through the router.
References: The explanation is based on the concepts outlined in the Implementing and Operating Cisco
Service Provider Network Core Technologies (SPCOR) course materials, which detail the workings of CEF and
its advantages over process switching.

NEW QUESTION: 205

Refer to the exhibit. External users require HTTP connectivity to an internal company web server that is
listening on TCP port 8080. Which command set accomplishes this requirement?
A)
B)

E)
A. Option E
B. Option D
C. Option C
D. Option B
E. Option A
Answer: (SHOW ANSWER)

NEW QUESTION: 206

Refer to the exhibit. An engineer must configure an ERSPAN tunnel that mirrors traffic from linux1 on Switch1
to Linux2 on Switch2. Which command must be added to the destination configuration to enable the ERSPAN
tunnel?
A. (config-mon-erspan-dst-src)# origin ip address 172.16.10.10
B. (config-mon-erspan-dst-src)# erspan-id 172.16.10.10
C. (config-mon-erspan-dst-src)# no shut
D. (config-mon-erspan-dst-src)# erspan-id 110
Answer: (SHOW ANSWER)
The ERSPAN feature allows the mirroring of traffic on one switch to be sent over a GRE tunnel to another
switch for analysis. In this scenario, traffic from Linux1 on Switch1 is being mirrored to Linux2 on Switch2 using
an ERSPAN tunnel. The command (config-mon-erspan-dst-src)# origin ip address 172.16.10.10 is required at
the destination configuration to specify the source IP address of the mirrored traffic, which in this case is
172.16.10.10. References := Implementing and Operating Cisco Service Provider Network Core Technologies
study guide or official documentation.

NEW QUESTION: 207

How does EIGRP differ from OSPF?
A. EIGRP is more prone to routing loops than OSPF
B. EIGRP supports equal or unequal path cost, and OSPF supports only equal path cost.
C. EIGRP has a full map of the topology, and OSPF only knows directly connected neighbors
D. EIGRP uses more CPU and memory than OSPF
Answer: (SHOW ANSWER)
EIGRP (Enhanced Interior Gateway Routing Protocol) is a Cisco proprietary protocol that allows for the use of
both equal and unequal cost load balancing, providing more flexibility in routing decisions. OSPF (Open
Shortest Path First), on the other hand, is a link-state protocol that only supports equal cost path load
balancing. This means that OSPF will only use multiple paths if they have the same cost metric, whereas
EIGRP can utilize paths with different metrics, optimizing the use of network resources and potentially
improving overall network performance.

NEW QUESTION: 208

An engineer must construct an access list tot a Cisco Catalyst 9800 Series WLC that will -edirect wireless guest
users to a splash page that is hosted on a Cisco ISE server. The Cisco ISE servers are hosted at
10.9.11.141 and 10.1.11.141. Which access list meets the requirements?

C.
D.
Answer: (SHOW ANSWER)
The access list in Option A is specifically designed to prevent wireless guest users from bypassing the splash
page by denying IP traffic from the Cisco ISE server addresses (10.9.11.141 and 10.1.11.141) and then
permitting TCP traffic on ports typically used for web services (80 and 443). This ensures that users are
redirected to the splash page when attempting to access web services.

NEW QUESTION: 209

In lhe Cisco DNA Center Image Repository, what is a golden image?
A. The latest software image that is available for a specific device type
B. The Cisco recommended software image for a specific device type.
C. A software image that is compatible with multiple device types.
D. A software image that meets the compliance requirements of the organization.
Answer: (SHOW ANSWER)
In the Cisco DNA Center Image Repository, a golden image is a validated software image that meets the
compliance requirements for a particular device type within an organization. It is designated as the most stable
and reliable version for deployment on devices, ensuring consistency and reliability in the network
infrastructure. References: Cisco DNA Center User Guide, Release 2.3.32.

NEW QUESTION: 210

Refer to the exhibit. Which configuration must be applied to R1 to enable R1 to reach the server at 172.16.0.1?

A. Option A
B. Option B
C. Option C
D. Option D
Answer: (SHOW ANSWER)
To enable R1 to reach the server at 172.16.0.1, the correct VRF configuration must be applied to ensure that
routing instances are separated and that R1 has the necessary routes to reach the server in a different VRF
domain. Option C shows the configuration where interface Ethernet0/0 is associated with VRF 'hotel' and OSPF
is configured correctly with network statements under router ospf 44 vrf hotel, which includes the server's IP
address range. References := Implementing and Operating Cisco Service Provider Network Core Technologies
(SPCOR) source book or official Cisco documentation related to VRF configuration and OSPF in a service
provider environment.

NEW QUESTION: 211

Refer to the exhibit. Which command filters the ERSPAN session packets only to interface GigabitEthernet1?
A. source ip 10.10.10.1
B. source interface gigabitethernet1 ip 10.10.10.1
C. filter access-group 10
D. destination ip 10.10.10.1
Answer: (SHOW ANSWER)
The command "filter access-group 10" is used to filter the ERSPAN session packets only to interface
GigabitEthernet1. In the provided configuration snippet, an access list (numbered 10) is defined to permit traffic
from IP address 10.10.10.1. This access list is then applied as a filter to the ERSPAN session using the
"filter access-group 10" command, ensuring that only packets matching the criteria of the access list are
captured in the ERSPAN session. References := Cisco's official documentation on configuring ERSPAN

NEW QUESTION: 212

In which two ways does TCAM differ from CAM? (Choose two.)
A. CAM is used to make Layer 2 forwarding decisions, and TCAM is used for Layer 3 address lookups.
B. The MAC address table is contained in CAM, and ACL and QoS Information Is stored in TCAM.
C. CAM Is used by routers for IP address lookups, and TCAM is used to make Layer 2 forwarding decisions.
D. CAM is used for software switching mechanisms, and TCAM is used for hardware switching mechanisms.
E. The MAC address table Is contained in TCAM, and ACL and QoS information is stored in CAM.
Answer: (SHOW ANSWER)
TCAM (Ternary Content Addressable Memory) and CAM (Content Addressable Memory) are both types of
memory used in networking devices for high-speed data searches, but they serve different purposes and
operate in distinct ways:
* CAM is primarily used for Layer 2 forwarding decisions. It is a type of memory that allows for fast searching of
data such as MAC addresses, which are used to forward frames within a local area network (LAN). CAM
performs exact match searches, which is ideal for MAC address tables where an exact match is necessary to
determine the outgoing port for a frame1.
* TCAM is used for more complex searches such as Layer 3 address lookups, Access Control Lists (ACLs),
and Quality of Service (QoS) policies. TCAM supports a third state in addition to 0 and 1, known as "don't care"
or wildcard, which allows for more flexible and pattern-based searching. This is particularly useful for IP routing
where a range of IP addresses might be searched at once, and for ACLs where rules might apply to a range of
addresses or ports1.

NEW QUESTION: 213

Which statement about TLS is accurate when using RESTCONF to write configurations on network devices?
A. It requires certificates for authentication
B. It is provided using NGINX acting as a proxy web server
C. It is used for HTTP and HTTPS requests
D. It is not supported on Cisco devices
Answer: A (LEAVE A REPLY)
Transport Layer Security (TLS) is a protocol that ensures privacy between communicating applications and
their users on the Internet. When using RESTCONF, which is a protocol to write configurations on network
devices, TLS provides a secure channel by encrypting the communication. It requires certificates for
authentication to establish a secure connection and ensure that the communication is between the intended
devices.
References: The Implementing and Operating Cisco Service Provider Network Core Technologies (SPCOR)
course materials cover the use of TLS with RESTCONF and the importance of certificates for secure
authentication.

NEW QUESTION: 214

Refer to the exhibit. A network engineer Is troubleshooting an Issue with the file server based on reports of slow
file transmissions. Which two commands or command sets are required. In switch SW1 to analyze the traffic
from the file server with a packet analyzer? (Choose two.)

D.
Answer: (SHOW ANSWER)
To analyze traffic from the file server with a packet analyzer on switch SW1, the network engineer would need
to configure a SPAN (Switched Port Analyzer) session. This involves specifying the source interface from which
traffic will be mirrored and the destination interface where the packet analyzer is connected. The correct
commands to achieve this are found in Option C, which includes setting up the monitor session with the
appropriate source and destination interfaces.

NEW QUESTION: 215

Refer to the exhibit. Which result does the python code achieve?
A. The code converts time to the yyyymmdd representation.
B. The code encrypts a base64 decrypted password.
C. The code converts time to the "year/month/day" time format.
D. The code converts time to the Epoch LINUX time format.
Answer: (SHOW ANSWER)

NEW QUESTION: 216

What is the recommended MTU size for a Cisco SD-Access Fabric?
A. 1500
B. 9100
C. 4464
D. 17914
Answer: (SHOW ANSWER)
The recommended Maximum Transmission Unit (MTU) size for a Cisco SD-Access Fabric is 1500 bytes.
This size is optimal for ensuring compatibility across most internet pathways without the need for fragmentation.
It's a standard size that balances the efficiency of data transmission with the need to accommodate various
network infrastructures and end-point capabilities.
References: This information is supported by the Cisco SD-Access Solution Design Guide and other Cisco
documentation that outlines best practices for network design and configuration

NEW QUESTION: 217

Refer to the exhibit.

An engineer reconfigures the pot-channel between SW1 and SW2 from an access port to a trunk and
immediately notices this error in SW1's log.
Which command set resolves this error?

D.
Answer: (SHOW ANSWER)
When reconfiguring an access port to a trunk, the error shown in SW1's log indicates that there is a mismatch
in the allowed VLANs on the trunk. To resolve this error, the allowed VLANs on both sides of the port-channel
must be consistent. Option C is the correct command set because it specifies the allowed VLANs on the trunk
to include VLANs 10 and 20, which must match on both switches to form a successful trunk link.

NEW QUESTION: 218

Refer to the exhibit. Which configuration must be added to enable GigabitEthemet 0/1 to participate in OSPF?
A. SF_router (config-router)# network 10.10.1.0 0.0.0.255 area 0
B. SF_rouier (conng)# network 10.10.1.0 0.0.0.255 area 1
C. SF_router (conflg-routerp) network 10.10.1.0 0.0.0.255 area 1
D. SF_rouler (contlg-rouler)# network 10.10.1.0 255.255.255.0 area 0
Answer: A (LEAVE A REPLY)
In OSPF (Open Shortest Path First) configuration, the 'network' command is used to specify which interfaces
will participate in OSPF, and to define the area assignment for those interfaces. The correct syntax for the
'network' command includes the network address followed by a wildcard mask, and then the area ID.
In this case, GigabitEthernet 0/1 has an IP address of 10.10.1.1 with a subnet mask of 255.255.255.0, which
corresponds to a wildcard mask of 0.0.0.255 (the inverse of the subnet mask). Since we want this interface to
participate in Area 0, as indicated by the exhibit showing it within Area 0's boundary, option A is correct.

NEW QUESTION: 219

What are two characteristics of a directional antenna? (Choose two.)
A. high gain
B. receive signals equally-from all directions
C. commonly used to cover large areas
D. provides the most focused and narrow beam width
E. low gain
Answer: (SHOW ANSWER)
Directional antennas are designed to focus the radio wave power in specific directions, which results in a high
gain. They have a focused, narrow beam width that allows for more precise targeting of the radio signals. This
makes them ideal for applications where a concentrated signal in a particular direction is desired.
References := Directional antenna - Wikipedia

NEW QUESTION: 220

Drag and drop the characteristics from the left to the table types on the right.

Answer:

Explanation:
NEW QUESTION: 221

Refer to the exhibit. An engineer must save the configuration of router R2 using the NETCONF protocol.
Which script must be used?

A. Option A
B. Option B
C. Option C
D. Option D
Answer: (SHOW ANSWER)
The NETCONF protocol is used for managing network device configurations and utilizes XML-based data
encoding for both the configuration data and protocol messages. To save the configuration of router R2 using
NETCONF, the script must be able to perform the necessary remote procedure calls (RPCs) to manipulate the
device's configuration. Option C provides the correct sequence of RPCs to save the configuration according to
the NETCONF protocol standards as defined in RFC 62411.

NEW QUESTION: 222

Refer to the exhibit:

An engineer configures VRRP and issues the show commands to verify operation. What does the engineer
confirm about VRRP group 1 from the output?
A. There is no route to 10.10.1.1/32 in R2's routing table
B. If R1 reboots, R2 becomes the master virtual router until R2 reboots
C. Communication between VRRP members is encrypted using MD5
D. R1 is primary if 10.10.1.1/32 is in its routing table
Answer: (SHOW ANSWER)
VRRP (Virtual Router Redundancy Protocol) allows for the automatic assignment of available IP routers to
participating hosts. In this case, the output shows that R1 has a higher priority set (110) over the default priority
(which is typically 100), making it the primary router for VRRP group 1 as long as it has the IP address
10.10.1.1/32 in its routing table, which would make it reachable according to the 'track' statement configuration.

NEW QUESTION: 223

Refer to exhibit.

VLANs 50 and 60 exist on the trunk links between all switches All access ports on SW3 are configured for
VLAN 50 and SW1 is the VTP server Which command ensures that SW3 receives frames only from VLAN
50?
A. SW1 (config)#vtp pruning
B. SW3(config)#vtp mode transparent
C. SW2(config)=vtp pruning
D. SW1 (config)=vtp mode transparent
Answer: (SHOW ANSWER)
VTP pruning enhances network bandwidth use by reducing unnecessary flood traffic. It does not forward
broadcasts intended for VLANs across trunk links if there are no active ports in that VLAN on the downstream
switches. So, enabling VTP pruning on SW1 ensures that SW3 receives frames only from VLAN 50 as all its
access ports are configured for VLAN 50.

NEW QUESTION: 224

A company plans to implement intent-based networking in its campus infrastructure. Which design facilities a
migrate from a traditional campus design to a programmer fabric designer?
A. Layer 2 access
B. three-tier
C. two-tier
D. routed access
Answer: (SHOW ANSWER)
Intent-based networking (IBN) is a design philosophy that seeks to plan, design, and operate networks that can
automatically implement changes in response to business requirements. A routed access design, which
involves implementing Layer 3 routing to the access layer, facilitates the migration to a programmable fabric
design by providing a more scalable and flexible architecture. This design allows for easier implementation of
software-defined networking (SDN) technologies, which are a core component of IBN. By moving routing closer
to the edge, networks can be segmented and policies can be applied more granularly, which aligns with the
principles of IBN.

NEW QUESTION: 225

Refer to the exhibit.

What does the response "204 No Content mean for the REST API request?
A. Interface toopback 100 is not removed from the configuration.
B. Interface toopback 100 is not found in the configuration.
C. Interface toopback 100 is removed from the configuration.
D. The DELETE method is not supported.
Answer: (SHOW ANSWER)
The response "204 No Content" for the REST API request indicates that the server has successfully processed
the request, and as a result, the specified resource (Interface loopback 100) has been removed from the
configuration. This HTTP response code is typically used to confirm that an action has been completed
successfully, but there is no additional content to send in the response payload.

NEW QUESTION: 226

Refer to the exhibit. An engineer configures a new HSRP group. While reviewing the HSRP status, the
engineer sees the logging message generated on R2. Which is the cause of the message?
A. The same virtual IP address has been configured for two HSRP groups
B. The HSRP configuration has caused a spanning-tree loop
C. The HSRP configuration has caused a routing loop
D. A PC is on the network using the IP address 10.10.1.1
Answer: (SHOW ANSWER)
The logging message "HSRP-5-DUPADDR: Duplicate address 10.10.1.1 on FastEthernet0/0, sourced by
0000.0c07.ac02" indicates that there is another device on the network with the IP address that has been
configured for HSRP group 50's virtual IP address (10.10.1.1). This could be a PC or any other device that has
been assigned this IP address statically or dynamically, which conflicts with the HSRP virtual IP causing the
error message. References: Implementing and Operating Cisco Service Provider Network Core Technologies
(SPCOR) training materials would cover HSRP configuration and troubleshooting, including how to resolve
issues related to duplicate IP addresses.
Valid 350-401 Dumps shared by ExamDiscuss.com for Helping Passing 350-401 Exam! ExamDiscuss.com
now offer the newest 350-401 exam dumps, the ExamDiscuss.com 350-401 exam questions have been
updated and answers have been corrected get the newest ExamDiscuss.com 350-401 dumps with Test
Engine here: https://www.examdiscuss.com/Cisco/exam/350-401/premium/ (1282 Q&As Dumps, 35%OFF
Special Discount Code: freecram)

NEW QUESTION: 227

Drag and drop the automation characteristics from the left to the corresponding tools on the right.

Answer:

Explanation:
NEW QUESTION: 228
How does a fabric AP fit in the network?
A. It is in local mode and must be connected directly to the fabric border node
B. It is in FlexConnect mode and must be connected directly to the fabric edge switch.
C. It is in FlexConnect mode and must be connected directly to the fabric border node
D. It is in local mode and must be connected directly to the fabric edge switch.
Answer: (SHOW ANSWER)
In a Cisco network fabric, an AP (Access Point) in local mode is connected directly to a fabric edge switch.
This setup allows the AP to communicate with the fabric's control plane nodes, which are responsible for
managing and orchestrating the network fabric. The fabric edge switch serves as the access layer in the fabric
architecture, providing connectivity to endpoints like APs, while also interfacing with the fabric's core and
distribution layers.
References := Cisco's official documentation on network fabric

NEW QUESTION: 229

What is the wireless received signal strength indicator?
A. The value given to the strength of the wireless signal received compared to the noise level
B. The value of how strong the wireless signal Is leaving the antenna using transmit power, cable loss, and
antenna gain
C. The value of how much wireless signal is lost over a defined amount of distance
D. The value of how strong a tireless signal is receded, measured in dBm
Answer: (SHOW ANSWER)
The wireless received signal strength indicator (RSSI) is a measurement of how strong a wireless signal is
received by a device, measured in decibels relative to a milliwatt (dBm). It is an important metric for determining
the quality of a wireless connection, as it indicates the power level being received after all possible losses at the
antenna.

NEW QUESTION: 230

A. SD-Access transit
B. fabric interconnect
C. wireless transit
D. IP-based transit
E. SAN transit
Answer: (SHOW ANSWER)
To interconnect two Cisco SD-Access Fabric sites, two methods can be utilized: SD-Access transit and IP-
based transit. SD-Access transit leverages a native Cisco SD-Access fabric for domain-wide communication,
while IP-based transit uses traditional IP-based networks like VRF-LITE or MPLS, requiring remapping of VRFs
and SGTs between sites3.
References := Cisco Live - Cisco SD-Access Connecting Multiple Sites in a Single Fabric Domain

NEW QUESTION: 231

Which benefit is provided by the Cisco DNA Center telemetry feature?
A. provides improved network security
B. inventories network devices
C. aids In the deployment network configurations
D. improves the user experience
Answer: (SHOW ANSWER)
The Cisco DNA Center telemetry feature significantly enhances the user experience by enabling every point on
the network to become a sensor. This allows for continuous streaming telemetry on application performance
and user connectivity in real-time. The feature includes automatic path-trace visibility and guided remediation,
which means network issues can be resolved quickly - often before they escalate into problems.
This proactive approach to network management ensures a smoother, more reliable user experience.

NEW QUESTION: 232

Refer to the exhibit.
Which type of antenna is show on the radiation patterns?
A. Dipole
B. Yagi
C. Patch
D. Omnidirectional
Answer: (SHOW ANSWER)
The radiation patterns shown in the exhibit are indicative of a Patch antenna. Patch antennas are a type of
directional antenna with a flat design, which radiates energy in a specific direction. This is consistent with the
radiation pattern depicted, which shows a more focused beam in a particular direction rather than the more
dispersed pattern of an omnidirectional antenna or the distinct directional pattern of a Yagi antenna.

NEW QUESTION: 233

What are two considerations when using SSO as a network redundancy feature? (Choose two)
A. both supervisors must be configured separately
B. the multicast state is preserved during switchover
C. must be combined with NSF to support uninterrupted Layer 2 operations
D. must be combined with NSF to support uninterrupted Layer 3 operations
E. requires synchronization between supervisors in order to guarantee continuous connectivity
Answer: (SHOW ANSWER)
Stateful Switchover (SSO) is a redundancy mechanism used in networking to ensure minimal network
downtime in the event of a switchover. It requires two route processors (supervisors) to be in sync to guarantee
continuous connectivity. When SSO is combined with Nonstop Forwarding (NSF), it supports uninterrupted
Layer 3 operations, allowing the network to maintain routing information and continue forwarding packets
without interruption during a switchover.
Text Description automatically generated

Cisco IOS Nonstop Forwarding(NSF) always runs with stateful switchover (SSO) and provides redundancy for
Layer 3 traffic.
Reference:
https://www.cisco.com/en/US/docs/switches/lan/catalyst3850/software/release/3se/consolidated_guide/b_consoli

NEW QUESTION: 234

Refer to the exhibit.

What is the result when a switch that is running PVST+ is added to this network?
A. DSW2 operates in Rapid PVST+ and the new switch operates in PVST+
B. Both switches operate in the PVST+ mode
C. Spanning tree is disabled automatically on the network
D. Both switches operate in the Rapid PVST+ mode.
Answer: (SHOW ANSWER)
When a switch running Per-VLAN Spanning Tree Plus (PVST+) is added to a network with switches running
Rapid PVST+, the network supports both protocols simultaneously due to the backward compatibility of Rapid
PVST+ with PVST+. The existing switches will continue to operate using Rapid PVST+, while the newly added
switch will operate using its configured protocol, which is PVST+. This ensures that there is no disruption in
service and that spanning tree continues to prevent loops as expected.

NEW QUESTION: 235

Which method ensures the confidentiality ot data exchanged over a REST API?
A. Use the POST method instead of URL-encoded GET to pass parameters.
B. Encode sensitive data using Base64 encoding.
C. Deploy digest-based authentication to protect the access to the API.
D. Use TLS to secure the underlying HTTP session.
Answer: (SHOW ANSWER)
TLS (Transport Layer Security) is the method that ensures the confidentiality of data exchanged over a REST
API. By encrypting the data transmitted between the client and the server, TLS prevents unauthorized access
and ensures that sensitive information remains secure.
References: Best practices for REST API security documents234.

NEW QUESTION: 236

An engineer is troubleshooting the Ap join process using DNS. Which FQDN must be resolvable on the network
for the access points to successfully register to the WLC?
A. wlcbostname.domain.com
B. cisco-capwap-controller.domain.com
C. ap-manager.domain.com
D. primary-wlc.domain.com
Answer: B (LEAVE A REPLY)
DNS: If you have configured your DHCP server to provide both option 006 (DNS server address) and option
015 (domain name) information, the AP can obtain WLC addresses from the DNS server. The process works
as follows:
1. The AP gets its IP address from DHCP with options 6 and 15 configured.
2. The AP can obtain the IP address of the DNS server from the DHCP option.
3. The AP uses this information to perform a hostname lookup using
CISCO-CAPWAP-CONTROLLER.<localdomain>, which resolves to available WLC management interface IP
addresses (IPv4 or IPv6, or both).
4. The AP can then perform a directed message to associate to responsive WLCs.
To prevent all APs from joining a single controller based on a DNS name resolution, the domain name may
vary; this is what is done to dispatch APs to different controllers across the enterprise network, based on
different domain names that are configured in their respective DNS scopes.
The correct Fully Qualified Domain Name (FQDN) that must be resolvable on the network for the access points
to successfully register to the Wireless LAN Controller (WLC) is
"cisco-capwap-controller.domain.com". This FQDN is used by the access points during the discovery process
to locate and join a WLC. If the DNS resolution is successful, the access points can obtain the IP address of the
WLC and proceed with the registration process.
References:
* Implementing and Operating Cisco Service Provider Network Core Technologies (SPCOR) training1.
* Cisco's official certification exam overview for SPCOR 350-5012.

NEW QUESTION: 237

What Is a Type 2 hypervisor?
A. installed as an application on an already installed operating system
B. runs directly on a physical server and includes its own operating system
C. also referred to as a "bare metal hypervisor" because it sits directly on the physical server
D. supports over-allocation of physical resources
Answer: (SHOW ANSWER)
NEW QUESTION: 238

Refer to the exhibit. A network engineer must be notified when a user switches to configuration mode. Which
script should be applied to receive an SNMP trap and a critical-level log message?

A.
B.

D.
Answer: (SHOW ANSWER)
The script that should be applied to receive an SNMP trap and a critical-level log message when a user
switches to configuration mode is the one that uses the EEM (Embedded Event Manager) applet with specific
commands for SNMP trap generation and logging. The correct script would contain the event cli command to
specify the CLI event, action commands for sending an SNMP trap (snmp-trap) and for logging a message
(syslog) at a critical level.

NEW QUESTION: 239

If AP power level is increased from 25 mW to 100 mW. what is the power difference in dBm?
A. 6 dBm
B. 14 dBm
C. 17 dBm
D. 20 dBm
Answer: (SHOW ANSWER)
The power difference in dBm can be calculated using the formula:
10×log10(P1P2)
where (P1) and (P2) are the initial and final power levels in milliwatts (mW). So, for an increase from 25 mW to
100 mW, the calculation is
10×log10(25100)=10×log10(4)=10×0.6=6dBm
However, since the question asks for the difference, we need to consider that dBm is a logarithmic unit, so we
use the formula for power ratio in dB which is
10×log10(PowerRatio)
The power ratio here is
25mW100mW=4
Therefore,
10×log10(4)=10×0.6=6dBm
But this is the increase for each doubling of power. Since we are increasing from 25 mW to 100 mW, which is a
fourfold increase or two doublings (25 mW to 50 mW to 100 mW), we have two increments of 6 dBm, which
gives us a total increase of 12 dBm. However, the closest answer to 12 dBm is 17 dBm, which is answer
C: References: Implementing and Operating Cisco Service Provider Network Core Technologies (SPCOR)
training materials

NEW QUESTION: 240

A. switch fabric
B. VTEP
C. VNID
D. host switch
Answer: (SHOW ANSWER)
In a VXLAN environment, the VTEP (VXLAN Tunnel Endpoint) is responsible for maintaining Layer 2 isolation
between segments. The VTEP encapsulates Layer 2 frames within Layer 3 packets (using MAC-in-UDP
encapsulation) and uses a 24-bit VXLAN Network Identifier (VNID) to identify and maintain isolation between
different Layer 2 segments over a shared Layer 3 infrastructure123.
References := RFC 7348, Cisco Press resources on VXLAN

NEW QUESTION: 241

An engineer is concerned with the deployment of new application that is sensitive to inter-packet delay
variance. Which command configures the router to be the destination of jitter measurements?
A. Router(config)# ip sla responder udp-connect 172.29.139.134 5000
B. Router(config)# ip sla responder tcp-connect 172.29.139.134 5000
C. Router(config)# ip sla responder udp-echo 172.29.139.134 5000
D. Router(config)# ip sla responder tcp-echo 172.29.139.134 5000
Answer: (SHOW ANSWER)
The command "Router(config)# ip sla responder udp-connect" configures the router to be the destination of
jitter measurements by enabling it to respond to UDP connect operations sent by another Cisco device
performing IP SLAs operations, which are used for measuring jitter among other metrics. References := Cisco

NEW QUESTION: 242

An engineer uses the Design workflow to create a new network infrastructure in Cisco DNA Center. How is the
physical network device hierarchy structured?
A. by organization
B. by location
C. by hostname naming convention
D. by role
Answer: (SHOW ANSWER)
The Design workflow in Cisco DNA Center allows engineers to create the structure and framework of a
network, including its physical topology. The device hierarchy is structured by location, which means it is
organized based on geographical locations. This hierarchy can contain sites, buildings, and floors, with each
level providing a means to apply specific design settings or configurations. For example, an area can contain
buildings and subareas, buildings contain floors, and floors consist of specific areas like cubicles and offices.

NEW QUESTION: 243

A network engineer must configure a router to send logging messages to a syslog server based on these
requirements:
* uses syslog IP address: 10.10.10.1
* uses a reliable protocol
* must not use any well-known TCP/UDP ports
Which configuration must be used?
A. logging host 10.10.10.1 transport tcp port 1024
B. logging origin-id 10.10.10.1
C. logging host 10.10.10.1 transport udp port 1023
D. logging host 10.10.10.1 transport udp port 1024
Answer: (SHOW ANSWER)
The requirement is to use a reliable protocol, which implies the use of TCP rather than UDP because TCP
provides delivery acknowledgment ensuring the logs are received by the syslog server. Additionally, the
configuration must not use well-known ports, which are those below 1024. Therefore, the correct configuration
is to use a non-well-known port such as 1024, and specify TCP as the transport protocol.

NEW QUESTION: 244

Which Cisco FlexConnect state allows wireless users that are connected to the network to continue working
after the connection to the WLC has been lost?
A. Authentication Down/Switching Down
B. Authentication-Central/Switch-Local
C. Authentication- Down/Switch-Local
D. Authentication-Central/Switch-Central
Answer: B (LEAVE A REPLY)
In Cisco FlexConnect, when the connection to the Wireless LAN Controller (WLC) is lost, the state that allows
wireless users to continue working is Authentication-Central/Switch-Local. This means that while authentication
is centrally done through the WLC, the switching of data packets is done locally at the access point. If the WLC
connection is lost, the access point can still switch data packets locally, allowing users to continue their work
uninterrupted.

NEW QUESTION: 245

Which technology does VXLAN use to provide segmentation for Layer 2 and Layer 3 traffic?
A. bridge domain
B. VLAN
C. VRF
D. VNI
Answer: (SHOW ANSWER)
VXLAN has a 24-bit VXLAN network identifier (VNI), which allows for up to 16 million (= 224) VXLAN segments
to coexist within the same infrastructure. This surely solve the small number of traditional VLANs.

NEW QUESTION: 246

An engineer must configure router R1 to validate user logins via RADIUS and fall back to the local user
database if the RADIUS server is not available. Which configuration must be applied?
A. aaa authorization exec default radius local
B. aaa authorization exec default radius
C. aaa authentication exec default radius local
D. aaa authentication exec default radius
Answer: (SHOW ANSWER)
This configuration is used to set up RADIUS as the primary method for user login validation, with a fallback to
the local user database in case the RADIUS server is unavailable. The "aaa authentication exec default radius
local" command configures AAA (Authentication, Authorization, and Accounting) for exec sessions using
RADIUS first and then the local database if RADIUS is not available.

NEW QUESTION: 247

Which new enhancement was implemented in Wi-Fi 6?
A. Wi-Fi Protected Access 3
B. 4096 Quadrature Amplitude Modulation Mode
C. Channel bonding
D. Uplink and Downlink Orthogonal Frequency Division Multiple Access
Answer: (SHOW ANSWER)
Wi-Fi 6, also known as 802.11ax, introduced several enhancements over its predecessors, including higher
data rates, increased capacity, and improved performance in environments with many connected devices. One
of the key new enhancements implemented in Wi-Fi 6 is Wi-Fi Protected Access 3 (WPA3), which provides
more robust security features than WPA2. WPA3 includes features like individualized data encryption,
protection against brute-force attacks, and simplified configuration for devices without a display.
References := Cisco's Wi-Fi 6 Overview

NEW QUESTION: 248

Refer to the exhibit.

An engineer must configure a SPAN session. What is the effect of the configuration?
A. Traffic sent on VLANs 10, 11, and 12 is copied and sent to interface g0/1.
B. Traffic sent on VLANs 10 and 12 only is copied and sent to interface g0/1.
C. Traffic received on VLANs 10, 11, and 12 is copied and sent to Interface g0/1.
D. Traffic received on VLANs 10 and 12 only is copied and sent to interface g0/1.
Answer: (SHOW ANSWER)
The SPAN session configuration in the exhibit is designed to copy traffic received on specific VLANs to a
designated interface for monitoring purposes. The command monitor session 1 source vlan 10 - 12 rx indicates
that the source VLANs for the SPAN session are VLANs 10, 11, and 12, and the 'rx' keyword specifies that only
the traffic received on these VLANs will be monitored. The command monitor session 1 destination interface
gigabitethernet0/1 sets interface GigabitEthernet0/1 as the destination where the mirrored traffic will be sent.
Therefore, the effect of the configuration is that all traffic received on VLANs 10, 11, and 12 will be duplicated
and forwarded to interface g0/1 for analysis.

NEW QUESTION: 249

Drag and drop the code snippets from the bottom onto the blanks in the code to construct a request that
configures a deny rule on an access list?
Answer:
Explanation:

NEW QUESTION: 250

A. control, and forwarding
B. management and data
C. control and management
D. control and data
Answer: (SHOW ANSWER)
In a Cisco StackWise Virtual environment, the control and forwarding planes are virtually combined in the
common logical switch. This means that two physical switches are combined into a single logical entity, sharing
the same control plane (which makes decisions about where traffic should go) and the forwarding plane (which
actually moves packets to the selected destination). This combination allows for seamless operation and high
availability as both switches operate as one.

NEW QUESTION: 251

A company has an existing Cisco 5520 HA cluster using SSO. An engineer deploys a new single Cisco Catalyst
9800 WLC to test new features. The engineer successfully configures a mobility tunnel between the
5520 cluster and 9800 WLC. Client connected to the corporate WLAN roam seamlessly between access points
on the 5520 and 9800 WLC. After a failure on the primary 5520 WLC, all WLAN services remain functional;
however, Client roam between the 5520 and 9800 controllers without dropping their connection. Which feature
must be configured to remedy the issue?
A. mobility MAC on the 5520 cluster
B. mobility MAC on the 9800 WLC
C. new mobility on the 5520 cluster
D. new mobility on the 9800 WLC
Answer: (SHOW ANSWER)
The issue described suggests that the clients are not maintaining their connection when roaming between the
5520 and 9800 controllers after a failure on the primary 5520 WLC. To remedy this, the 'new mobility' feature
should be configured on the 5520 cluster. This feature, also known as Converged Access Mobility, allows for
seamless client roaming and consistent policy enforcement across different WLC platforms, which is essential
in a mixed environment of AireOS and IOS-XE controllers. References := Implementing and Operating Cisco
Service Provider Network Core Technologies

NEW QUESTION: 252

Refer to the exhibit.
How should the script be completed so that each device configuration is saved into a JSON-formatted file under
the device name?

D.
Answer: (SHOW ANSWER)
The script should be completed with the code that opens a file in write mode for each device and writes the
configuration into it in JSON format. Option C is correct because it uses a context manager to open a file
named after the hostname variable with a .json extension. It then writes the device variable, which presumably
contains the device configuration, into this file using json.dump(), ensuring the data is in JSON format.
References:
* Implementing and Operating Cisco Service Provider Network Core Technologies (SPCOR) course material
* Python documentation on file handling and the json module
* Cisco learning resources on network automation and scripting

NEW QUESTION: 253

Refer to the exhibit.

Which two facts does the device output confirm? (Choose two.)
A. The device sends unicast messages to its peers
B. The device's HSRP group uses the virtual IP address 10.0.3.242
C. The standby device is configured with the default HSRP priority.
D. The device is using the default HSRP hello timer
E. The device is configured with the default HSRP priority
Answer: (SHOW ANSWER)
The output confirms that the device's HSRP group is using the virtual IP address 10.0.3.242, which is indicated
by the line "Virtual IP address is 10.0.3.242". This confirms option B.
Additionally, the device is configured with the default HSRP priority, which is 100 as shown in the line
"Priority 100 (cfgd 100)". Since this matches the default priority value for HSRP, it confirms option E.

NEW QUESTION: 254

Which data is properly formatted with JSON?

A.
B.

D.
Answer: (SHOW ANSWER)
Proper JSON data formatting is essential for ensuring that data is correctly structured and can be easily parsed
by systems. JSON data should be in a text-based format that follows specific syntax rules, such as key-value
pairs enclosed in curly braces

NEW QUESTION: 255

Which three elements determine Air Time efficiency? (Choose three)
A. evert-driven RRM
B. data rate (modulation density) or QAM
C. channel bandwidth
D. number of spatial streams and spatial reuse
E. RF group leader
F. dynamic channel assignment
Answer: (SHOW ANSWER)
Air Time efficiency in wireless networking is a measure of how efficiently the RF spectrum is utilized. It is
influenced by several factors that determine how much 'airtime' is actually used to transmit user data. The
elements that determine Air Time efficiency include:
* Data rate (modulation density) or QAM: Higher data rates allow for more data to be transmitted in the same
amount of time, improving airtime efficiency.
* Channel bandwidth: Wider channel bandwidths provide more spectrum for data transmission, which can
increase airtime efficiency.
* Number of spatial streams and spatial reuse: Multiple spatial streams allow for more data to be transmitted
simultaneously, and spatial reuse can improve efficiency by allowing for the same frequencies to be used in
different areas without interference.
https://www.ciscolive.com/c/dam/r/ciscolive/emea/docs/2020/pdf/BRKEWN-3010.pdf Graphical user interface
Description automatically generated with low confidence

NEW QUESTION: 256

Which mechanism can be used to enforce network access authentication against an AAA server if the endpoint
does not support the 802.1X supplicant functionality?
A. private VLANs
B. port security
C. MAC Authentication Bypass
D. MACsec
Answer: (SHOW ANSWER)
MAC Authentication Bypass (MAB) is a mechanism used to authenticate devices that do not support 802.1X
supplicant functionality. MAB allows devices to be authenticated based on their MAC address, providing an
alternative method for enforcing network access control against an AAA server.

NEW QUESTION: 257

Refer to the exhibit.

An engineer must configure HSRP for VLAN 1000 on SW2. The secondary switch must immediately take over
the role of active router If the interlink with the primary switch fails. Which command set completes this task?

D.
Answer: (SHOW ANSWER)
In the context of HSRP (Hot Standby Router Protocol), to ensure that a secondary switch takes over
immediately as the active router if the interlink with the primary switch fails, preempt must be enabled, and
tracking must be configured for the interface connecting to the primary switch. The correct command set would
configure HSRP for VLAN 1000 on SW2 with a lower priority than the primary (to make it secondary) and track
an interface or object that represents the interlink. If that tracked object goes down, it will decrement the priority
of SW2, potentially making it higher than SW1 and causing an immediate failover to SW2.

NEW QUESTION: 258

Based on the router's API output In JSON format below, which Python code will display the value of the 'role'
key?
A. Option A
B. Option B
C. Option C
D. Option D
Answer: (SHOW ANSWER)
The correct Python code to display the value of the 'role' key, based on the router's API output in JSON format,
is Option B. In this option, json_data is assigned the JSON content from response.json(). Then it prints the
value associated with the 'role' key which is nested inside 'family', which in turn is nested inside
'response'. The syntax json_data['response']['family']['role'] is used to access nested dictionaries in Python.
References: For an exact reference, please consult the Implementing and Operating Cisco Service Provider
Network Core Technologies source documents or study guide.

NEW QUESTION: 259

An engineer is configuring a new SSID to present users with a splash page for authentication. Which WLAN
Layer 3 setting must be configured to provide this functionally?
A. CCKM
B. WPA2 Policy
C. Local Policy
D. Web Policy
Answer: (SHOW ANSWER)
To present users with a splash page for authentication when configuring a new SSID, the WLAN Layer 3 setting
that must be configured is the Web Policy. This setting enables the network to redirect users to a web page for
authentication purposes before they can access the network. It is commonly used in guest or public Wi-Fi
networks to provide controlled access.
References := The information is based on the Implementing and Operating Cisco Service Provider Network
Core Technologies (SPCOR) training materials,

NEW QUESTION: 260

Drag and drop the snippets onto the blanks within the code to construct a script that advertises the network
prefix 192.168.5.0/24 into a BGP session. Not all options are used
Answer:

Explanation:
Text, letter Description automatically generated
NEW QUESTION: 261
Where is radio resource management performed in a cisco SD-access wireless solution?
A. DNA Center
B. control plane node
C. wireless controller
D. Cisco CMX
Answer: (SHOW ANSWER)
Radio Resource Management (RRM) is an essential feature that optimizes wireless network performance by
managing the radio frequencies in use. In a Cisco SD-Access wireless solution, RRM is performed by the
wireless controller. The controller continuously monitors and manages aspects such as radio frequency
assignment, power levels, and channel settings to ensure optimal performance and coverage for wireless
clients. It dynamically adjusts these settings based on the environment and network conditions to maintain the
best possible wireless experience.
Fabric wireless controllers manage and control the fabric-mode APs using the same general model as the
traditional local-mode controllers which offers the same operational advantages such as mobility control and
radio resource management. A significant difference is that client traffic from wireless endpoints is not tunnelled
from the APs to the wireless controller. Instead, communication from wireless clients is encapsulated in VXLAN
by the fabric APs which build a tunnel to their first-hop fabric edge node. Wireless traffic it tunneled to the edge
nodes as the edge nodes provide fabric services such as the Layer 3 Anycast Gateway, policy, and traffic
enforcement.
https://www.cisco.com/c/en/us/td/docs/solutions/CVD/Campus/cisco-sda-design-guide.html

NEW QUESTION: 262

Refer to the exibit. How should the programmer access the list of VLANs that are recevied via the API call?

A. Option A
B. Option B
C. Option C
D. Option D
Answer: (SHOW ANSWER)
To access the list of VLANs received via the API call, the programmer should use the key 'Vlan1' within the
VlanNames dictionary. This method allows for direct access to the specific VLAN information required.
References := The explanation is derived from the Implementing and Operating Cisco Service Provider
Network Core Technologies training, which covers topics such as networking, automation, and quality of
services, relevant to handling VLANs and API calls

NEW QUESTION: 263

An engineer is configuring local web authentication on a WLAN. The engineer chooses the Authentication radio
button under the Layer 3 Security options for Web Policy. Which device presents the web authentication for the
WLAN?
A. ISE server
B. local WLC
C. RADIUS server
D. anchor WLC
Answer: (SHOW ANSWER)
When configuring local web authentication on a WLAN, selecting the Authentication radio button under Layer 3
Security options for Web Policy indicates that the local Wireless LAN Controller (WLC) will handle the web
authentication process. This means that when users connect to the WLAN, they will be presented with a login
page hosted by the WLC itself, where they can enter their credentials.

NEW QUESTION: 264

Refer to the exhibit. Which command set completes the ERSPAN session configuration?
A. Option A
B. Option B
C. Option C
D. Option D
Answer: A (LEAVE A REPLY)
The correct command set to complete the ERSPAN session configuration must include the source session ID,
the traffic direction, and the mirrored traffic. Option A correctly specifies the source session and includes both
the 'rx' and 'tx' directions, indicating that both received and transmitted traffic should be mirrored. References
:= The answer is derived from the Implementing and Operating Cisco Service Provider Network Core
Technologies (SPCOR) course materials, which provide detailed information on configuring ERSPAN sessions
in a Service Provider network infrastructure.
For further study and detailed explanations, you can refer to the official Cisco training and certification
resources:
* Implementing and Operating Cisco Service Provider Network Core Technologies (SPCOR)
* Cisco Certification Exam Overview for 350-501 SPCOR
* On-Demand E-Learning for Implementing and Operating Cisco Service Provider Network Core Technologies
(SPCOR) v1.1

NEW QUESTION: 265

What is one role of the VTEP in a VXLAN environment?
A. to forward packets to non-LISP sites
B. to encapsulate the tunnel
C. to maintain VLAN configuration consistency
D. to provide EID-to-RLOC mapping
Answer: (SHOW ANSWER)
The VTEP, or VXLAN Tunnel Endpoint, plays a crucial role in a VXLAN environment by encapsulating Ethernet
frames into VXLAN packets. This encapsulation process allows for the creation of a tunnel over the IP network,
enabling the extension of Layer 2 networks over Layer 3 infrastructures2.
References := IP With Ease - Understanding VTEPs and VNIs in VXLAN Environment

NEW QUESTION: 266

Refer the exhibit.

Which configuration elects SW4 as the root bridge for VLAN 1 and puts G0/2 on SW2 into a blocking state?

B.
C.

D.
Answer: (SHOW ANSWER)
To elect SW4 as the root bridge for VLAN 1, the priority value needs to be lower than any other switch in the
network for that VLAN. The default priority value is 32768, and by setting SW4's priority to 32768 for VLAN
1, it does not guarantee that SW4 will become the root bridge unless all other switches have their priorities set
higher or equal and have a higher MAC address. However, assuming all other factors are default, this could
make SW4 a candidate for being the root bridge if it has the lowest MAC address.
To put G0/2 on SW2 into a blocking state, we need to influence the Spanning Tree Protocol (STP) decisions.
This can be done by manipulating port costs or priorities to ensure that this port does not provide the best path
to the root bridge. By setting the spanning-tree cost of G0/2 on SW2 to 128, it increases the likelihood of this
port being selected as a non-designated port if there is another path with a lower cost.

NEW QUESTION: 267

By default, which virtual MAC address does HSRP group 16 use?
A. c0:41:43:64:13:10
B. 00:00:0c 07:ac:10
C. 00:05:5c:07:0c:16
D. 05:00:0c:07:ac:16
Answer: (SHOW ANSWER)
HSRP (Hot Standby Router Protocol) uses a virtual MAC address for each group of routers participating in the
protocol. The default virtual MAC address format for HSRP is 0000.0C07.ACxy, where xy is the HSRP group
number in hexadecimal. For group 16, the hexadecimal equivalent is 10, resulting in the virtual MAC address
00:00:0c:07:ac:101.
References: Cisco's official documentation on HSRP.

NEW QUESTION: 268

Which solution do laaS service providers use to extend a Layer 2 segment across a Layer 3 network?
A. VLAN
B. VTEP
C. VXLAN
D. VRF
Answer: (SHOW ANSWER)
IaaS (Infrastructure as a Service) providers often need to extend Layer 2 segments across Layer 3 networks to
facilitate data center interconnectivity and enable seamless communication between different sites. VXLAN
(Virtual Extensible LAN) is the solution that allows for this extension. VXLAN is an encapsulation protocol that
creates a Layer 2 overlay network on top of a Layer 3 network using MAC-in-UDP encapsulation. This enables
the extension of Layer 2 segments across geographically dispersed data centers and provides the scalability
required for large-scale cloud environments. It encapsulates Ethernet frames in a UDP packet, which can then
be routed through the Layer 3 network.

NEW QUESTION: 269

What is one difference between saltstack and ansible?
A. SaltStack uses an API proxy agent to program Cisco boxes on agent mode, whereas Ansible uses a Telnet
connection
B. SaltStack uses the Ansible agent on the box, whereas Ansible uses a Telnet server on the box
C. SaltStack is constructed with minion, whereas Ansible is constructed with YAML
D. SaltStack uses SSH to interact with Cisco devices, whereas Ansible uses an event bus
Answer: (SHOW ANSWER)
SaltStack and Ansible are both popular Infrastructure as Code (IaC) tools used for automation and
configuration management. SaltStack, also known as Salt, is built on a master-minion model and uses a YAML-
based configuration language. It is known for its high-speed data collection and execution capabilities, which
are facilitated by the ZeroMQ messaging library that establishes persistent TCP connections between the
master and minions. SaltStack is designed to be scalable and flexible, capable of handling thousands of
minions per master.
On the other hand, Ansible is an open-source tool that emphasizes simplicity and agentless architecture. It
uses YAML to write its Playbooks, which describe automation jobs. Ansible's agentless nature means it
communicates with nodes over SSH or WinRM without requiring an agent to be installed on the remote
systems, making it easy to deploy and manage.
References:
* SaltStack's architecture and features are detailed in the comparison articles I found, which highlight its
scalability and flexibility12.
* Ansible's simplicity and agentless architecture are also discussed, along with its use of YAML for Playbooks

NEW QUESTION: 270

Drag and drop the characteristics from the left onto the protocols they apply to on the right?

Answer:
Explanation:
Diagram Description automatically generated

NEW QUESTION: 271

Which algorithms are used to secure REST API from brute attacks and minimize the impact?
A. SHA-512 and SHA-384
B. MD5 algorithm-128 and SHA-384
C. SHA-1, SHA-256, and SHA-512
D. PBKDF2, BCrypt, and SCrypt
Answer: D (LEAVE A REPLY)
To secure REST APIs from brute force attacks and minimize their impact, algorithms like PBKDF2, BCrypt, and
SCrypt are used. These algorithms are designed to be computationally intensive and slow, which helps to
protect against brute force attacks by making them time-consuming and resource-intensive678910.
References := Cisco documentation and security best practices for REST APIs.

NEW QUESTION: 272

How does SSO work with HSRP to minimize network disruptions?
A. It enables HSRP to elect another switch in the group as the active HSRP switch.
B. It ensures fast failover in the case of link failure.
C. It enables data forwarding along known routes following a switchover, white the routing protocol
reconverges.
D. It enables HSRP to failover to the standby RP on the same device.
Answer: (SHOW ANSWER)
SSO (Stateful Switchover) works in conjunction with HSRP (Hot Standby Router Protocol) to provide a rapid
failover solution in the event of a link failure. This collaboration is crucial for minimizing network disruptions and
maintaining continuous data forwarding. When a failure is detected, SSO enables the standby router to assume
control promptly, ensuring minimal impact on traffic and ongoing services.

NEW QUESTION: 273

Drag and drop the characteristics from the left onto the deployment model on the right.

Answer:
Explanation:
CLOUD1 and 3ON-PREMISES2 and 4

NEW QUESTION: 274

An engineer is connected to a Cisco router through a Telnet session. Which command must be issued to view
the logging messages from the current session as soon as they are generated by the router?
A. logging buffer
B. service timestamps log uptime
C. logging host
D. terminal monitor
Answer: (SHOW ANSWER)
The 'terminal monitor' command is used on Cisco routers to enable the display of logging messages to the
terminal line, such as a Telnet or SSH session. This command ensures that the logging messages are
displayed in real-time as they are generated by the router, allowing the engineer to view them immediately.
References:
Cisco Community discussions

NEW QUESTION: 275

Refer to the exhibit.

An engineer is installing a new pair of routers in a redundant configuration. Which protocol ensures that traffic is
not disrupted in the event of a hardware failure?
A. HSRPv1
B. GLBP
C. VRRP
D. HSRPv2
Answer: (SHOW ANSWER)
HSRPv1 (Hot Standby Router Protocol version 1) is designed to allow for transparent failover of the first-hop IP
router. HSRP provides high network availability by providing redundancy for IP traffic from hosts on networks.
In a group of router interfaces, the active router is the router of choice for routing packets; the standby router is
the router that takes over the routing duties when an active router fails or when preset conditions are met. This
ensures that traffic continues to flow even if one router fails, making it a suitable choice for the scenario
described in the question.
References:
* Configuring HSRP, VRRP, and GLBP - Cisco
* Implementing and Operating Cisco Service Provider Network Core Technologies (SPCOR) - Cisco

NEW QUESTION: 276

What is one characteristic of VXLAN?
A. It supports a maximum of 4096 VLANs.
B. It supports multitenant segments.
C. It uses STP to prevent loops in the underlay network.
D. It uses the Layer 2 header to transfer packets through the network underlay.
Answer: (SHOW ANSWER)
VXLAN is a network virtualization technology that addresses the scalability problems associated with large
cloud computing deployments. It allows for the creation of a logical network for each tenant or customer,
supporting up to 16 million virtual networks. VXLAN encapsulates Layer 2 Ethernet frames within Layer 4 UDP
packets, using MAC-in-UDP encapsulation, to enable Layer 2 adjacency across IP networks. This technology
extends the Layer 2 segment ID field to 24-bits, providing a much larger scale than the traditional VLANs' 12-bit
identifier, which supports only up to 4096 VLANs123.
References := Cisco's VXLAN Configuration Guide, Cisco Learning Network's Introduction to VXLAN,
Wikipedia's VXLAN Article

NEW QUESTION: 277

A network administrator received reports that a 40Gb connection is saturated. The only server the administrator
can use for data collection in that location has a 10Gb connection to the network. Which of the following is the
best method to use on the server to determine the source of the saturation?
A. Port mirroring
B. Log aggregation
C. Flow data
D. Packet capture
Answer: C (LEAVE A REPLY)
Flow data is the most effective method for identifying network traffic patterns and pinpointing the source of
saturation on a network connection. It provides a high-level overview of traffic flow without requiring full packet
capture, which would be impractical on a 10Gb connection when the saturation occurs on a 40Gb link.
Flow data allows the administrator to analyze metadata about the traffic, such as source and destination IP
addresses, ports, and protocols, which can help determine the cause of the congestion.

NEW QUESTION: 278

Which resource is able to be shared among virtual machines deployed on the same physical server?
A. applications
B. disk
C. VM configuration file
D. operating system
Answer: (SHOW ANSWER)
In a virtualized environment, physical server resources can be shared among multiple virtual machines (VMs).
The disk resource, in particular, can be allocated to VMs in a way that allows them to access storage as if it
were their own. This enables efficient utilization of storage resources and can help in reducing costs and
improving scalability. References: Implementing and Operating Cisco Service Provider Network Core
Technologies (SPCOR)

NEW QUESTION: 279

Drag the characteristics from the left onto the routing protocols they describe on the right.

Answer:
Explanation:

NEW QUESTION: 280

A. virtual private network

B. deep packet inspection
C. stateful inspection
D. application awareness
E. packet filtering
Answer: (SHOW ANSWER)
Next-generation firewalls (NGFWs) are designed to go beyond the capabilities of traditional firewalls by
incorporating advanced features such as deep packet inspection and application awareness. Deep packet
inspection allows the firewall to examine the data within the packets passing through it, enabling it to identify
and control applications, detect intrusions, and prevent attacks. Application awareness refers to the firewall's
ability to recognize and control applications regardless of the port or protocol used for communication, providing
more granular traffic management and security.

NEW QUESTION: 281

Refer to the exhibit.

An LACP port channel is configured between Switch-1 and Switch-2, but It falls to come up. Which action will
resolve the issue?
A. Configure Switch-1 with channel-group mode active
B. Configure Switch-2 with channel-group mode desirable.
C. Configure Switch-1 with channel-group mode on.
D. Configure SwKch-2 with channel-group mode auto
Answer: (SHOW ANSWER)
The issue with the LACP port channel not coming up between Switch-1 and Switch-2 is due to both switches
being configured with "channel-group mode passive". For an LACP (Link Aggregation Control Protocol) to
establish a connection, at least one end must be configured to actively seek the establishment of a channel,
which is done by setting "channel-group mode active". In this case, configuring Switch-1 with "channel-group
mode active" will initiate the LACP negotiation process, allowing the port channel to come up.

NEW QUESTION: 282

Refer to the exhibit.
A network engineer must configure the router to use the ISE-Servers group for authentication. If both ISE
servers are unavailable, the local username database must be used. If no usernames are defined in the
configuration, then the enable password must be the last resort to log in. Which configuration must be applied
to achieve this result?
A. aaa authentication login default group ISE-Servers local enable
B. aaa authentication login default group enable local ISE-Servers
C. aaa authorization exec default group ISE-Servers local enable
D. aaa authentication login error-enable aaa authentication login default group enable local ISE-Servers
Answer: (SHOW ANSWER)
The configuration line 'aaa authentication login default group ISE-Servers local enable' sets up the router to use
the ISE-Servers group for authentication first. If both servers in the ISE-Servers group are unavailable, it falls
back to using the local username database ('local'). If there are no usernames defined in the configuration, then
as a last resort, it uses the enable password ('enable') for login. References: Implementing and Operating Cisco
Service Provider Network Core Technologies (SPCOR) training materials.

NEW QUESTION: 283

Drag and drop the characteristics from the left onto the orchestration tools that they describe on the right.

Answer:
Explanation:
A picture containing application Description automatically generated

NEW QUESTION: 284

What is the preferred QoS marking for delay-sensitive real-time protocols such as RTP?
A. CS1
B. ATM-CLP
C. EF
D. AF
Answer: (SHOW ANSWER)
The preferred Quality of Service (QoS) marking for delay-sensitive real-time protocols, such as the Real-Time
Protocol (RTP), is Expedited Forwarding (EF). EF is a per-hop behavior (PHB) that ensures low loss, low
latency, and low jitter for critical traffic, such as voice and video. It is typically marked with a DSCP value of
46, which gives it the highest priority in traffic forwarding decisions on the network. References:
Implementing and Operating Cisco Service Provider Network Core Technologies (SPCOR) training materials
provide an in-depth understanding of QoS mechanisms and their application in service provider networks

NEW QUESTION: 285

How does an on-premises infrastructure compare to a cloud infrastructure?
A. On-premises can increase compute power faster than cloud
B. On-premises requires less power and cooling resources than cloud
C. On-premises offers faster deployment than cloud
D. On-premises offers lower latency for physically adjacent systems than cloud.
Answer: D (LEAVE A REPLY)
On-premises infrastructures are physically closer to the end-user or the systems that are using them, which
typically results in lower latency due to the reduced distance data must travel compared to cloud infrastructures.
This proximity allows for quicker data retrieval and processing, making it ideal for applications that require real-
time or near-real-time access to data.
References: The Implementing and Operating Cisco Service Provider Network Core Technologies (SPCOR)
course

NEW QUESTION: 286

An engineer creates the configuration below. Drag and drop the authentication methods from the left into the
order of priority on the right. Not all options are used.

Answer:

Explanation:
priority 1: AAA servers of ACE group
priority 2: AAA servers of AAA_RADIUS group
priority 3: local configured username in case-sensitive format
priority 4: If no method works, then deny login

NEW QUESTION: 287

Refer to the exhibit. A network engineer checks connectivity between two routers. The engineer can ping the
remote endpoint but cannot see an ARP entry. Why is there no ARP entry?
A. The ping command must be executed in the global routing table.
B. Interface FastEthernet0/0 Is configured in VRF CUST-A, so the ARP entry is also in that VRF.
C. When VRFs are used. ARP protocol must be enabled In each VRF.
D. When VRFs are used. ARP protocol is disabled in the global routing table.
Answer: (SHOW ANSWER)
In a scenario where Virtual Routing and Forwarding (VRF) is used, each VRF instance has its own separate set
of routing and forwarding tables. When an interface is assigned to a specific VRF, all Layer 2 activities including
ARP are limited to that particular VRF. Therefore, if you are trying to view the ARP table from the global routing
context, you will not see an entry for an IP address that belongs to a different VRF. In this case, since Interface
FastEthernet0/0 is part of VRF CUST-A, any ARP entries associated with it would only be visible within that
specific VRF's ARP table. References: Implementing and Operating Cisco Service Provider Network Core
Technologies (SPCOR) v1.1

NEW QUESTION: 288

Which port is required to allow APs to join a WLC when directed broadcasts are used on a Cisco iOS switch?
A. UDP5246
B. TCP 5246
C. TCP 5247
D. UDP5247
Answer: (SHOW ANSWER)
APs use UDP as a transport protocol, and port 5247 is required for APs to join a WLC when directed
broadcasts are used on a Cisco iOS switch. This information can be confirmed from Cisco's official
documentation on Implementing and Operating Cisco Service Provider Network Core Technologies.
References:
* Implementing and Operating Cisco Service Provider Network Core Technologies course1234.
* Cisco Service Provider training materials

NEW QUESTION: 289

Which signal strength and noise values meet the minimum SNR for voice networks?
A. signal strength -67 dBm, noise 91 dBm
B. signal strength -69 dBm, noise 94 dBm
C. signal strength -68 dBm, noise 89 dBm
D. signal strength -66 dBm, noise 90 dBm
Answer: (SHOW ANSWER)
For voice networks, the minimum Signal-to-Noise Ratio (SNR) required is typically around 25 dB. The SNR is
the difference between the signal strength and the noise level. Given the options, we calculate the SNR for
each and find that option A provides an SNR of 24 dBm (91 dBm noise subtracted from -67 dBm signal
strength), which is the closest to the required minimum SNR for voice networks. References: Implementing and
Operating Cisco Service Provider Network Core Technologies (SPCOR) training materials1.

NEW QUESTION: 290

A. SSL
B. MD5
C. AES128
D. AES256
Answer: (SHOW ANSWER)
NTP (Network Time Protocol) uses the MD5 (Message-Digest Algorithm 5) hashing algorithm for authentication
purposes. MD5 is utilized to create a hash value based on the time information being sent over the network.
This hash is then used to verify the integrity and authenticity of the NTP messages, ensuring that the time data
has not been tampered with during transit. While MD5 is not the most secure hashing algorithm available, it is
widely used in NTP implementations due to its balance of security and computational efficiency.
References := Implementing and Operating Cisco Service Provider Network Core Technologies (SPCOR)

NEW QUESTION: 291

A customer has a wireless network deployed within a multi-tenant building. The network provides client access,
location-based services, and is monitored using Cisco DNA Center. The security department wants to locate
and track malicious devices based on threat signatures. Which feature is required for this solution?
A. Cisco aWIPS policies on the WLC
B. Cisco aWIPS policies on Cisco DNA Center
C. malicious rogue rules on the WLC
D. malicious rogue rules on Cisco DNA Center
Answer: (SHOW ANSWER)
Cisco DNA Center provides a comprehensive solution for managing and monitoring wireless networks,
including the ability to locate and track malicious devices. It integrates with the Advanced Wireless Intrusion
Prevention System (aWIPS), which allows for the monitoring of threat signatures and the implementation of
security policies. The malicious rogue rules on Cisco DNA Center enable the security department to effectively
identify, locate, and mitigate threats posed by unauthorized access points and other malicious devices within
the network environment.

NEW QUESTION: 292

Which JSON script is properly formatted?

C.
D.
Answer: (SHOW ANSWER)
A properly formatted JSON script is a text-based data format that follows JavaScript object syntax. It is
commonly used for transmitting data in web applications. A correct JSON format includes key-value pairs with
keys being strings and values being valid JSON data types such as strings, numbers, objects, arrays, booleans,
or null. It also requires proper use of quotes, commas, and braces. Based on the information provided, option C
is the correct answer as it is the only option that does not contain a URL, which is not a valid JSON format.

NEW QUESTION: 293

Refer to the exhibit. An engines configured TACACS^ to authenticate remote users but the configuration is not
working as expected Which configuration must be applied to enable access?

D.
Answer: C (LEAVE A REPLY)
The correct configuration for enabling TACACS^ authentication for remote users involves specifying the
TACACS^ server details, including the IP address and the secret key, and applying the TACACS^ server group
to the line configuration. Option C shows the correct configuration where the tacacs-server host command is
used to define the TACACS^ server with its IP address and the key keyword to specify the shared secret. The
aaa group server tacacs+ command is used to create a server group, and the server-private command within
the group specifies the IP address of the TACACS^ server and the key.
Finally, the line vty configuration applies the server group to the VTY lines, which allows remote users to be
authenticated via TACACS^.

NEW QUESTION: 294

Refer to the exhibit.

Only administrators from the subnet 10.10.10.0/24 are permitted to have access to the router. A secure protocol
must be used for the remote access and management of the router instead of clear-text protocols.
Which configuration achieves this goal?

A. Option A
B. Option B
C. Option C
D. Option D
Answer: C (LEAVE A REPLY)
To restrict access to the router to only administrators from the subnet 10.10.10.0/24 and ensure that a secure
protocol is used, the configuration should include an access control list (ACL) that specifies the allowed subnet
and applies it to the vty lines. Additionally, it should specify the use of a secure protocol like SSH for remote
access. Here's an example configuration:
access-list 10 permit 10.10.10.0 0.0.0.255
line vty 0 4
login local
transport input ssh
access-class 10 in
This configuration creates an ACL that permits only the 10.10.10.0/24 subnet and applies it to the vty lines,
which are used for remote access to the router. It also specifies that only SSH is allowed as the input transport
protocol for these lines, ensuring secure communication.

NEW QUESTION: 295

An engineer has deployed a single Cisco 5520 WLC with a management IP address of 172.16.50.5/24. The
engineer must register 50 new Cisco AIR-CAP2802I-E-K9 access points to the WLC using DHCP option 43.
The access points are connected to a switch in VLAN 100 that uses the 172.16.100.0/24 subnet. The engineer
has configured the DHCP scope on the switch as follows:

The access points are failing to join the wireless LAN controller. Which action resolves the issue?
A. configure option 43 Hex F104.AC10.3205
B. configure option 43 Hex F104.CA10.3205
C. configure dns-server 172.16.50.5
D. configure dns-server 172.16.100.1
Answer: (SHOW ANSWER)
In the scenario described, the engineer needs to configure DHCP Option 43 to provide the management IP
address of the WLC in a format that the access points can understand. The correct configuration for Option 43
includes the IP address of the WLC in hexadecimal format. The management IP address of the WLC is
172.16.50.5, which translates to AC10.3205 in hexadecimal notation. The prefix F104 indicates that it is an IPv4
address and specifies its length (in this case, four bytes or one word). Therefore, configuring option 43 with Hex
F104.AC10.3205 will resolve the issue by directing access points to find and register with the WLC at IP
address 172.16.50.5.

NEW QUESTION: 296

In Cisco DNA Center, what is the integration API?
A. southbound consumer-facing RESTful API. which enables network discovery and configuration management
B. westbound interface, which allows the exchange of data to be used by ITSM. IPAM and reporting
C. an interface between the controller and the network devices, which enables network discovery and
configuration management
D. northbound consumer-facing RESTful API, which enables network discovery and configuration management
Answer: (SHOW ANSWER)
In Cisco DNA Center, the northbound consumer-facing RESTful API is the integration API that allows
applications and services to interact with the network. It provides a programmable interface for network
discovery, configuration management, and other operations, enabling automation and orchestration of network
services. References: Implementing and Operating Cisco Service Provider Network Core Technologies
(SPCOR) training

NEW QUESTION: 297

An engineer must protect the password for the VTY lines against over-the-shoulder attacks. Which
configuration should be applied?
A. service password-encryption
B. username netadmin secret 9 $9$vFpMf8elb4RVV8$seZ/bDA
C. username netadmin secret 7$1$42J36k33008Pyh4QzwXyZ4
D. line vty 0 15 p3ssword XD822j
Answer: (SHOW ANSWER)
cisco(config)#username test privilege 15 password test777
cisco(config)#do s running-config | include user
username test privilege 15 password 0 test777
cisco(config)#service password-encryption
cisco(config)#do s running-config | include user
username test privilege 15 password 7 044F0E151B761B19
cisco(config)#
cisco(config)#do wr
Building configuration...
[OK]
cisco(config)#

NEW QUESTION: 298

Refer to the exhibit. Rapid PVST+ is enabled on all switches. Which command set must be configured on
switch1 to achieve the following results on port fa0/1?
A.

D.
Answer: B (LEAVE A REPLY)

NEW QUESTION: 299

An engineer must provide wireless converge in a square office. The engineer has only one AP and believes
that it should be placed it in the middle of the room. Which antenna type should the engineer use?
A. directional
B. polarized
C. Yagi
D. omnidirectional
Answer: D (LEAVE A REPLY)
In a square office where coverage is needed in all directions, an omnidirectional antenna is the best choice.
This type of antenna radiates radio frequency (RF) signal equally in all directions horizontally, which would
provide uniform wireless coverage throughout the office space. Directional antennas, on the other hand, focus
the RF signal in a specific direction and are not suitable for this scenario. Polarized and Yagi antennas have
specific applications that do not match the requirement of uniform coverage in all directions.

NEW QUESTION: 300

Reter to the exhibit.
An administrator troubleshoots intermittent connectivity from internal hosts to an external public server. Some
internal hosts can connect to the server while others receive an ICMP Host Unreachable message and these
hosts change over time. What is the cause of this issue?
A. The translator does not use aOdress overloading
B. The NAT ACL does not match alt internal hosts
C. The NAT ACL and NAT pool share the same name
D. The NAT pool netmask is excessively wide
Answer: B (LEAVE A REPLY)
The intermittent connectivity issue where some internal hosts can connect to an external public server while
others receive an ICMP Host Unreachable message suggests a misconfiguration in the NAT Access Control
List (ACL). The NAT ACL is responsible for specifying which internal hosts are allowed to translate their private
IP addresses to public IP addresses. If the NAT ACL does not match all internal hosts, only some hosts will be
able to establish a connection, leading to the observed intermittent connectivity.

NEW QUESTION: 301

What is the recommended minimum SNR for data applications on wireless networks?
A. 15
B. 20
C. 25
D. 10
Answer: (SHOW ANSWER)
For data applications on wireless networks, a minimum Signal-to-Noise Ratio (SNR) of 20 dB is generally
recommended. This ensures that the signal strength is strong enough in relation to the noise levels, which
allows for higher data rates and fewer retransmissions, leading to better throughput and performance.
References: Signal-to-Noise Ratio (SNR) and Wireless Signal Strength - Cisco Meraki
Documentation2https://documentation.meraki.com/MR/WiFi_Basics_and_Best_Practices/Signal-to-Noise_Ratio

NEW QUESTION: 302

Refer to the exhibit.

A GRE tunnel has been created between HO and BR routers. What is the tunnel IP on the HQ router?
A. 10.111.111.1
B. 10.111.111.2
C. 209.165.202.130
D. 209.165.202.134
Answer: (SHOW ANSWER)
In a GRE tunnel configuration, the tunnel IP is the IP address assigned to the tunnel interface itself. This
address is used for sending traffic through the GRE tunnel from one end to another. Based on typical
configurations and best practices found in Cisco's Implementing and Operating Cisco Service Provider Network
Core Technologies (SPCOR), if we look at the exhibit provided, we can infer that since 10.111.111.2 is likely
assigned to the BR router's tunnel interface (as it is common practice to use sequential IPs for point-to-point
connections), then 10.111.111.1 would be assigned to the HQ router's tunnel interface.

NEW QUESTION: 303

Refer to the exhibit.
An engineer must prevent the R6 loopback from getting into Area 2 and Area 3 from Area 0 Which action must
the engineer take?
A. Apply a fitter list inbound on R2 and R9
B. Apply a filter list outbound on R3 and R7
C. Apply a filter list outbound on R7 only.
D. Apply a filter list inbound on R3 and R7
Answer: (SHOW ANSWER)
To prevent R6's loopback address from being advertised into Area 2 and Area 3 from Area 0, the most effective
method is to apply a filter list outbound on R7. This is because R7 acts as the ABR (Area Border Router)
connecting Area 0 to both Area 2 and Area 3. By filtering the routes outbound on R7, we can control which
routes are allowed to be advertised into the connected areas, thus preventing the specific route (R6's loopback)
from being propagated.

NEW QUESTION: 304

What is the function of an RP in a PIM-SM network?
A. to provide routing to the PIM leaf routers
B. to track sources and recovers on the shared distribution tree
C. to automate the distribution of group-to rendezvous point mappings
D. to connect multicast sources with receivers
Answer: (SHOW ANSWER)
In a PIM-SM (Protocol Independent Multicast sparse mode) network, the Rendezvous Point (RP) serves as the
central hub for connecting multicast sources with receivers. It acts as the meeting place where sources send
their traffic, which is then forwarded down a shared distribution tree to the receivers1.
References := Cisco's guide on Configuring a Rendezvous Point

NEW QUESTION: 305

Refer to the exhibit. Which two commands are needed to allow for full reachability between AS 1000 and AS
2000? (Choose two)
A. R1#network 192.168.0.0 mask 255.255.0.0
B. R2#no network 10.0.0.0 255.255.255.0
C. R2#network 192.168.0.0 mask 255.255.0.0
D. R2#network 209.165.201.0 mask 255.255.192.0
E. R1#no network 10.0.0.0 255.255.255.0
Answer: (SHOW ANSWER)
For full reachability between AS 1000 and AS 2000, R1 needs to advertise network 192.168.0.0 (option A) and
R2 needs to advertise network 209.165.201.0 (option D). These commands ensure that both Autonomous
Systems are aware of each other's networks, enabling full reachability between them as per the BGP routing
protocol's operation.References := Cisco BGP Configuration Guide

NEW QUESTION: 306

Drag and drop the descriptions from the left onto the routing protocols they describe on the right.
Answer:

Explanation:
NEW QUESTION: 307
What is the function of a fabric border node in a Cisco SD-Access environment?
A. To collect traffic flow information toward external networks
B. To connect the Cisco SD-Access fabric to another fabric or external Layer 3 networks
C. To attach and register clients to the fabric
D. To handle an ordered list of IP addresses and locations for endpoints in the fabric.
Answer: (SHOW ANSWER)
The error message indicates an MD5 authentication failure between the two BGP peers. The IP addresses
involved are 10.10.10.1 and 10.120.10.1, which should correspond to R1 and R2 respectively. The correct
configurations to resolve this issue would be to ensure that both routers are configured with the same password
for MD5 authentication within the same peer group CORP.
Option A is correct because it configures R1 with the CORP peer group and sets the password to "Cisco" for
MD5 authentication.
Option E is correct because it configures R2 with a neighbor in the CORP peer group at IP address 10.10.10.1
(which should be R1) and sets the password to "Cisco" for MD5 authentication.
References := Implementing and Operating Cisco Service Provider Network Core Technologies

NEW QUESTION: 308

Which method should an engineer use to deal with a long-standing contention issue between any two VMs on
the same host?
A. Adjust the resource reservation limits
B. Live migrate the VM to another host
C. Reset the VM
D. Reset the host
Answer: (SHOW ANSWER)
To address a long-standing contention issue between two VMs on the same host, the best method is to live
migrate one of the VMs to another host. This process, known as VMotion in VMware environments, allows you
to move a running VM to a different host with minimal downtime, effectively redistributing the workload and
alleviating the contention issue without disrupting services.
References: The Implementing and Operating Cisco Service Provider Network Core Technologies (SPCOR)
course

NEW QUESTION: 309

Refer to the exhibit. An engineer has configured an IP SLA for UDP echo's. Which command is needed to start
the IP SLA to test every 30 seconds and continue until stopped?
A. ip sla schedule 100 start-time now life forever
B. ip sla schedule 30 start-time now life forever
C. ip sla schedule 100 start-time now life 30
D. ip sla schedule 100 life forever
Answer: (SHOW ANSWER)
The command ip sla schedule 100 start-time now life forever is used to start the IP SLA operation immediately
(start-time now) and to continue it indefinitely (life forever). The 100 corresponds to the IP SLA operation
number, which must match the one specified in the IP SLA configuration. This command ensures that the IP
SLA operation for UDP echo tests will run every 30 seconds, as set by the frequency 30 command in the IP
SLA configuration, and will not stop unless manually terminated.

NEW QUESTION: 310

A. IPsec
B. TrustSec
C. MACseC
D. GRE
Answer: (SHOW ANSWER)
MACsec (Media Access Control Security) is the IEEE 802.1AE standard for securing data on Ethernet
networks. It provides end-to-end encryption at the data link layer (Layer 2), ensuring that data is secure as it
travels across the physical network infrastructure between two sites. MACsec encrypts each frame with a
secure key, providing confidentiality, integrity, and origin authenticity. Unlike IPsec, which operates at the
network layer (Layer 3), MACsec operates at a lower level, allowing for line-rate encryption that doesn't impact
the throughput of the network. This makes MACsec an ideal solution for protecting sensitive data in motion
without sacrificing performance.

NEW QUESTION: 311

Which protocol is implemented to establish secure control plane adjacencies between Cisco SD-WAN nodes?
A. IKF
B. TLS
C. IPsec
D. ESP
Answer: B (LEAVE A REPLY)
The protocol used to establish secure control plane adjacencies between Cisco SD-WAN nodes is TLS
(Transport Layer Security). In the Cisco SD-WAN architecture, TLS provides a secure channel for control plane
traffic between the various SD-WAN components, ensuring both privacy and data integrity. This is critical for
maintaining a secure network environment, especially when transmitting sensitive information across the
control plane.

NEW QUESTION: 312

What is the purpose of an RP in PIM?
A. send join messages toward a multicast source SPT
B. ensure the shortest path from the multicast source to the receiver
C. receive IGMP joins from multicast receivers
D. secure the communication channel between the multicast sender and receiver
Answer: (SHOW ANSWER)
The Rendezvous Point (RP) in Protocol Independent Multicast (PIM) acts as a meeting place for sources and
receivers of multicast traffic. Its main purpose is to receive Internet Group Management Protocol (IGMP) join
messages from multicast receivers. This allows the RP to know which multicast groups have interested
receivers and to facilitate the creation of a distribution tree for multicast traffic. References: Implementing and
Operating Cisco Service Provider Network Core Technologies (SPCOR)

NEW QUESTION: 313

Using the EIRP formula,what parameter is subtracted to determine the EIRP value?
A. transmitter power
B. antenna cable loss
C. antenna again
D. signal-to-noise ratio
Answer: (SHOW ANSWER)
The EIRP (Effective Isotropic Radiated Power) formula is used to calculate the power radiated by an antenna in
a specific direction. The formula is ( EIRP = P_T - L_C + G_a ), where ( P_T ) is the transmitter power, ( L_C )
is the antenna cable loss, and ( G_a ) is the antenna gain. To determine the EIRP value, the antenna cable loss
( L_C ) is subtracted from the sum of the transmitter power and the antenna gain2.
References: EIRP Calculator - Effective Isotropic Radiated Power2.
NEW QUESTION: 314

Refer to the exhibit. The connecting between SW1 and SW2 is not operational. Which two actions resolve the
issue? (Choose two)
A. configure switchport mode access on SW2
B. configure switchport nonegotiate on SW2
C. configure switchport mode trunk on SW2
D. configure switchport nonegotiate on SW1
E. configure switchport mode dynamic desirable on SW2
Answer: (SHOW ANSWER)
In the scenario provided, SW1 is configured with 'switchport mode dynamic auto' which means it is willing to
convert the link to a trunk link if the connecting switch is set to trunk or desirable mode. Since SW2 also
appears to be set to 'switchport mode dynamic auto', neither switch is initiating the trunking negotiation. To
resolve this issue:
* Option C: Configuring 'switchport mode trunk' on SW2 would manually set the port into permanent trunking
mode which would then negotiate with SW1 and form a trunk.
* Option D: Configuring 'switchport nonegotiate' on SW1 would disable Dynamic Trunking Protocol (DTP)
negotiation messages. This should be done if you are setting one side of the connection (SW2) to a static trunk
because DTP messages are unnecessary in this case.

NEW QUESTION: 315

Refer to the exhibit. A network administrator configured RSPAN to troubleshoot an issue between switch1 and
switch2. The switches are connected using interface GigabitEthernet 1/1. An external packet capture device is
connected is switch2 interface GigabitEthernet 1/2. Which two commands must be added to complete this
configuration? (Choose two)

A. Option A
B. Option B
C. Option C
D. Option D
E. Option E
Answer: (SHOW ANSWER)
RSPAN allows the monitoring of traffic from source ports and VLANs across multiple switches. To complete the
RSPAN configuration, the network administrator must ensure that the RSPAN VLAN is properly configured on
both switches and that the source and destination ports are specified correctly. Option C likely involves
specifying the RSPAN VLAN as the source, while Option D probably includes setting the correct destination
interface for the RSPAN session.

NEW QUESTION: 316

If the noise floor is -90 dBm and wireless client is receiving a signal of -75 dBm, what is the SNR?
A. 15
B. 1.2
C. -165
D. .83
Answer: (SHOW ANSWER)
Signal-to-Noise Ratio (SNR) is a measure used to quantify how much a signal has been corrupted by noise. It
is defined as the ratio of signal power to the noise power, often expressed in decibels (dB). A higher SNR
indicates a better quality of the signal. In this case, the SNR can be calculated by subtracting the noise floor
from the signal level: [ \text{SNR (dB)} = \text{Signal (dBm)} - \text{Noise Floor (dBm)} ] [ \text{SNR} =
-75 \text{ dBm} - (-90 \text{ dBm}) ] [ \text{SNR} = 15 \text{ dB} ]

NEW QUESTION: 317

Refer to the exhibit.

Router 1 is currently operating as the HSRP primary with a priority of 110 router1 fails and router2 take over the
forwarding role. Which command on router1 causes it to take over the forwarding role when it return to service?
A. standby 2 priority
B. standby 2 preempt
C. standby 2 track
D. standby 2 timers
Answer: (SHOW ANSWER)
In the context of HSRP, the standby 2 preempt command enables a router to become the active router when it
has a higher priority than the current active router. If Router 1 is set with a priority of 110 and it fails, causing
Router 2 to take over as the active router, then when Router 1 comes back online, it will not automatically take
back the role of active router unless it is configured with the preempt command. The preempt command allows
Router 1 to reclaim its role as the primary HSRP router due to its higher priority. References: Implementing and
Operating Cisco Service Provider Network Core Technologies (SPCOR) training materials or official
certification guide.

NEW QUESTION: 318

Which Cisco DNA Center application is responsible for group-based access control permissions?
A. Provision
B. Design
C. Policy
D. Assurance
Answer: (SHOW ANSWER)
In Cisco DNA Center, the Policy application is responsible for group-based access control permissions. This
application allows network administrators to define and manage access policies based on user groups,
ensuring that users have the appropriate level of network access according to their roles and responsibilities.

NEW QUESTION: 319

Where are operations related to software Images located in the Cisco DNA Center GUI?
A. Design
B. Services
C. Assurance
D. Provisioning
Answer: (SHOW ANSWER)

NEW QUESTION: 320

Refer to the exhibit

Communication between London and New York is down Which to resolve this issue?
A.

D.
Answer: (SHOW ANSWER)
The issue with communication between London and New York could be due to a variety of factors such as
routing misconfigurations, hardware failures, or issues with the service provider infrastructure. Option C is the
correct answer because it addresses a common cause of communication failure in service provider networks,
which is often related to routing or network configuration issues. Implementing and Operating Cisco Service
Provider Network Core Technologies (SPCOR) provides extensive knowledge on configuring, verifying,
troubleshooting, and optimizing service provider IP network infrastructures. This includes understanding core
architecture, services, networking, automation, quality of services, security, and network assurance, all of which
are crucial for resolving such issues.
https://learningnetwork.cisco.com/s/question/0D53i00000Ksyty/tostastns-tottattnt

NEW QUESTION: 321

How are the different versions of IGMP compatible?
A. IGMPv2 is compatible only with IGMPv1.
B. IGMPv2 is compatible only with IGMPv2.
C. IGMPv3 is compatible only with IGMPv3.
D. IGMPv3 is compatible only with IGMPv1
Answer: (SHOW ANSWER)
IGMP versions are designed to be backward compatible. IGMPv2 can interoperate with IGMPv1, allowing for
communication between devices using different versions of the protocol4

NEW QUESTION: 322

Why would a log file contain a * next to the date?
A. The network device was receiving NTP time when the log messages were recorded.
B. The network device was unable to reach The NTP server when the log messages were recorded
C. The network device is not configured to use NTP.
D. The network device is nor configured to use NTP time stamps for logging
Answer: (SHOW ANSWER)
A * next to the date in a log file indicates that the network device was unable to reach the NTP server when the
log messages were recorded. This is a common indication used in Cisco devices to show that the system clock
has not been synchronized with a Network Time Protocol (NTP) server, which can lead to issues with time-
based configurations and troubleshooting. References: Implementing and Operating Cisco Service Provider
Network Core Technologies (SPCOR) training12.

NEW QUESTION: 323

In a wireless Cisco SD-Access deployment, which roaming method is used when a user moves from one
access point to another on a different access switch using a single WLC?
A. Layer 3
B. inter-xTR
C. auto anchor
D. fast roam
Answer: (SHOW ANSWER)
In a Cisco SD-Access wireless deployment, the roaming method used when a user moves from one access
point to another on a different access switch using a single Wireless LAN Controller (WLC) is known as inter-
xTR roaming. This method involves the use of Extended Node (xNode) which acts as a Remote Edge Node
(REN) to facilitate seamless roaming across different access switches while maintaining the user's session and
security context.
https://www.cisco.com/c/en/us/td/docs/wireless/controller/9800/config-guide/b_wl_16_10_cg/mobility.html

NEW QUESTION: 324

Which devices does Cisco DNA Center configure when deploying an IP-based access control policy?
A. All devices integrating with ISE
B. selected individual devices
C. all devices in selected sites
D. all wired devices
Answer: (SHOW ANSWER)
Cisco DNA Center configures all devices that integrate with Cisco Identity Services Engine (ISE) when
deploying an IP-based access control policy. This allows for consistent policy application across the network
and for the devices to enforce the access controls as defined by the policy.
References: The Implementing and Operating Cisco Service Provider Network Core Technologies (SPCOR)
source book and study guide

NEW QUESTION: 325

How is Layer 3 roaming accomplished in a unified wireless deployment?
A. An EoIP tunnel is created between the client and the anchor controller to provide seamless connectivity as
the client is associated with the new AP.
B. The client entry on the original controller is passed to the database on the new controller.
C. The new controller assigns an IP address from the new subnet to the client
D. The client database on the original controller is updated the anchor entry, and the new controller database is
updated with the foreign entry.
Answer: (SHOW ANSWER)
Layer 3 roaming in a unified wireless deployment is achieved by creating an EoIP tunnel between the client and
the anchor controller. This tunnel maintains a consistent client experience and connectivity as the client roams
and associates with new APs. References: Implementing and Operating Cisco Service Provider Network Core
Technologies source book

NEW QUESTION: 326

Refer to the exhibit.

What is output by this code?

A. 0.5
B. (0,5)
C. 0 1 2 3 4
D. 0 1 2 3 4 5
Answer: (SHOW ANSWER)
The provided Python code snippet uses a for loop to iterate over a sequence generated by range(6), which
includes numbers from 0 to 5. The print(x) statement outputs each number in this sequence on a separate line.

NEW QUESTION: 327

What does the destination MAC on the outer MAC header identify in a VXLAN packet?
A. thee emote spine
B. the next hop
C. the leaf switch
D. the remote switch
Answer: (SHOW ANSWER)
In a VXLAN packet, the destination MAC address in the outer MAC header is used to identify the next-hop IP
address based on the destination VTEP address in the routing table of the VTEP where the VM that sends
packets resides. This ensures that the encapsulated packet is correctly forwarded towards the remote VTEP.

NEW QUESTION: 328

When should the MAC authentication bypass feature be used on a switch port?
A. when authentication is required, but the attached host does not support 802.1X
B. when the attached host supports limited 802.1X
C. when authentication should be bypassed for select hosts based on their MAC address
D. when the attached host supports 802.1X and must authenticate itself based on its MAC address instead of
user credentials
Answer: (SHOW ANSWER)
MAC Authentication Bypass (MAB) should be used when a device connected to a switch port does not support
the IEEE 802.1X protocol. MAB allows the device to be authenticated using its MAC address instead of 802.1X
credentials.

NEW QUESTION: 329

After a redundant route processor failure occurs on a Layer 3 device, which mechanism allows for packets to
be forwarded from a neighboring router based on the most recent tables?
A. BFD
B. RPVST+
C. RP failover
D. NSF
Answer: (SHOW ANSWER)
Nonstop Forwarding (NSF) is designed to maintain packet forwarding even when there is a failure in the route
processor. When a redundant route processor fails, NSF works with Stateful Switchover (SSO) to ensure that
the current forwarding state and routing tables are synchronized between the active and standby route
processors. This synchronization allows the standby processor to immediately take over without any loss of
packets. NSF ensures that the neighboring routers continue to forward packets based on the most recent tables
without needing to reconverge.
References: The Implementing and Operating Cisco Service Provider Network Core Technologies (SPCOR)
course

NEW QUESTION: 330

A. CPU context switching (or multitasking between virtual machines

B. RAID storage for virtual machines
C. emulation of power for virtual machines.
D. connectivity between virtual machines
Answer: (SHOW ANSWER)
A virtual switch provides connectivity between virtual machines within the same host or across different hosts. It
operates at the data link layer of the OSI model to direct traffic internally within a virtualized environment,
similar to how a physical switch directs packets between devices on a network.

NEW QUESTION: 331

Refer to the exhibit. An engineer must configure HSRP for VLAN 1000 on SW2 The secondary switch musi
immediately lake over the rote of active router if the interlink with the primary switch fails Which command set
completes this task?
A. Option A
B. Option B
C. Option C
D. Option D
Answer: (SHOW ANSWER)
The HSRP configuration for VLAN 1000 on SW2 requires setting up the switch to take over as the active router
immediately if the interlink with the primary switch fails. The command set in Option C is the appropriate choice
because it includes the standby 1000 priority command with a higher priority value to become the active router,
and the standby 1000 preempt command to enable the switch to take over if the primary fails. Additionally, the
standby 1000 track command is used to monitor the interface's status and decrement the priority if the interface
goes down, ensuring a swift failover.

NEW QUESTION: 332

Refer to the exhibit.
The traceroute fails from R1 to R3. What is the cause of the failure?
A. The loopback on R3 Is in a shutdown stale.
B. An ACL applied Inbound on loopback0 of R2 Is dropping the traffic.
C. An ACL applied Inbound on fa0/1 of R3 is dropping the traffic.
D. Redistribution of connected routes into OSPF is not configured.
Answer: (SHOW ANSWER)
In the given scenario, traceroute fails from R1 to R3 due to a lack of route information for reaching R3. This is
because redistribution of connected routes into OSPF has not been configured, leading to an absence of
necessary routing information in OSPF's link-state database for establishing a complete path from R1 to R3.
References: Implementing and Operating Cisco Service Provider Network Core Technologies (SPCOR)

NEW QUESTION: 333

What is an advantage of utilizing data models in a multivendor environment?
A. lowering CPU load incurred to managed devices
B. improving communication security with binary encoded protocols
C. facilitating a unified approach to configuration and management
D. removing the distinction between configuration and runtime state data
Answer: (SHOW ANSWER)
Utilizing data models in a multivendor environment facilitates a unified approach to configuration and
management. This is because data models provide a standardized way to represent network configurations,
making it easier to manage devices from different vendors within the same network. References: The
advantage of using data models is supported by the Implementing and Operating Cisco Service Provider
Network Core Technologies source book and corroborated by the search results
NEW QUESTION: 334
Which command set configures RSPAN to capture outgoing traffic from VLAN 3 on interface GigabitEthernet
0/3 while ignoring other VLAN traffic on the same interface?

D.
Answer: (SHOW ANSWER)
The correct command set for configuring RSPAN to capture outgoing traffic from VLAN 3 on interface
GigabitEthernet 0/3 while ignoring other VLAN traffic on the same interface is found in option C. This option
includes the commands that specifically target traffic from VLAN 3 and ensure that only this traffic is captured
for analysis, as per the requirements of RSPAN configuration in Cisco Service Provider Network Core
Technologies. References := Cisco SPCOR

NEW QUESTION: 335

Which action is performed by Link Management Protocol in a Cisco StackWise Virtual domain?
A. It rejects any unidirectional link traffic forwarding
B. It determines if the hardware is compatible to form the StackWise Virtual domain
C. discovers the StackWise domain and brings up SVL interfaces.
D. It determines which switch becomes active or standby
Answer: (SHOW ANSWER)
The Link Management Protocol (LMP) in a Cisco StackWise Virtual domain performs the action of rejecting any
unidirectional link traffic forwarding. This is crucial for maintaining the integrity of the data plane and ensuring
that traffic is only forwarded over bidirectional links, which is a requirement for the proper operation of
StackWise Virtual domains. References: Configuring Cisco StackWise Virtual documentation3
https://www.cisco.com/c/en/us/products/collateral/switches/catalyst-9000/nb-06-cat-9k-stack-wp-cte-en.html

NEW QUESTION: 336

Refer to the exhibit.
A network architect has partially configured static NAT. which commands should be asked to complete the
configuration?
A. R1(config)#interface GigabitEthernet0/0 R1(config)#ip pat outside
R1(config)#interface GigabitEthernet0/1 R1(config)#ip pat inside
B. R1(config)#interface GigabitEthernet0/0 R1(config)#ip nat outside
R1(config)#interface GigabitEthernet0/1 R1(config)#ip nat inside
C. R1(config)#interface GigabitEthernet0/0 R1(config)#ip nat inside
R1(config)#interface GigabitEthernet0/1 R1(config)#ip nat outside
D. R1(config)#interface GigabitEthernet0/0 R1(config)#ip pat inside
R1(config)#interface GigabitEthernet0/1 R1(config)#ip pat outside
Answer: (SHOW ANSWER)
Static Network Address Translation (NAT) is used to translate a private IP address to a public IP address one-
to-one. To complete the configuration of static NAT, you need to specify which interfaces are connected to the
inside network (usually the private network) and which are connected to the outside network (usually the public
network). The correct commands to complete the configuration are:
R1(config)#interface GigabitEthernet0/0
R1(config-if)#ip nat outside
R1(config)#interface GigabitEthernet0/1
R1(config-if)#ip nat inside
This configuration designates GigabitEthernet0/0 as the outside interface connected to the public network and
GigabitEthernet0/1 as the inside interface connected to the private network. The ip nat inside command is
applied to the inside interface, and the ip nat outside command is applied to the outside interface.
References:
* Implementing and Operating Cisco Service Provider Network Core Technologies (SPCOR) training materials.
* Cisco documentation and configuration guides for NAT on Cisco IOS routers.

NEW QUESTION: 337

In cisco SD_WAN, which protocol is used to measure link quality?
A. OMP
B. BFD
C. RSVP
D. IPsec
Answer: (SHOW ANSWER)
Bidirectional Forwarding Detection (BFD) is a protocol designed to detect faults between two forwarding
engines connected by a link. In the context of Cisco SD-WAN, BFD is used to measure link quality by rapidly
detecting link failures, which is crucial for maintaining the high availability and reliability of the network.
BFD operates independently of media, data protocols, and routing protocols, providing a low-overhead, fast
method of detecting failures in the path between adjacent routers.
References:
* Cisco documentation on SD-WAN solutions, specifically the sections discussing BFD and its role in link quality
measurement.
* Cisco's official training and certification materials for Implementing and Operating Cisco Service Provider
Network Core Technologies (SPCOR).

NEW QUESTION: 338

Why are stateless calls executed by REST API useful in cloud applications?
A. They control URL decoding.
B. They rely on data stored on the server for calls
C. They use HTTPS to implement all calls.
D. They are easy to redeploy and to scale
Answer: (SHOW ANSWER)
Stateless calls made by REST APIs are advantageous in cloud applications because they don't retain user
session information on the server. This means each call is independent and doesn't rely on information from
previous calls, making the system more reliable and easier to scale horizontally. Stateless architecture allows
for the redeployment of components without affecting the system's state or behavior, which is essential for
cloud environments where resources need to be dynamically allocated and managed.
References: Implementing and Operating Cisco Service Provider Network Core Technologies (SPCOR) training
materials1.

NEW QUESTION: 339

Refer to the exhibit. Which configuration set implements Control plane Policing for SSH and Telnet?
A. Option A
B. Option B
C. Option C
D. Option D
Answer: (SHOW ANSWER)
Control plane policing (CoPP) is a feature that allows you to manage the traffic that is destined to the control
plane of a network device. In the context of Cisco Service Provider network core technologies, implementing
CoPP for SSH and Telnet involves creating a policy map that specifies the allowed rate of traffic and the actions
to take when traffic exceeds this rate. Option C correctly implements CoPP by specifying class maps for SSH
and Telnet, setting the police rate, and applying the policy map to the control plane.
NEW QUESTION: 340

A. It runs on a virtual server and includes its own operating system,

B. It runs directly on a physical server and includes its own operating system.
C. It is installed as an application on an already installed operating system.
D. It enables other operating systems to run on it.
Answer: (SHOW ANSWER)
A Type 2 hypervisor functions as an application installed on an existing operating system rather than running
directly on the physical hardware. This allows for the creation and management of virtual machines (VMs) that
operate independently of the host system, making it a flexible solution for testing and development
environments where maximum performance is not critical1234.
References:
* Implementing and Operating Cisco Service Provider Network Core Technologies (SPCOR) training5.
* AWS's explanation of Type 1 vs Type 2 Hypervisors1.
* OpenClassrooms' exploration of Type 2 Hypervisors2.
* Red Hat's overview of hypervisors3.
* JBS's insights on Type 2 Hypervisor efficiency4.

NEW QUESTION: 341

Refer to the exhibit.

A network engineer must permit administrators to automatically authenticate if there is no response from cither
of the AAA servers. Which configuration achieves these results?
A. aaa authentication login default group tacacs+ line
B. aaa authentication enable default group radius local
C. aaa authentication login default group radius none
D. aaa authentication login default group radius
Answer: (SHOW ANSWER)

NEW QUESTION: 342

What is required for a virtual machine to run?
A. a Type 1 hypervisor and a host operating system
B. a hypervisor and physical server hardware
C. only a Type 1 hypervisor
D. only a Type 2 hypervisor
Answer: (SHOW ANSWER)
A virtual machine (VM) is an emulation of a computer system that provides the functionality of a physical
computer. To run a VM, you need a hypervisor, which is software that creates and runs virtual machines. The
hypervisor sits between the hardware and the VM and allocates physical resources such as CPU, memory, and
storage to the VM. There are two types of hypervisors:
* Type 1 hypervisor: Also known as a bare-metal hypervisor, it runs directly on the host's hardware to control
the hardware and to manage guest operating systems. Examples include VMware ESXi, Microsoft Hyper-V,
and Xen.
* Type 2 hypervisor: Also known as a hosted hypervisor, it runs on a conventional operating system just like
other computer programs. Examples include VMware Workstation and Oracle VirtualBox.
While a Type 1 hypervisor does not require a host operating system, a Type 2 hypervisor does. Therefore, the
correct answer is B, as a hypervisor (either Type 1 or Type 2) and physical server hardware are required to run
a VM.

NEW QUESTION: 343

What is the function of cisco DNA center in a cisco SD-access deployment?
A. It is responsible for routing decisions inside the fabric
B. It is responsible for the design, management, deployment, provisioning and assurance of the fabric network
devices.
C. It possesses information about all endpoints, nodes and external networks related to the fabric
D. It provides integration and automation for all nonfabric nodes and their fabric counterparts.
Answer: (SHOW ANSWER)
Cisco DNA Center in a Cisco SD-Access deployment is responsible for the design, management, deployment,
provisioning, and assurance of the fabric network devices. It automates the creation of virtual networks with
integrated security and segmentation, reducing operational expenses and risk. The Cisco DNA Center provides
network performance insights and telemetry through its Assurance and Analytics capabilities12. References:
Cisco SD-Access Solution Design Guide (CVD)1, Software-Defined Access & Cisco DNA Center Management
Infrastructure

NEW QUESTION: 344

Simulation 10
Answer:
See the solution below.
Explanation:
NEW QUESTION: 345
How do OSPF and EIGKP compare?
A. OSPF and EIGRP us the same administrative distance.
B. Both OSPF and EIGRP use the concept of areas.
C. EIGRP shows an known routes, and OSPF shows successor and feasible successor routes.
D. EIGRP shows successor and feasible successor routes, and OSPF shows all known routes.
Answer: (SHOW ANSWER)
OSPF and EIGRP are both routing protocols used in IP networks, but they have different mechanisms for route
selection and maintenance. EIGRP maintains a topology table with successor and feasible successor routes,
which are the best and backup paths to a destination. OSPF, on the other hand, maintains a link-state database
with all known routes and uses the Shortest Path First (SPF) algorithm to determine the best path.

NEW QUESTION: 346

An engineer must create a script to append and modify device entries in a JSON-formatted file. The script must
work as follows:
* Until interrupted from the keyboard, the script reads in the hostname of a device, its management IP address,
operating system type, and CLI remote access protocol.
* After being interrupted, the script displays the entered entries and adds them to the JSON-formatted file,
replacing existing entries whose hostname matches.
The contents of the JSON-formatted file are as follows:

Drag and drop the statements onto the blanks within the code to complete the script. Not all options are used.
Answer:

Explanation:
Text, letter Description automatically generated
Valid 350-401 Dumps shared by ExamDiscuss.com for Helping Passing 350-401 Exam! ExamDiscuss.com
now offer the newest 350-401 exam dumps, the ExamDiscuss.com 350-401 exam questions have been
updated and answers have been corrected get the newest ExamDiscuss.com 350-401 dumps with Test
Engine here: https://www.examdiscuss.com/Cisco/exam/350-401/premium/ (1282 Q&As Dumps, 35%OFF
Special Discount Code: freecram)

NEW QUESTION: 347

An engineer must construct an access list for a Cisco Catalyst 9800 Series WLC that will redirect wireless guest
users to a splash page that is hosted on a Cisco ISE server The Cisco ISE servers are hosted at 10 9 11
141 and 10 1 11 141 Which access list meets the requirements?
A. Option A
B. Option B
C. Option C
D. Option D
Answer: (SHOW ANSWER)
The access list in Option A is designed to redirect wireless guest users to a splash page hosted on a Cisco ISE
server. It denies IP traffic to the two specified Cisco ISE servers at 10.9.11.141 and 10.1.11.141, ensuring that
users cannot bypass the splash page by directly accessing these servers. It then permits TCP traffic on ports
associated with web services (www, 443, and 8443), allowing users to be redirected to the splash page when
they attempt to access the internet. References := Implementing and Operating Cisco Service Provider Network
Core Technologies

NEW QUESTION: 348

Refer to the exhibit. Cisco IOS routers R1 and R2 are interconnected using interface Gi0/0. Which configuration
allows R1 and R2 to form an OSPF neighborship on interface Gi0/0?
A. Option A
B. Option B
C. Option C
D. Option D
Answer: (SHOW ANSWER)
In the given scenario, Cisco IOS routers R1 and R2 can form an OSPF neighborship on interface Gi0/0 by
ensuring that the interface is not set as passive and by configuring the OSPF network command on R1. In
Option C, R2 has been configured with "passive-interface Gi0/0" under the OSPF routing process, which
means OSPF neighbor relationships won't be formed on this interface. However, on R1, "no passive-interface
Gi0/0" is configured ensuring that OSPF hello packets are exchanged allowing for neighbor formation.
Additionally, the "network" command is used to enable OSPF on specified interfaces belonging to the
mentioned network.

NEW QUESTION: 349

Refer to the exhibit.
An engineer troubleshoots connectivity issues with an application. Testing is performed from the server
gateway, and traffic with the DF bit set is dropped along the path after increasing packet size. Removing the DF
bit setting at the gateway prevents the packets from being dropped. What is the cause of this issue?
A. PMTUD does not work due to ICMP Packet Too Big messages being dropped by an ACL
B. The remote router drops the traffic due to high CPU load
C. The server should not set the DF bit in any type of traffic that is sent toward the network
D. There is a CoPP policy in place protecting the WAN router CPU from this type of traffic
Answer: (SHOW ANSWER)
Path MTU Discovery (PMTUD) is a technique used to determine the maximum transmission unit size on the
network path between two IP hosts, avoiding fragmentation along the path. PMTUD works by setting the DF
(Don't Fragment) bit in the packet header, which instructs routers not to fragment packets even if they exceed
the maximum transmission unit of an intermediate network segment. If a packet cannot be forwarded without
fragmentation, an ICMP "Packet Too Big" message should be sent back to the source host, indicating that it
should reduce its packet size. However, if these ICMP messages are blocked by an access control list (ACL),
PMTUD cannot function correctly because the source host will not receive feedback about necessary packet
size adjustments. References: The Implementing and Operating Cisco Service Provider Network Core
Technologies (SPCOR) study materials would cover PMTUD and related troubleshooting scenarios.

NEW QUESTION: 350

Refer to the exhibit.
The WLC administrator sees that the controller to which a roaming client associates has Mobility Role Anchor
configured under Clients > Detail. Which type of roaming is supported?
A. Indirect
B. Layer 3 intercontroller
C. Layer 2 intercontroller
D. Intracontroller
Answer: (SHOW ANSWER)
The Mobility Role Anchor configuration under Clients > Detail on the WLC indicates support for Layer 3
intercontroller roaming. This roaming type allows clients to move across access points connected to different
controllers while preserving their IP addresses and session continuity, thus ensuring seamless mobility within
the network.

NEW QUESTION: 351

Refer to the exhibit. A network engineer must configure a password expiry mechanism on the gateway router
for all local passwords to expire after 60 days. What is required to complete this task?
A. The password expiry mechanism is on the AAA server and must be configured there.
B. Add the aaa authentication enable default Administrators command.
C. Add the username admin privilege 15 common-criteria*policy Administrators password 0 Cisco13579!
command.
D. No further action Is required. The configuration is complete.
Answer: (SHOW ANSWER)
The password expiry mechanism is typically managed on the AAA (Authentication, Authorization, and
Accounting) server where policies regarding password expiration can be set. In a Cisco environment, this would
involve configuring the appropriate settings on the AAA server to ensure that passwords expire after the
specified period, in this case, 60 days. The router itself does not have a built-in mechanism to expire
passwords; it relies on the AAA server for this functionality. References: Implementing and Operating Cisco
Service Provider Network Core Technologies (SPCOR) training materials.
Perform this task to create a password security policy and to apply the policy to a specific user profile.
Device> enable
Device# configure terminal
Device(config)# aaa new-model
Device(config)# aaa common-criteria policy policy1
Device(config-cc-policy)# char-changes 4
Device(config-cc-policy)# max-length 20
Device(config-cc-policy)# min-length 6
Device(config-cc-policy)# numeric-count 2
Device(config-cc-policy)# special-case 2
Device(config-cc-policy)# exit
Device(config)# username user1 common-criteria-policy policy1 password password1 Device(config)# end

NEW QUESTION: 352

Which tool is used in Cisco DNA Center to build generic configurations that are able to be applied on device
with similar network settings?
A. Command Runner
B. Template Editor
C. Application Policies
D. Authentication Template
Answer: (SHOW ANSWER)
The Template Editor in Cisco DNA Center is utilized to create generic configurations, known as templates,
which can be applied to devices with similar network settings. This tool allows for the design of templates with
predefined configurations using parameterized elements or variables. Once a template is created, it can be
deployed to devices configured at one or more sites across the network.

NEW QUESTION: 353

Which benefit is realized by implementing SSO?
A. IP first-hop redundancy
B. communication between different nodes for cluster setup
C. physical link redundancy
D. minimal network downtime following an RP switchover
Answer: (SHOW ANSWER)
Stateful Switchover (SSO) is a Cisco router feature that provides high availability for networking devices.
When SSO is implemented, it allows a router to switch over to a standby Route Processor (RP) in the event of
a failure with minimal impact on the network. This is because SSO ensures that the standby RP is kept in a
state that is consistent with the active RP, allowing it to take over immediately without needing to rebuild routing
information from scratch. The primary benefit of SSO is to ensure continuous packet forwarding and maintain
session information, thereby achieving minimal network downtime during an RP switchover.

NEW QUESTION: 354

Which JSON script is properly formatted?

D.
Answer: (SHOW ANSWER)

NEW QUESTION: 355

A company requires a wireless solution to support its mam office and multiple branch locations. All sites have
local Internet connections and a link to the main office lor corporate connectivity. The branch offices are
managed centrally. Which solution should the company choose?
A. Cisco United Wireless Network
B. Cisco DNA Spaces
C. Cisco Catalyst switch with embedded controller
D. Cisco Mobility Express
Answer: (SHOW ANSWER)
The company should choose the Cisco United Wireless Network solution, which supports centralized
management for multiple branch locations. This solution allows for local Internet connections at each site while
maintaining a link to the main office for corporate connectivity. It provides centralized control and management
of access points from the data center, distributing client data traffic at each branch office, which aligns with the
company's requirements. References: Cisco Catalyst 9800 FlexConnect Branch Deployment Guide
NEW QUESTION: 356
Drag and drop the tools from the left onto the agent types on the right.

Answer:

Explanation:
Chart Description automatically generated

NEW QUESTION: 357

Wireless users report frequent disconnections from the wireless network. While troubleshooting a network
engineer finds that after the user a disconnect, the connection re-establishes automatically without any input
required. The engineer also notices these message logs .

Which action reduces the user impact?

A. increase the AP heartbeat timeout
B. increase BandSelect
C. enable coverage hole detection
D. increase the dynamic channel assignment interval
Answer: C (LEAVE A REPLY)
Coverage hole detection is a feature in wireless networks that identifies areas where clients have poor signal
quality or cannot connect to the network. By enabling this feature, the system can adapt by increasing power
levels or making other adjustments to improve coverage, thus reducing the frequency of disconnections for
users.

NEW QUESTION: 358

An engineer must use flexible NetFlow on a group of switches. To prevent overloading of the flow collector, if
the flow is idle for 20 seconds, the flow sample should be exported. Which command set should be applied?
A.

D.
Answer: (SHOW ANSWER)
To configure flexible NetFlow to export flow samples that have been idle for 20 seconds, the correct command
set is the one that includes the cache timeout inactive 20 command. This command specifies the inactive flow
timeout period, after which the flow sample will be exported to the flow collector. The command set in Option D
is the appropriate choice as it contains this specific command, ensuring that idle flows are exported in a timely
manner to prevent overloading the flow collector.

NEW QUESTION: 359

A network engineer is adding an additional 10Gps link to an exiting 2x10Gps LACP-based LAG to augment its
capacity. Network standards require a bundle interface to be taken out of service if one of its member links
goes down, and the new link must be added with minimal impact to the production network. Drag and drop the
tasks that the engineer must perform from the left into the sequence on the right. Not all options are used.
Answer:

Explanation:
A picture containing diagram Description automatically generated

NEW QUESTION: 360

A. 00:05:0c:07:ac:30
B. 00:00:0c:07:ac:1e
C. 05:0c:5e:ac:07:30
D. 00:42:18:14:05:1e
Answer: (SHOW ANSWER)
The default virtual MAC address used by HSRP (Hot Standby Router Protocol) group 30 is
"00:00:0c:07:ac:1e". HSRP uses a well-known MAC address format which includes the HSRP group number in
hexadecimal. For group 30, the hexadecimal equivalent is "1e", hence the virtual MAC address ends with
"ac:1e". References: Cisco Community discussion on HSRP Virtual MAC Format.

NEW QUESTION: 361

Refer to the exhibit.
Which configuration establishes EBGP neighborship between these two directly connected neighbors and
exchanges the loopback network of the two routers through BGP?

D.
Answer: (SHOW ANSWER)
The configuration in the image establishes an EBGP neighborship between two directly connected neighbors
and exchanges the loopback network of the two routers through BGP. In this configuration, both routers R1 and
R2 are configured with router bgp followed by their respective AS numbers. The neighbor command is used to
establish a BGP session, with the remote-as option specifying the AS number of the neighboring router. The
update-source lo0 command ensures that BGP messages are exchanged using the IP address of Loopback0
interface, facilitating EBGP multihop if necessary. Finally, the network command advertises each router's
loopback network into BGP.
References := Implementing and Operating Cisco Service Provider Network Core Technologies (SPCOR v1.1)
- Module: Border Gateway Protocol

NEW QUESTION: 362

What is one benefit of implementing a VSS architecture?
A. It provides multiple points of management for redundancy and improved support
B. It uses GLBP to balance traffic between gateways.
C. It provides a single point of management for improved efficiency.
D. It uses a single database to manage configuration for multiple switches
Answer: (SHOW ANSWER)
VSS technology allows two or more physical switches to be interconnected and operate as a single logical
switch. This architecture simplifies network management by providing a single point of management, which
improves operational efficiency. It also enhances network redundancy and resiliency, as the VSS can continue
to operate even if one of the physical switches fails.
Support Virtual Switching System (VSS) to provide resiliency, and increased operational efficiency with a single
point of management;

NEW QUESTION: 363

How does the EIGRP metric differ from the OSPF metric?
A. The EIGRP metric is calculated based on bandwidth only. The OSPF metric is calculated on delay only.
B. The EIGRP metric is calculated based on delay only. The OSPF metric is calculated on bandwidth and
delay.
C. The EIGRP metric Is calculated based on bandwidth and delay. The OSPF metric is calculated on bandwidth
only.
D. The EIGRP metric Is calculated based on hop count and bandwidth. The OSPF metric is calculated on
bandwidth and delay.
Answer: (SHOW ANSWER)
EIGRP (Enhanced Interior Gateway Routing Protocol) uses a composite metric that considers both bandwidth
and delay to determine the best path for routing traffic. This metric is calculated using a complex formula that
includes these two main components, among others. OSPF (Open Shortest Path First), on the other hand, uses
a simpler metric that is based solely on bandwidth. The cost of an OSPF route is inversely proportional to the
bandwidth of the link, with higher bandwidth links having a lower cost.

NEW QUESTION: 364

Drag and drop the characteristics from the left onto the routing protocols they describe on the right.

Answer:

Explanation:
Diagram Description automatically generated
NEW QUESTION: 365
Refer to the exhibit.

All switches are configured with the default port priority value. Which two commands ensure that traffic from
PC1 is forwarded over Gi1/3 trunk port between DWS1 and DSW2? (Choose two)
A. DSW2(config-if)#spanning-tree port-priority 16
B. DSW2(config)#interface gi1/3
C. DSW1(config-if)#spanning-tree port-priority 0
D. DSW1(config) #interface gi1/3
E. DSW2(config-if)#spanning-tree port-priority 128
Answer: B,D (LEAVE A REPLY)
In a Spanning Tree Protocol (STP) environment, the port priority determines which port should be put in
forwarding state when there is a tie in the path cost to the root bridge. The default port priority value is 128, and
it can be adjusted to influence which port becomes the designated or root port. The lower the port priority value,
the more likely the port will be selected as the designated port.
In the scenario provided, all switches are configured with the default port priority value. To ensure that traffic
from PC1 is forwarded over the Gi1/3 trunk port between DWS1 and DSW2, we need to select the appropriate
interface on both switches. The commands B and D are correct because they select the interface Gi1/3 on
DSW2 and DSW1, respectively. Once the correct interface is selected, other spanning-tree related commands
can be applied to influence the STP process.
The other options, A, C, and E, involve changing the port priority value, which is not necessary if the default
values are already causing the desired behavior. Moreover, option C suggests setting the port priority to 0,
which is not a valid value as the lowest possible priority value is 1.

NEW QUESTION: 366

Which feature does Cisco TrustSec use to provide scalable, secure communication throughout a network?
A. security group tag ACL assigned to each port on a switch
B. security group tag number assigned to each port on a network
C. security group tag number assigned to each user on a switch
D. security group tag ACL assigned to each router on a network
Answer: (SHOW ANSWER)
Cisco TrustSec uses Security Group Tags (SGTs) to enforce access control policies across the network. SGTs
are assigned to traffic at ingress points, and these tags are then used to make policy decisions as the traffic
moves through the network. This allows for consistent policy enforcement regardless of the location of the user
or device, making it scalable and secure. References: Implementing Cisco TrustSec (as part of Cisco's CCNP
Security certification)

NEW QUESTION: 367

Refer to the exhibit.

Which configuration must be applied for the TACACS+ server to grant access-level rights to remote users?
A. R1(config)# aaa authentication login enable
B. R1(config)# aaa authorization exec default local if-authenticated
C. R1(config)# aaa authorization exec default group tacacs+
D. R1(config)# aaa accounting commands 15 default start-stop group tacacs+
Answer: (SHOW ANSWER)
This command configures the router to use TACACS+ for AAA authorization, which is necessary for
determining if a user has the rights to execute specific commands. When a user attempts to execute a
command, the router consults the TACACS+ server to verify the user's permissions. If the server authorizes the
action, the command is executed; otherwise, it is denied.

NEW QUESTION: 368

Which protocol infers that a YANG data model is being used?
A. SNMP
B. NX-API
C. REST
D. RESTCONF
Answer: (SHOW ANSWER)
RESTCONF is a protocol used for network management and configuration that leverages YANG data models.
It is designed to work with HTTP-based REST APIs, providing a mechanism for CRUD (Create, Read, Update,
Delete) operations on the data defined by the YANG model. Unlike SNMP, which uses a different data
modeling language, RESTCONF directly interacts with the YANG models to manage network configurations
and state data.

NEW QUESTION: 369

Refer to the exhibit.
Refer to the exhibit. An engineer must implement HSRP between two WAN routers. In the event R1 tails and
then regains operational status, it must allow 100 seconds for the routing protocol to converge before
preemption takes effect. Which configuration is required?

D.
Answer: (SHOW ANSWER)
The configuration snippet shown is for HSRP (Hot Standby Router Protocol) on a Cisco router interface. It
indicates that preemption is enabled with a delay sync of 100 seconds. This means if R1 fails and then regains
operational status, it will wait for 100 seconds before attempting to become the active router again, allowing
time for routing protocols to converge. References := Cisco Implementing and Operating Cisco Service
Provider Network Core Technologies Course

NEW QUESTION: 370

Refer to the exhibit. Which set of commands on router r R1 Allow deterministic translation of private hosts PC1,
PC2, and PC3 to addresses in the public space?
A.

D.
Answer: (SHOW ANSWER)
The correct set of commands to allow deterministic translation of private hosts PC1, PC2, and PC3 to
addresses in the public space would involve setting up NAT (Network Address Translation) on router R1. The
commands should define the inside and outside interfaces for NAT, specify an access list that includes the
private IP addresses of PC1, PC2, and PC3, and then apply this access list with a NAT statement that maps
these addresses to a public address or pool of addresses. Option C is likely the correct answer because it
typically contains the necessary commands for such a configuration. References: Implementing and Operating
Cisco Service Provider Network Core Technologies (SPCOR) source book or study guide.

NEW QUESTION: 371

Drag and drop the LISP components on the left to the correct description on the right.

Answer:

Explanation:

Table Description automatically generated with medium confidence

NEW QUESTION: 372

An engineer must export the contents of the devices object in JSON format. Which statement must be used?

A. json.repr(Devices)
B. json.dumps(Devices)
C. json.prints(Devices)
D. json.loads(Devices)
Answer: (SHOW ANSWER)
The json.dumps() method is used to convert a Python object into a JSON string. This method is particularly
useful when you need to export the contents of an object, like 'Devices', in JSON format which can be easily
shared or stored. It serializes the data in a format that ensures it's easily parsable by systems that support
JSON. References: Implementing and Operating Cisco Service Provider Network Core Technologies (SPCOR)
source book or official documentation would provide more details on JSON handling within Python scripts used
for network automation.

NEW QUESTION: 373

Refer to the exhibit. Which EEM script generates a critical-level syslog message and saves a copy of the
running configuration to the bootflash when an administrator saves the running configuration to the startup
configuration?

A. Option A
B. Option B
C. Option C
D. Option D
Answer: (SHOW ANSWER)
Option C is the correct answer because it directly copies the running configuration to bootflash with the
command "copy running-config bootflash:/current_config.txt" and generates a critical-level syslog message
stating "Configuration saved and copied to bootflash". The other options involve additional steps or commands
that are not necessary for achieving the desired outcome.

NEW QUESTION: 374

Which tag defines the roaming domain and properties of an AP deployment?
A. RF tag
B. policy tag
C. site tag
D. AP tag
Answer: (SHOW ANSWER)
The tag that defines the roaming domain and properties of an AP deployment is known as a policy tag. Policy
tags are used to assign specific policies to groups of APs, which can include settings related to security, QoS,
and other operational parameters. These tags help manage and enforce consistent policies across the wireless
network, facilitating efficient roaming and network management.
References: Implementing and Operating Cisco Service Provider Network Core Technologies (SPCOR) training
materials

NEW QUESTION: 375

Refer to the exhibit. What is the result of the configuration?

A. It enables NTP in client mode
B. It allows interface g0/1 to send and receive NTP broadcast packets
C. It allows interface g0/1 to send NTP broadcast packets.
D. It allows interface g0/1 to receive NTP broadcast packets.
Answer: (SHOW ANSWER)
The configuration enables NTP broadcast on interface GigabitEthernet 0/1, allowing it to send NTP broadcast
packets to synchronize time with other devices on the same network segment. It does not enable the reception
of NTP broadcasts.

NEW QUESTION: 376

How does Cisco Trustsec enable more access controls for dynamic networking environments and data
centers?
A. classifies traffic based on advanced application recognition
B. uses flexible NetFlow
C. classifies traffic based on the contextual identity of the endpoint rather than its IP address correct
D. assigns a VLAN to the endpoint
Answer: (SHOW ANSWER)
Cisco TrustSec, as part of Cisco's Service Provider Network Core Technologies, enables more dynamic access
controls by utilizing the contextual identity of endpoints rather than relying solely on IP addresses. This
approach allows for more granular security policies that can adapt to the changing needs of a network
environment. By identifying and classifying traffic based on the user, device, and application information,
TrustSec can enforce consistent security policies across the network, making it particularly useful in dynamic
networking environments and data centers where the traditional IP-based access control lists (ACLs) may not
be sufficient.
The Cisco TrustSec solution simplifies the provisioning and management of network access control through the
use of software-defined segmentation to classify network traffic and enforce policies for more flexible access
controls. Traffic classification is based on endpoint identity, not IP address, enabling policy change without net-
work redesign.

NEW QUESTION: 377

While configuring an IOS router for HSRP with a virtual IP of 10 1.1.1. an engineer sees this log message.

Which configuration change must the engineer make?

A. Change the HSRP group configuration on the local router to 1.
B. Change the HSRP virtual address on the local router to 10.1.1.1.
C. Change the HSRP virtual address on the remote router to 10.1.1.1.
D. Change the HSRP group configuration on the remote router to 1.
Answer: (SHOW ANSWER)
The log message indicates a misconfiguration in the HSRP setup. The correct configuration requires the HSRP
virtual IP to be set to 10.1.1.1. This IP address is used by hosts on the network as their default gateway and is
shared among routers in the HSRP group to provide redundancy. If the local router's HSRP virtual IP is not set
to 10.1.1.1, it would not match the group's configuration, leading to errors and potential network issues.
References:
* First Hop Redundancy Protocols Configuration Guide, Cisco IOS XE Release 3S - This guide provides
detailed information on HSRP operation, configuration, and benefits.
* Configuring HSRP - Cisco - This document explains how to configure HSRP to provide routing redundancy for
IP traffic.
* Basic HSRP Configuration On Cisco IOS XR - Cisco Community - Although this example uses IOS XR, the
principles of HSRP configuration are similar across different IOS versions.

NEW QUESTION: 378

What is the data policy in a Cisco SD-WAN deployment?
A. list of ordered statements that define node configurations and authentication used within the SD-WAN
overlay
B. Set of statements that defines how data is forwarded based on IP packet information and specific VPNs
C. detailed database mapping several kinds of addresses with their corresponding location
D. group of services tested to guarantee devices and links liveliness within the SD-WAN overlay
Answer: (SHOW ANSWER)
The data policy in a Cisco SD-WAN deployment is a set of statements that defines how data is forwarded
based on IP packet information and specific VPNs. It is not a list of ordered statements defining node
configurations and authentication (option A), nor a detailed database mapping addresses with locations (option
C), or a group of services tested for device and link liveliness within the SD-WAN overlay (option D).

NEW QUESTION: 379

Drag and drop the characteristics from the left onto the deployment models on the right.

Answer:
Explanation:
A picture containing graphical user interface Description automatically generated

NEW QUESTION: 380

A. user access based on IP address

B. allows devices to bypass authenticate*
C. network access based on the physical address of a device
D. simultaneous user and device authentication
Answer: (SHOW ANSWER)
MAB (MAC Authentication Bypass) provides network access control based on the physical address (MAC
address) of a device. It is an access control technique that enables port-based access control using the MAC
address of the endpoint, typically used as a fallback mechanism to 802.1x89101112.
References := Cisco's training on Implementing and Operating Cisco Service Provider Network Core
Technologies

NEW QUESTION: 381

What does the Cisco DNA Center Authentication API provide?
A. list of global issues that are logged in Cisco DNA Center
B. access token to make calls to Cisco DNA Center
C. list of VLAN names
D. dent health status
Answer: (SHOW ANSWER)
The Cisco DNA Center Authentication API provides an access token that is required to make calls to Cisco
DNA Center. This API is essential for securing and ensuring that only authorized calls are made to the Cisco
DNA Center, enhancing the security of the network infrastructure. References: Cisco DNA Center Platform -
Developer Guide

NEW QUESTION: 382

What is a characteristic of a next-generation firewall?
A. only required at the network perimeter
B. required in each layer of the network
C. filters traffic using Layer 3 and Layer 4 information only
D. provides intrusion prevention
Answer: (SHOW ANSWER)
A next-generation firewall (NGFW) is a network security device that provides capabilities beyond a traditional,
stateful firewall. Unlike a traditional firewall that filters traffic using only state, port, and protocol, an NGFW
includes additional features such as application awareness and control, integrated intrusion prevention, and
cloud-delivered threat intelligence. This means that an NGFW can block modern threats like advanced malware
and application-layer attacks, making intrusion prevention one of its key characteristics.
The feature set for NGFWs build upon traditional firewall features by including critical security functions like
intrusion prevention, VPN, and anti-virus, and even encrypted web traffic inspection to help prevent packets
containing malicious content from entering the network

NEW QUESTION: 383

Which function is performed by vSmart in the Cisco SD-WAN architecture?
A. distribution of IPsec keys
B. Redistribution between OMP and other routing protocols
C. facilitation of NAT detection and traversal
D. execution of localized policies
Answer: (SHOW ANSWER)
In the Cisco SD-WAN architecture, the vSmart controller is responsible for the control plane of the overlay
network. It plays a crucial role in distributing IPsec keys among all WAN Edge routers within the network, which
is essential for securing data plane traffic encryption across the overlay network. References:
Implementing and Operating Cisco Service Provider Network Core Technologies source documents or study
guide.

NEW QUESTION: 384

Which capability does a distributed virtual switch have?
A. use advanced IPsec encryption algorithms
B. use floating static routes
C. provide configuration consistency across the hosts
D. run dynamic routing protocols
Answer: (SHOW ANSWER)
A distributed virtual switch (DvSwitch) ensures configuration consistency across the hosts. It simplifies network
management by providing a uniform network configuration for all hosts connected to the DvSwitch, which is
especially beneficial in large data centers with numerous hosts.

NEW QUESTION: 385

In which two ways does the routing protocol OSPF differ from EIGRP? (Choose two.)
A. OSPF supports an unlimited number of hops. EIGRP supports a maximum of 255 hops.
B. OSPF provides shorter convergence time than EIGRP.
C. OSPF is distance vector protocol. EIGRP is a link-state protocol.
D. OSPF supports only equal-cost load balancing. EIGRP supports unequal-cost load balancing.
E. OSPF supports unequal-cost load balancing. EIGRP supports only equal-cost load balancing.
Answer: (SHOW ANSWER)
OSPF (Open Shortest Path First) is a link-state routing protocol that uses the Dijkstra algorithm to compute the
shortest path tree for each route. It supports an unlimited number of hops, making it suitable for larger and
more complex networks. OSPF also supports only equal-cost load balancing, which means it can only balance
traffic across paths that have the same cost metric.
EIGRP (Enhanced Interior Gateway Routing Protocol), on the other hand, is a distance vector protocol that
uses the Diffusing Update Algorithm (DUAL) to achieve rapid convergence and ensure loop-free operation at
every instant. EIGRP supports a maximum of 255 hops, which is typically more than sufficient for most
enterprise networks. Additionally, EIGRP is capable of unequal-cost load balancing, allowing it to distribute
traffic across multiple paths with different metrics, optimizing the use of network resources4567.
References := Cisco Community's Dynamic Routing Protocols, GeeksforGeeks' Difference between EIGRP and
OSPF, Cisco Community's OSPF vs EIGRP, Cisco Learning Network's EIGRP vs OSPF

NEW QUESTION: 386

Which Quality of Service (QoS) mechanism allows the network administrator to control the maximum rate of
traffic received or sent on a given interface?
A. Policing
B. Marking
C. Queueing
D. Classification
Answer: (SHOW ANSWER)
The QoS mechanism that allows a network administrator to control the maximum rate of traffic received or sent
on a given interface is Policing. Policing limits the bandwidth for a traffic class and can drop or remark packets
that exceed the specified rate. References: This explanation is derived from the Implementing and Operating
Cisco Service Provider Network Core Technologies source book and supported by the search results

NEW QUESTION: 387

What are two benefits of implementing a traditional WAN instead of an SD-WAN solution? (Choose two.)
A. comprehensive configuration standardization
B. lower control plane abstraction
C. simplify troubleshooting
D. faster fault detection
E. lower data plane overhead
Answer: (SHOW ANSWER)
Questions no: 670 Verified answer: A, C Comprehensive and Detailed Explanation: Traditional WANs are
known for their hardware focus and manual configuration, which can lead to a high level of control over policy
configurations. This control allows for comprehensive configuration standardization (A) across the network.
Additionally, because traditional WANs require heavy manual configurations, troubleshooting is often more
straightforward since network administrators are intimately familiar with the setup, leading to simplified
troubleshooting .
References := Traditional WAN vs. SD-WAN: Everything You Need to Know

NEW QUESTION: 388

In a Cisco SD-Access network architecture, which access layer cabling design is optimal for the underlay
network?
A. Switches are cross-linked at the same layer and have a single connection to each upstream distribution
device.
B. Switches are connected to each upstream distribution and core device.
C. Switches are connected to each upstream distribution device.
D. Switches are cross-linked to devices at the same layer and at the upstream and downstream devices.
Answer: (SHOW ANSWER)
In a Cisco SD-Access network architecture, the optimal cabling design for the underlay network is to have
switches cross-linked at the same layer with a single connection to each upstream distribution device. This
design supports redundancy and efficient traffic flow1.
References: Cisco SD-Access Solution Design Guide1.

NEW QUESTION: 389

In a Cisco SD-Access wireless architecture which device manages endpoint ID to edge node bindings?
A. fabric control plane node
B. fabric wireless controller
C. fabric border node
D. fabric edge node
Answer: (SHOW ANSWER)
In a Cisco Software-Defined Access (SD-Access) wireless architecture, the fabric control plane node is
responsible for managing endpoint ID to edge node bindings. It serves as the central repository for all user and
device identities, facilitating efficient policy enforcement and network segmentation. References: Detailed
information on Cisco SD-Access architecture and the role of fabric control plane nodes can be found in the
SPCOR course materials

NEW QUESTION: 390

A. device management
B. administration
C. device inventory
D. monitoring
Answer: (SHOW ANSWER)
The vManage API provides a REST API interface for controlling, configuring, and monitoring Cisco devices in
an overlay network. To obtain a list of fabric nodes, the device inventory collection is used, as it contains the
resources necessary to retrieve information about the devices managed by vManage

NEW QUESTION: 391

A script contains the statement "while loop != 999:" Which value terminates the loop?
A. A value equal to 999.
B. A value less than or equal to 999.
C. A value not equal to 999.
D. A value greater than or equal to 999.
Answer: (SHOW ANSWER)
The script's while loop will continue to execute as long as the loop variable is not equal to 999. Once the loop
variable is set to 999, the condition "while loop != 999:" becomes false, which terminates the loop.

NEW QUESTION: 392

A system must validate access rights to all its resources and must not rely on a cached permission matrix. If the
access level to a given resource is revoked but is not reflected in the permission matrix, the security is violated.
Which term refers to this REST security design principle?
A. economy of mechanism
B. complete mediation
C. separation of privilege
D. least common mechanism
Answer: (SHOW ANSWER)
The REST security design principle of complete mediation requires that a system must validate access rights to
all its resources for every request and must not rely on a cached permission matrix. This principle ensures that
any changes in access rights are immediately enforced and that outdated permissions do not compromise
security. References: REST Security Design Principles - Medium1; Design Principles -
Clemson3.https://medium.com/strike-sh/rest-security-design-principles-434bd6ee57ea

NEW QUESTION: 393

A customer has a pair of Cisco 5520 WLCs set up in an SSO cluster to manage all APs. Guest traffic is
anchored to a Cisco 3504 WLC located in a DMZ. Which action is needed to ensure that the EolP tunnel
remains in an UP state in the event of failover on the SSO cluster?
A. Configure back-to-back connectivity on the RP ports.
B. Enable default gateway reachability check.
C. Use the same mobility domain on all WLCs.
D. Use the mobility MAC when the mobility peer is configured.
Answer: (SHOW ANSWER)
To ensure that the EoIP tunnel remains up during an SSO cluster failover, it's important to use the same
mobility domain on all WLCs. This allows for seamless mobility and maintains tunnel states across different
controllers.

NEW QUESTION: 394

Refer to the exhibit.
A network engineer must log in to the router via the console, but the RADIUS servers are not reachable Which
credentials allow console access1?
A. the username "cisco" and the password "Cisco"
B. no username and only the password "test123"
C. no username and only the password "cisco123"
D. the username "cisco" and the password "cisco123"
Answer: (SHOW ANSWER)
When RADIUS servers are not reachable, the router falls back to the local database for authentication. In the
provided configuration, there are two methods defined under aaa authentication login. The first method list
group1 uses the local database where a username is not specified but a password is set to "cisco123". The
second method list group2 specifies the use of RADIUS (group radius) and if that fails, it falls back to local
(local). Since RADIUS is not reachable in this scenario, we refer to the local database which does not require a
username but requires the password "cisco123".

NEW QUESTION: 395

Refer to the exhibit.
Which type of antenna do the radiation patterns present?
A. Patch
B. Omnidirectional
C. Yagi
D. Dipole
Answer: (SHOW ANSWER)
A Type 2 hypervisor functions as an application installed on an existing operating system rather than running
directly on the physical hardware. This allows for the creation and management of virtual machines (VMs) that
operate independently of the host system, making it a flexible solution for testing and development
environments where maximum performance is not critical1234.
References:
* Implementing and Operating Cisco Service Provider Network Core Technologies (SPCOR) training5.
* AWS's explanation of Type 1 vs Type 2 Hypervisors1.
* OpenClassrooms' exploration of Type 2 Hypervisors2.
* Red Hat's overview of hypervisors3.
* JBS's insights on Type 2 Hypervisor efficiency4.

NEW QUESTION: 396

Drag and drop the snippets onto the blanks within the code to construct a script that brings up the failover
Ethernet port if the primary port goes down and also shuts down the failover port when the primary returns to
service. Not all options are used.
Answer:

Explanation:

NEW QUESTION: 397

Refer to the exhibit. An engineer must configure an eBGP neighborship to Router B on Router A. The network
that is connected to GO/1 on Router A must be advertised to Router B. Which configuration should be applied?

D.
Answer: (SHOW ANSWER)
The correct configuration for establishing an eBGP neighborship and advertising a network involves specifying
the local AS number, the neighbor's IP address along with its AS number, and the network to be advertised with
the correct subnet mask. Option C correctly configures Router A with its local AS number (65001), sets up
Router B as a neighbor with its IP address (10.0.1.2) and remote AS number (65002), and advertises the
connected network on interface G0/1 (10.0.1.0) with the appropriate subnet mask (255.255.255.0). This
ensures that Router A will form an eBGP neighborship with Router B and advertise the connected network to it.
References: = Implementing and Operating Cisco Service Provider Network Core Technologies (SPCOR)
training materials or official certification guide.

NEW QUESTION: 398

Drag and drop the DHCP messages that are exchanged between a client and an AP into the order they are
exchanged on the right.
Answer:

Explanation:

Table Description automatically generated

There are four messages sent between the DHCP Client and DHCP Server: DHCPDISCOVER, DHCPO FFER,
DHCPREQUEST and DHCPACKNOWLEDGEMENT.
This process is often abbreviated as DORA (for Discover, Offer, Request, Acknowledgement).

NEW QUESTION: 399

Refer to the exhibit.

Which two commands ensure that DSW1 becomes root bridge for VLAN 10 and 20?
A. spanning-tree mst 1 priority 1
B. spanning-tree mst 1 root primary
C. spanning-tree mstp vlan 10,20 root primary
D. spanning-tree mst vlan 10,20 priority root
E. spanning-tree mst 1 priority 4096
Answer: B (LEAVE A REPLY)
To ensure DSW1 becomes the root bridge for VLAN 10 and 20, the command spanning-tree mst 1 root primary
is used. This command sets the switch's priority to be the lowest in the network, making it the root bridge for the
specified MST instance.

NEW QUESTION: 400

A. ETR
B. MR
C. ITR
D. MS
Answer: (SHOW ANSWER)
The ETR, or Egress Tunnel Router, in LISP (Locator/ID Separation Protocol) is responsible for publishing EID-
to-RLOC (Endpoint Identifiers to Routing Locators) mappings for a site. This is part of the LISP control plane,
which separates the endpoint identity namespace (EID) from the routing locator namespace (RLOC), with the
ETR functioning as the component that advertises these mappings to the rest of the network, allowing for
proper routing and forwarding of packets to their intended destinations.

NEW QUESTION: 401

When a branch location loses connectivity, which Cisco FlexConnect state rejects new users but allows existing
users to function normally?
A. Authentication-Down / Switch-Local
B. Authentication-Down / Switching-Down
C. Authentication-Local / Switch-Local
D. Authentication-Central f Switch-Local
Answer: (SHOW ANSWER)
In the Cisco FlexConnect state known as "Authentication-Down / Switch-Local," new users are rejected, but
existing authenticated users continue to be switched locally until their session times out. This state ensures that
the WLAN continues to beacon and respond to probes, maintaining connectivity for existing users even when
the branch location loses connectivity to the controller

NEW QUESTION: 402

Which protocol does REST API rely on to secure the communication channel?
A. TCP
B. HTTPS
C. SSH
D. HTTP
Answer: (SHOW ANSWER)
The protocol that REST API relies on to secure the communication channel is HTTPS. HTTPS is used to
encrypt the data sent between the client and the server, ensuring that the information is secure and cannot be
intercepted by unauthorized parties. References := Implementing and Operating Cisco Service Provider
Network Core Technologies Reference:
https://www.cisco.com/c/en/us/td/docs/switches/datacenter/aci/apic/sw/2-
x/rest_cfg/2_1_x/b_Cisco_APIC_REST_API_Configuration_Guide/b_Cisco_APIC_REST_API_Config
uration_Guide_chapter_01.html

NEW QUESTION: 403

Which function does a Cisco SD-Access extended node perform?
A. provides fabric extension to nonfabric devices through remote registration and configuration
B. performs tunneling between fabric and nonfabric devices to route traffic over unknown networks
C. used to extend the fabric connecting to downstream nonfabric enabled Layer 2 switches
D. in charge of establishing Layer 3 adjacencies with nonfabric unmanaged node
Answer: (SHOW ANSWER)
The Cisco SD-Access extended node function is used to extend the fabric by connecting to downstream
nonfabric enabled Layer 2 switches. This allows for the inclusion of devices that are not directly compatible with
the fabric technology, enabling them to participate in the fabric domain indirectly.
https://www.ciscolive.com/c/dam/r/ciscolive/emea/docs/2020/pdf/BRKCRS-2832.pdf

NEW QUESTION: 404

When the ''deny'' statement is used within a route map that is used for policy-based routing how is the traffic
that matches the deny route-map line treated?
A. Traffic is routed to the null 0 interface of the router and discarded.
B. Traffic is returned to the normal forwarding behavior of the router.
C. An additional sequential route-map line is needed to divert the traffic to the router's normal forwarding
behavior.
D. An additional sequential route-map line is needed to policy route this irafic.
Answer: (SHOW ANSWER)
In policy-based routing (PBR), when a packet matches a 'deny' statement in a route map, it is not subjected to
the policy routing rules defined in the route map. Instead, the packet reverts to the router's normal forwarding
behavior, which is based on the routing table and not the route map. This means that the packet will be
forwarded according to the existing routing protocols and configurations on the router, rather than being
discarded or requiring an additional route map line for redirection.

NEW QUESTION: 405

An engineer applies this EEM applet to a router:

What does the applet accomplish?

A. It generates a syslog message every 600 seconds on the status of the specified MAC address.
B. It checks the MAC address table every 600 seconds to see if the specified address has been learned.
C. It compares syslog output to the MAC address table every 600 seconds and generates an event when there
is a match.
D. It compares syslog output to the MAC address table every 600 seconds and generates an event when no
match is found.
Answer: (SHOW ANSWER)
The EEM applet in question is designed to check the router's MAC address table every 600 seconds to
determine if a specified MAC address has been learned. This is a form of network monitoring to ensure that
specific devices are active and connected to the network as expected.

NEW QUESTION: 406

Which of the following security methods uses physical characteristics of a person to authorize access to a
location?
A. Access control vestibule
B. Palm scanner
C. PIN pad
D. Digital card reader
E. Photo ID
Answer: (SHOW ANSWER)
A palm scanner is a biometric device that uses the physical characteristics of a person's palm to authenticate
and authorize access. This method is considered more secure than traditional methods because it relies on
unique biological traits. References: Biometric security methods like palm scanners are part of the security
measures discussed in the SPCOR course, emphasizing their role in protecting network access

NEW QUESTION: 407

What is a difference between OSPF and ElGRP?
A. OSPF uses an administrative distance of 115 EIGRP uses an administrative distance of 160
B. OSPF uses a default hello timer of 5 seconds EIGRP uses a default hello timer of 10 seconds
C. OSPF uses IP protocol number 88 EIGRP uses IP protocol number 89
D. OSPF uses multicast addresses 224.0.0.5 and 224.0.0.6 EIGRP uses multicast address 224 0.0.10
Answer: (SHOW ANSWER)

NEW QUESTION: 408

An engineer is working with the Cisco DNA Center API Drag and drop the methods from the left onto the
actions that they are used for on the right.

Answer:
Explanation:

NEW QUESTION: 409

Refer to the exhibit. A network engineer configures NAT on R1 and enters the show command to verity the
configuration What does the output confirm?
A. The first pocket triggered NAT to add on entry to NAT table
B. R1 is configured with NAT overload parameters
C. A Telnet from 160.1.1 1 to 10.1.1.10 has been initiated.
D. R1 to configured with PAT overload parameters
Answer: (SHOW ANSWER)
The output confirms that R1 is configured with PAT (Port Address Translation) overload parameters because it
shows a dynamic translation, indicating that multiple internal addresses are being translated to a single external
address but with a different port number for each session. This can be inferred from the NAT statistics and
mappings in the exhibit. References := Implementing and Operating Cisco Service Provider Network Core
Technologies

NEW QUESTION: 410

A. underlay network
B. VPN routing/forwarding
C. easy virtual network
D. overlay network
Answer: (SHOW ANSWER)
In the Cisco SD-Access architecture, the overlay network is utilized to provide Layer 2 and Layer 3 logical
networks. This overlay is built on top of the physical network (underlay) and allows for the creation of virtual
networks that are decoupled from the physical infrastructure, enabling greater flexibility and scalability1.
References := Implementing and Operating Cisco Service Provider Network Core Technologies (SPCOR) v1.0
training material

NEW QUESTION: 411

A company recently decided to use RESTCONF instead of NETCONF and many of their NETCONF scripts
contain the operation
<edit-config>(operation="create").Which RESTCONF operation must be used to replace these statements?
A. POST
B. GET
C. PUT
D. CREATE
Answer: (SHOW ANSWER)
RESTCONF uses HTTP methods to perform operations on network device configuration data. The RESTCONF
operation that replaces the NETCONF <edit-config> operation with operation="create" is the HTTP POST
method. The POST method is used to create a new resource or data instance on the server, which aligns with
the NETCONF operation to create a new configuration element12. References := Using NETCONF and
RESTCONF - Cisco, NETCONF vs RESTCONF - DevNetLearning.com

NEW QUESTION: 412

Which component does Cisco Threat Defense use to measure bandwidth, application performance, and
utilization?
A. TrustSec
B. Cisco Umbrella
C. Advanced Malware Protection for Endpoints
D. NotFlow
Answer: D (LEAVE A REPLY)
Cisco Threat Defense uses NetFlow to measure bandwidth, application performance, and utilization. NetFlow
provides deep visibility into network traffic patterns and volume, which is essential for threat detection and
network management9101112.
References: Cisco Cyber Threat Defense 1.1 Design and Implementation Guide9.

NEW QUESTION: 413

What is a common trait between Ansible and Chef?
A. Both are used for mutable infrastructure
B. Both rely on a declarative approach.
C. Both rely on NETCONF.
D. Both require a client to be installed on hosts
Answer: (SHOW ANSWER)
Ansible and Chef are both IT automation tools that help in managing configurations and deployments across
numerous servers or devices. They share a common trait of being used for mutable infrastructure, which means
they can adapt and change the state of a system over time. This is in contrast to immutable infrastructure,
where systems are replaced rather than changed.

NEW QUESTION: 414

Refer to the exhibit.

Which statement is needed to complete the EEM applet and use the Tel script to store the backup file?
A. action 2.0 cli command "write_backup.tcl tcl"
B. action 2.0 cli command "flash:write_backup.tcl"
C. action 2.0 cli command "write_backup.tcl"
D. action 2.0 cli command "telsh flash:write_backup.tcl"
Answer: (SHOW ANSWER)
The EEM applet automates tasks on Cisco devices. Here, the task is to create a backup file using a Tel script.
The correct CLI command to execute the Tel script from flash memory and complete the EEM applet is
"flash:write_backup.tcl".

NEW QUESTION: 415

Which protocol is used to encrypt control plane traffic between SD-WAN controllers and SD-WAN endpoints?
A. DTLS
B. IPsec
C. PGP
D. HTTPS
Answer: (SHOW ANSWER)
In the Cisco SD-WAN architecture, Datagram Transport Layer Security (DTLS) is used to encrypt the control
plane traffic between the SD-WAN controllers and the SD-WAN endpoints. DTLS is a communications protocol
that provides security for datagram-based applications by allowing them to communicate in a way that is
designed to prevent eavesdropping, tampering, or message forgery. References: Implementing and Operating
Cisco Service Provider Network Core Technologies (SPCOR) v1.1

NEW QUESTION: 416

Refer to the exhibit. An engineer must allow the FTP traffic from users on 172.16.1.0 /24 to 172.16.2.0 /24 and
block all other traffic. Which configuration must be applied?

A.
B.

D.
Answer: (SHOW ANSWER)
The configuration in Option A is the correct choice because it allows FTP traffic from the 172.16.1.0 /24 subnet
to the 172.16.2.0 /24 subnet, which is the requirement stated in the question. This is typically achieved by
creating an access control list (ACL) that permits traffic on port 21 (the standard port for FTP) from the source
subnet to the destination subnet and denies all other traffic.

NEW QUESTION: 417

What is a characteristic of the overlay network in the Cisco SD-Access architecture?
A. It uses a traditional routed access design to provide performance and high availability to the network.
B. It consists of a group of physical routers and switches that are used to maintain the network.
C. It provides isolation among the virtual networks and independence from the physical network.
D. It provides multicast support to enable Layer 2 Hooding capability in the underlay network.
Answer: (SHOW ANSWER)
The overlay network in Cisco SD-Access architecture is a virtual and tunneled network that interconnects
network devices virtually, forming an SDA fabric. This overlay network enables policy-based network
segmentation, host mobility across wired and wireless networks, and improved network security compared to
traditional network switching and routing capabilities. It is designed to overcome the complexity and constraints
of the underlay network, providing a level of isolation among virtual networks and independence from the
physical network infrastructure.

NEW QUESTION: 418

Refer to the exhibit.
Which result Is achieved by the CoPP configuration?
A. Traffic that matches entry 10 of ACL 100 is always allowed.
B. Class-default traffic is dropped.
C. Traffic that matches entry 10 of ACL 100 is always allowed with a limited CIR.
D. Traffic that matches entry 10 of ACL 100 is always dropped.
Answer: (SHOW ANSWER)
This is because the CoPP configuration shown in the exhibit applies a service policy to the control plane of the
router, which is responsible for processing the routing protocols, management protocols, and other control
traffic. The service policy uses a class map that matches the access list 100, which permits the traffic with the
source IP address 10.1.1.1. The service policy also uses a policy map that sets the committed information rate
(CIR) for the matched traffic to 64 kbps, which means that the traffic is guaranteed to have a minimum
bandwidth of 64 kbps. The policy map also sets the exceed action to drop, which means that any traffic that
exceeds the CIR will be dropped. Therefore, the traffic that matches entry 10 of ACL 100 is always allowed with
a limited CIR, and any excess traffic is dropped. The source of this answer is the Cisco ENCOR v1.1 course,
module 6, lesson 6.3: Implementing QoS.
NEW QUESTION: 419
Which method requires a client to authenticate and has the capability to function without encryption?
A. open
B. WEP
C. WebAuth
D. PSK
Answer: (SHOW ANSWER)
The open method allows a client to authenticate without requiring encryption. It is one of the two authentication
methods from the first 802.11 standard and offers open access to a wireless network without the need for a pre-
shared key or credentials4.
References: NetworkLessons.com article on Wireless Authentication Methods4.

NEW QUESTION: 420

Which Python snippet should be used to store the devices data structure in a JSON file?

D.
Answer: (SHOW ANSWER)
The correct Python snippet to store the devices data structure in a JSON file is option C. This option uses the
json.dump() method, which serializes devices (the data structure) into a JSON formatted stream to OutFile
(which is the opened file for writing). The 'w' argument in open() function stands for write mode, which allows
you to write to the file.

NEW QUESTION: 421

Refer to the exhibit.

An engineer must create a configuration that executes the show run command and then terminates the session
when user CCNP legs in. Which configuration change is required?
A. Add the access-class keyword to the username command
B. Add the access-class keyword to the aaa authentication command
C. Add the autocommand keyword to the username command
D. Add the autocommand keyword to the aaa authentication command
Answer: (SHOW ANSWER)
The scenario requires that when the user 'CCNP' logs in, the 'show run' command is executed, and then the
session is terminated immediately. This can be achieved by using the 'autocommand' keyword in the username
command. The 'autocommand' keyword allows a specific command to be automatically executed after a user
logs in. In this case, adding 'autocommand show run' to the 'username CCNP' command will execute the 'show
run' command upon login and then log out the user.
References:
* Implementing and Operating Cisco Service Provider Network Core Technologies (SPCOR) course material.
* Cisco documentation on AAA (Authentication, Authorization, and Accounting) configuration.

NEW QUESTION: 422

What is an emulated machine that has dedicated compute memory, and storage resources and a fully installed
operating system?
A. Container
B. Mainframe
C. Host
D. virtual machine
Answer: (SHOW ANSWER)
A virtual machine is an emulation of a computer system that provides dedicated compute memory, storage
resources, and a fully installed operating system. It operates based on the architecture and functions of a real
or physical computer. Virtual machines are isolated environments, allowing multiple instances to run on a single
physical host machine, which can be managed independently.
NEW QUESTION: 423
Which type of tunnel Is required between two WLCs to enable Intercontroller roaming?
A. mobility
B. LWAPP
C. CAPWAP
D. iPsec
Answer: (SHOW ANSWER)
Intercontroller roaming between two Wireless LAN Controllers (WLCs) requires a CAPWAP tunnel to be
established for the client's data traffic to be transmitted as if it is still associated with the original IP subnet and
WLC. This is necessary when a wireless client roams from one WLC to another, potentially across different IP
subnets, and needs to maintain its current IP address for seamless connectivity.

NEW QUESTION: 424

Which feature Is used to propagate ARP broadcast, and link-local frames across a Cisco SD-Access fabric to
address connectivity needs for silent hosts that require reception of traffic to start communicating?
A. Native Fabric Multicast
B. Layer 2 Flooding
C. SOA Transit
D. Multisite Fabric
Answer: (SHOW ANSWER)
Layer 2 Flooding is used in Cisco SD-Access to address the connectivity needs of silent hosts. Silent hosts are
devices that do not initiate communication but require reception of traffic to start communicating. In a Cisco SD-
Access fabric, these hosts' locations are not known because they have not sent any packets or frames. To
ensure connectivity for these devices, Layer 2 Flooding can be enabled, which allows ARP broadcasts and link-
local frames to be propagated across the fabric. This ensures that even if a silent host has not initiated
communication, it can still receive traffic, which is essential for devices like IP cameras, sensors, or
management interfaces that wait for an initial packet to begin communication.

NEW QUESTION: 425

What is a characteristic of Cisco StackWise technology?
A. It uses proprietary cabling
B. It supports devices that are geographically separated
C. lt combines exactly two devices
D. It is supported on the Cisco 4500 series.
Answer: (SHOW ANSWER)
Cisco StackWise technology is designed to connect multiple switches into a single, unified system. It utilizes
special stacking cables that are proprietary to Cisco, which allows the switches to share resources and operate
as though they are a single entity. This technology simplifies the management of switch resources and provides
scalability and resiliency in network design. The switches in a StackWise setup share the same configuration
and forwarding state, making it easier to manage and configure the network as a whole.
NEW QUESTION: 426
Which solution simplifies management ot secure access to network resources?
A. RFC 3580-based solution to enable authenticated access leveraging RADIUS and AV pairs
B. TrustSec to logically group internal user environments and assign policies
C. 802.1AE to secure communication in the network domain
D. ISE to automate network access control leveraging RADIUS AV pairs
Answer: (SHOW ANSWER)
TrustSec, also known as Security Group Tagging (SGT), is a Cisco security solution that simplifies the
management of secure access to network resources. It allows for the creation of security groups, which
logically group network endpoints with similar access rights. Policies can then be applied based on these
groups, rather than individual IP addresses, making it easier to manage and enforce security across the
network.

NEW QUESTION: 427

Refer to me exhibit. What is the cause of the log messages?

A. hello packet mismatch
B. OSPF area change
C. MTU mismatch
D. IP address mismatch
Answer: (SHOW ANSWER)
The log messages indicate an OSPF error related to a mismatch area ID, which is typically caused by a hello
packet mismatch. In OSPF, hello packets are used to establish and maintain neighbor relationships. If there is a
discrepancy in the information contained within these packets between neighboring routers, it can lead to errors
such as the one displayed in the log messages. References := Cisco

NEW QUESTION: 428

A customer has 20 stores located throughout a city. Each store has a single Cisco access point managed by a
central WLC. The customer wants to gather analysis for users in each store. Which technique supports these
requirements?
A. angle of arrival
B. hyperlocation
C. trilateration
D. presence
Answer: (SHOW ANSWER)
Presence technology allows the network to detect and locate wireless devices based on their proximity to a
Cisco access point. This technique is suitable for the customer's requirement to gather analysis for users in
each store, as it can provide information on the number of devices in the area and their general location. It does
not require the precision of hyperlocation or trilateration, which are more complex and resource-intensive.
References: Cisco User and Entity Behavior Analysis (UEBA).

NEW QUESTION: 429

Users have reported an issue connecting to a server over the network. A workstation was recently added to the
network and configured with a shared USB printer. Which of the following is most likely causing the issue?
A. The switch is oversubscribed and cannot handle the additional throughput.
B. The printer is tying up the server with DHCP discover messages.
C. The web server's back end was designed for only single-threaded applications.
D. The workstation was configured with a static IP that is the same as the server.
Answer: (SHOW ANSWER)
When a workstation is configured with a static IP address that conflicts with another device on the network,
such as a server, it can cause connectivity issues due to IP address duplication. This scenario is known as an
IP address conflict, and it can prevent both devices from communicating effectively on the network. The other
options listed do not directly relate to the reported issue of users being unable to connect to the server.

ENCOR - Chapter - 2 - Spanning Tree - 2025
No ratings yet
ENCOR - Chapter - 2 - Spanning Tree - 2025
18 pages
Nmap - Tryhackme
No ratings yet
Nmap - Tryhackme
14 pages
BRKRST 2338 PDF
No ratings yet
BRKRST 2338 PDF
114 pages
20Cs2008L - Computer Networks: Intra and Inter Vlan
No ratings yet
20Cs2008L - Computer Networks: Intra and Inter Vlan
8 pages
SRX1500 en
No ratings yet
SRX1500 en
6 pages
IP Add
No ratings yet
IP Add
36 pages
Cheat-Sheet For Catalyst 6500 With Sup 720
No ratings yet
Cheat-Sheet For Catalyst 6500 With Sup 720
5 pages
All ENCOR v1.1 Questions - Part 6
No ratings yet
All ENCOR v1.1 Questions - Part 6
56 pages
01 04 M LAG Configuration
No ratings yet
01 04 M LAG Configuration
102 pages
Anyconnect Remote Access VPN Troubleshooting and Best Practices 2020 v1
100% (2)
Anyconnect Remote Access VPN Troubleshooting and Best Practices 2020 v1
115 pages
Cissp 3
No ratings yet
Cissp 3
40 pages
Invoice 246323
No ratings yet
Invoice 246323
1 page
3.1 CCNP ENCOR v1.1 350 401 Practice Exam 1 Stamped
No ratings yet
3.1 CCNP ENCOR v1.1 350 401 Practice Exam 1 Stamped
26 pages
LDAP Integration With ServiceNow
No ratings yet
LDAP Integration With ServiceNow
7 pages
BRKDCN 2984
No ratings yet
BRKDCN 2984
224 pages
B 168 3650 CR PDF
No ratings yet
B 168 3650 CR PDF
996 pages
5-Chapter Five - Transport Layer
No ratings yet
5-Chapter Five - Transport Layer
21 pages
GPON OLT (New 8PON Port, 16PON Port) User Manual-Command Line Operation - V1.1 20180723
No ratings yet
GPON OLT (New 8PON Port, 16PON Port) User Manual-Command Line Operation - V1.1 20180723
336 pages
Money Report-Mellatbank-Rey
No ratings yet
Money Report-Mellatbank-Rey
2 pages
CCNA Security - Chapter 8-IPsec PDF
100% (1)
CCNA Security - Chapter 8-IPsec PDF
58 pages
Icmp Error Reporting
No ratings yet
Icmp Error Reporting
58 pages
Implementing Cisco Enterprise Advanced Routing and Services (300-410 ENARSI) Updated January 2024
No ratings yet
Implementing Cisco Enterprise Advanced Routing and Services (300-410 ENARSI) Updated January 2024
309 pages
Panimalar Engineering College: Register No
No ratings yet
Panimalar Engineering College: Register No
2 pages
AirLive WT-2000R Manual
No ratings yet
AirLive WT-2000R Manual
80 pages
Edimax Ew 7206apg Wireless Access Point
No ratings yet
Edimax Ew 7206apg Wireless Access Point
12 pages
CN Lab 2
No ratings yet
CN Lab 2
6 pages
22.1.2 Lab Troubleshoot Ios Aaa
No ratings yet
22.1.2 Lab Troubleshoot Ios Aaa
4 pages
350-401 Implementing and Operating Cisco Enterprise Network Core Technologies (ENCOR) Updated Dumps
No ratings yet
350-401 Implementing and Operating Cisco Enterprise Network Core Technologies (ENCOR) Updated Dumps
26 pages
Bbshh010 - CCNP-CCIE 350-401 ENCOR 14.3.2020 Dumps PDF
100% (1)
Bbshh010 - CCNP-CCIE 350-401 ENCOR 14.3.2020 Dumps PDF
45 pages
IPTV Overview - Part 2 - WWW - Ipcisco
No ratings yet
IPTV Overview - Part 2 - WWW - Ipcisco
6 pages
A Mini Project Report On: Submitted in Partial Fulfillment of The Requirements of The Semester VII Subject of
No ratings yet
A Mini Project Report On: Submitted in Partial Fulfillment of The Requirements of The Semester VII Subject of
6 pages
Cisco: Exam Questions 350-401
No ratings yet
Cisco: Exam Questions 350-401
6 pages
Finding Process Id
No ratings yet
Finding Process Id
2 pages
Cisco 350 401 Encor Dumps by Mccoy 15-04-2024 9qa Go4braindumps
0% (1)
Cisco 350 401 Encor Dumps by Mccoy 15-04-2024 9qa Go4braindumps
15 pages
350-701 SCOR Exam Dumps - 40Q
No ratings yet
350-701 SCOR Exam Dumps - 40Q
6 pages
PPSC Competitive Exam For The Post of Network Engineer: Question Paper Along With Answer Key
100% (1)
PPSC Competitive Exam For The Post of Network Engineer: Question Paper Along With Answer Key
21 pages
The TCP
No ratings yet
The TCP
4 pages
What Is Internet
No ratings yet
What Is Internet
2 pages
GG C Installation
No ratings yet
GG C Installation
18 pages
Network Security in Cisco Packet Tracer
0% (1)
Network Security in Cisco Packet Tracer
9 pages
Exam Questions 300-710: Securing Networks With Cisco Firepower (SNCF)
No ratings yet
Exam Questions 300-710: Securing Networks With Cisco Firepower (SNCF)
5 pages
New ENARSI Questions 6
100% (1)
New ENARSI Questions 6
163 pages
Cisco Certforall 300-730 Practice Test 2023-May-10 by Chapman 97q Vce
No ratings yet
Cisco Certforall 300-730 Practice Test 2023-May-10 by Chapman 97q Vce
8 pages
01 VXLAN+EVPN+Introduction
0% (1)
01 VXLAN+EVPN+Introduction
6 pages
BRKSPG 2210 PDF
100% (1)
BRKSPG 2210 PDF
83 pages
Cisco Live Cisco Validated Blueprint Architecture
100% (1)
Cisco Live Cisco Validated Blueprint Architecture
57 pages
Ip Security Overview: Applications of Ipsec
No ratings yet
Ip Security Overview: Applications of Ipsec
14 pages
VPN Troubleshooting For Checkpoint
100% (1)
VPN Troubleshooting For Checkpoint
24 pages
All ENCOR v1.1 Questions - Part 5
No ratings yet
All ENCOR v1.1 Questions - Part 5
54 pages
MA5800 V100R019C10 Product Description
No ratings yet
MA5800 V100R019C10 Product Description
14 pages
300 101 177 Questions Implementing Cisco IP Routing (ROUTE v2.0)
No ratings yet
300 101 177 Questions Implementing Cisco IP Routing (ROUTE v2.0)
56 pages
Track Certification Exam Number Exam Name
No ratings yet
Track Certification Exam Number Exam Name
3 pages
BRKNMS 2426
No ratings yet
BRKNMS 2426
99 pages
350-401 Exam Valid Dumps Questions
No ratings yet
350-401 Exam Valid Dumps Questions
24 pages
Number: 350-401 Passing Score: 825 Time Limit: 140 Min File Version: 1.0
100% (1)
Number: 350-401 Passing Score: 825 Time Limit: 140 Min File Version: 1.0
45 pages
300-410 Cisco Exam Updated Dumps
100% (1)
300-410 Cisco Exam Updated Dumps
101 pages
Security Consultant Resume Template-72182
No ratings yet
Security Consultant Resume Template-72182
7 pages
Cisco - Testinises.350 701.free - pdf.2021 Mar 12.by - Gary.145q.vce
No ratings yet
Cisco - Testinises.350 701.free - pdf.2021 Mar 12.by - Gary.145q.vce
15 pages
Configuring Telnet Using An Username & Password: Khawar Butt Ccie # 12353 (R/S, Security, SP, DC, Voice, Storage & Ccde)
No ratings yet
Configuring Telnet Using An Username & Password: Khawar Butt Ccie # 12353 (R/S, Security, SP, DC, Voice, Storage & Ccde)
7 pages
350-601.prepaway - Premium.exam..102q LzVgk8T
No ratings yet
350-601.prepaway - Premium.exam..102q LzVgk8T
48 pages
Cisco Book Online - Cisco Application Centric Infrastructure Fundamentals, Releases 2.x and 3.x - B - ACI-Fundamentals PDF
No ratings yet
Cisco Book Online - Cisco Application Centric Infrastructure Fundamentals, Releases 2.x and 3.x - B - ACI-Fundamentals PDF
314 pages
100-490 V12.35
No ratings yet
100-490 V12.35
14 pages
Answer:: Free Exam/Cram Practice Materials - Best Exam Practice Materials
No ratings yet
Answer:: Free Exam/Cram Practice Materials - Best Exam Practice Materials
23 pages
(May-2020-Updated) PassLeader 2020 CCNP 300-730 SVPN Exam Dumps
No ratings yet
(May-2020-Updated) PassLeader 2020 CCNP 300-730 SVPN Exam Dumps
5 pages
Study Guide Automating and Programming Cisco Data Center Solutions 300-635 DCAUTO Exam
From Everand
Study Guide Automating and Programming Cisco Data Center Solutions 300-635 DCAUTO Exam
Anand Vemula
No ratings yet
(Jan-2021-Updated) PassLeader 2020 CCIE-CCNP 350-401 ENCOR Exam Dumps
0% (1)
(Jan-2021-Updated) PassLeader 2020 CCIE-CCNP 350-401 ENCOR Exam Dumps
9 pages
CCIE Sec Lab v6 Questions
No ratings yet
CCIE Sec Lab v6 Questions
16 pages
350-601 Dccor
No ratings yet
350-601 Dccor
80 pages
Adser CCDE
No ratings yet
Adser CCDE
7 pages
Cisco: Exam Questions 350-401
No ratings yet
Cisco: Exam Questions 350-401
10 pages
CCNP Security 300-725 SWSA Dumps
No ratings yet
CCNP Security 300-725 SWSA Dumps
11 pages
(Sep-2021-Updated) PassLeader 2020 CCIE-CCNP 350-401 ENCOR Exam Dumps
No ratings yet
(Sep-2021-Updated) PassLeader 2020 CCIE-CCNP 350-401 ENCOR Exam Dumps
8 pages
350-701 Exam
No ratings yet
350-701 Exam
251 pages
(June-2021-Updated) PassLeader 2020 CCNP 300-730 SVPN Exam Dumps
No ratings yet
(June-2021-Updated) PassLeader 2020 CCNP 300-730 SVPN Exam Dumps
7 pages
350 401 PDF
No ratings yet
350 401 PDF
17 pages
Update 300-730
No ratings yet
Update 300-730
61 pages
Exam Questions 350-701: Implementing and Operating Cisco Security Core Technologies
No ratings yet
Exam Questions 350-701: Implementing and Operating Cisco Security Core Technologies
7 pages
Current Exam List - Cisco
No ratings yet
Current Exam List - Cisco
9 pages
Number: 300-730 Passing Score: 825 Time Limit: 140 Min File Version: v1.10
No ratings yet
Number: 300-730 Passing Score: 825 Time Limit: 140 Min File Version: v1.10
53 pages
Implementing and Operating Cisco Enterprise Network Core Technologies Encor
No ratings yet
Implementing and Operating Cisco Enterprise Network Core Technologies Encor
5 pages
CCNP 2 PDF
No ratings yet
CCNP 2 PDF
3 pages
Versatile Routing and Services with BGP: Understanding and Implementing BGP in SR-OS
From Everand
Versatile Routing and Services with BGP: Understanding and Implementing BGP in SR-OS
Alcatel-Lucent
No ratings yet
23.1.4 Lab - Troubleshoot IP SLA and Netflow
No ratings yet
23.1.4 Lab - Troubleshoot IP SLA and Netflow
5 pages
Take Assessment CCNP BCMSN Final 3: (Version 5.0)
100% (2)
Take Assessment CCNP BCMSN Final 3: (Version 5.0)
14 pages
CCNA Exam Focus: Study Guide with Practice Tests
From Everand
CCNA Exam Focus: Study Guide with Practice Tests
SUJAN
No ratings yet
300-420 ENSLD Designing Cisco Enterprise
No ratings yet
300-420 ENSLD Designing Cisco Enterprise
3 pages
Configuring IPCop Firewalls: Closing Borders with Open Source
From Everand
Configuring IPCop Firewalls: Closing Borders with Open Source
Barrie Dempster
No ratings yet
REMOTE ACCESS VPN- SSL VPN: A deep dive into SSL VPN from basic
From Everand
REMOTE ACCESS VPN- SSL VPN: A deep dive into SSL VPN from basic
MAMTA DEVI
5/5 (1)
CCIE Security The Ultimate Step-By-Step Guide
From Everand
CCIE Security The Ultimate Step-By-Step Guide
Gerardus Blokdyk
No ratings yet
Next-Generation switching OS configuration and management: Troubleshooting NX-OS in Enterprise Environments
From Everand
Next-Generation switching OS configuration and management: Troubleshooting NX-OS in Enterprise Environments
Mamta Devi
No ratings yet