Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

CCNP ENCOR > New Questions - Part 10 > Flashcards

New Questions - Part 10 Flashcards

1
Q

Which option must be used to support a WLC with an IPv6 management address and 100 Cisco Aironet 2800 Series access points that will use DHCP to register?

A. 43
B. 52
C. 60
D. 82

A

B. 52

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Drag and drop the characteristics from the left onto the switching mechanisms they describe on the right.

switching_mechanisms.jpg

A

Cisco Express Forwarding
+ The forwarding table is created in advance.
+ All packets are switched using hardware

Process Switching
+ All forwarding decisions are made in software
+ The router processor is involved with every forwarding decision

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

An engineer must create a script to append and modify device entries in a JSON-formatted file. The script must work as follows:
* Until interrupted from the keyboard, the script reads in the hostname of a device, its management IP address, operating system type, and CLI remote access protocol.
* After being interrupted, the script displays the entered entries and adds them to the JSON-formatted file, replacing existing entries whose hostname matches.
The contents of the JSON-formatted file are as follows:

{
 "examplerouter": {
 "ip": "203.0.113.1",
 "os": ios-xe",
 "protocol": "ssh"
    },
 ...
}

Drag and drop the statements onto the blanks within the code to complete the script. Not all options are used.

Python_code_JSON.jpg

A
  1. import json
  2. while True:
  3. except
  4. File = open
  5. File.close()
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

When using BFD in a network design, which consideration must be made?

A. BFD is used with first hop routing protocols to provide subsecond convergence.
B. BFD is used with NSF and graceful to provide subsecond convergence.
C. BFD is more CPU-intensive than using reduced hold timers with routing protocols.
D. BFD is used with dynamic routing protocols to provide subsecond convergence.

A

D. BFD is used with dynamic routing protocols to provide subsecond convergence.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

In which two ways does the routing protocol OSPF differ from EIGRP? (Choose two)

A. OSPF supports only equal-cost load balancing. EIGRP supports unequal-cost load balancing

B. OSPF supports an unlimited number of hops. EIGRP supports a maximum of 255 hops

C. OSPF is distance vector protocol. EIGRP is a link-state protocol

D. OSPF provides shorter convergence time than EIGRP

E. OSPF supports unequal-cost load balancing. EIGRP supports only equal-cost load balancing

A

A. OSPF supports only equal-cost load balancing. EIGRP supports unequal-cost load balancing

B. OSPF supports an unlimited number of hops. EIGRP supports a maximum of 255 hops

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

A customer wants to connect a device to an autonomous Cisco AP configured as a WGB. The WGB is configured property; however, it fails to associate to a CAPWAP-enabled AP. Which change must be applied in the advanced WLAN settings to resolve this issue?

A. Disable FlexConnect local switching
B. Enable Aironet IE
C. Disable AAA override
D. Enable passive client

A

B. Enable Aironet IE

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

A customer deploys a new wireless network to perform location-based services using Cisco DNA Spaces. The customer has a single WLC located on-premises in a secure data center. The security team does not want to expose the WLC to the public Internet. Which solution allows the customer to securely send RSSI updates to Cisco DNA Spaces?

A. Replace the WLC with a cloud-based controller
B. Deploy a Cisco DNA Spaces connector as a VM
C. Implement Cisco Mobility Services Engine
D. Perform tethering with Cisco DNA Center

A

B. Deploy a Cisco DNA Spaces connector as a VM

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Drag and drop the characteristics from the left onto the switching architectures on the right.

Process_Switch_vs_CEF.jpg

A

Process Switching
+ It is referred to as “software switching.”
+ The general-purpose CPU is in charge of packet switching.

Cisco Express Forwarding
+ It optimizes the switching process to handle larger packet volumes.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

By default, which virtual MAC address does HSRP group 32 use?

A. 05:5e:5c:ac:0c:32
B. 00:00:0c:07:ac:20
C. 00:5e:0c:07:ac:20
D. 04:19:20:96:7e:32

A

B. 00:00:0c:07:ac:20

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Drag and drop the characteristics from the left onto the orchestration tools that they describe on the right.

Chef_vs_SaltStack.jpg

A

Chef:
+ uses Ruby
+ procedural

SaltStack:
+ declarative
+ uses Python

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

In Cisco DNA Center, what is the integration API?

A. southbound consumer-facing RESTful API, which enables network discovery and configuration management

B. westbound interface, which allows the exchange of data to be used by ITSM, IPAM and reporting

C. an interface between the controller and the network devices, which enables network discovery and configuration management

D. northbound consumer-facing RESTful API, which enables network discovery and configuration management

A

B. westbound interface, which allows the exchange of data to be used by ITSM, IPAM and reporting

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Which function does a Cisco SD-Access extended node perform?

A. provides fabric extension to nonfabric devices through remote registration and configuration

B. performs tunneling between fabric and nonfabric devices to route traffic over unknown networks

C. used to extend the fabric connecting to downstream nonfabric enabled Layer 2 switches

D. in charge of establishing Layer 3 adjacencies with nonfabric unmanaged node

A

C. used to extend the fabric connecting to downstream nonfabric enabled Layer 2 switches

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

An engineer is configuring Local WebAuth on a Cisco Wireless LAN Controller. According to RFC 5737, which virtual IP address must be used in this configuration?

A. 1.1.1.1
B. 192.168.0.1
C. 192.0.2.1
D. 172.20.10.1

A

C. 192.0.2.1

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Refer to the exhibit.

eBGP_peering.jpg

Which configuration must be implemented to establish EBGP peering between R1 and R2?

A.

R2
router bgp 300
neighbor 131.108.1.1 remote-as 300
R1
router bgp 320
neighbor 131.108.1.2 remote-as 300

B.

R2
router bgp 320
neighbor 1.1.1.1 remote-as 300
R1
router bgp 300
neighbor 2.2.2.2 remote-as 320

C.

R2
router bgp 320
neighbor 131.108.1.1 remote-as 300
R1
router bgp 300
neighbor 131.108.1.2 remote-as 320

D.

R2
router bgp 320
neighbor 131.108.1.11 remote-as 300
R1
router bgp 300
neighbor 131.108.1.2 remote-as 320
A

C.
R2
router bgp 320
neighbor 131.108.1.1 remote-as 300
R1
router bgp 300
neighbor 131.108.1.2 remote-as 320

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

An engineer must configure an EXEC authorization list that first checks a AAA server then a local username. If both methods fail, the user is denied. Which configuration should be applied?

A. aaa authorization exec default local group tacacs+
B. aaa authorization exec default local group radius none
C. aaa authorization exec default group radius local none
D. aaa authorization exec default group radius local

A

D. aaa authorization exec default group radius local

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Refer to the exhibit.

Router#sh access-list
Extended IP access list 100
  10 permit tcp any any eq telnet
Extended IP access list 101
  10 permit tcp any any eq 22

Which configuration set implements Control plane Policing for SSH and Telnet?

Option A

Router(config)#class-map type inspect match-all
Router(config-cmap)#match access-group 100
Router(config-cmap)#match access-group 101
Router(config)#policy-map CoPP

Router(config-pmap)#class class-control
Router(config-pmap-c)#police 1000000 conform-action transmit
Router(config)#control-plane
Router(config-cp)#service-policy output CoPP

Option B

Router(config)#class-map class-telnet
Router(config-cmap)#match access-group 100
Router(config)#class-map class-ssh
Router(config-cmap)#match access-group 101
Router(config)#policy-map CoPP

Router(config-pmap)#class class-telnet-ssh
Router(config-pmap-c)#police 1000000 conform-action transmit
Router(config)#control-plane
Router(config-cp)#service-policy input CoPP

Option C

Router(config)#class-map match-all class-control
Router(config-cmap)#match access-group 100
Router(config-cmap)#match access-group 101
Router(config)#policy-map CoPP

Router(config-pmap)#class class-control
Router(config-pmap-c)#pollce 1000000 conform-action transmit
Router(config)#control-plane
Router(config-cp)#service-policy output CoPP

Option D

Router(config)#class-map match-any class-control
Router(config-cmap)#match access-group 100
Router(config-cmap)#match access-group 101
Router(config)#policy-map CoPP

Router(config-pmap)#class class-control
Router(config-pmap-c)#police 1000000 conform-action transmit
Router(config)#control-plane
Router(config-cp)#service-policy input CoPP
A

Option D
Router(config)#class-map match-any class-control
Router(config-cmap)#match access-group 100
Router(config-cmap)#match access-group 101
Router(config)#policy-map CoPP

Router(config-pmap)#class class-control
Router(config-pmap-c)#police 1000000 conform-action transmit
Router(config)#control-plane
Router(config-cp)#service-policy input CoPP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

What is one characteristic of VXLAN?

A. It supports a maximum of 4096 VLANs.
B. It supports multitenant segments.
C. It uses STP to prevent loops in the underlay network.
D. It uses the Layer 2 header to transfer packets through the network underlay.

A

B. It supports multitenant segments.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

What is one benefit of adopting a data modeling language?

A. augmenting management process using vendor centric actions around models
B. refactoring vendor and platform specific configurations with widely compatible configurations
C. augmenting the use of management protocols like SNMP for status subscriptions
D. deploying machine-friendly codes to manage a high number of devices

A

B. refactoring vendor and platform specific configurations with widely compatible configurations

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Refer to the exhibit.

R2#
*Feb 28 14:33:59.640: OSPF-1 ADJ  Gi1: Send DBD to 192.168.201.137 seq 0xDE7 opt 0x52 flag 0x7 len 32
*Feb 28 14:33:59.640: OSPF-1 ADJ  Gi1: Retransmitting DBD to 192.168.201.137 [15]
*Feb 28 14:33:59.645: OSPF-1 ADJ  Gi1: Rcv DBD from 192.168.201.137 seq 0xDE7 opt 0x52 flag 0x2 len 112 mtu 9100

The OSPF neighborship fails between two routers. What is the cause of this issue?

A. The OSPF router ID is missing on this router.
B. The OSPF process is stopped on the neighbor router.
C. There is an MTU mismatch between the two routers.
D. The OSPF router ID is missing on the neighbor router.

A

C. There is an MTU mismatch between the two routers.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Refer to the exhibit.

interface GigabitEthernet1 
 ip address 10.10.10.1 255.255.255.0
!
access-list 10 permit 10.10.10.1
!
monitor session 10 type erspan-source
 source interface Gi1
 destination
  erspan-id 10
  ip address 192.168.1.1

Which command filters the ERSPAN session packets only to interface GigabitEthernet1?

A. source ip 10.10.10.1
B. source interface gigabitethernet1 ip 10.10.10.1
C. filter access-group 10
D. destination ip 10.10.10.1

A

B. source interface gigabitethernet1 ip 10.10.10.1

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Refer to the exhibit.

etherchannel_show_etherchannel_summary.jpg

Traffic is not passing between SW1 and SW2. Which action fixes the issue?

A. Configure LACP mode on S1 to passive.
B. Configure switch port mode to ISL on S2.
C. Configure PAgP mode on S1 to desirable.
D. Configure LACP mode on S1 to active.

A

C. Configure PAgP mode on S1 to desirable.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Refer to the exhibit.

HSRP_show_standby.jpg

An engineer configures HSRP and enters the show standby command. Which two facts about the network environment are derived from the output? (Choose two)

A. The local device has a higher priority than the active router

B. The virtual IP address of the HSRP group is 10.1.1.1

C. If the local device fails to receive a hello from the active router for more than 5 seconds, it becomes the active router

D. The hello and hold timers are set to custom values

E. If a router with a higher IP address and same HSRP priority as the active router becomes available, that router becomes the new active router 5 seconds later

A

B. The virtual IP address of the HSRP group is 10.1.1.1

E. If a router with a higher IP address and same HSRP priority as the active router becomes available, that router becomes the new active router 5 seconds later

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

An engineer must configure a new WLAN that allows a user to enter a passphrase and provides forward secrecy as a security measure. Which Layer 2 WLAN configuration is required on the Cisco WLC?

A. WPA2 Personal
B. WPA3 Enterprise
C. WPA3 Personal
D. WPA2 Enterprise

A

C. WPA3 Personal

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

Which Python code snippet must be added to the script to store the changed interface configuration to a local JSON-formatted file?

Python_save_local_json_file.jpg

A.
OutFile = open(“ifaces.json”, “w”)
OutFile.write(UpdatedConfig)
OutFile.close()

B.
OutFile = open(“ifaces.json”, “w”)
json.dump(UpdatedConfig,OutFile)
OutFile.close()

C.
OutFile = open(“ifaces.json”, “w”)
OutFile.write(Response.json())
OutFile.close()

D.
OutFile = open(“ifaces.json”, “w”)
OutFile.write(Response.text)
OutFile.close()

A

A.
OutFile = open(“ifaces.json”, “w”)
OutFile.write(UpdatedConfig)
OutFile.close()

C.
OutFile = open(“ifaces.json”, “w”)
OutFile.write(Response.json())
OutFile.close()

OutFile.write(Response.json()) IS WRONG!

  • write() function expects a STRING not a DICT.
  • json() converts text (Response) to DICT (Response.json()).

Finally, dictionary type is not supported by write() function.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

Refer to the exhibit.

OSPF_passive_interface.jpg

Cisco IOS routers R1 and R2 are interconnected using interface Gi0/0. Which configuration allows R1 and R2 to form an OSPF neighborship on interface Gi0/0?

A.

R2(config)#router ospf 1
R2(config-router)#passive-interface Gi0/0

B.

R2(config)#interface Gi0/0
R2(config-if)#ip ospf cost 1

C.

R1(config)#router ospf 1
R1(config-router)#no passive-interface Gi0/0

D.

R1(config)#router ospf 1
R1(config-if)#network 172.20.0.0 0.0.0.255 area 1
A

C.

R1(config)#router ospf 1
R1(config-router)#no passive-interface Gi0/0
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

A customer has a wireless network deployed within a multi-tenant building. The network provides client access, location-based services, and is monitored using Cisco DNA Center. The security department wants to locate and track malicious devices based on threat signatures. Which feature is required for this solution?

A. Cisco aWIPS policies on Cisco DNA Center
B. Cisco aWIPS policies on the WLC
C. malicious rogue rules on Cisco DNA Center
D. malicious rogue rules on the WLC

A

A. Cisco aWIPS policies on Cisco DNA Center

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

Refer to the exhibit.

trunking_issue.jpg

An engineer configures a trunk between SW1 and SW2 but tagged packets are not passing. Which action fixes the issue?

A. Configure SW2 with encapsulation dot1q on interface FastEthernet0/1.
B. Configure SW1 with dynamic auto mode on interface FastEthernet0/1
C. Configure FastEthernet0/1 on both switches for static trunking.
D. Configure the native VLAN to be the same VLAN on both switches on interface FastEthernet0/1

A

A. Configure SW2 with encapsulation dot1q on interface FastEthernet0/1.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

In a Cisco SD-Access wireless environment, which device is responsible for hosting the anycast gateway?

A. fabric border node
B. fusion router
C. fabrice edge node
D. control plance node

A

C. fabrice edge node

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

Drag and drop the characteristics from the left onto the switching architectures on the right.

Process_Switching_CEF_2.jpg

A

Process Switching
+ low switching performance

Cisco Express Forwarding
+ proprietary switching mechanism
+ supports the centralized and distributed modes of operation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

Refer to the exhibit.

monitor session 11 type erspan-source
source interface GigabitEthernet3
destination
erspan-id 12
ip address 10.10.10.10
origin ip address 10.100.10.10

Which command set completes the ERSPAN session configuration?

A.

monitor session 12 type erspan-destination
destination interface GigabitEthernet4
source
erspan-id 12
ip address 10.10.10.10

B.

monitor session 11 type erspan-destination
destination interface GigabitEthernet4
source
erspan-id 11
ip address 10.10.10.10

C.

monitor session 12 type erspan-destination
destination interface GigabitEthernet4
source
erspan-id 11
ip address 10.10.10.10

D.

monitor session 11 type erspan-destination
destination interface GigabitEthernet4
source
erspan-id 12
ip address 10.100.10.10
A

A.

monitor session 12 type erspan-destination
destination interface GigabitEthernet4
source
erspan-id 12
ip address 10.10.10.10

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

Based on the router’s API output in JSON format below, which Python code will display the value of the “role” key?

Python_JSON_output.jpg

A.

json_data = json.loads(response.text)
print(json_data[response][0][role])

B.

json_data = response.json()
print(json_data[‘response’][family][‘role’])

C.

json_data = response.json()
print(json_data[‘response’][0][‘role’])

D.

json_data = json.loads(response.text)
print(json_data[‘response’][‘family’][‘role’])
A

Answer
C.

json_data = response.json()
print(json_data[‘response’][0][‘role’])
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

Refer to the exhibit.

WLAN_General_edit.jpg

Clients report that they cannot connect to this SSID using the provided PSK. Which action will resolve this issue?

A. Select the PSK under authentication key management.
B. Define the correct Radio Policy.
C. Apply the changes this SSID.
D. Apply the correct interface to this WLAN.

A

A. Select the PSK under authentication key management.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

Refer to the exhibit.

OSPF_summarize_area.jpg

Which configuration is required to summarize Area 2 networks that are advertised to Area 0?

A. RouterB(config)# router ospf 1
RouterB(config-router)# network 192.168.38.0 255.255.252.0

B. RouterB(config)# router ospf 1
RouterB(config-router)# area 2 range 192.168.36.0 255.255.255.0

C. RouterB(config)# router ospf 1
RouterB(config-router)# network 192.168.38.0 255.255.255.0

D. RouterB(config)# router ospf 1
RouterB(config-router)# area 2 range 192.168.36.0 255.255.252.0

A

D. RouterB(config)# router ospf 1
RouterB(config-router)# area 2 range 192.168.36.0 255.255.252.0

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

Refer to the exhibit.

ip access-list extended ACL-CoPP-Management
permit udp any eq ntp any
permit udp any any eq snmp
permit tcp any any eq 22
permit tcp any eq 22 any established

class-map match-all CLASS-CoPP-Management
match access-group name ACL-CoPP-Management

An engineer must protect the CPU of the router from high rates of NTP, SNMP, and SSH traffic. Which two configurations must be applied to drop these types of traffic when it continuously exceeds 320 kbps? (Choose two)

A.

R1 (config)#policy-map POLICY-CoPP
R1(config-pmap)#class CLASS-CoPP-Management
R1(config-pmap-c)#police 320000 conform-action transmit exceed-action drop violate-action drop

B. R1(config)#control-plane
R1(config-cp)# service-policy output POLICY-CoPP

C.

R1(config-pmap)#class CLASS-CoPP-Management
R1(config-pmap-c)#police 32 conform-action transmit exceed-action drop violate-action transmit

D.

R1(config)#policy-map POLICY-CoPP
R1(config-pmap)#class CLASS-CoPP-Management
R1(config-pmap-c)#police 320000 conform-action transmit exceed-action transmit violate-action drop

E.

R1(config)#control-plane
R1(config-cp)# service-policy input POLICY-CoPP
A

D. R1(config)#policy-map POLICY-CoPP
R1(config-pmap)#class CLASS-CoPP-Management
R1(config-pmap-c)#police 320000 conform-action transmit exceed-action transmit violate-action drop

E. R1(config)#control-plane
R1(config-cp)# service-policy input POLICY-CoPP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q

Refer to the exhibit.

NAT_config_translation.jpg

What are two results of the NAT configuration? (Choose two)

A. R1 is performing NAT for inside addresses and outside address

B. R1 looks at the destination IP address of packets entering S0/0 and destined for inside hosts

C. Packets with a destination of 200.1.1.1 are translated to 10.1.1.1 or .2, respectively

D. A packet that is sent to 200.1.1.1 from 10.1.1.1 is translated to 209.165.201.1 on R1

E. R1 processes packets entering E0/0 and S0/0 by examining the source IP address

A

B. R1 looks at the destination IP address of packets entering S0/0 and destined for inside hosts

D. A packet that is sent to 200.1.1.1 from 10.1.1.1 is translated to 209.165.201.1 on R1

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
36
Q

Refer to the exhibit.

VRF_config.jpg

Which set of commands is required to configure and verify the VRF for Site 1 Network A on router R1?

A.

R1#ip routing
R1(config)#ip vrf 100
!
R1(config)#interface Gi0/2
R1(config-if)#ip address 10.0.1.1 255.255.255.0

R1#show ip vrf

B.

R1#ip routing
R1(config)#ip vrf 100
!
R1(config)#interface Gi0/2
R1(config-if)#ip address 10.0.1.1 255.255.255.0

C.

R1#ip routing
R1(config)#ip vrf 100
!
R1(config)#interface Gi0/2
R1(config-if)#ip vrf forwarding 100
R1(config-if)#ip address 10.0.1.1 255.255.255.0

R1#show ip vrf

D.

R1#ip routing
R1(config)#ip vrf 100
R1(config-vrf)#rd 100:1
R1(config-vrf)# address family ipv4
!
R1(config)#interface Gi0/2
R1(config-if)#ip address 10.0.1.1 255.255.255.0

R1#show ip route
A

C.

R1#ip routing
R1(config)#ip vrf 100
!
R1(config)#interface Gi0/2
R1(config-if)#ip vrf forwarding 100
R1(config-if)#ip address 10.0.1.1 255.255.255.0

R1#show ip vrf
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
37
Q

Where in Cisco DNA Center is documentation of each API call, organized by its functional area?

A. Developer Toolkit
B. platform management
C. platform bundles
D. Runtime Dashboard

A

A. Developer Toolkit

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
38
Q

How do the RIB and the FIB differ?

A. FIB contains routes learned through a dynamic routing protocol, and the RIB contains routes that are static or directly connected.

B. RIB contains the interface for a destination, and the FIB contains the next hop information.

C. FIB is derived from the control plane, and the RIB is derived from the data plane.

D. RIB is derived from the control plane, and the FIB is derived from the RIB.

A

D. RIB is derived from the control plane, and the FIB is derived from the RIB.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
39
Q

What does a YANG model provide?

A. standardized data structure independent of the transport protocols

B. creation of transport protocols and their interaction with the OS

C. user access to interact directly with the CLI of the device to receive or modify network configurations

D. standardized data structure that can be used only with NETCONF or RESTCONF transport protocols

A

A. standardized data structure independent of the transport protocols

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
40
Q

A network engineer must configure a switch to allow remote access for all feasible protocols. Only a password must be requested for device authentication and all idle sessions must be terminated in 30 minutes. Which configuration must be applied?

A.

line vty 0 15
password cisco
transport input all
exec-timeout 0 30

B.

line console 0
password cisco
exec-timeout 30 0

C.

line vty 0 15
password cisco
transport input telnet ssh
exec-timeout 30 0

D.

username cisco privilege 15 cisco
line vty 0 15
transport input telnet ssh
login local
exec-timeout 0 30
A

C.

line vty 0 15
password cisco
transport input telnet ssh
exec-timeout 30 0
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
41
Q

Refer to the exhibit.

add_new_wifi_network.jpg

A company has an internal wireless network with a hidden SSID and RADIUS-based client authentication for increased security. An employee attempts to manually add the company network to a laptop, but the laptop does not attempt to connect to the network. The regulatory domains of the access points and the laptop are identical. Which action resolves this issue?

A. Ensure that the “Connect even if this network is not broadcasting” option is selected.

B. Limit the enabled wireless channels on the laptop to the maximum channel range that is supported by the access points.

C. Change the security type to WPA2-Personal AES.

D. Use the empty string as the hidden SSID network name.

A

A. Ensure that the “Connect even if this network is not broadcasting” option is selected.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
42
Q

What is the recommended minimum SNR for voice applications on wireless networks?

A. 10
B. 25
C. 15
D. 20

A

B. 25

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
43
Q

Drag and drop the tools from the left onto the agent types on the right.

agent_based_agentless_2.jpg

A

Agentless
+ Terraform
+ Ansible

Agent-Based
+ Chef

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
44
Q

Which free application has the ability to make REST cans against Cisco DNA Center?

A. API Explorer
B. REST Explorer
C. Postman
D. Mozilla

A

C. Postman

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
45
Q

If AP power level is increased from 25 mW to 100 mW, what is the power difference in dBm?

A. 6 dBm
B. 14 dBm
C. 17 dBm
D. 20 dBm

A

A. 6 dBm

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
46
Q

When does a Cisco StackWise primary switch lose its role?

A. when the priority value of a stack member is changed to a higher value
B. when a switch with a higher priority is added to the stack
C. when the stack primary is reset
D. when a stack member fails

A

C. when the stack primary is reset

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
47
Q

Which activity requires access to Cisco DNA Center CLI?

A. provisioning a wireless LAN controller
B. creating a configuration template
C. upgrading the Cisco DNA Center software
D. graceful shutdown of Cisco DNA Center

A

D. graceful shutdown of Cisco DNA Center

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
48
Q

Which A record type should be configured for access points to resolve the IP address of a wireless LAN controller using DNS?

A. CISCO.CONTROLLER.localdomain
B. CISCO.CAPWAP.CONTROLLER.localdomain
C. CISCO-CONTROLLER.localdomain
D. CISCO-CAPWAP-CONTROLLER.localdomain

A

D. CISCO-CAPWAP-CONTROLLER.localdomain

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
49
Q

Which NTP mode must be activated when using a Cisco router as an NTP authoritative server?

A. primary
B. server
C. broadcast client
D. peer

A

B. server

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
50
Q

Refer to the exhibit. Which router is elected as the VRRP primary virtual router?

Router A

Interface GigabitEthernet 1/0
ip address 192.168.0.1 255.255.255.0
vrrp priority 120

Router B

Interface GigabitEthernet 1/0
ip address 192.168.0.200 255.255.255.0
vrrp priority 100

Router C

Interface GigabitEthernet 1/0
ip address 192.168.0.3 255.255.255.0
vrrp priority 130

Router D

Interface GigabitEthernet 1/0
ip address 192.168.0.4 255.255.255.0
vrrp priority 90

A. Router A
B. Router B
C. Router C
D. Router D

A

C. Router C

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
51
Q

Which signal strength and noise values meet the minimum SNR for voice networks?

A. signal strength -67 dBm, noise 91 dBm
B. signal strength -69 dBm, noise 94 dBm
C. signal strength -68 dBm, noise 89 dBm
D. signal strength -66 dBm, noise 90 dBm

A

B. signal strength -69 dBm, noise 94 dBm

The recommended minimum SNR for voice applications on wireless networks is 25dB.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
52
Q

An engineer is connected to a Cisco router through a Telnet session. Which command must be issued to view the logging messages from the current session as soon as they are generated by the router?

A. logging buffer
B. service timestamps log uptime
C. logging host
D. terminal monitor

A

D. terminal monitor

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
53
Q

An engineer is configuring RADIUS-Based Authentication with EAP. MS-CHAPv2 is configured on a client device. Which outer method protocol must be configured on the ISE to support this authentication type?

A. EAP-TLS
B. EAP-FAST
C. LDAP
D. PEAP

A

D. PEAP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
54
Q

Drag and drop the characteristics from the left onto the orchestration tool classifications on the right.

Configuration_Management_vs_Orchestration_2.jpg

A

Configuration Management
+ mutable infrastructure
+ designed to install and manage software on existing servers

Orchestration
+ immutable infrastructure
+ designed to provision the servers

An immutable infrastructure is one in which servers are never modified after they’re deployed. If something needs to be updated or changed, new servers are built afresh from a common template with the desired changes.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
55
Q

Refer to the exhibit.

show_confs_r1_r2

R1 and R2 are directly connected, but the BGP session does not establish. Which action must be taken to build an eBGP session?

A. Configure ip route 1.1.1.1 0.0.0.0 192.168.12.1 on R2.
B. Configure neighbor 192.168.12.1 activate under R2 BGP process.
C. Configure neighbor 2.2.2.2 remote-as 65002 under R1 BGP process.
D. Configure no neighbor 192.168.12.1 shutdown under R2 BGP process.

A

D. Configure no neighbor 192.168.12.1 shutdown under R2 BGP process.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
56
Q

Refer to the exhibit.

show_ip_nat_translations.jpg

Hosts PC1 PC2 and PC3 must access resources on Server1. An engineer configures NAT on Router R1 to enable the communication and enters the show command to verify operation. Which IP address is used by the hosts when they communicate globally to Server1?

A. 155.1.1.5
B. random addresses in the 155.1.1.0/24 range
C. their own address in the 10.10.10.0/24 range
D. 155.1.1.1

A

D. 155.1.1.1

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
57
Q

Drag and drop the characteristics from the left onto the infrastructure deployment models on the right.

On_Premimes_vs_Cloud_3.jpg

A

On-Premises
+ Infrastructure requires large and regular investments
+ It requires capacity planning for power and cooling

Cloud
+ Capacity easily scales up or down
+ It enables users to access resources from anywhere

58
Q

Which technology reduces the implementation of STP and leverages both unicast and multicast?

A. VPC
B. VXLAN
C. VSS
D. VLAN

A

C. VSS

59
Q

Which application has the ability to make REST calls against Cisco DNA Center?

A. API Explorer
B. Postman
C. REST Explorer
D. Mozilla

A

B. Postman

60
Q

Refer to the exhibit.

GRE_Tunnel_Config.jpg

Which GRE tunnel configuration command is missing on R2?

A. tunnel source 192.181.2
B. tunnel source 172.16.1.0
C. tunnel source 200.1.1.1
D. tunnel destination 200.1.1.1

A

C. tunnel source 200.1.1.1

61
Q

A company recently decided to use RESTCONF instead of NETCONF and many of their NETCONF scripts contain the operation <edit-config>(operation=”create”). Which RESTCONF operation must be used to replace these statements?</edit-config>

A. CREATE
B. GET
C. PUT
D. POST

A

D. POST

62
Q

An engineer must protect the password for the VTY lines against over-the-shoulder attacks. Which configuration should be applied?

A. service password-encryption
B. username netadmin secret 9 $9$vFpMf8elb4RVV8$seZ/bDA
C. username netadmin secret 7$1$42J36k33008Pyh4QzwXyZ4
D. line vty 0 15 p3ssword XD822j

A

A. service password-encryption

63
Q

Which QoS feature uses the IP Precedence bits in the ToS field of the IP packet header to partition traffic into different priority levels?

A. marking
B. shaping
C. policing
D. classification

A

D. classification

64
Q

Refer to the exhibit.

BGP_neighbor.jpg

R1 has a BGP neighborship with a directly connected router on interface Gi0/0. Which command set is applied between the iterations of show ip bgp 2.2.2.2?

A.

R1(config)#router bgp 65001
R1(config-router)#neighbor 192.168.50.2 shutdown

B.

R1(config)#router bgp 65002
R1(config-router)#neighbor 192.168.50.2 shutdown

C.

R1(config)#ip route 2.2.2.2 255.255.255.255 192.168.50.2

D.

R1(config)#no ip route 192.168.50.2 255.255.255.255 Gi0/0
A

C.

R1(config)#ip route 2.2.2.2 255.255.255.255 192.168.50.2
65
Q

Refer to the exhibit.

ERSPAN_config_3.jpg

An engineer must configure an ERSPAN tunnel that mirrors traffic from Linux1 on Switch1 to Linux2 on Switch2. Which command must be added to the source configuration to enable the ERSPAN tunnel?

A. (config-mon-erspan-dst-src)#origin ip address 172.16.10.10
B. (config-mon-erspan-dst-src)#no shut
C. (config-mon-erspan-dst-src)#erspan-id 110
D. (config-mon-erspan-dst-src)#erspan-id 172.16.10.10

A

C. (config-mon-erspan-dst-src)#erspan-id 110

66
Q

An engineer applies this EEM applet to a router
EEM_check_MAC_address.jpg

What does the applet accomplish?

A. It checks the MAC address table every 600 seconds to see if the specified address has been learned.

B. It compares syslog output to the MAC address table every 600 seconds and generates an event when no match is found.

C. It compares syslog output to the MAC address table every 600 seconds and generates an event when there is a match.

D. It generates a syslog message every 600 seconds on the status of the specified MAC address.

A

A. It checks the MAC address table every 600 seconds to see if the specified address has been learned.

67
Q

Drag and drop the code snippets from the bottom onto the blanks in the code to construct a request that configures a deny rule on an access list.

json_script_acl.jpg

A
  1. access-list-seq-rule
  2. deny
  3. ip
  4. dst-any
68
Q

How is traffic classified when using Cisco TrustSec technology?

A. with the IP address
B. with the VLAN
C. with the security group tag
D. with the MAC address

A

C. with the security group tag

69
Q

Refer to the exhibit.

acl_allow_traffic.jpg

A network administrator must configure router B to allow traffic only from network 10.100.2.0 to networks outside of router B. Which configuration must be applied?

Option A

RouterB(config)# access-list 101 permit ip 10.100.2.0 0.0.0.255 any
RouterB(config)# access-list 101 deny any
!
RouterB(config)# int g0/0/0
RouterB(config-if)# ip access-group 101 out

Option B

RouterB(config)# access-list 101 permit ip 10.100.3.0 0.0.0.255 any
RouterB(config)# access-list 101 deny any

RouterB(config)# int g0/0/0
RouterB(config-if)# ip access-group 101 out
!
RouterB(config)# int g0/0/1
RouterB(config-if)# ip access-group 101 out

Option C

RouterB(config)# access-list 101 permit ip 10.100.2.0 0.0.0.255 any
RouterB(config)# access-list 101 deny any
!
RouterB(config)# int g0/0/2
RouterB(config-if)# ip access-group 101 in

Option D

RouterB(config)# access-list 101 permit ip 10.100.2.0 0.0.0.255 any
RouterB(config)# int g0/0/0
RouterB(config-if)# ip access-group 101 out
!
RouterB(config)# int g0/0/1
RouterB(config-if)# ip access-group 101 out
A

Option D

RouterB(config)# access-list 101 permit ip 10.100.2.0 0.0.0.255 any
RouterB(config)# int g0/0/0
RouterB(config-if)# ip access-group 101 out
!
RouterB(config)# int g0/0/1
RouterB(config-if)# ip access-group 101 out
70
Q

What is a benefit of using segmentation with TrustSec?

A. Integrity checks prevent data from being modified in transit.
B. Packets sent between endpoints on a LAN are encrypted using symmetric key cryptography.
C. Security group tags enable network segmentation.
D. Firewall rules are streamlined by using business-level profiles.

A

C. Security group tags enable network segmentation.

71
Q

Refer to the exhibit.

OSPF.jpg

An engineer must reduce the number of Type 1 and Type 2 LSAs that are advertised to R4 within OSPF area 0. Which configuration must be applied?

A.

R1# conf t
Router(config)# router ospf 1
Router(config-router)# prefix-suppression

B.

R4# conf t
Router(config)# router ospf 1
Router(config-router)# summary-address 10.0.0.0 255.255.255.0

C.

R2# conf t
Router(config)# interface Gig0/0
Router(config-router)# ip ospf prefix-suppression

D.

R2# conf t
Router(config)# int Gig0/0
Router(config-if)# ip summary-address 10.0.0.0 255.255.255.0
A

C.

R2# conf t
Router(config)# interface Gig0/0
Router(config-router)# ip ospf prefix-suppression
72
Q

Refer to the exhibit.

BGP_preferred_path.jpg

Which configuration must be applied to ensure that the preferred path for traffic from AS 65010 toward AS 65020 uses the R2 to R4 path?

A.

R4(config)# router bgp 65020
R4(config-router)# bgp default local-preference 300

R5(config)# router bgp 65020
R5(config-router)# bgp default local-preference 200

B.

R2(config)# router bgp 65010
R2(config-router)# bgp default local-preference 300

R1(config)# router bgp 65010
R1(config-router)# bgp default local-preference 200

C.

R2(config)# router bgp 65010
R2(config-router)# bgp default local-preference 200

R1(config)# router bgp 65010
R1(config-router)# bgp default local-preference 300

D.

R4(config)# router bgp 65020
R4(config-router)# bgp default local-preference 200

R5(config)# router bgp 65020
R5(config-router)# bgp default local-preference 300
A

B.

R2(config)# router bgp 65010
R2(config-router)# bgp default local-preference 300

R1(config)# router bgp 65010
R1(config-router)# bgp default local-preference 200
73
Q

What are two best practices when designing a campus Layer 3 infrastructure? (Choose two)

A. Configure passive-interface on nontransit links.

B. Implement security features at the core.

C. Summarize routes from the aggregation layer toward the core layer.

D. Tune Cisco Express Forwarding load balancing hash for ECMP routing.

E. Summarize from the access layer toward the aggregation layer.

A

C. Summarize routes from the aggregation layer toward the core layer.

D. Tune Cisco Express Forwarding load balancing hash for ECMP routing.

74
Q

Refer to the exhibit.

radiation_pattern.jpg

Which antenna emits this radiation pattern?

A. omnidirectional
B. RP-TNC
C. dish
D. Yagi

A

A. omnidirectional

75
Q

Refer to the exhibit.

python code

How should the programmer access the list of VLANs that were received via the API call?

A. VlanNames[‘response’]
B. VlanNames[0]
C. VlanNames[‘Vlan1’]
D. list(VlanNames)

A

A. VlanNames[‘response’]

76
Q

An EEM applet contains this command:

event snmp oid 1.3.6.1.4.3.8.0.5.8.7.1.3 get-type next entry-op gt entry-val 80 poll-interval 8

What is the result of the command?

A. An SNMP event is generated when the value equals 80% for eight polling cycles.
B. An SNMP event is generated when the value is greater than 80% for eight polling cycles.
C. An SNMP event is generated when the value reaches 80%.
D. An SNMP variable is monitored and an action is triggered when the value exceeds 80%.

A

D. An SNMP variable is monitored and an action is triggered when the value exceeds 80%.

77
Q

Refer to the exhibit.

python code

What does this Python script do?

A. enters the TACACS+ username for a specific IP address
B. reads the username for a specific IP address from a light database
C. writes the username for a specific IP address into a light database
D. enters the RADIUS username for a specific IP address

A

B. reads the username for a specific IP address from a light database

78
Q

Refer to the exhibit.

for x in range(6):
    print(x)

What is output by this code?

A. 0 5
B. 0 1 2 3 4 5
C. 0 1 2 3 4
D. (0,5)

A

B. 0 1 2 3 4 5

79
Q

What is the purpose of the weight attribute in an EID-to-RLOC mapping?

A. It determines the administrative distance of LISP generated routes in the RIB.

B. It indicates the load-balancing ratio between ETRs of the same priority.

C. It indicates the preference for using LISP over native IP connectivity.

D. It identifies the preferred RLOC address family.

A

B. It indicates the load-balancing ratio between ETRs of the same priority.

80
Q

A network engineer is designing a QoS policy for voice and video applications. Which software queuing feature provides strict-priority servicing?

A. Class-Based Weighted Fair Queuing
B. Low Latency Queuing
C. Link Fragmentation
D. Automatic QoS

A

B. Low Latency Queuing

81
Q

Which characteristic applies to a traditional WAN solution but not to a Cisco SD-WAN solution?

A. lengthy installation times
B. centralized reachability, security, and application policies
C. low complexity and increased overall solution scale
D. operates over DTLS/TLS authenticated and secured tunnels

A

A. lengthy installation times

82
Q

Which of the following are features typically only found in a Next Generation (NextGen) firewall? (Choose two)

A. Network Address Translation (NAT)
B. Secure remote access VPN (RA VPN)
C. Deep packet inspection
D. reputation based malware detection
E. IPSec site-to-site VPN

A

C. Deep packet inspection
D. reputation based malware detection

83
Q

JSON web tokens (JWT) are used to secure JSON based communications. Which of the following fields make up a JWT? (Choose three)

A. Header
B. Trailer
C. Payload
D. Sequence number
E. Signature

A

A. Header

C. Payload

E. Signature

84
Q

Ansible is being used in a network for configuration and management automation. Which of the following are true statements regarding Ansible? (Choose two)

A. Requires an agent on the end device.
B. Utilizes the concept of playbooks to execute the configuration.
C. Uses a pull model, where the end devices pull configuration files from the Ansible server.
D. Utilizes SSH.

A

B. Utilizes the concept of playbooks to execute the configuration.

D. Utilizes SSH.

85
Q

In a Cisco Software Defined Networking (SDN) architecture, what is used to describe the API communication between the SDN controller and the network elements (routers and switches) that it manages?

A. Southbound API
B. Northbound API
C. Westbound API
D. Eastbound API

A

A. Southbound API

https://www.9tut.com/images/ccna/SDN/Southbound_Northbound_APIs.jpg

86
Q

In a Cisco VXLAN based network, which of the following best describes the main function of a VXLAN Tunnel Endpoint (VTEP)?

A. A device that performs VXLAN encapsulation and decapsulation.
B. It is a 24 bit segment ID that defines the broadcast domain.
C. It is the Logical interface where the encapsulation and de-encapsulation occurs.
D. It is a device that performs tunneling using GRE.

A

A. A device that performs VXLAN encapsulation and decapsulation.

87
Q

What does the Cisco DNA Center Authentication API provide?

A. list of global issues that are logged in Cisco DNA Center
B. access token to make calls to Cisco DNA Center
C. list of VLAN names
D. dent health status

A

B. access token to make calls to Cisco DNA Center

88
Q

What is a client who is running 802.1x for authentication reffered to as?

A. supplicant
B. NAC device
C. authenticator
D. policy enforcement point

A

A. supplicant

89
Q

Refer to the exhibit.

xml_acl_code.jpg

What is achieved by the XML code?

A. It reads the access list sequence numbers from the output of the show ip access-list extended flp command into a dictionary list

B. It displays the output of the show ip access-list extended flp command on the terminal screen

C. It displays the access list sequence numbers from the output of the show ip access-list extended flp command on the terminal screen

D. It reads the output of the show ip access-list extended flp command into a dictionary list

A

A. It reads the access list sequence numbers from the output of the show ip access-list extended flp command into a dictionary list

90
Q

What does the statement print(format(0.8, ‘.0%’)) display?

A. 80%
B. 8%
C. .08%
D. 8.8%

A

A. 80%

91
Q

Refer to the exhibit.

Router#show running-config | include aaa 
aaa new-model
aaa authentication login default group tacacs+ 
aaa authorization exec default group tacacs+ 
aaa session-id common

Which configuration enables fallback to local authentication and authorization when no TACACS+ server is available?

A.

Router(config)# aaa authentication login default local
Router(config)# aaa authorization exec default local

B.

Router(config)# aaa authentication login default group tacacs+ local
Router(config)# aaa authorization exec default group tacacs+ local

C.

Router(config)# aaa fallback local

D.

Router(config)# aaa authentication login FALLBACK local
Router(config)# aaa authorization exec FALLBACK local
A

B.

Router(config)# aaa authentication login default group tacacs+ local
Router(config)# aaa authorization exec default group tacacs+ local
92
Q

Which collection contains the resources to obtain a list of fabric nodes through the vManage API?

A. device management
B. administration
C. device inventory
D. monitoring

A

C. device inventory

93
Q

Which security measure mitigates a man-in-the-middle attack of a REST API?

A. SSL certificates
B. biometric authentication
C. password hash
D. non repudiotion feature

A

A. SSL certificates

94
Q

Refer to the exhibit. Which two commands ensure that DSW1 becomes root bridge for VLAN 10 and 20? (Choose two)

show_spanning_tree_mst.jpg

A. spanning-tree mstp 1 priority 0
B. spanning-tree mst 1 root primary
C. spanning-tree mst vlan 10,20 priority root
D. spanning-tree mst 1 priority 4096
E. spanning-tree mst 1 priority 1
F. spanning-tree mstp vlan 10,20 root primary

A

B. spanning-tree mst 1 root primary

D. spanning-tree mst 1 priority 4096

95
Q

Which solution supports end to end line-rate encryption between two sites?

A. IPsec
B. TrustSec
C. MACsec
D. GRE

A

C. MACsec

96
Q

Refer to the exhibit.

exhibit

An engineer is troubleshooting a newly configured BGP peering that does not establish. What is the reason for the failure?

A. BGP peer 10.255.255.3 is not configured for peering with R1

B. Mandatory BGP parameters between R1 and 10.255.255.3 are mismatched

C. A firewall is blocking access to TCP port 179 on the BGP peer 10.255.255.3

D. Both BGP peers are configured for passive TCP transport

A

C. A firewall is blocking access to TCP port 179 on the BGP peer 10.255.255.3

97
Q

Which access control feature does MAB provide?

A. user access based on IP address
B. allows devices to bypass authenticate
C. network access based on the physical address of a device
D. simultaneous user and device authentication

A

C. network access based on the physical address of a device

98
Q

Which authorization framework gives third-party applications limited access to HTTP services?

A. IPsec
B. Basic Auth
C. GRE
D. OAuth 2.0

A

D. OAuth 2.0

99
Q

In the Cisco DNA Center Image Repository, what is a golden image?

A. The latest software image that is available for a specific device type

B. The Cisco recommended software image for a specific device type.

C. A software image that is compatible with multiple device types.

D. A software image that meets the compliance requirements of the organization.

A

B. The Cisco recommended software image for a specific device type.

100
Q

Refer to the exhibit.

exhibit

Which action results from executing the Python script?

A. display the output of a command that is entered on that device in a single line
B. SSH to the IP address that is manually entered on that device
C. display the output of a command that is entered on that device
D. display the unformatted output of a command that is entered on that device

A

C. display the output of a command that is entered on that device

101
Q

Which two methods are used to assign security group tags to the user in a Cisco Trust Sec architecture? (Choose two)

A. modular QoS
B. policy routing
C. web authentication
D. DHCP
E. IEEE 802.1x

A

C. web authentication

E. IEEE 802.1x

102
Q

Refer to the exhibit.

count = 8
while count > 4 :
  print(count)
  count -= 1

What is output by this code?

A. 8 7 6 5
B. -4 -5 -6 -7
C. -1 -2-3-4
D. 4 5 6 7

A

A. 8 7 6 5

103
Q

When a DNS host record is configured for a new Cisco AireOS WLC, which hostname must be added to allow APs to successfully discover the WLC?

A. CONTROLLER-CAPWAP-CISCO
B. CISCO-CONTROLLER-CAPWAP
C. CAPWAP-CISCO-CONTROLLER
D. CISCO-CAPWAP-CONTROLLER

A

D. CISCO-CAPWAP-CONTROLLER

104
Q

Refer to the exhibit.

WLAN_advanced.jpg

An engineer configures a new WLAN that will be used for secure communications; however, wireless clients report that they are able to communicate with each other. Which action resolves this issue?

A. Enable Client Exclusions
B. Disable Aironet IE
C. Enable Wi-Fi Direct Client Policy
D. Enable P2P Blocking

A

D. Enable P2P Blocking

105
Q

Refer to the exhibit.

exhibit

An engineer configured TACACS+ to authenticate remote users but the configuration is not working as expected. Which configuration must be applied to enable access?

A.

R1(config)#ip tacacs source-interface Gig0/0

B.

R1(config)#tacacs-server prod
R1(config-server-tacacs)#key cisco123

C.

R1(config)#aaa authorization exec default group tacacs+ local

D.

R1(config)#tacacs-server prod
R1(config-server-tacacs)#port 1020
A

B.

R1(config)#tacacs-server prod
R1(config-server-tacacs)#key cisco123
106
Q

Refer to the exhibit.

exhibit

The EtherChannel between SW1 and SW2 is not operational. Which action will resolve the issue?

A. Configure channel-group 1 mode active on G1/0 and G1/1 of SW2
B. Configure switchport trunk encapsulation dot1q on SW1 and SW2
C. Configure channel-group 1 mode active on G1/0 and G1/1 of SW1
D. Configure switchport mode dynamic desirable on SW1 and SW2

A

C. Configure channel-group 1 mode active on G1/0 and G1/1 of SW1

107
Q

Refer to the exhibit.

NETCONF_configured.jpg

Which command set enables router R2 to be configured via NETCONF?

A.

R1(config)#username Netconf privilege 15 password example_password
R1(config)#netconf-yang
R1(config)#netconf-yang feature candidate-datastore

B.

R1(config)#snmp-server manager
R1(config)#snmp-server community ENCOR ro

C.

R1(config)#snmp-server manager
R1(config)#snmp-server community ENCOR rw

D.

R1(config)#netconf
R1(config)#ip http secure-server
A

A.

R1(config)#username Netconf privilege 15 password example_password
R1(config)#netconf-yang
R1(config)#netconf-yang feature candidate-datastore
108
Q

Refer to the exhibit.

OSPF_neighbor_fail.jpg

Why does the OSPF neighborship fail between the two interfaces?

A. The IP subnet mask is not the same.
B. There is a mismatch in the OSPF interface network type.
C. The OSPF timers are different.
D. The MTU is nor the same.

A

A. The IP subnet mask is not the same.

109
Q

Which configuration restricts the amount of SSH that a router accepts 100 kbps?

Option A

class-map match-all CoPP_SSH
 match access-group name CoPP_SSH
!
policy-map CoPP_SSH
 class CoPP_SSH
  police cir 100000
  exceed-action drop
!
!
!
interface GigabitEthernet0/1
 ip address 209.165.200.225 255.255.255.0
 ip access-group CoPP_SSH out
 duplex auto
 speed auto
 media-type rj45
service-policy input CoPP_SSH
!
ip access-list extended CoPP_SSH
 permit tcp any any eq 22
!
```	

**Option B**

```	
class-map match-all CoPP_SSH
 match access-group name CoPP_SSH
!
policy-map CoPP_SSH
 class CoPP_SSH
  police cir CoPP_SSH
  exceed-action drop
!
!
!
interface GigabitEthernet0/1
 ip address 209.165.200.225 255.255.255.0
 ip access-group CoPP_SSH out
 duplex auto
 speed auto
 media-type rj45
service-policy input CoPP_SSH
!
ip access-list extended CoPP_SSH
 deny tcp any any eq 22
!
```	

**Option C**

```	
class-map match-all CoPP_SSH
 match access-group name CoPP_SSH
!
policy-map CoPP_SSH
 class CoPP_SSH
  police cir 100000
  exceed-action drop
!
!
!
control-plane
 service-policy input CoPP_SSH
!
ip access-list extended CoPP_SSH
 permit tcp any any eq 22
!	
```	

**Option D**

```	
class-map match-all CoPP_SSH
 match access-group name CoPP_SSH
!
policy-map CoPP_SSH
 class CoPP_SSH
  police cir 100000
  exceed-action drop
!
!
!
control-plane transit
 service-policy input CoPP_SSH
!
ip access-list extended CoPP_SSH
 permit tcp any any eq 22
!
A

Option C

```
class-map match-all CoPP_SSH
match access-group name CoPP_SSH
!
policy-map CoPP_SSH
class CoPP_SSH
police cir 100000
exceed-action drop
!
!
!
control-plane
service-policy input CoPP_SSH
!
ip access-list extended CoPP_SSH
permit tcp any any eq 22
!
~~~

110
Q

What is a benefit of Cisco TrustSec in a multilayered LAN network design?

A. Policy or ACLs are not required.
B. There is no requirements to run IEEE 802.1X when TrustSec is enabled on a switch port.
C. Applications flows between hosts on the LAN to remote destinations can be encrypted.
D. Policy can be applied on a hop-by-hop basis.

A

D. Policy can be applied on a hop-by-hop basis.

111
Q

Refer to the exhibit.

no aaa new-model
username admin privilege 15 secret cisco123
ip http secure-port 445

Which command must be applied to complete the configuration and enable RESTCONF?

A. ip http secure-server
B. ip http server
C. ip http secure-port 443
D. ip http client username restconf

A

A. ip http secure-server

112
Q

Which two features are available only in next-generation firewalls? (Choose two)

A. virtual private network
B. deep packet inspection
C. stateful inspection
D. application awareness
E. packet filtering

A

B. deep packet inspection

D. application awareness

113
Q

Drag and drop the code snippets from the bottom onto the blanks in the Python script to print the device model to the screen and write JSON data to a file. Not all options are used.

python_json_print_2.jpg

A
  1. print
  2. open
  3. w
  4. dump
114
Q

Which configuration enables password checking on the console line, using only a password?

A. router(config)#line con 0
router(config-line)#exec-timeout 0 0

B. router(config)#line con 0
router(config-line)#login

C. router(config)#line con 0
router(config-line)#login local

D. router(config)#line vty 0 4
router(config-line)#login

A

B. router(config)#line con 0
router(config-line)#login

115
Q

Which language defines the structure or modelling of data for NETCONF and RESTCONF?

A. YAM
B. YANG
C. JSON
D. XML

A

B. YANG

116
Q

Refer to the exhibit.

OSPF_advertised.jpg

Which two configurations enable R1 and R2 to advertise routes into OSPF? (Choose two)

A. R2
router ospf 0
network 172.16.1.0 255.255.255.0 area 0
network 172.16.2.0 255.255.255.0 area 0

B. R2
router ospf 0
network 172.16.1.0 0.0.0.255 area 0
network 172.16.2.0 255.255.255.0 area 0

C. R1
router ospf 0
network 192.168.1.0 0.0.0.255 area 0
network 192.168.2.0 0.0.0.255 area 0

D. R2
router ospf 0
network 172.16.1.0 0.0.0.255 area 0
network 172.16.2.0 0.0.0.255 area 0

E. R1
router ospf 0
network 172.16.1.0 255.255.255.0 area 0
network 172.16.2.0 255.255.255.0 area 0

A

C. R1
router ospf 0
network 192.168.1.0 0.0.0.255 area 0
network 192.168.2.0 0.0.0.255 area 0

D. R2
router ospf 0
network 172.16.1.0 0.0.0.255 area 0
network 172.16.2.0 0.0.0.255 area 0

117
Q

Which DNS lookup does an AP perform when attempting CAPWAP discovery?

A. CAPWAP-CONTROLLER.local
B. CISCO-CAPWAP-CONTROLLER.local
C. CISCO-DNA-CONTROLLER.local
D. CISCO-CONTROLLER.local

A

B. CISCO-CAPWAP-CONTROLLER.local

118
Q

How do cloud deployments compare to on-premises deployments?

A. Cloud deployments provide a better user experience across world regions, whereas on-premises deployments depend upon region-specific conditions

B. Cloud deployments are inherently unsecure, whereas a secure architecture is mandatory for on-premises deployments.

C. Cloud deployments mandate a secure architecture, whereas on-premises deployments are inherently unsecure.

D. Cloud deployments must include automation infrastructure, whereas on-premises deployments often lack the ability for automation.

A

B. Cloud deployments are inherently unsecure, whereas a secure architecture is mandatory for on-premises deployments.

119
Q

A firewall address of 192.168.1.101 can be pinged from a router but, when running a traceroute to it, this output is received.

1 * * *
2 * * *
3 * * *
4 * * *
5 * * *
6 * * *
7 * * *
8 * * *
9 * * *
10 * * *

What is the cause of this issue?

A. The firewall blocks ICMP traceroute traffic
B. The firewall rule that allows ICMP traffic does not function correctly
C. The firewall blocks ICMP traffic
D. The firewall blocks UDP traffic

A

D. The firewall blocks UDP traffic

120
Q

Which configuration filters out DOT1X messages in the format shown below from being sent toward Syslog server 10.15.20.33?

Nov 11 10:59:47 MEZ: %AUTHMGR-5-START: Starting ‘dot1x’ for client (101f.74ed.e38d) on Interface Gi1/0/23 AuditSessionID 0ADEE01200002B3D2D05EE68
Nov 11 10:59:49 MEZ: %AUTHMGR-5-START: Starting ‘dot1x’ for client (101f.74ed.e38d) on Interface Gi1/0/23 AuditSessionID 0ADEE01200002B3E2D05F655

A. logging discriminator DOT1X facility drops DOT1X
logging host 10.15.20.33 discriminator DOT1X

B. logging discriminator DOT1X msg-body drops DOTX
logging host 10.15.20.33 discriminator DOTX

C. logging discriminator DOT1X mnemonics includes DOTX
logging host 10.15.20.33 discriminator DOT1X

D. logging discriminator DOT1X mnemonics includes DOT1X
logging host 10.15.20.33 discriminator DOTX

A

A. logging discriminator DOT1X facility drops DOT1X
logging host 10.15.20.33 discriminator DOT1X

121
Q

Which device, in a LISP routing architecture, receives and de-encapsulates LISP traffic for endpoints within a LISP-capable site?

A. MR
B. ETR
C. OMS
D. ITR

A

B. ETR

122
Q

Which action limits the total amount of memory and CPU that is used by a collection of VMs?

A. Place the collection of VMs in a resource pool.

B. Place the collection of VMs in a vApp.

C. Limit the amount of memory and CPU that is available to the cluster.

D. Limit the amount of memory and CPU that is available to the individual VMs.

A

A. Place the collection of VMs in a resource pool.

123
Q

Refer to the exhibit.

ACL_allow_internet.jpg

Remote users cannot access the Internet but can upload files to the storage server. Which configuration must be applied to allow Internet access?

A.

ciscoasa(config)#access-list MAIL_AUTH extended permit tcp any any eq www
ciscoasa(config)#aaa authentication listener http inside redirect

B.

ciscoasa(config)#access-list MAIL_AUTH extended permit tcp any any eq http
ciscoasa(config)#aaa authentication listener http inside port 43

C.

ciscoasa(config)#access-list HTTP_AUTH extended permit udp any any eq http
ciscoasa(config)#aaa authentication listener http outside port 43

D.

ciscoasa(config)#access-list MAIL_AUTH extended permit udp any any eq http
ciscoasa(config)#aaa authentication listener http outside redirect
A

A.

ciscoasa(config)#access-list MAIL_AUTH extended permit tcp any any eq www
ciscoasa(config)#aaa authentication listener http inside redirect
124
Q

Refer to the exhibit.

ip access-list extended 101
 10 deny ip any any
!
event manager applet Block_Users
 action 1.0 cli command "enable"
 action 2.0 cli command "configure terminal"
 action 3.0 cli command "interface GigabitEthernet1"
 action 4.0 cli command "ip access-group 101 in"
 action 5.0 cli command "ip access-group 101 out"

An engineer builds an EEM script to apply an access list. Which statement must be added to complete the script?

A. event none
B. action 2.1 cli command “ip action 3.1 cli command 101”
C. action 6.0 cli command ”ip access-list extended 101”
D. action 6.0 cli command ”ip access-list extended 101″

A

A. event none

125
Q

What is a characteristic of a traditional WAN?

A. low complexity and high overall solution scale
B. centralized reachability, security, and application policies
C. operates over DTLS and TLS authenticated and secured tunnels
D. united data plane and control plane

A

D. united data plane and control plane

126
Q

Which Python library is used to work with YANG data models via NETCONF?

A. Postman
B. requests
C. ncclient
D. cURL

A

C. ncclient

127
Q

Which JSON script is properly formatted?

Option A

"car":[
      {
	 "type":"A New Book",
	 "model":"J Doe",
	 "year":"1"
      }]

Option B

{
   "host":
     [
	"name":"SwitchA,
	"model":"Catalyst",
	"serial":"043939383",
     ]
}

Option C

{
   "book":[
      {
	  "title":"A New Book,
	  "author":"J P Doe",
	  "edition":"2"
	}]
}

Option D

[
   "class":{
   
           "title":"Science",
           "grade":"11",
	   "location":"Room C".
	}]
]
A

Option C

{
   "book":[
      {
	  "title":"A New Book,
	  "author":"J P Doe",
	  "edition":"2"
	}]
}
128
Q

Which mobility role is assigned to a client in the client table of the new controller after a Layer 3 roam?

A. anchor
B. foreign
C. mobility
D. transparent

A

B. foreign

129
Q

Drag and drop the snippets onto the blanks within the code to create an EEM script that adds an entry to a locally stored text file with a timestamp when a configuration change is made. Not all options are used.

EEM_script_add_entry.jpg

A
  1. event syslog pattern
  2. “enable”
  3. | append flash
130
Q

Refer to the exhibit.

LACP_mode.jpg

An LACP port channel is configured between Switch-1 and Switch-2, but it falls to come up. Which action will resolve the issue?

A. Configure Switch-1 with channel-group mode active
B. Configure Switch-2 with channel-group mode desirable
C. Configure Switch-1 with channel-group mode on
D. Configure SwKch-2 with channel-group mode auto

A

A. Configure Switch-1 with channel-group mode active

131
Q

Which device is responsible for finding EID-to-RLOC mappings when traffic is sent to a LISP-capable site?

A. map server
B. map resolver
C. ingress tunnel router
D. egress tunnel router

A

C. ingress tunnel router

132
Q

In a Cisco SD-Access environment, which function is performed by the border node?

A. Connect devices to the fabric domain.
B. Group endpoints into IP pools.
C. Provide reachability information to fabric endpoints.
D. Provide connectivity to traditional layer 3 networks.

A

D. Provide connectivity to traditional layer 3 networks.

133
Q

Why would a customer implement an on-premises solution instead of a cloud solution?

A. On-premises offers greater compliance for government regulations than cloud
B. On-premises offers greater scalability than cloud
C. On-premises offers shorter deployment time than cloud
D. On-premises is more secure than cloud

A

D. On-premises is more secure than cloud

134
Q

Refer to the exhibit.

OSPF_failed.jpg

Why does OSPF fail to establish an adjacency between R1 and R2?

A. authentication mismatch
B. interface MTU mismatch
C. area mismatch
D. timers mismatch

A

B. interface MTU mismatch

135
Q

Refer to the exhibit.

ACL_allow_ftp.jpg

An engineer must allow the FTP traffic from users on 172.16.1.0 /24 to 172.16.2.0 /24 and block all other traffic. Which configuration must be applied?

A.

R1(config)#access-list 120 deny any any
R1(config)#access-list 120 permit tcp 172.16.1.0 0.0.0.255 172.16.2.0 0.0.0.255 21
R1(config)#interface giga 0/0
R1(config-if)#ip access-group 120 out

B.

R1(config)#access-list 120 permit tcp 172.16.1.0 0.0.0.255 21 172.16.2.0 0.0.0.255
R1(config)#interface giga 0/2
R1(config)#ip access-group 120 in

C.

R1(config)#access-list 120 permit tcp 172.16.1.0 0.0.0.255 172.16.2.0 0.0.0.255 20
R1(config)#access-list 120 permit tcp 172.16.1.0 0.0.0.255 172.16.2.0 0.0.0.255 21
R1(config)#interface giga 0/2
R1(config-if)#ip access-group 120 in

D.

R1(config)#access-list 120 permit tcp 172.16.1.0 0.0.0.255 21 172.16.2.0 0.0.0.255
R1(config)#access-list 120 permit udp 172.16.1.0 0.0.0.255 21 172.16.2.0 0.0.0.255
R1(config)#interface giga 0/2
R1(config-if)#ip access-group 120 out
A

C.

R1(config)#access-list 120 permit tcp 172.16.1.0 0.0.0.255 172.16.2.0 0.0.0.255 20
R1(config)#access-list 120 permit tcp 172.16.1.0 0.0.0.255 172.16.2.0 0.0.0.255 21
R1(config)#interface giga 0/2
R1(config-if)#ip access-group 120 in
136
Q

Which two new security capabilities are introduced by using a next-generation firewall at the Internet edge? (Choose two)

A. DVPN
B. NAT
C. stateful packet inspection
D. application-level inspection
E. integrated intrusion prevention

A

D. application-level inspection
E. integrated intrusion prevention

137
Q

Refer to the exhibit.

EEM_syn_skip.jpg

An engineer constructs an EEM applet to prevent anyone from entering configuration mode on a switch. Which snippet is required to complete the EEM applet?

A. sync yes skip yes
B. sync no skip yes
C. sync no skip no
D. sync yes skip no

A

B. sync no skip yes

138
Q

Which technology enables a redundant supervisor engine to take over when the primary supervisor engine fails?

A. NSF
B. graceful restart
C. SSO
D. FHRP

A

C. SSO

139
Q

An engineer must implement a configuration to allow a network administrator to connect to the console port of a router and authenticate over the network. Which command set should the engineer use?

A. aaa new-model
aaa authentication login default enable

B. aaa new-model
aaa authentication login console local

C. aaa new-model
aaa authentication login console group radius

D. aaa new-model
aaa authentication enable default

A

C. aaa new-model
aaa authentication login console group radius

140
Q

What is one being of implementing a data modeling language?

A. accuracy of the operations performed
B. uses XML style of data formatting
C. machine-oriented logic and language-facilitated processing.
D. conceptual representation to simplify interpretation.

A

A. accuracy of the operations performed

CCNP ENCOR (10 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions