New Questions - Part 10 Flashcards by Pedro Ivo Silva

Which option must be used to support a WLC with an IPv6 management address and 100 Cisco Aironet 2800 Series access points that will use DHCP to register?

A. 43
B. 52
C. 60
D. 82

B. 52

How well did you know this?

Not at all

Perfectly

Drag and drop the characteristics from the left onto the switching mechanisms they describe on the right.

switching_mechanisms.jpg

Cisco Express Forwarding
+ The forwarding table is created in advance.
+ All packets are switched using hardware

Process Switching
+ All forwarding decisions are made in software
+ The router processor is involved with every forwarding decision

How well did you know this?

Not at all

Perfectly

An engineer must create a script to append and modify device entries in a JSON-formatted file. The script must work as follows:
* Until interrupted from the keyboard, the script reads in the hostname of a device, its management IP address, operating system type, and CLI remote access protocol.
* After being interrupted, the script displays the entered entries and adds them to the JSON-formatted file, replacing existing entries whose hostname matches.
The contents of the JSON-formatted file are as follows:

{
 "examplerouter": {
 "ip": "203.0.113.1",
 "os": ios-xe",
 "protocol": "ssh"
    },
 ...
}

Drag and drop the statements onto the blanks within the code to complete the script. Not all options are used.

Python_code_JSON.jpg

import json
while True:
except
File = open
File.close()

How well did you know this?

Not at all

Perfectly

When using BFD in a network design, which consideration must be made?

A. BFD is used with first hop routing protocols to provide subsecond convergence.
B. BFD is used with NSF and graceful to provide subsecond convergence.
C. BFD is more CPU-intensive than using reduced hold timers with routing protocols.
D. BFD is used with dynamic routing protocols to provide subsecond convergence.

D. BFD is used with dynamic routing protocols to provide subsecond convergence.

How well did you know this?

Not at all

Perfectly

In which two ways does the routing protocol OSPF differ from EIGRP? (Choose two)

A. OSPF supports only equal-cost load balancing. EIGRP supports unequal-cost load balancing

B. OSPF supports an unlimited number of hops. EIGRP supports a maximum of 255 hops

C. OSPF is distance vector protocol. EIGRP is a link-state protocol

D. OSPF provides shorter convergence time than EIGRP

E. OSPF supports unequal-cost load balancing. EIGRP supports only equal-cost load balancing

A. OSPF supports only equal-cost load balancing. EIGRP supports unequal-cost load balancing

B. OSPF supports an unlimited number of hops. EIGRP supports a maximum of 255 hops

How well did you know this?

Not at all

Perfectly

A customer wants to connect a device to an autonomous Cisco AP configured as a WGB. The WGB is configured property; however, it fails to associate to a CAPWAP-enabled AP. Which change must be applied in the advanced WLAN settings to resolve this issue?

A. Disable FlexConnect local switching
B. Enable Aironet IE
C. Disable AAA override
D. Enable passive client

B. Enable Aironet IE

How well did you know this?

Not at all

Perfectly

A customer deploys a new wireless network to perform location-based services using Cisco DNA Spaces. The customer has a single WLC located on-premises in a secure data center. The security team does not want to expose the WLC to the public Internet. Which solution allows the customer to securely send RSSI updates to Cisco DNA Spaces?

A. Replace the WLC with a cloud-based controller
B. Deploy a Cisco DNA Spaces connector as a VM
C. Implement Cisco Mobility Services Engine
D. Perform tethering with Cisco DNA Center

B. Deploy a Cisco DNA Spaces connector as a VM

How well did you know this?

Not at all

Perfectly

Drag and drop the characteristics from the left onto the switching architectures on the right.

Process_Switch_vs_CEF.jpg

Process Switching
+ It is referred to as “software switching.”
+ The general-purpose CPU is in charge of packet switching.

Cisco Express Forwarding
+ It optimizes the switching process to handle larger packet volumes.

How well did you know this?

Not at all

Perfectly

By default, which virtual MAC address does HSRP group 32 use?

A. 05:5e:5c:ac:0c:32
B. 00:00:0c:07:ac:20
C. 00:5e:0c:07:ac:20
D. 04:19:20:96:7e:32

B. 00:00:0c:07:ac:20

How well did you know this?

Not at all

Perfectly

Drag and drop the characteristics from the left onto the orchestration tools that they describe on the right.

Chef_vs_SaltStack.jpg

Chef:
+ uses Ruby
+ procedural

SaltStack:
+ declarative
+ uses Python

How well did you know this?

Not at all

Perfectly

In Cisco DNA Center, what is the integration API?

A. southbound consumer-facing RESTful API, which enables network discovery and configuration management

B. westbound interface, which allows the exchange of data to be used by ITSM, IPAM and reporting

C. an interface between the controller and the network devices, which enables network discovery and configuration management

D. northbound consumer-facing RESTful API, which enables network discovery and configuration management

B. westbound interface, which allows the exchange of data to be used by ITSM, IPAM and reporting

How well did you know this?

Not at all

Perfectly

Which function does a Cisco SD-Access extended node perform?

A. provides fabric extension to nonfabric devices through remote registration and configuration

B. performs tunneling between fabric and nonfabric devices to route traffic over unknown networks

C. used to extend the fabric connecting to downstream nonfabric enabled Layer 2 switches

D. in charge of establishing Layer 3 adjacencies with nonfabric unmanaged node

C. used to extend the fabric connecting to downstream nonfabric enabled Layer 2 switches

How well did you know this?

Not at all

Perfectly

An engineer is configuring Local WebAuth on a Cisco Wireless LAN Controller. According to RFC 5737, which virtual IP address must be used in this configuration?

A. 1.1.1.1
B. 192.168.0.1
C. 192.0.2.1
D. 172.20.10.1

C. 192.0.2.1

How well did you know this?

Not at all

Perfectly

Refer to the exhibit.

eBGP_peering.jpg

Which configuration must be implemented to establish EBGP peering between R1 and R2?

R2
router bgp 300
neighbor 131.108.1.1 remote-as 300

R1
router bgp 320
neighbor 131.108.1.2 remote-as 300

R2
router bgp 320
neighbor 1.1.1.1 remote-as 300

R1
router bgp 300
neighbor 2.2.2.2 remote-as 320

R2
router bgp 320
neighbor 131.108.1.1 remote-as 300

R1
router bgp 300
neighbor 131.108.1.2 remote-as 320

R2
router bgp 320
neighbor 131.108.1.11 remote-as 300

R1
router bgp 300
neighbor 131.108.1.2 remote-as 320

C.
R2
router bgp 320
neighbor 131.108.1.1 remote-as 300
R1
router bgp 300
neighbor 131.108.1.2 remote-as 320

How well did you know this?

Not at all

Perfectly

An engineer must configure an EXEC authorization list that first checks a AAA server then a local username. If both methods fail, the user is denied. Which configuration should be applied?

A. aaa authorization exec default local group tacacs+
B. aaa authorization exec default local group radius none
C. aaa authorization exec default group radius local none
D. aaa authorization exec default group radius local

D. aaa authorization exec default group radius local

How well did you know this?

Not at all

Perfectly

Refer to the exhibit.

Router#sh access-list
Extended IP access list 100
  10 permit tcp any any eq telnet
Extended IP access list 101
  10 permit tcp any any eq 22

Which configuration set implements Control plane Policing for SSH and Telnet?

Option A

Router(config)#class-map type inspect match-all
Router(config-cmap)#match access-group 100
Router(config-cmap)#match access-group 101
Router(config)#policy-map CoPP

Router(config-pmap)#class class-control
Router(config-pmap-c)#police 1000000 conform-action transmit
Router(config)#control-plane
Router(config-cp)#service-policy output CoPP

Option B

Router(config)#class-map class-telnet
Router(config-cmap)#match access-group 100
Router(config)#class-map class-ssh
Router(config-cmap)#match access-group 101
Router(config)#policy-map CoPP

Router(config-pmap)#class class-telnet-ssh
Router(config-pmap-c)#police 1000000 conform-action transmit
Router(config)#control-plane
Router(config-cp)#service-policy input CoPP

Option C

Router(config)#class-map match-all class-control
Router(config-cmap)#match access-group 100
Router(config-cmap)#match access-group 101
Router(config)#policy-map CoPP

Router(config-pmap)#class class-control
Router(config-pmap-c)#pollce 1000000 conform-action transmit
Router(config)#control-plane
Router(config-cp)#service-policy output CoPP

Option D

Router(config)#class-map match-any class-control
Router(config-cmap)#match access-group 100
Router(config-cmap)#match access-group 101
Router(config)#policy-map CoPP

Router(config-pmap)#class class-control
Router(config-pmap-c)#police 1000000 conform-action transmit
Router(config)#control-plane
Router(config-cp)#service-policy input CoPP

Option D
Router(config)#class-map match-any class-control
Router(config-cmap)#match access-group 100
Router(config-cmap)#match access-group 101
Router(config)#policy-map CoPP

Router(config-pmap)#class class-control
Router(config-pmap-c)#police 1000000 conform-action transmit
Router(config)#control-plane
Router(config-cp)#service-policy input CoPP

How well did you know this?

Not at all

Perfectly

What is one characteristic of VXLAN?

A. It supports a maximum of 4096 VLANs.
B. It supports multitenant segments.
C. It uses STP to prevent loops in the underlay network.
D. It uses the Layer 2 header to transfer packets through the network underlay.

B. It supports multitenant segments.

How well did you know this?

Not at all

Perfectly

What is one benefit of adopting a data modeling language?

A. augmenting management process using vendor centric actions around models
B. refactoring vendor and platform specific configurations with widely compatible configurations
C. augmenting the use of management protocols like SNMP for status subscriptions
D. deploying machine-friendly codes to manage a high number of devices

B. refactoring vendor and platform specific configurations with widely compatible configurations

How well did you know this?

Not at all

Perfectly

Refer to the exhibit.

R2#
*Feb 28 14:33:59.640: OSPF-1 ADJ  Gi1: Send DBD to 192.168.201.137 seq 0xDE7 opt 0x52 flag 0x7 len 32
*Feb 28 14:33:59.640: OSPF-1 ADJ  Gi1: Retransmitting DBD to 192.168.201.137 [15]
*Feb 28 14:33:59.645: OSPF-1 ADJ  Gi1: Rcv DBD from 192.168.201.137 seq 0xDE7 opt 0x52 flag 0x2 len 112 mtu 9100

The OSPF neighborship fails between two routers. What is the cause of this issue?

A. The OSPF router ID is missing on this router.
B. The OSPF process is stopped on the neighbor router.
C. There is an MTU mismatch between the two routers.
D. The OSPF router ID is missing on the neighbor router.

C. There is an MTU mismatch between the two routers.

How well did you know this?

Not at all

Perfectly

Refer to the exhibit.

interface GigabitEthernet1 
 ip address 10.10.10.1 255.255.255.0
!
access-list 10 permit 10.10.10.1
!
monitor session 10 type erspan-source
 source interface Gi1
 destination
  erspan-id 10
  ip address 192.168.1.1

Which command filters the ERSPAN session packets only to interface GigabitEthernet1?

A. source ip 10.10.10.1
B. source interface gigabitethernet1 ip 10.10.10.1
C. filter access-group 10
D. destination ip 10.10.10.1

B. source interface gigabitethernet1 ip 10.10.10.1

How well did you know this?

Not at all

Perfectly

Refer to the exhibit.

etherchannel_show_etherchannel_summary.jpg

Traffic is not passing between SW1 and SW2. Which action fixes the issue?

A. Configure LACP mode on S1 to passive.
B. Configure switch port mode to ISL on S2.
C. Configure PAgP mode on S1 to desirable.
D. Configure LACP mode on S1 to active.

C. Configure PAgP mode on S1 to desirable.

How well did you know this?

Not at all

Perfectly

Refer to the exhibit.

HSRP_show_standby.jpg

An engineer configures HSRP and enters the show standby command. Which two facts about the network environment are derived from the output? (Choose two)

A. The local device has a higher priority than the active router

B. The virtual IP address of the HSRP group is 10.1.1.1

C. If the local device fails to receive a hello from the active router for more than 5 seconds, it becomes the active router

D. The hello and hold timers are set to custom values

E. If a router with a higher IP address and same HSRP priority as the active router becomes available, that router becomes the new active router 5 seconds later

B. The virtual IP address of the HSRP group is 10.1.1.1

E. If a router with a higher IP address and same HSRP priority as the active router becomes available, that router becomes the new active router 5 seconds later

How well did you know this?

Not at all

Perfectly

An engineer must configure a new WLAN that allows a user to enter a passphrase and provides forward secrecy as a security measure. Which Layer 2 WLAN configuration is required on the Cisco WLC?

A. WPA2 Personal
B. WPA3 Enterprise
C. WPA3 Personal
D. WPA2 Enterprise

C. WPA3 Personal

How well did you know this?

Not at all

Perfectly

Which Python code snippet must be added to the script to store the changed interface configuration to a local JSON-formatted file?

Python_save_local_json_file.jpg

A.
OutFile = open(“ifaces.json”, “w”)
OutFile.write(UpdatedConfig)
OutFile.close()

B.
OutFile = open(“ifaces.json”, “w”)
json.dump(UpdatedConfig,OutFile)
OutFile.close()

C.
OutFile = open(“ifaces.json”, “w”)
OutFile.write(Response.json())
OutFile.close()

D.
OutFile = open(“ifaces.json”, “w”)
OutFile.write(Response.text)
OutFile.close()

A.
OutFile = open(“ifaces.json”, “w”)
OutFile.write(UpdatedConfig)
OutFile.close()

C.
OutFile = open(“ifaces.json”, “w”)
OutFile.write(Response.json())
OutFile.close()

OutFile.write(Response.json()) IS WRONG!

write() function expects a STRING not a DICT.
json() converts text (Response) to DICT (Response.json()).

Finally, dictionary type is not supported by write() function.

How well did you know this?

Not at all

Perfectly

Refer to the exhibit. [OSPF_passive_interface.jpg](https://www.digitaltut.com/images/ENCOR/OSPF/OSPF_passive_interface.jpg) Cisco IOS routers R1 and R2 are **interconnected using interface Gi0/0**. Which configuration allows R1 and R2 to form an OSPF neighborship on interface Gi0/0? A. ``` R2(config)#router ospf 1 R2(config-router)#passive-interface Gi0/0 ``` B. ``` R2(config)#interface Gi0/0 R2(config-if)#ip ospf cost 1 ``` C. ``` R1(config)#router ospf 1 R1(config-router)#no passive-interface Gi0/0 ``` D. ``` R1(config)#router ospf 1 R1(config-if)#network 172.20.0.0 0.0.0.255 area 1 ```

C. ``` R1(config)#router ospf 1 R1(config-router)#no passive-interface Gi0/0 ```

A customer has a wireless network deployed **within a multi-tenant building**. The network provides client access, location-based services, and is monitored using Cisco **DNA Center**. The security department wants to **locate and track malicious devices** based on threat signatures. Which feature is required for this solution? A. Cisco aWIPS policies on Cisco DNA Center B. Cisco aWIPS policies on the WLC C. malicious rogue rules on Cisco DNA Center D. malicious rogue rules on the WLC

A. Cisco **aWIPS policies on Cisco DNA Center**

Refer to the exhibit. [trunking_issue.jpg](https://www.digitaltut.com/images/ENCOR/Trunking/trunking_issue.jpg) An engineer configures a **trunk** between SW1 and SW2 but **tagged packets are not passing**. Which action fixes the issue? A. Configure SW2 with encapsulation dot1q on interface FastEthernet0/1. B. Configure SW1 with dynamic auto mode on interface FastEthernet0/1 C. Configure FastEthernet0/1 on both switches for static trunking. D. Configure the native VLAN to be the same VLAN on both switches on interface FastEthernet0/1

A. **Configure SW2 with encapsulation dot1q** on interface FastEthernet0/1.

In a **Cisco SD-Access wireless** environment, which device is responsible for **hosting the anycast gateway**? A. fabric border node B. fusion router C. fabrice edge node D. control plance node

C. **fabrice edge node**

Drag and drop the characteristics from the left onto the switching architectures on the right. [Process_Switching_CEF_2.jpg](https://www.digitaltut.com/images/ENCOR/Drag_Drop/Process_Switching_CEF_2.jpg)

**Process Switching** + **low** switching **performance** **Cisco Express Forwarding** + **proprietary** switching mechanism + supports the **centralized and distributed modes** of operation

Refer to the exhibit. ``` monitor session 11 type erspan-source source interface GigabitEthernet3 destination erspan-id 12 ip address 10.10.10.10 origin ip address 10.100.10.10 ``` Which command set completes the **ERSPAN** session configuration? A. ``` monitor session 12 type erspan-destination destination interface GigabitEthernet4 source erspan-id 12 ip address 10.10.10.10 ``` B. ``` monitor session 11 type erspan-destination destination interface GigabitEthernet4 source erspan-id 11 ip address 10.10.10.10 ``` C. ``` monitor session 12 type erspan-destination destination interface GigabitEthernet4 source erspan-id 11 ip address 10.10.10.10 ``` D. ``` monitor session 11 type erspan-destination destination interface GigabitEthernet4 source erspan-id 12 ip address 10.100.10.10 ```

A. monitor session 12 type erspan-destination destination interface GigabitEthernet4 source erspan-id **12** ip address **10.10.10.10**

Based on the router’s API output in JSON format below, which Python code will display the value of the “role” key? [Python_JSON_output.jpg](https://www.digitaltut.com/images/ENCOR/Python/Python_JSON_output.jpg) A. ``` json_data = json.loads(response.text) print(json_data[response][0][role]) ``` B. ``` json_data = response.json() print(json_data[‘response’][family][‘role’]) ``` C. ``` json_data = response.json() print(json_data[‘response’][0][‘role’]) ``` D. ``` json_data = json.loads(response.text) print(json_data[‘response’][‘family’][‘role’]) ```

Answer C. ``` json_data = response.json() print(json_data[‘response’][0][‘role’]) ```

Refer to the exhibit. [WLAN_General_edit.jpg](https://www.digitaltut.com/images/ENCOR/Wireless/WLAN_General_edit.jpg) Clients report that they cannot connect to this SSID using the provided PSK. Which action will resolve this issue? A. Select the PSK under authentication key management. B. Define the correct Radio Policy. C. Apply the changes this SSID. D. Apply the correct interface to this WLAN.

A. **Select the PSK under authentication key management.**

Refer to the exhibit. [OSPF_summarize_area.jpg](https://www.digitaltut.com/images/ENCOR/OSPF/OSPF_summarize_area.jpg) Which configuration is required to summarize Area 2 networks that are advertised to Area 0? A. RouterB(config)# router ospf 1 RouterB(config-router)# network 192.168.38.0 255.255.252.0 B. RouterB(config)# router ospf 1 RouterB(config-router)# area 2 range 192.168.36.0 255.255.255.0 C. RouterB(config)# router ospf 1 RouterB(config-router)# network 192.168.38.0 255.255.255.0 D. RouterB(config)# router ospf 1 RouterB(config-router)# area 2 range 192.168.36.0 255.255.252.0

D. RouterB(config)# router ospf 1 RouterB(config-router)# area 2 range 192.168.36.0 255.255.252.0

Refer to the exhibit. ``` ip access-list extended ACL-CoPP-Management permit udp any eq ntp any permit udp any any eq snmp permit tcp any any eq 22 permit tcp any eq 22 any established class-map match-all CLASS-CoPP-Management match access-group name ACL-CoPP-Management ``` An engineer must protect the CPU of the router from high rates of NTP, SNMP, and SSH traffic. Which two configurations must be applied to drop these types of traffic when it continuously exceeds 320 kbps? (Choose two) A. ``` R1 (config)#policy-map POLICY-CoPP R1(config-pmap)#class CLASS-CoPP-Management R1(config-pmap-c)#police 320000 conform-action transmit exceed-action drop violate-action drop B. R1(config)#control-plane R1(config-cp)# service-policy output POLICY-CoPP ``` C. ``` R1(config-pmap)#class CLASS-CoPP-Management R1(config-pmap-c)#police 32 conform-action transmit exceed-action drop violate-action transmit ``` D. ``` R1(config)#policy-map POLICY-CoPP R1(config-pmap)#class CLASS-CoPP-Management R1(config-pmap-c)#police 320000 conform-action transmit exceed-action transmit violate-action drop ``` E. ``` R1(config)#control-plane R1(config-cp)# service-policy input POLICY-CoPP ```

D. R1(config)#policy-map POLICY-CoPP R1(config-pmap)#class CLASS-CoPP-Management R1(config-pmap-c)#police 320000 conform-action **transmit exceed-action transmit violate-action drop** E. R1(config)#control-plane R1(config-cp)# service-policy **input** POLICY-CoPP

Refer to the exhibit. [NAT_config_translation.jpg](https://www.digitaltut.com/images/ENCOR/NAT/NAT_config_translation.jpg) What are two results of the NAT configuration? (Choose two) A. R1 is performing NAT for inside addresses and outside address B. R1 looks at the destination IP address of packets entering S0/0 and destined for inside hosts C. Packets with a destination of 200.1.1.1 are translated to 10.1.1.1 or .2, respectively D. A packet that is sent to 200.1.1.1 from 10.1.1.1 is translated to 209.165.201.1 on R1 E. R1 processes packets entering E0/0 and S0/0 by examining the source IP address

B. R1 looks at the destination IP address of packets entering S0/0 and destined for inside hosts D. A packet that is sent to 200.1.1.1 from 10.1.1.1 is translated to 209.165.201.1 on R1

Refer to the exhibit. [VRF_config.jpg](https://www.digitaltut.com/images/ENCOR/VRF/VRF_config.jpg) Which set of commands is required to configure and verify the VRF for Site 1 Network A on router R1? A. ``` R1#ip routing R1(config)#ip vrf 100 ! R1(config)#interface Gi0/2 R1(config-if)#ip address 10.0.1.1 255.255.255.0 R1#show ip vrf ``` B. ``` R1#ip routing R1(config)#ip vrf 100 ! R1(config)#interface Gi0/2 R1(config-if)#ip address 10.0.1.1 255.255.255.0 ``` C. ``` R1#ip routing R1(config)#ip vrf 100 ! R1(config)#interface Gi0/2 R1(config-if)#ip vrf forwarding 100 R1(config-if)#ip address 10.0.1.1 255.255.255.0 R1#show ip vrf ``` D. ``` R1#ip routing R1(config)#ip vrf 100 R1(config-vrf)#rd 100:1 R1(config-vrf)# address family ipv4 ! R1(config)#interface Gi0/2 R1(config-if)#ip address 10.0.1.1 255.255.255.0 R1#show ip route ```

C. ``` R1#ip routing R1(config)#ip vrf 100 ! R1(config)#interface Gi0/2 R1(config-if)#ip vrf forwarding 100 R1(config-if)#ip address 10.0.1.1 255.255.255.0 R1#show ip vrf ```

Where in Cisco DNA Center is documentation of each API call, organized by its functional area? A. Developer Toolkit B. platform management C. platform bundles D. Runtime Dashboard

A. Developer Toolkit

How do the RIB and the FIB differ? A. FIB contains routes learned through a dynamic routing protocol, and the RIB contains routes that are static or directly connected. B. RIB contains the interface for a destination, and the FIB contains the next hop information. C. FIB is derived from the control plane, and the RIB is derived from the data plane. D. RIB is derived from the control plane, and the FIB is derived from the RIB.

D. **RIB is derived from the control plane**, and the FIB is derived from the RIB.

What does a YANG model provide? A. standardized data structure independent of the transport protocols B. creation of transport protocols and their interaction with the OS C. user access to interact directly with the CLI of the device to receive or modify network configurations D. standardized data structure that can be used only with NETCONF or RESTCONF transport protocols

A. standardized data structure independent of the transport protocols

A network engineer must configure a switch to allow remote access for all feasible protocols. Only a password must be requested for device authentication and all idle sessions must be terminated in 30 minutes. Which configuration must be applied? A. ``` line vty 0 15 password cisco transport input all exec-timeout 0 30 ``` B. ``` line console 0 password cisco exec-timeout 30 0 ``` C. ``` line vty 0 15 password cisco transport input telnet ssh exec-timeout 30 0 ``` D. ``` username cisco privilege 15 cisco line vty 0 15 transport input telnet ssh login local exec-timeout 0 30 ```

C. ``` line vty 0 15 password cisco transport input telnet ssh exec-timeout 30 0 ```

Refer to the exhibit. [add_new_wifi_network.jpg](https://www.digitaltut.com/images/ENCOR/Wireless/add_new_wifi_network.jpg) A company has an internal wireless network with a hidden SSID and RADIUS-based client authentication for increased security. An employee attempts to manually add the company network to a laptop, but the laptop does not attempt to connect to the network. The regulatory domains of the access points and the laptop are identical. Which action resolves this issue? A. Ensure that the “Connect even if this network is not broadcasting” option is selected. B. Limit the enabled wireless channels on the laptop to the maximum channel range that is supported by the access points. C. Change the security type to WPA2-Personal AES. D. Use the empty string as the hidden SSID network name.

A. Ensure that the **“Connect even if this network is not broadcasting”** option is selected.

What is the recommended **minimum SNR for voice** applications on wireless networks? A. 10 B. 25 C. 15 D. 20

B. 25

Drag and drop the tools from the left onto the agent types on the right. [agent_based_agentless_2.jpg](https://www.digitaltut.com/images/ENCOR/Drag_Drop/agent_based_agentless_2.jpg)

**Agentless** + Terraform + Ansible **Agent-Based** + Chef

Which free application has the ability to make REST cans against Cisco DNA Center? A. API Explorer B. REST Explorer C. Postman D. Mozilla

C. Postman

If AP power level is **increased from 25 mW to 100 mW**, what is the power difference in dBm? A. 6 dBm B. 14 dBm C. 17 dBm D. 20 dBm

A. 6 dBm

When does a Cisco StackWise primary switch lose its role? A. when the priority value of a stack member is changed to a higher value B. when a switch with a higher priority is added to the stack C. when the stack primary is reset D. when a stack member fails

C. when the stack primary is reset

Which activity requires access to Cisco DNA Center CLI? A. provisioning a wireless LAN controller B. creating a configuration template C. upgrading the Cisco DNA Center software D. graceful shutdown of Cisco DNA Center

D. **graceful shutdown** of Cisco DNA Center

Which A record type should be configured for access points to resolve the IP address of a wireless LAN controller using DNS? A. CISCO.CONTROLLER.localdomain B. CISCO.CAPWAP.CONTROLLER.localdomain C. CISCO-CONTROLLER.localdomain D. CISCO-CAPWAP-CONTROLLER.localdomain

D. **CISCO-CAPWAP-CONTROLLER**.localdomain

Which **NTP mode** must be activated when using a Cisco router as an NTP authoritative **server**? A. primary B. server C. broadcast client D. peer

B. **server**

Refer to the exhibit. Which router is elected as the VRRP primary virtual router? Router A ``` Interface GigabitEthernet 1/0 ip address 192.168.0.1 255.255.255.0 vrrp priority 120 ``` Router B ``` Interface GigabitEthernet 1/0 ip address 192.168.0.200 255.255.255.0 vrrp priority 100 ``` Router C ``` Interface GigabitEthernet 1/0 ip address 192.168.0.3 255.255.255.0 vrrp priority 130 ``` Router D ``` Interface GigabitEthernet 1/0 ip address 192.168.0.4 255.255.255.0 vrrp priority 90 ``` A. Router A B. Router B C. Router C D. Router D

C. **Router C**

Which signal strength and noise values meet the **minimum SNR for voice networks**? A. signal strength -67 dBm, noise 91 dBm B. signal strength -69 dBm, noise 94 dBm C. signal strength -68 dBm, noise 89 dBm D. signal strength -66 dBm, noise 90 dBm

B. signal strength -69 dBm, noise 94 dBm ## Footnote The recommended minimum SNR for voice applications on wireless networks is 25dB.

An engineer is connected to a Cisco router through a Telnet session. Which command must be issued to view the logging messages from the current session as soon as they are generated by the router? A. logging buffer B. service timestamps log uptime C. logging host D. terminal monitor

D. terminal monitor

An engineer is configuring RADIUS-Based Authentication with EAP. MS-CHAPv2 is configured on a client device. Which outer method protocol must be configured on the ISE to support this authentication type? A. EAP-TLS B. EAP-FAST C. LDAP D. PEAP

D. PEAP

Drag and drop the characteristics from the left onto the orchestration tool classifications on the right. [Configuration_Management_vs_Orchestration_2.jpg](https://www.digitaltut.com/images/ENCOR/Drag_Drop/Configuration_Management_vs_Orchestration_2.jpg)

**Configuration Management** + mutable infrastructure + designed to install and manage software on existing servers **Orchestration** + immutable infrastructure + designed to provision the servers ## Footnote An immutable infrastructure is one in which servers are never modified after they’re deployed. If something needs to be updated or changed, new servers are built afresh from a common template with the desired changes.

Refer to the exhibit. [show_confs_r1_r2](https://i.postimg.cc/65yvssJT/Capture.png) R1 and R2 are directly connected, but the BGP session does not establish. Which action must be taken to build an eBGP session? A. Configure ip route 1.1.1.1 0.0.0.0 192.168.12.1 on R2. B. Configure neighbor 192.168.12.1 activate under R2 BGP process. C. Configure neighbor 2.2.2.2 remote-as 65002 under R1 BGP process. D. Configure no neighbor 192.168.12.1 shutdown under R2 BGP process.

D. Configure no neighbor 192.168.12.1 shutdown under R2 BGP process.

Refer to the exhibit. [show_ip_nat_translations.jpg](https://www.digitaltut.com/images/ENCOR/NAT/show_ip_nat_translations.jpg) Hosts PC1 PC2 and PC3 must access resources on Server1. An engineer configures NAT on Router R1 to enable the communication and enters the show command to verify operation. Which IP address is used by the hosts when they communicate globally to Server1? A. 155.1.1.5 B. random addresses in the 155.1.1.0/24 range C. their own address in the 10.10.10.0/24 range D. 155.1.1.1

D. 155.1.1.1

Drag and drop the characteristics from the left onto the infrastructure deployment models on the right. [On_Premimes_vs_Cloud_3.jpg](https://www.digitaltut.com/images/ENCOR/Drag_Drop/On_Premimes_vs_Cloud_3.jpg)

**On-Premises** + Infrastructure requires large and regular investments + It requires capacity planning for power and cooling **Cloud** + Capacity easily scales up or down + It enables users to access resources from anywhere

Which technology **reduces the implementation of STP** and leverages both unicast and multicast? A. VPC B. VXLAN C. VSS D. VLAN

C. **VSS**

Which application has the ability to make REST calls against Cisco DNA Center? A. API Explorer B. Postman C. REST Explorer D. Mozilla

B. **Postman**

Refer to the exhibit. [GRE_Tunnel_Config.jpg](https://www.digitaltut.com/images/ENCOR/GRE/GRE_Tunnel_Config.jpg) Which GRE tunnel configuration command is missing on R2? A. tunnel source 192.181.2 B. tunnel source 172.16.1.0 C. tunnel source 200.1.1.1 D. tunnel destination 200.1.1.1

C. tunnel **source 200.1.1.1**

A company recently decided to use RESTCONF instead of NETCONF and many of their NETCONF scripts contain the operation (operation=”create”). Which RESTCONF operation must be used to replace these statements? A. CREATE B. GET C. PUT D. POST

D. **POST**

An engineer must protect the password for the VTY lines against **over-the-shoulder** attacks. Which configuration should be applied? A. service password-encryption B. username netadmin secret 9 $9$vFpMf8elb4RVV8$seZ/bDA C. username netadmin secret 7$1$42J36k33008Pyh4QzwXyZ4 D. line vty 0 15 p3ssword XD822j

A. service password-encryption

Which QoS feature uses the **IP Precedence bits** in the ToS field of the IP packet header to partition traffic into different priority levels? A. marking B. shaping C. policing D. classification

D. classification

Refer to the exhibit. [BGP_neighbor.jpg](https://www.digitaltut.com/images/ENCOR/BGP/BGP_neighbor.jpg) R1 has a BGP neighborship with a directly connected router on interface Gi0/0. Which command set is applied between the iterations of show ip bgp 2.2.2.2? A. ``` R1(config)#router bgp 65001 R1(config-router)#neighbor 192.168.50.2 shutdown ``` B. ``` R1(config)#router bgp 65002 R1(config-router)#neighbor 192.168.50.2 shutdown ``` C. ``` R1(config)#ip route 2.2.2.2 255.255.255.255 192.168.50.2 ``` D. ``` R1(config)#no ip route 192.168.50.2 255.255.255.255 Gi0/0 ```

C. ``` R1(config)#ip route 2.2.2.2 255.255.255.255 192.168.50.2 ```

Refer to the exhibit. [ERSPAN_config_3.jpg](https://www.digitaltut.com/images/ENCOR/SPAN/ERSPAN_config_3.jpg) An engineer must configure an ERSPAN tunnel that mirrors traffic from Linux1 on Switch1 to Linux2 on Switch2. Which command must be added to the source configuration to enable the ERSPAN tunnel? A. (config-mon-erspan-dst-src)#origin ip address 172.16.10.10 B. (config-mon-erspan-dst-src)#no shut C. (config-mon-erspan-dst-src)#erspan-id 110 D. (config-mon-erspan-dst-src)#erspan-id 172.16.10.10

C. (config-mon-erspan-dst-src)#erspan-id 110

An engineer applies this EEM applet to a router [EEM_check_MAC_address.jpg](https://www.digitaltut.com/images/ENCOR/EEM/EEM_check_MAC_address.jpg) What does the applet accomplish? A. It checks the MAC address table every 600 seconds to see if the specified address has been learned. B. It compares syslog output to the MAC address table every 600 seconds and generates an event when no match is found. C. It compares syslog output to the MAC address table every 600 seconds and generates an event when there is a match. D. It generates a syslog message every 600 seconds on the status of the specified MAC address.

A. It checks the MAC address table every 600 seconds to see if the specified address has been learned.

Drag and drop the code snippets from the bottom onto the blanks in the code to construct a request that configures a deny rule on an access list. [json_script_acl.jpg](https://www.digitaltut.com/images/ENCOR/Drag_Drop/json_script_acl.jpg)

1. access-list-seq-rule 2. deny 3. ip 4. dst-any

**How is traffic classified when using Cisco TrustSec** technology? A. with the IP address B. with the VLAN C. with the security group tag D. with the MAC address

C. with the **security group tag**

Refer to the exhibit. [acl_allow_traffic.jpg](https://www.digitaltut.com/images/ENCOR/Access-list/acl_allow_traffic.jpg) A network administrator must configure router B to allow traffic only from network 10.100.2.0 to networks outside of router B. Which configuration must be applied? **Option A** ``` RouterB(config)# access-list 101 permit ip 10.100.2.0 0.0.0.255 any RouterB(config)# access-list 101 deny any ! RouterB(config)# int g0/0/0 RouterB(config-if)# ip access-group 101 out ``` **Option B** ``` RouterB(config)# access-list 101 permit ip 10.100.3.0 0.0.0.255 any RouterB(config)# access-list 101 deny any RouterB(config)# int g0/0/0 RouterB(config-if)# ip access-group 101 out ! RouterB(config)# int g0/0/1 RouterB(config-if)# ip access-group 101 out ``` **Option C** ``` RouterB(config)# access-list 101 permit ip 10.100.2.0 0.0.0.255 any RouterB(config)# access-list 101 deny any ! RouterB(config)# int g0/0/2 RouterB(config-if)# ip access-group 101 in ``` **Option D** ``` RouterB(config)# access-list 101 permit ip 10.100.2.0 0.0.0.255 any RouterB(config)# int g0/0/0 RouterB(config-if)# ip access-group 101 out ! RouterB(config)# int g0/0/1 RouterB(config-if)# ip access-group 101 out ```

**Option D** ``` RouterB(config)# access-list 101 permit ip 10.100.2.0 0.0.0.255 any RouterB(config)# int g0/0/0 RouterB(config-if)# ip access-group 101 out ! RouterB(config)# int g0/0/1 RouterB(config-if)# ip access-group 101 out ```

What is a **benefit** of using segmentation with **TrustSec**? A. Integrity checks prevent data from being modified in transit. B. Packets sent between endpoints on a LAN are encrypted using symmetric key cryptography. C. Security group tags enable network segmentation. D. Firewall rules are streamlined by using business-level profiles.

C. Security group tags **enable network segmentation.**

Refer to the exhibit. [OSPF.jpg](https://www.digitaltut.com/images/ENCOR/OSPF/OSPF_prefix_suppression.jpg) An engineer must reduce the number of Type 1 and Type 2 LSAs that are advertised to R4 within OSPF area 0. Which configuration must be applied? A. ``` R1# conf t Router(config)# router ospf 1 Router(config-router)# prefix-suppression ``` B. ``` R4# conf t Router(config)# router ospf 1 Router(config-router)# summary-address 10.0.0.0 255.255.255.0 ``` C. ``` R2# conf t Router(config)# interface Gig0/0 Router(config-router)# ip ospf prefix-suppression ``` D. ``` R2# conf t Router(config)# int Gig0/0 Router(config-if)# ip summary-address 10.0.0.0 255.255.255.0 ```

C. ``` R2# conf t Router(config)# interface Gig0/0 Router(config-router)# ip ospf prefix-suppression ```

Refer to the exhibit. [BGP_preferred_path.jpg](https://www.digitaltut.com/images/ENCOR/BGP/BGP_preferred_path.jpg) Which configuration must be applied to ensure that the preferred path for traffic from AS 65010 toward AS 65020 uses the R2 to R4 path? A. ``` R4(config)# router bgp 65020 R4(config-router)# bgp default local-preference 300 R5(config)# router bgp 65020 R5(config-router)# bgp default local-preference 200 ``` B. ``` R2(config)# router bgp 65010 R2(config-router)# bgp default local-preference 300 R1(config)# router bgp 65010 R1(config-router)# bgp default local-preference 200 ``` C. ``` R2(config)# router bgp 65010 R2(config-router)# bgp default local-preference 200 R1(config)# router bgp 65010 R1(config-router)# bgp default local-preference 300 ``` D. ``` R4(config)# router bgp 65020 R4(config-router)# bgp default local-preference 200 R5(config)# router bgp 65020 R5(config-router)# bgp default local-preference 300 ```

B. ``` R2(config)# router bgp 65010 R2(config-router)# bgp default local-preference 300 R1(config)# router bgp 65010 R1(config-router)# bgp default local-preference 200 ```

What are two **best practices** when designing a **campus Layer 3** infrastructure? (Choose two) A. Configure passive-interface on nontransit links. B. Implement security features at the core. C. Summarize routes from the aggregation layer toward the core layer. D. Tune Cisco Express Forwarding load balancing hash for ECMP routing. E. Summarize from the access layer toward the aggregation layer.

C. **Summarize routes from the aggregation layer** toward the core layer. D. **Tune Cisco Express Forwarding** load balancing hash for ECMP routing.

Refer to the exhibit. [radiation_pattern.jpg](https://www.digitaltut.com/images/ENCOR/Wireless/omnidirectional_antenna_radiation_pattern.jpg) Which antenna emits this radiation pattern? A. omnidirectional B. RP-TNC C. dish D. Yagi

A. **omnidirectional**

Refer to the exhibit. [python code](https://i.postimg.cc/QCdH3dS9/Capture.png) How should the programmer access the list of VLANs that were received via the API call? A. VlanNames[‘response’] B. VlanNames[0] C. VlanNames[‘Vlan1’] D. list(VlanNames)

A. **VlanNames[‘response’]**

An EEM applet contains this command: `event snmp oid 1.3.6.1.4.3.8.0.5.8.7.1.3 get-type next entry-op gt entry-val 80 poll-interval 8` What is the result of the command? A. An SNMP event is generated when the value equals 80% for eight polling cycles. B. An SNMP event is generated when the value is greater than 80% for eight polling cycles. C. An SNMP event is generated when the value reaches 80%. D. An SNMP variable is monitored and an action is triggered when the value exceeds 80%.

D. An SNMP variable is monitored and **an action is triggered when the value exceeds 80%**.

Refer to the exhibit. [python code](https://i.postimg.cc/JzLtrxTC/Capture.png) What does this Python script do? A. enters the TACACS+ username for a specific IP address B. reads the username for a specific IP address from a light database C. writes the username for a specific IP address into a light database D. enters the RADIUS username for a specific IP address

B. **reads** the username for a specific IP address **from a light database**

Refer to the exhibit. ``` for x in range(6): print(x) ``` What is output by this code? A. 0 5 B. 0 1 2 3 4 5 C. 0 1 2 3 4 D. (0,5)

B. 0 1 2 3 4 5

What is the purpose of the **weight attribute in an EID-to-RLOC mapping**? A. It determines the administrative distance of LISP generated routes in the RIB. B. It indicates the load-balancing ratio between ETRs of the same priority. C. It indicates the preference for using LISP over native IP connectivity. D. It identifies the preferred RLOC address family.

B. **It indicates the load-balancing ratio** between ETRs of the same priority.

A network engineer is designing a **QoS policy for voice and video applications**. Which software queuing feature provides strict-priority servicing? A. Class-Based Weighted Fair Queuing B. Low Latency Queuing C. Link Fragmentation D. Automatic QoS

B. **Low Latency Queuing**

Which characteristic applies to a **traditional WAN solution but not to a Cisco SD-WAN** solution? A. lengthy installation times B. centralized reachability, security, and application policies C. low complexity and increased overall solution scale D. operates over DTLS/TLS authenticated and secured tunnels

A. **lengthy installation times**

Which of the following are **features** typically **only found in a Next Generation (NextGen) firewall**? (Choose two) A. Network Address Translation (NAT) B. Secure remote access VPN (RA VPN) C. Deep packet inspection D. reputation based malware detection E. IPSec site-to-site VPN

C. **Deep packet inspection** D. **reputation based malware detection**

JSON web tokens (JWT) are used to secure JSON based communications. Which of the following fields make up a JWT? (Choose three) A. Header B. Trailer C. Payload D. Sequence number E. Signature

A. **Header** C. **Payload** E. **Signature**

Ansible is being used in a network for configuration and management automation. Which of the following are true statements regarding Ansible? (Choose two) A. Requires an agent on the end device. B. Utilizes the concept of playbooks to execute the configuration. C. Uses a pull model, where the end devices pull configuration files from the Ansible server. D. Utilizes SSH.

B. **Utilizes the concept of playbooks** to execute the configuration. D. **Utilizes SSH**.

In a Cisco Software Defined Networking (SDN) architecture, what is used to describe the API communication between the SDN controller and the network elements (routers and switches) that it manages? A. Southbound API B. Northbound API C. Westbound API D. Eastbound API

A. **Southbound** API ## Footnote https://www.9tut.com/images/ccna/SDN/Southbound_Northbound_APIs.jpg

In a Cisco VXLAN based network, which of the following best describes the main function of a VXLAN Tunnel Endpoint (**VTEP**)? A. A device that performs VXLAN encapsulation and decapsulation. B. It is a 24 bit segment ID that defines the broadcast domain. C. It is the Logical interface where the encapsulation and de-encapsulation occurs. D. It is a device that performs tunneling using GRE.

A. A device that performs VXLAN **encapsulation and decapsulation**.

What does the **Cisco DNA Center Authentication API** provide? A. list of global issues that are logged in Cisco DNA Center B. access token to make calls to Cisco DNA Center C. list of VLAN names D. dent health status

B. **access token to make calls** to Cisco DNA Center

What is a client who is running **802.1x for authentication reffered to as**? A. supplicant B. NAC device C. authenticator D. policy enforcement point

A. **supplicant**

Refer to the exhibit. [xml_acl_code.jpg](https://www.digitaltut.com/images/ENCOR/Python/xml_acl_code.jpg) What is achieved by the **XML code**? A. It reads the access list sequence numbers from the output of the show ip access-list extended flp command into a dictionary list B. It displays the output of the show ip access-list extended flp command on the terminal screen C. It displays the access list sequence numbers from the output of the show ip access-list extended flp command on the terminal screen D. It reads the output of the show ip access-list extended flp command into a dictionary list

A. **It reads the access list sequence numbers from the output** of the show ip access-list extended flp command into a dictionary list

What does the statement **print(format(0.8, ‘.0%’))** display? A. 80% B. 8% C. .08% D. 8.8%

A. **80%**

Refer to the exhibit. ``` Router#show running-config | include aaa aaa new-model aaa authentication login default group tacacs+ aaa authorization exec default group tacacs+ aaa session-id common ``` Which configuration **enables fallback to local authentication** and authorization when no TACACS+ server is available? A. ``` Router(config)# aaa authentication login default local Router(config)# aaa authorization exec default local ``` B. ``` Router(config)# aaa authentication login default group tacacs+ local Router(config)# aaa authorization exec default group tacacs+ local ``` C. ``` Router(config)# aaa fallback local ``` D. ``` Router(config)# aaa authentication login FALLBACK local Router(config)# aaa authorization exec FALLBACK local ```

B. ``` Router(config)# aaa authentication login default group tacacs+ local Router(config)# aaa authorization exec default group tacacs+ local ```

Which collection contains the resources to obtain a list of fabric nodes through the **vManage API**? A. device management B. administration C. device inventory D. monitoring

C. **device inventory**

Which security measure **mitigates a man-in-the-middle attack of a REST API**? A. SSL certificates B. biometric authentication C. password hash D. non repudiotion feature

A. **SSL certificates**

Refer to the exhibit. Which two commands ensure that **DSW1 becomes root bridge for VLAN 10 and 20**? (Choose two) [show_spanning_tree_mst.jpg](https://www.digitaltut.com/images/ENCOR/STP/show_spanning_tree_mst.jpg) A. spanning-tree mstp 1 priority 0 B. spanning-tree mst 1 root primary C. spanning-tree mst vlan 10,20 priority root D. spanning-tree mst 1 priority 4096 E. spanning-tree mst 1 priority 1 F. spanning-tree mstp vlan 10,20 root primary

B. spanning-tree **mst 1 root primary** D. spanning-tree **mst 1 priority 4096**

Which solution supports end to end **line-rate encryption between two sites**? A. IPsec B. TrustSec C. MACsec D. GRE

C. **MACsec**

Refer to the exhibit. [exhibit](https://i.postimg.cc/ydWwCRmT/Capture.png) An engineer is troubleshooting a newly configured BGP peering that does not establish. What is the reason for the failure? A. BGP peer 10.255.255.3 is not configured for peering with R1 B. Mandatory BGP parameters between R1 and 10.255.255.3 are mismatched C. A firewall is blocking access to TCP port 179 on the BGP peer 10.255.255.3 D. Both BGP peers are configured for passive TCP transport

C. **A firewall is blocking access to TCP port 179** on the BGP peer 10.255.255.3

Which access control feature does **MAB** provide? A. user access based on IP address B. allows devices to bypass authenticate C. network access based on the physical address of a device D. simultaneous user and device authentication

C. **network access based on the physical address of a device**

Which authorization framework gives **third-party applications limited access to HTTP services**? A. IPsec B. Basic Auth C. GRE D. OAuth 2.0

D. **OAuth 2.0**

In the Cisco DNA Center Image Repository, **what is a golden image**? A. The latest software image that is available for a specific device type B. The Cisco recommended software image for a specific device type. C. A software image that is compatible with multiple device types. D. A software image that meets the compliance requirements of the organization.

B. **The Cisco recommended software image** for a specific device type.

Refer to the exhibit. [exhibit](https://i.postimg.cc/FKpPRKrn/Capture.png) Which action results from executing the Python script? A. display the output of a command that is entered on that device in a single line B. SSH to the IP address that is manually entered on that device C. display the output of a command that is entered on that device D. display the unformatted output of a command that is entered on that device

C. **display the output of a command that is entered on that device**

Which two methods are used to **assign security group tags to the user** in a Cisco Trust Sec architecture? (Choose two) A. modular QoS B. policy routing C. web authentication D. DHCP E. IEEE 802.1x

C. **web** authentication E. **IEEE 802.1x**

Refer to the exhibit. ``` count = 8 while count > 4 : print(count) count -= 1 ``` What is output by this code? A. 8 7 6 5 B. -4 -5 -6 -7 C. -1 -2-3-4 D. 4 5 6 7

A. 8 7 6 5

When a DNS host record is configured for a new Cisco AireOS WLC, **which hostname must be added to allow APs to successfully discover the WLC**? A. CONTROLLER-CAPWAP-CISCO B. CISCO-CONTROLLER-CAPWAP C. CAPWAP-CISCO-CONTROLLER D. CISCO-CAPWAP-CONTROLLER

D. **CISCO-CAPWAP-CONTROLLER**

Refer to the exhibit. [WLAN_advanced.jpg](https://www.digitaltut.com/images/ENCOR/Wireless/WLAN_advanced.jpg) An engineer configures a new WLAN that will be used for secure communications; however, wireless **clients report that they are able to communicate with each other**. Which action resolves this issue? A. Enable Client Exclusions B. Disable Aironet IE C. Enable Wi-Fi Direct Client Policy D. Enable P2P Blocking

D. **Enable P2P Blocking**

Refer to the exhibit. [exhibit](https://i.postimg.cc/nhyxk0qt/Capture.png) An engineer configured TACACS+ to authenticate remote users but the configuration is not working as expected. Which configuration must be applied to enable access? A. ``` R1(config)#ip tacacs source-interface Gig0/0 ``` B. ``` R1(config)#tacacs-server prod R1(config-server-tacacs)#key cisco123 ``` C. ``` R1(config)#aaa authorization exec default group tacacs+ local ``` D. ``` R1(config)#tacacs-server prod R1(config-server-tacacs)#port 1020 ```

B. ``` R1(config)#tacacs-server prod R1(config-server-tacacs)#key cisco123 ```

Refer to the exhibit. [exhibit](https://i.postimg.cc/FsFHdWVW/Capture.png) The EtherChannel between SW1 and SW2 is not operational. Which action will resolve the issue? A. Configure **channel-group 1 mode active** on G1/0 and G1/1 of SW2 B. Configure **switchport trunk encapsulation dot1q** on SW1 and SW2 C. Configure **channel-group 1 mode active** on G1/0 and G1/1 of SW1 D. Configure **switchport mode dynamic desirable** on SW1 and SW2

C. Configure **channel-group 1 mode active** on G1/0 and G1/1 of SW1

Refer to the exhibit. [NETCONF_configured.jpg](https://www.digitaltut.com/images/ENCOR/NETCONF_RESTCONF/NETCONF_configured.jpg) Which command set enables router R2 to be configured via NETCONF? A. ``` R1(config)#username Netconf privilege 15 password example_password R1(config)#netconf-yang R1(config)#netconf-yang feature candidate-datastore ``` B. ``` R1(config)#snmp-server manager R1(config)#snmp-server community ENCOR ro ``` C. ``` R1(config)#snmp-server manager R1(config)#snmp-server community ENCOR rw ``` D. ``` R1(config)#netconf R1(config)#ip http secure-server ```

A. ``` R1(config)#username Netconf privilege 15 password example_password R1(config)#netconf-yang R1(config)#netconf-yang feature candidate-datastore ```

Refer to the exhibit. [OSPF_neighbor_fail.jpg](https://www.digitaltut.com/images/ENCOR/OSPF/OSPF_neighbor_fail.jpg) Why does the **OSPF neighborship fail between the two interfaces**? A. The IP subnet mask is not the same. B. There is a mismatch in the OSPF interface network type. C. The OSPF timers are different. D. The MTU is nor the same.

A. **The IP subnet mask is not the same.**

Which configuration restricts the amount of SSH that a router accepts 100 kbps? **Option A** ``` class-map match-all CoPP_SSH match access-group name CoPP_SSH ! policy-map CoPP_SSH class CoPP_SSH police cir 100000 exceed-action drop ! ! ! interface GigabitEthernet0/1 ip address 209.165.200.225 255.255.255.0 ip access-group CoPP_SSH out duplex auto speed auto media-type rj45 service-policy input CoPP_SSH ! ip access-list extended CoPP_SSH permit tcp any any eq 22 ! ``` **Option B** ``` class-map match-all CoPP_SSH match access-group name CoPP_SSH ! policy-map CoPP_SSH class CoPP_SSH police cir CoPP_SSH exceed-action drop ! ! ! interface GigabitEthernet0/1 ip address 209.165.200.225 255.255.255.0 ip access-group CoPP_SSH out duplex auto speed auto media-type rj45 service-policy input CoPP_SSH ! ip access-list extended CoPP_SSH deny tcp any any eq 22 ! ``` **Option C** ``` class-map match-all CoPP_SSH match access-group name CoPP_SSH ! policy-map CoPP_SSH class CoPP_SSH police cir 100000 exceed-action drop ! ! ! control-plane service-policy input CoPP_SSH ! ip access-list extended CoPP_SSH permit tcp any any eq 22 ! ``` **Option D** ``` class-map match-all CoPP_SSH match access-group name CoPP_SSH ! policy-map CoPP_SSH class CoPP_SSH police cir 100000 exceed-action drop ! ! ! control-plane transit service-policy input CoPP_SSH ! ip access-list extended CoPP_SSH permit tcp any any eq 22 ! ```

**Option C** ``` class-map match-all CoPP_SSH match access-group name CoPP_SSH ! policy-map CoPP_SSH class CoPP_SSH police cir 100000 exceed-action drop ! ! ! control-plane service-policy input CoPP_SSH ! ip access-list extended CoPP_SSH permit tcp any any eq 22 ! ```

What is a **benefit of Cisco TrustSec in a multilayered LAN** network design? A. Policy or ACLs are not required. B. There is no requirements to run IEEE 802.1X when TrustSec is enabled on a switch port. C. Applications flows between hosts on the LAN to remote destinations can be encrypted. D. Policy can be applied on a hop-by-hop basis.

D. Policy can be applied on a hop-by-hop basis.

Refer to the exhibit. ``` no aaa new-model username admin privilege 15 secret cisco123 ip http secure-port 445 ``` Which command must be applied to **complete the configuration and enable RESTCONF**? A. ip http secure-server B. ip http server C. ip http secure-port 443 D. ip http client username restconf

A. ip http secure-server

Which two features are available only in next-generation firewalls? (Choose two) A. virtual private network B. deep packet inspection C. stateful inspection D. application awareness E. packet filtering

B. **deep packet inspection** D. **application awareness**

Drag and drop the code snippets from the bottom onto the blanks in the Python script to print the device model to the screen and write JSON data to a file. Not all options are used. [python_json_print_2.jpg](https://www.digitaltut.com/images/ENCOR/Python/python_json_print_2.jpg)

1. print 2. open 3. w 4. dump

Which configuration **enables password checking on the console line**, using only a password? A. router(config)#line con 0 router(config-line)#exec-timeout 0 0 B. router(config)#line con 0 router(config-line)#login C. router(config)#line con 0 router(config-line)#login local D. router(config)#line vty 0 4 router(config-line)#login

B. router(config)#line con 0 router(config-line)#**login**

Which language defines the **structure or modelling of data for NETCONF and RESTCONF**? A. YAM B. YANG C. JSON D. XML

B. **YANG**

Refer to the exhibit. [OSPF_advertised.jpg](https://www.digitaltut.com/images/ENCOR/OSPF/OSPF_advertised.jpg) Which two configurations enable R1 and R2 to advertise routes into OSPF? (Choose two) A. R2 router ospf 0 network 172.16.1.0 255.255.255.0 area 0 network 172.16.2.0 255.255.255.0 area 0 B. R2 router ospf 0 network 172.16.1.0 0.0.0.255 area 0 network 172.16.2.0 255.255.255.0 area 0 C. R1 router ospf 0 network 192.168.1.0 0.0.0.255 area 0 network 192.168.2.0 0.0.0.255 area 0 D. R2 router ospf 0 network 172.16.1.0 0.0.0.255 area 0 network 172.16.2.0 0.0.0.255 area 0 E. R1 router ospf 0 network 172.16.1.0 255.255.255.0 area 0 network 172.16.2.0 255.255.255.0 area 0

C. R1 router ospf 0 network 192.168.1.0 0.0.0.255 area 0 network 192.168.2.0 0.0.0.255 area 0 D. R2 router ospf 0 network 172.16.1.0 0.0.0.255 area 0 network 172.16.2.0 0.0.0.255 area 0

Which DNS lookup does an AP perform when attempting CAPWAP discovery? A. CAPWAP-CONTROLLER.local B. CISCO-CAPWAP-CONTROLLER.local C. CISCO-DNA-CONTROLLER.local D. CISCO-CONTROLLER.local

B. **CISCO-CAPWAP-CONTROLLER.local**

How do cloud deployments compare to on-premises deployments? A. Cloud deployments provide a better user experience across world regions, whereas on-premises deployments depend upon region-specific conditions B. Cloud deployments are inherently unsecure, whereas a secure architecture is mandatory for on-premises deployments. C. Cloud deployments mandate a secure architecture, whereas on-premises deployments are inherently unsecure. D. Cloud deployments must include automation infrastructure, whereas on-premises deployments often lack the ability for automation.

B. **Cloud deployments are inherently unsecure**, whereas a secure architecture is mandatory for on-premises deployments.

A firewall address of 192.168.1.101 can be pinged from a router but, when running a traceroute to it, this output is received. ``` 1 * * * 2 * * * 3 * * * 4 * * * 5 * * * 6 * * * 7 * * * 8 * * * 9 * * * 10 * * * ``` What is the cause of this issue? A. The firewall blocks ICMP traceroute traffic B. The firewall rule that allows ICMP traffic does not function correctly C. The firewall blocks ICMP traffic D. The firewall blocks UDP traffic

D. **The firewall blocks UDP traffic**

Which configuration **filters out DOT1X messages** in the format shown below from being sent toward Syslog server 10.15.20.33? ``` Nov 11 10:59:47 MEZ: %AUTHMGR-5-START: Starting ‘dot1x’ for client (101f.74ed.e38d) on Interface Gi1/0/23 AuditSessionID 0ADEE01200002B3D2D05EE68 Nov 11 10:59:49 MEZ: %AUTHMGR-5-START: Starting ‘dot1x’ for client (101f.74ed.e38d) on Interface Gi1/0/23 AuditSessionID 0ADEE01200002B3E2D05F655 ``` A. logging discriminator DOT1X facility drops DOT1X logging host 10.15.20.33 discriminator DOT1X B. logging discriminator DOT1X msg-body drops DOTX logging host 10.15.20.33 discriminator DOTX C. logging discriminator DOT1X mnemonics includes DOTX logging host 10.15.20.33 discriminator DOT1X D. logging discriminator DOT1X mnemonics includes DOT1X logging host 10.15.20.33 discriminator DOTX

A. logging discriminator DOT1X **facility drops DOT1X** logging host 10.15.20.33 discriminator DOT1X

Which device, in a LISP routing architecture, **receives and de-encapsulates LISP traffic** for endpoints within a LISP-capable site? A. MR B. ETR C. OMS D. ITR

B. **ETR**

Which action limits the total amount of memory and CPU that is used by a collection of VMs? A. Place the collection of VMs in a resource pool. B. Place the collection of VMs in a vApp. C. Limit the amount of memory and CPU that is available to the cluster. D. Limit the amount of memory and CPU that is available to the individual VMs.

A. Place the collection of VMs in a resource pool.

Refer to the exhibit. [ACL_allow_internet.jpg](https://www.digitaltut.com/images/ENCOR/Access-list/ACL_allow_internet.jpg) **Remote users cannot access the Internet but can upload files to the storage server.** Which configuration must be applied to allow Internet access? A. ``` ciscoasa(config)#access-list MAIL_AUTH extended permit tcp any any eq www ciscoasa(config)#aaa authentication listener http inside redirect ``` B. ``` ciscoasa(config)#access-list MAIL_AUTH extended permit tcp any any eq http ciscoasa(config)#aaa authentication listener http inside port 43 ``` C. ``` ciscoasa(config)#access-list HTTP_AUTH extended permit udp any any eq http ciscoasa(config)#aaa authentication listener http outside port 43 ``` D. ``` ciscoasa(config)#access-list MAIL_AUTH extended permit udp any any eq http ciscoasa(config)#aaa authentication listener http outside redirect ```

A. ``` ciscoasa(config)#access-list MAIL_AUTH extended permit tcp any any eq www ciscoasa(config)#aaa authentication listener http inside redirect ```

Refer to the exhibit. ``` ip access-list extended 101 10 deny ip any any ! event manager applet Block_Users action 1.0 cli command "enable" action 2.0 cli command "configure terminal" action 3.0 cli command "interface GigabitEthernet1" action 4.0 cli command "ip access-group 101 in" action 5.0 cli command "ip access-group 101 out" ``` An engineer builds an EEM script to apply an access list. Which statement must be added to complete the script? A. event none B. action 2.1 cli command “ip action 3.1 cli command 101” C. action 6.0 cli command ”ip access-list extended 101” D. action 6.0 cli command ”ip access-list extended 101″

A. event none

What is a characteristic of a traditional WAN? A. low complexity and high overall solution scale B. centralized reachability, security, and application policies C. operates over DTLS and TLS authenticated and secured tunnels D. united data plane and control plane

D. **united data plane and control plane**

Which Python library is used to work with **YANG data models via NETCONF**? A. Postman B. requests C. ncclient D. cURL

C. **ncclient**

Which JSON script is properly formatted? **Option A** ``` "car":[ { "type":"A New Book", "model":"J Doe", "year":"1" }] ``` **Option B** ``` { "host": [ "name":"SwitchA, "model":"Catalyst", "serial":"043939383", ] } ``` **Option C** ``` { "book":[ { "title":"A New Book, "author":"J P Doe", "edition":"2" }] } ``` **Option D** ``` [ "class":{ "title":"Science", "grade":"11", "location":"Room C". }] ] ```

**Option C** ``` { "book":[ { "title":"A New Book, "author":"J P Doe", "edition":"2" }] } ```

Which mobility role is assigned to a client in the client table of the new controller **after a Layer 3 roam**? A. anchor B. foreign C. mobility D. transparent

B. **foreign**

Drag and drop the snippets onto the blanks within the code to create an EEM script that adds an entry to a locally stored text file with a timestamp when a configuration change is made. Not all options are used. [EEM_script_add_entry.jpg](https://www.digitaltut.com/images/ENCOR/Drag_Drop/EEM_script_add_entry.jpg)

1. event syslog pattern 2. “enable” 3. | append flash

Refer to the exhibit. [LACP_mode.jpg](https://www.digitaltut.com/images/ENCOR/Etherchannel/LACP_mode.jpg) An LACP port channel is configured between Switch-1 and Switch-2, but it falls to come up. Which action will resolve the issue? A. Configure Switch-1 with channel-group mode active B. Configure Switch-2 with channel-group mode desirable C. Configure Switch-1 with channel-group mode on D. Configure SwKch-2 with channel-group mode auto

A. Configure Switch-1 with channel-group mode active

Which device is responsible for finding **EID-to-RLOC mappings when traffic is sent to a LISP-capable site**? A. map server B. map resolver C. ingress tunnel router D. egress tunnel router

C. **ingress tunnel router**

In a Cisco SD-Access environment, which function is performed by the border node? A. Connect devices to the fabric domain. B. Group endpoints into IP pools. C. Provide reachability information to fabric endpoints. D. Provide connectivity to traditional layer 3 networks.

D. **Provide connectivity to traditional layer 3 networks.**

Why would a customer implement an on-premises solution instead of a cloud solution? A. On-premises offers greater compliance for government regulations than cloud B. On-premises offers greater scalability than cloud C. On-premises offers shorter deployment time than cloud D. On-premises is more secure than cloud

D. On-premises is more secure than cloud

Refer to the exhibit. [OSPF_failed.jpg](https://www.digitaltut.com/images/ENCOR/OSPF/OSPF_failed.jpg) Why does OSPF fail to establish an adjacency between R1 and R2? A. authentication mismatch B. interface MTU mismatch C. area mismatch D. timers mismatch

B. interface **MTU mismatch**

Refer to the exhibit. [ACL_allow_ftp.jpg](https://www.digitaltut.com/images/ENCOR/Access-list/ACL_allow_ftp.jpg) An engineer must allow the FTP traffic from users on 172.16.1.0 /24 to 172.16.2.0 /24 and block all other traffic. Which configuration must be applied? A. ``` R1(config)#access-list 120 deny any any R1(config)#access-list 120 permit tcp 172.16.1.0 0.0.0.255 172.16.2.0 0.0.0.255 21 R1(config)#interface giga 0/0 R1(config-if)#ip access-group 120 out ``` B. ``` R1(config)#access-list 120 permit tcp 172.16.1.0 0.0.0.255 21 172.16.2.0 0.0.0.255 R1(config)#interface giga 0/2 R1(config)#ip access-group 120 in ``` C. ``` R1(config)#access-list 120 permit tcp 172.16.1.0 0.0.0.255 172.16.2.0 0.0.0.255 20 R1(config)#access-list 120 permit tcp 172.16.1.0 0.0.0.255 172.16.2.0 0.0.0.255 21 R1(config)#interface giga 0/2 R1(config-if)#ip access-group 120 in ``` D. ``` R1(config)#access-list 120 permit tcp 172.16.1.0 0.0.0.255 21 172.16.2.0 0.0.0.255 R1(config)#access-list 120 permit udp 172.16.1.0 0.0.0.255 21 172.16.2.0 0.0.0.255 R1(config)#interface giga 0/2 R1(config-if)#ip access-group 120 out ```

C. ``` R1(config)#access-list 120 permit tcp 172.16.1.0 0.0.0.255 172.16.2.0 0.0.0.255 20 R1(config)#access-list 120 permit tcp 172.16.1.0 0.0.0.255 172.16.2.0 0.0.0.255 21 R1(config)#interface giga 0/2 R1(config-if)#ip access-group 120 in ```

Which two new security capabilities are introduced by using a **next-generation firewall at the Internet edge**? (Choose two) A. DVPN B. NAT C. stateful packet inspection D. application-level inspection E. integrated intrusion prevention

D. **application-level inspection** E. **integrated intrusion prevention**

Refer to the exhibit. [EEM_syn_skip.jpg](https://www.digitaltut.com/images/ENCOR/EEM/EEM_syn_skip.jpg) An engineer constructs an EEM applet to prevent anyone from entering configuration mode on a switch. Which snippet is required to complete the EEM applet? A. sync yes skip yes B. sync no skip yes C. sync no skip no D. sync yes skip no

B. **sync no skip yes**

Which technology enables a **redundant supervisor** engine to take over when the primary supervisor engine fails? A. NSF B. graceful restart C. SSO D. FHRP

C. SSO

An engineer must implement a configuration to allow a network administrator to connect to the console port of a router and **authenticate over the network**. Which command set should the engineer use? A. aaa new-model aaa authentication login default enable B. aaa new-model aaa authentication login console local C. aaa new-model aaa authentication login console group radius D. aaa new-model aaa authentication enable default

C. aaa new-model aaa authentication login console group **radius**

What is one **being of implementing a data modeling language**? A. accuracy of the operations performed B. uses XML style of data formatting C. machine-oriented logic and language-facilitated processing. D. conceptual representation to simplify interpretation.

A. **accuracy of the operations performed**