Hard Questions Flashcards
What is calculated using the numerical values of the transmitter power level, cable loss, and antenna gain? A. EIRP B. dBi C. RSSI D. SNR
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Once you know the complete combination of transmitter power level, the length of cable, and the antenna gain, you can figure out the actual
power level that will be radiated from the antenna. This is known as the effective isotropic radiated power (EIRP), measured in dBm. EIRP is a
very important parameter because it is regulated by governmental agencies in most countries. In those cases, a system cannot radiate signals
higher than a maximum allowable EIRP. To find the EIRP of a system, simply add the transmitter power level to the antenna gain and subtract
the cable loss.
The login method is configured on the VTY lines of a router with these parameters. The first method for authentication is TACACS If TACACS is unavailable, login is allowed without any provided credentials Which configuration accomplishes this task? https://itexamanswers.net/ccie-ccnp-350-401-encor-dumps-full-questions-vce-pdf.html A. R1#sh run | include aaa aaa new-model aaa authentication login VTY group tacacs+ none aaa session-id common R1#sh run | section vty line vty 0 4 password 7 0202039485748 R1#sh run | include username R1# B. R1#sh run | include aaa aaa new-model aaa authentication login telnet group tacacs+ none aaa session-id common R1#sh run | section vty line vty 0 4 R1#sh run | include username R1# C. R1#sh run | include aaa aaa new-model aaa authentication login default group tacacs+ none aaa session-id common R1#sh run | section vty line vty 0 4 password 7 0202039485748 D. R1#sh run | include aaa aaa new-model aaa authentication login default group tacacs+ aaa session-id common R1#sh run | section vty line vty 0 4 transport input none R1#
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
According to the requirements (first use TACACS+, then allow login with no authentication), we have to use “aaa authentication login … group
tacacs+ none” for AAA command.
The next thing to check is the if the “aaa authentication login default” or “aaa authentication login list-name” is used. The ‘default’ keyword
means we want to apply for all login connections (such as tty, vty, console and aux). If we use this keyword, we don’t need to configure anything
else under tty, vty and aux lines. If we don’t use this keyword then we have to specify which line(s) we want to apply the authentication feature.
From above information, we can find out answer ‘R1#sh run | include aaa aaa new-model aaa authentication login default group tacacs+ none
aaa session-id common R1#sh run | section vty line vty 0 4 password 7 0202039485748 If you want to learn more about AAA configuration,
please read our AAA TACACS+ and RADIUS Tutorial – Part 2.
For your information, answer ‘R1#sh run | include aaa
aaa new-model
aaa authentication login telnet group tacacs+ none
aaa session-id common
R1#sh run | section vty
line vty 0 4
R1#sh run | include username
R1#’ would be correct if we add the following command under vty line (“line vty 0 4”): “login authentication telnet” (“telnet” is the name of the AAA
list above)
Which access controls list allows only TCP traffic with a destination port range of 22-443, excluding port 80? A. Deny tcp any any eq 80 Permit tcp any any gt 21 it 444 B. Permit tcp any any ne 80 C. Permit tcp any any range 22 443 Deny tcp any any eq 80 D. Deny tcp any any ne 80 Permit tcp any any range 22 443 E. deny tcp any any eq 80 permit tcp any any range 22 443
Correct Answer: E
Which configuration restricts the amount of SSH that a router accepts 100 kbps? A. class-map match-all CoPP_SSH match access-group name CoPP_SSH ! Policy-map CoPP_SSH class CoPP_SSHpolice cir 100000 exceed-action drop ! ! ! Interface GigabitEthernet0/1 ip address 209.165.200.225 255.255.255.0 ip access-group CoPP_SSH out duplex auto speed auto media-type rj45 service-policy input CoPP_SSH ! ip access-list extended CoPP_SSH permit tcp any any eq 22 ! B. class-map match-all CoPP_SSH match access-group name CoPP_SSH ! Policy-map CoPP_SSH class CoPP_SSH police cir CoPP_SSH exceed-action drop ! Interface GigabitEthernet0/1 ip address 209.165.200.225 255.255.255.0 ip access-group … out duplex auto speed auto media-type rj45 service-policy input CoPP_SSH ! Ip access-list extended CoPP_SSH deny tcp any any eq 22 ! C. class-map match-all CoPP_SSH match access-group name CoPP_SSH ! Policy-map CoPP_SSH class CoPP_SSH police cir 100000 exceed-action drop ! ! ! Control-plane service-policy input CoPP_SSH ! ip access-list extended CoPP_SSH permit tcp any any eq 22 ! D. class-map match-all CoPP_SSH match access-group name CoPP_SSH ! Policy-map CoPP_SSH class CoPP_SSH police cir 100000 exceed-action drop ! Control-plane transit service-policy input CoPP_SSH ! Ip access-list extended CoPP_SSH permit tcp any any eq 22 !
Correct Answer: C
Section: (none)
Explanation/Reference:
CoPP protects the route processor on network devices by treating route processor resources as a separate entity with its own ingress interface
(and in some implementations, egress also). CoPP is used to police traffic that is destined to the route processor of the router such as:
+ routing protocols like OSPF, EIGRP, or BGP.
+ Gateway redundancy protocols like HSRP, VRRP, or GLBP.
+ Network management protocols like telnet, SSH, SNMP, or RADIUS.
Therefore we must apply the CoPP to deal with SSH because it is in the management plane. CoPP must be put under “control-plane” command.
What is the correct EBGP path attribute list, ordered from most preferred to least preferred, that the BGP best-path algorithm uses?
A. local preference, weight, AS path, MED
B. weight, local preference, AS path, MED
C. weight, AS path, local preference, MED
D. local preference, weight, MED, AS path
Correct Answer: B
Section: (none)
Explanation/Reference:
Path Selection Attributes: Weight > Local Preference > Originate > AS Path > Origin > MED > External > IGP Cost > eBGP Peering > Router ID
Which two GRE features are configured to prevent fragmentation? (Choose two.) A. TCP window size B. IP MTU C. TCP MSS D. DF bit clear E. MTU ignore Correct Answer: BC Section: (none)
Explanation/Reference:
The ip tcp adjust-mss only affects TCP streams. Other kinds of IP traffic – UDP, SCTP, DCCP, ICMP, ESP, AH, to name just a few- won’t be
influenced by the ip tcp adjust-mss command, and so their datagrams must be fragmented at the IP layer. That’s why it is necessary to properly
configure the ip mtu command to let the router know how large the fragments of non-TCP-carrying IP packets can be.
Reference: Click here
Which description of an SD-access wireless network infrastructure deployment is true?
A. The access point is part of the fabric overlay.
B. The wireless client is part of the fabric overlay.
C. The access point is part of the fabric underlay.
D. The WLC is part of the fabric underlay.
https://itexamanswers.net/ccie-ccnp-350-401-encor-dumps-full-questions-vce-pdf.html
Correct Answer: A
Section: (none)
Explanation/Reference:
Access Points
+ AP is directly connected to FE (or to an extended node switch)
+ AP is part of Fabric overlay
What are two reasons why broadcast radiation is caused in the virtual machine environment? (Choose two)
A. vSwitch must interrupt the server CPU to process the broadcast packet
B. The Layer 2 domain can be large in virtual machine environments
C. Virtual machines communicate primarily through broadcast mode
D. Communication between vSwitch and network switch is broadcast based
E. Communication between vSwitch and network switch is multicast based
Correct Answer: AB
Explanation/Reference:
Broadcast radiation is the accumulation of broadcast and multicast traffic on a computer network.
Extreme amounts of broadcast traffic constitute a broadcast storm.
The amount of broadcast traffic you should see within a broadcast domain is directly proportional to the size of the broadcast domain. Therefore
if the layer 2 domain in virtual machine environment is too large, broadcast radiation may occur -> VLANs should be used to reduce broadcast
radiation.
Also if virtual machines communicate via broadcast too much, broadcast radiation may occur.
Another reason for broadcast radiation is using a trunk (to extend VLANs) from the network switch to the physical server.
Note about the structure of virtualization in a hypervisor:
Hypervisors provide virtual switch (vSwitch) that Virtual Machines (VMs) use to communicate with other VMs on the same host. The vSwitch
may also be connected to the host’s physical NIC to allow VMs to get layer 2 access to the outside world.
Each VM is provided with a virtual NIC (vNIC) that is connected to the virtual switch. Multiple vNICs can connect to a single vSwitch, allowing
VMs on a physical host to communicate with one another at layer 2 without having to go out to a physical switch.
https://itexamanswers.net/ccie-ccnp-350-401-encor-dumps-full-questions-vce-pdf.html
Although vSwitch does not run Spanning-tree protocol but vSwitch implements other loop prevention mechanisms. For example, a frame that
enters from one VMNIC is not going to go out of the physical host from a different VMNIC card.
Which function does a fabric edge node perform in an SD-Access deployment?
A. Connects endpoints to the fabric and forwards their traffic.
B. Encapsulates end-user data traffic into LISP.
C. Connects the SD-Access fabric to another fabric or external Layer 3 networks.
D. Provides reachability between border nodes in the fabric underlay.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
There are five basic device roles in the fabric overlay:
+ Control plane node: This node contains the settings, protocols, and mapping tables to provide the endpoint-to-location (EID-to-RLOC)
mapping system for the fabric overlay.
+ Fabric border node: This fabric device (for example, core layer device) connects external Layer 3 networks to the SDA fabric.
+ Fabric edge node: This fabric device (for example, access or distribution layer device) connects wired endpoints to the SDA fabric.
+ Fabric WLAN controller (WLC): This fabric device connects APs and wireless endpoints to the SDA fabric.
+ Intermediate nodes: These are intermediate routers or extended switches that do not provide any sort of SD-Access fabric role other than
underlay services.
Which TCP setting is tuned to minimize the risk of fragmentation on a GRE/IP tunnel? A. MSS B. MTU C. MRU D. window size
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
The TCP Maximum Segment Size (TCP MSS) defines the maximum amount of data that a host is willing to accept in a single TCP/IP datagram.
This TCP/IP datagram might be fragmented at the IP layer. The MSS value is sent as a TCP header option only in TCP SYN segments. Each
side of a TCP connection reports its MSS value to the other side. Contrary to popular belief, the MSS value is not negotiated between hosts. The
sending host is required to limit the size of data in a single TCP segment to a value less than or equal to the MSS reported by the receiving host.
TCP MSS takes care of fragmentation at the two endpoints of a TCP connection, but it does not handle the case where there is a smaller MTU
link in the middle between these two endpoints. PMTUD was developed in order to avoid fragmentation in the path between the endpoints. It is
used to dynamically determine the lowest MTU along the path from a packet’s source to its destination.
What are three valid HSRP states? (Choose three) A. INIT B. listen C. full D. learning E. speak F. established
Correct Answer: ABE
Section: (none)
Explanation
Explanation/Reference:
HSRP StatesWhen in operation, HSRP devices are configured into one of many states:
Active – This is the state of the device that is actively forwarding traffic.
Init or Disabled – This is the state of a device that is not yet ready or able to participate in HSRP.
Learn – This is the state of a device that has not yet determined the virtual IP address and has not yet seen a hello message from an active
device.
Listen – This is the state of a device that is receiving hello messages.
Speak – This is the state of a device that is sending and receiving hello messages.
Standby – This is the state of a device that is prepared to take over the traffic forwarding duties from the active device.
In an SD-Access solution what is the role of a fabric edge node?
A. to connect external Layer 3- network to the SD-Access fabric
B. to connect wired endpoint to the SD-Access fabric
C. to advertise fabric IP address space to external network
D. to connect the fusion router to the SD-Access fabric
Correct Answer: B Section: (none) Explanation Explanation/Reference: \+ Fabric edge node: This fabric device (for example, access or distribution layer device) connects wired endpoints to the SDA fabric.
Which two statements about AAA authentication are true? (Choose two)
A. RADIUS authentication queries the router’s local username database
B. TACACS+ authentication uses an RSA server to authenticate users
C. Local user names are case-insensitive
D. Local authentication is maintained on the router
E. KRB5 authentication disables user access when an incorrect password is entered
Correct Answer: DE
Section: (none)
Explanation
What are two common sources of interference for Wi-Fi networks? (Choose two.) A. LED lights B. radar C. fire alarm D. conventional oven E. rogue AP
Correct Answer: BE
Section: (none)
Explanation
Explanation/Reference:
According to the Meraki webpage, radar and rogue AP are two sources of Wireless Interference. Interference between different WLANs occurs
when the access points within range of each other are set to the same RFchannel.
Note: Microwave ovens (not conventional oven) emit damaging interfering signals at up to 25 feet or so from an operatingoven. Some
microwave ovens emit radio signals that occupy only a third of the 2.4-GHz band, whereas others occupy theentire band.
What is the function of a control-plane node in a Cisco SD-Access solution?
A. to run a mapping system that manages endpoint to network device relationships
B. to implement policies and communicate with networks outside the fabric
C. to connect external Layer 3 networks to the SD Access fabric.
D. to connect APs and wireless endpoints to the SD-Access fabric
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Control-Plane Nodes – Map System that manages Endpoint to Device relationships Fabric Border Nodes – A Fabric device (e.g. Core) that
connects External L3 network(s) to the SDA Fabric Fabric Edge Nodes – A Fabric device (e.g. Access or Distribution) that connects Wired
Endpoints to the SDA Fabric Fabric Wireless Controller – A Fabric device (WLC) that connects APs and Wireless Endpoints to the SDA Fabric
