Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

CCNP ENCOR > New Questions - Part 8 > Flashcards

New Questions - Part 8 Flashcards

1
Q

Which protocol is used to encrypt control plane traffic between SD-WAN controllers and SD-WAN endpoints?

A. DTLS
B. IPsec
C. PGP
D. HTTPS

A

A. DTLS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Which network devices secure API platform?

A. next-generation intrusion detection systems
B. Layer 3 transit network devices
C. content switches
D. web application firewalls

A

D. web application firewalls

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

An engineer must configure the strongest password authentication to locally authenticate on a router. Which configuration must be used?

A. username netadmin secret 5 $1$bfjk$kdiSiDKKdkXksufZ2
B. username netadmin secret $1$bfjk$kdiSiDKKdkXksufZ2
C. line console 0
password $1$bfjk$k
D. username netadmin secret 9 $9$vFpMf83kdDJ9kdjDdjdu/dkfhZiz

A

D. username netadmin secret 9 $9$vFpMf83kdDJ9kdjDdjdu/dkfhZiz

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Refer to the exhibit.

Device#configure terminal
Device(config)#netconf ssh acl 1
Device(config)#netconf lock-time 100
Device(config)#netconf max-sessions 1
Device(config)#netconf max-message 10

A network engineer must configure NETCONF. After creating the configuration, the engineer gets output from the command show line, but not from show running-config. Which command completes the configuration?

A. Device(config)# no netconf ssh acl 1
B. Device(config)# netconf max-sessions 100
C. Device(config)# netconf lock-time 500
D. Device(config)# netconf max-message 1000

A

D. Device(config)# netconf max-message 1000

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

An engineer is configuring a new SSID to present users with a splash page for authentication. Which WLAN Layer 3 setting must be configured to provide this functionally?

A. CCKM
B. WPA2 Policy
C. Local Policy
D. Web Policy

A

D. Web Policy

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

An engineer is working with the Cisco DNA Center API. Drag and drop the methods from the left onto the actions that they are used for on the right.

DNA_Center_APIs.jpg

A

+ remove an element using the API: DELETE
+ extract information from the API: GET
+ update an element: PUT
+ create an element: POST

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

An engineer must create an EEM script to enable OSPF debugging in the event the OSPF neighborship goes down. Which script must the engineer apply?

Option A
event manager applet ENABLE_OSPF_DEBUG
event syslog pattern “%OSPF-5-ADJCHG: Process 6, Nbr 1.1.1.1 on Serial0/0 from FULL to DOWN”
action 1.0 cli command “enable”
action 2.0 cli command “debug ip ospf event”
action 3.0 cli command “debug ip ospf adj”
action 4.0 syslog pnonty informational msg “ENABLE_OSPF_DEBUG”

Option B
event manager applet ENABLE OSPF_DEBUG
event syslog pattern “%OSPF-5-ADJCHG: Process 5, Nbr 1.1.1.1 on Serial0/0 from LOADING to FULL”
action 1.0 cli command “debug ip ospf event”
action 2.0 cli command “debug ip ospf adj”
action 3.0 syslog priority informational msg “ENABLE_OSPF_DEBUG”

Option C
event manager applet ENABLE_OSPF_DEBUG
event syslog pattern “%OSPF-1-ADJCHG: Process 5, Nbr 1.1.1.1 on Serial0/0 from FULL to DOWN”
action 1.0 cli command “debug ip ospf event”
action 2.0 cli command “debug ip ospf adj”
action 3.0 syslog pnonty informational msg “ENABLE_OSPF_DEBUG

Option D
event manager applet ENABLE_OSPF_DEBUG
event syslog pattern “%OSPF-5-ADJCHG: Process 5, Nbr 1.1.1.1 on Serial0/0 from LOADING to FULL”
action 1.0 cli command “enable”
action 2.0 cli command “debug ip ospf event”
action 3.0 cli command “debug ip ospf adj”
action 4.0 syslog priority informational msg “ENABLE_OSPF_DEBUG”

A

Option A
event manager applet ENABLE_OSPF_DEBUG
event syslog pattern “%OSPF-5-ADJCHG: Process 6, Nbr 1.1.1.1 on Serial0/0 from FULL to DOWN
action 1.0 cli command “enable”
action 2.0 cli command “debug ip ospf event”
action 3.0 cli command “debug ip ospf adj”
action 4.0 syslog pnonty informational msg “ENABLE_OSPF_DEBUG”

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

A network engineer is adding an additional 10Gbps link to an exiting 2x10Gbps LACP-based LAG to augment its capacity. Network standards require a bundle interface to be taken out of service if one of its member links goes down, and the new link must be added with minimal impact to the production network. Drag and drop the tasks that the engineer must perform from the left into the sequence on the right. Not all options are used.

LACP.jpg

A

+ Step 1: Validate the physical and data link layers of the 10Gbps link
+ Step 2: Execute the channel-group number mode active command to add the 10Gbps link to the existing bundle
+ Step 3: Execute the lacp min-bundle 3 command to set the minimum of ports threshold
+ Step 4: Validate the network layer of the 10Gbps link

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

An engineer is implementing a route map to support redistribution within BGP. The route map must configured to permit all unmatched routes. Which action must the engineer perform to complete this task?

A. Include a permit statement as the first entry
B. Include at least one explicit deny statement
C. Remove the implicit deny entry
D. Include a permit statement as the last entry

A

D. Include a permit statement as the last entry

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Drag and drop the snippets onto the blanks within the code to construct a script that configures BGP according to the topology. Not all options are used, and some options may be used twice.

NETCONF_BGP

A

65001
192.168.1.1
65000
192.168.1.1

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Refer to the exhibit.

wireless_radius_authentication.jpg

AP(config)# aaa group server radius rad_auth
AP(config-sg-radius)# server 10.0.0.3 auth-port 1645 acct-port 1646
AP(config)# aaa new-model
AP(config)# aaa authentication login eap_methods group rad_auth
AP(config)# radius-server host 10.0.0.3 auth-port 1645 acct-port 1646 key labapl200
AP(config)# interface dot11radio 0
AP(config-if)# ssid labap1200
AP(config-if-ssid)# encryption mode wep mandatory

A company requires that all wireless users authenticate using dynamic key generation. Which configuration must be applied?

A. AP(config-if-ssid)# authentication open wep wep_methods
B. AP(config-if-ssid)# authentication dynamic wep wep_methods
C. AP(config-if-ssid)# authentication dynamic open wep_dynamic
D. AP(config-if-ssid)# authentication open eap eap_methods

A

D. AP(config-if-ssid)# authentication open eap eap_methods

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Which threat defense mechanism, when deployed at the network perimeter, protects against zero-day attacks?

A. intrusion prevention
B. stateful inspection
C. sandbox
D. SSL decryption

A

A. intrusion prevention

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What is a Type 2 hypervisor?

A. also referred to as a “bare metal hypervisor” because it sits directly on the physical server
B. runs directly on a physical server and includes its own operating system
C. supports over-allocation of physical resources
D. installed as an application on an already installed operating system

A

D. installed as an application on an already installed operating system

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Which two items are found in YANG data models? (Choose two)

A. HTTP return codes
B. rpc statements
C. JSON schema
D. container statements
E. XML schema

A

B. rpc statements

D. container statements

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What is a characteristic of Cisco DNA Northbound APIs?

A. They utilize RESTCONF
B. They enable automation of network infrastructure based on intent
C. They simplify the management of network infrastructure devices
D. They utilize multivendor support APIs

A

B. They enable automation of network infrastructure based on intent

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What is required for intercontroller Layer 3 roaming?

A. Mobility groups are established between wireless controllers.
B. WLCs have the same IP addresses configured on their interfaces.
C. WLCs use separate DHCP servers.
D. The management VLAN is present as a dynamic VLAN on the second WLC.

A

A. Mobility groups are established between wireless controllers.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

What is required for a virtual machine to run?

A. a hypervisor and physical server hardware
B. a Type 1 hypervisor and a host operating system
C. only a Type 1 hypervisor
D. only a Type 2 hypervisor

A

A. a hypervisor and physical server hardware

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Which technology uses network traffic telemetry, contextual information, and file reputation to provide insight into cyber threats?

A. threat defense
B. security services
C. security intelligence
D. segmentation

A

A. threat defense

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

An engineer must configure AAA on a Cisco 9800 WLC for central web authentication. Which two commands are needed to accomplish this task? (Choose two)

A. (Cisco Controller)> config radius acct add 10.10.10.12 1812 SECRET

B. (Cisco Controller)> config wlan aaa-override enable <wlan-id>

C. (Cisco Controller)> config wlan aaa-override disable <wlan-id>

D. Device(config-locsvr-da-radius)#client 10.10.10.12 server-key 0 SECRET

E. Device(config)# aaa server radius dynamic-author

A

D. Device(config-locsvr-da-radius)#client 10.10.10.12 server-key 0 SECRET

E. Device(config)# aaa server radius dynamic-author

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Refer to the exhibit.

WLC_QoS.jpg

An engineer is troubleshooting an application running on Apple phones. The application is receiving incorrect QoS markings. The systems administrator confirmed that all configuration profiles are correct on the Apple devices. Which change on the WLC optimizes QoS for these devices?

A. Enable Fastlane
B. Set WMM to required
C. Change the QoS level to Platinum
D. Configure AVC Profiles

A

A. Enable Fastlane

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

What is a benefit of Type 1 hypervisors?

A. Network engineers are able to create virtual networks of interconnect virtual machines in Layer 2 topologies

B. Storage engineers are able to leverage VMDK files to provide storage to virtual machine.

C. Operators are able to leverage orchestrators to manage workloads that run on multiple Type 1 hypervisors

D. Administrators are able to load portable virtual machine packages in OVA or QCOW2 formats.

A

A. Network engineers are able to create virtual networks of interconnect virtual machines in Layer 2 topologies

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Drag and drop the characteristics from the left onto the deployment models on the right.

Cloud_On_Premises_deployment_modes.jpg

A

Cloud:
+ on-demand self-service

On-Premises:
+ long implementation timeframe
+ offers complex customization

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

What are two benefits of implementing a Cisco SD-WAN architecture? (Choose two)

A. It provides resilient and effective traffic flow using MPLS

B. It improves endpoint protection by integrating embedded and cloud security features

C. It allows configuration of application-aware policies with real time enforcement

D. It simplifies endpoint provisioning through standalone router management

E. It enforces a single, scalable, hub-and-spoke topology

A

B. It improves endpoint protection by integrating embedded and cloud security features

C. It allows configuration of application-aware policies with real time enforcement

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

An engineer configures GigabitEthernet 0/1 for VRRP group 115. The router must assume the primary role when it has the highest priority in the group. Which command set is required to complete this task?

interface GigabitEthernet0/1
ip address 10.10.10.2 255.255.255.0
vrrp 115 ip 10.10.10.1
vrrp 115 authentication 406630697

A.
Router(config-if)#vrrp 116 priority 100

B.
Router(config-if)#standby 115 priority 100
Router(config-if)#standby 115 prompt

C.
Router(config-if)#vrrp 115 track 1 decrement 10
Router(config-if)#vrrp 115 preempt

D.
Router(config-if)#vrrp 115 track 1 decrement 100
Router(config-if)#vrrp 115 preempt

A

C.
Router(config-if)#vrrp 115 track 1 decrement 10
Router(config-if)#vrrp 115 preempt

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

Which component does Cisco Threat Defense use to measure bandwidth, application performance, and utilization?

A. NetFlow
B. Cisco Umbrella
C. TrustSec
D. Advanced Malware Protection for Endpoints

A

A. NetFlow

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

A customer has two Cisco WLCs that manage separate APs throughout a building. Each WLC advertises the same SSID but terminates on different interfaces. Users report that they drop their connections and change IP addresses when roaming. Which action resolves this issue?

A. Configure high availability.
B. Enable test roaming.
C. Enable client load balancing.
D. Configure mobility groups.

A

D. Configure mobility groups.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

Refer to the exhibit. What is displayed when the code is run?

python_string_number.jpg

A. The answer is 25
B. The answer is 70
C. The answer is 5
D. The answer is 100

A

A. The answer is 25

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

A script contains the statement “while loop != 999:”. Which value terminates the loop?

A. A value less then or equal to 999
B. A value greater then or equal to 999
C. A value not equal to 999
D. A value equal to 999

A

D. A value equal to 999

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

Which CISCO SD-WAN component authenticates the routers and the vSmart controllers?

A. vAnalytics
B. vBond orchestrator
C. vEdge
D. vManage NMS

A

B. vBond orchestrator

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

When voice services are deployed over a wireless environment, which service must be disabled to ensure the quality of calls?

A. Aggressive load balancing
B. Dynamic transmit power control
C. Priority queuing
D. Fastlane

A

A. Aggressive load balancing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

What is a characteristic of an AP operating in FlexConnect Mode?

A. All traffic traverses the WLC to ensure policy enforcement on client traffic
B. Forwarding continues when the AP loses connectivity to the WLC
C. APs connect in a mesh topology and elect a root AP
D. FlexConnect enables an AP to connect to multiple WLCs

A

B. Forwarding continues when the AP loses connectivity to the WLC

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

Drag and drop the characteristics from the left onto the routing protocol types on the right.

OSPF_EIGRP_compare.jpg

A

OSPF:
+ The path metric is simple and based on interface cost
+ The route summary is not interface based

EIGRP:
+ The path metrics are complex
+ The summary can be interface based

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

Drag and drop the characteristics from the left onto the correct infrastructure deployment types on the right.

Cloud_vs_On_Prem.jpg

A

Cloud
+ Quick and scalable deployment
+ Shared ownership and accessibility

On-Prem
+ Complete control and accessibility
+ Longer deployment cycle

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

Refer to the exhibit.

ERSPAN_config.jpg

An engineer must configure an ERSPAN tunnel that mirrors traffic from Linux1 on Switch1 to Linux2 on Switch2. Which command must be added to the source configuration to enable the ERSPAN tunnel?

A. (config-mon-erspan-src-dst)#no shut
B. (config-mon-erspan-src-dst)#monitor session 1 activate
C. (config-mon-erspan-src-dst)#traffic bidirectional
D. (config-mon-erspan-src-dst)#ip address 10.10.10.10

A

D. (config-mon-erspan-src-dst)#ip address 10.10.10.10

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q

Refer to the exhibit.

WLC_support_Airplay.jpg

An engineer configured the Bonjour Gateway on a Cisco WLC to support Apple Airplay. Users cannot see Apple TV while on the WLAN. Which action resolves this issue?

A. Disable Neighbor List Dual Band
B. Enable mDNS Snooping
C. Disable Directed Multicast
D. Enable FlexConnect Local Switching

A

B. Enable mDNS Snooping

36
Q

Refer to the exhibit.

list = [1, 2, 3, 4]
list[3] = 10
print(list)

What is the value of the variable list after the code is run?

A. [1, 10, 10, 10]
B. [1, 2, 10]
C. [1, 2, 10, 4]
D. [1, 2, 3, 10]

A

D. [1, 2, 3, 10]

37
Q

A vulnerability assessment highlighted that remote access to the switches is permitted using unsecure and unencrypted protocols Which configuration must be applied to allow only secure and reliable remote access for device administration?

A. line vty 0 15
login local
transport input none

B. line vty 0 15
login local
transport input ssh

C. line vty 0 15
login local
transport input telnet ssh

D. line vty 0 15
login local
transport input all

A

B. line vty 0 15
login local
transport input ssh

38
Q

How can an engineer prevent basic replay attacks from people who try to brute force a system via REST API?

A. Use HTTPS
B. Use a password hash
C. Add OAuth to the request in the API header
D. Add a timestamp to the request in the API header

A

D. Add a timestamp to the request in the API header

39
Q

A network monitoring system uses SNMP polling to record the statistics of router interfaces. The SNMP queries work as expected until an engineer installs a new interface and reloads the router. After this action, all SNMP queries for the router fail. What is the cause of this issue?

A. The SNMP community is configured incorrectly
B. The SNMP interface index changed after reboot
C. The SNMP server traps are disabled for the interface index
D. The SNMP server traps are disabled for the link state

A

B. The SNMP interface index changed after reboot

40
Q

If a client’s radio device receives a signal strength of -67 dBm and the noise floor is -85 dBm, what is the SNR value?

A. 15 dB
B. 16 dB
C. 18 dB
D. 20 dB

A

C. 18 dB

SNR = -67 – (-85) = 18

41
Q

Refer to the exhibit.

VRF_RD_RT.jpg

vrf_route_target.jpg

VPN-A sends point-to-point traffic to VPN-B and receives traffic only from VPN-C. VPN-B sends point-to-point traffic to VPN-C and receives traffic only from VPN-A. Which configuration is applied?

A. PE-2
vrf VPN-B
address-family ipv4 unicast
import route-target 100:1
export route-target 100:2

B. PE-3
vrf VPN-B
address-family ipv4 unicast
import route-target 100:1
export route-target 100:2

A

B. PE-3
vrf VPN-B
address-family ipv4 unicast
import route-target 100:1
export route-target 100:2

42
Q

An engineer must create a new SSID on a Cisco 9800 wireless LAN controller. The client has asked to use a pre-shared key for authentication. Which profile must the engineer edit to achieve this requirement?

A. RF
B. Policy
C. WLAN
D. Flex

A

C. WLAN

43
Q

Refer to the exhibit.

OSPF_Neighboring.png

R2 is the neighboring router of R1. R2 receives an advertisement for network 192 168.10.50/32. Which configuration should be applied for the subnet to be advertised with the original /24 netmask?

A. R1(config)#interface loopback0
R1(config-if)#ip ospf network point-to-point

B. R1(config)#interface loopback0
R1(config-if)#ip ospf 1 area 0

C. R1(config)#router ospf 1
R1(config-router)#network 192.168.10.0 255.255.255.0 area 0

D. R1(config)#interface loopback0
R1(config-if)#ip ospf network non-broadcast

A

A. R1(config)#interface loopback0
R1(config-if)#ip ospf network point-to-point

44
Q

A customer requests a design that includes GLBP as the FHRP. The network architect discovers that the members of the GLBP group have different throughput capabilities. Which GLBP load balancing method supports this environment?

A. host dependent
B. weighted
C. round robin
D. least connection

A

B. weighted

45
Q

What is one primary REST security design principle?

A. password hash
B. fail-safe defaults
C. adding a timestamp in requests
D. OAuth

A

B. fail-safe defaults

46
Q

An engineer must enable a login authentication method that allows a user to log in by using local authentication if all other defined authentication methods fail. Which configuration should be applied?

A. aaa authentication login CONSOLE group radius local-case enable aaa
B. authentication login CONSOLE group radius local enable none
C. aaa authentication login CONSOLE group radius local enable
D. aaa authentication login CONSOLE group tacacs+ local enable

A

C. aaa authentication login CONSOLE group radius local enable

or

D. aaa authentication login CONSOLE group tacacs+ local enable

Explanation
In this question there are two correct answers. With the “aaa authentication login CONSOLE group radius local enable” command, the router will authenticate via RADIUS server first, then local username and finally the enable method.

47
Q

Refer to the exhibit.

10.0.32.0/24
10.0.33.0/24
10.0.34.0/24
10.0.35.0/24
10.0.36.0/24
10.0.37.0/24
10.0.38.0/24
10.0.39.0/24

An engineer must permit traffic from these networks and block all other traffic. An informational log message should be triggered when traffic enters from these prefixes. Which access list must be used?

A. access-list acl_subnets permit ip 10.0.32.0 0 0.0.255 log
B. access-list acl_subnets permit ip 10.0.32.0 0.0.7.255 log
C. access-list acl_subnets permit ip 10.0.32.0 0.0.7.255
access-list acl_subnets deny ip any log
D. access-list acl_subnets permit ip 10.0.32.0 255.255.248.0 log

A

B. access-list acl_subnets permit ip 10.0.32.0 0.0.7.255 log

48
Q

A network engineer configures a WLAN controller with increased security for web access. There is IP connectivity with the WLAN controller, but the engineer cannot start a management session from a web browser. Which action resolves the issue?

A. Use a private or incognito session.
B. Disable Adobe Flash Player
C. Disable JavaScript on the web browser
D. Use a browser that supports 128-bit or larger ciphers.

A

D. Use a browser that supports 128-bit or larger ciphers.

49
Q

Refer to the exhibit.

CoPP_acl.jpg

How does the router handle traffic after the CoPP policy is configured on the router?

A. Traffic coming to R1 that does not match access list SNMP is dropped.
B. Traffic generated by R1 that matches access list SNMP is policed.
C. Traffic passing through R1 that matches access list SNMP is policed.
D. Traffic coming to R1 that matches access list SNMP is policed.

A

D. Traffic coming to R1 that matches access list SNMP is policed.

50
Q

Refer to the exhibit.

BGP_show_ip_bgp_summary.jpg

Which command set changes the neighbor state from Idle (Admin) to Active?

A. R1(config)#router bgp 65001
R1(config-router)#neighbor 192.168.50.2 activate

B. R1(config)#router bgp 65002
R1(config-router)#neighbor 192.168.50.2 activate

C. R1(config)#router bgp 65001
R1(config-router)#no neighbor 192.168.50.2 shutdown

D. R1(config)#router bgp 65001
R1(config-router)#neighbor 192.168.50.2 remote-as 65001

A

C. R1(config)#router bgp 65001
R1(config-router)#no neighbor 192.168.50.2 shutdown

51
Q

When firewall capabilities are considered, which feature is found only in Cisco next-generation firewalls?

A. malware protection
B. stateful inspection
C. traffic filtering
D. active/standby high availability

A

A. malware protection

52
Q

Refer to the exhibit.

BGP_adjacency_fails.jpg

BGP_neighbor_error.jpg

An engineer configures the BGP adjacency between R1 and R2, however, it fails to establish. Which action resolves the issue?

A. Change the network statement on R1 to 172.16.10.0
B. Change the remote-as number for 192.168.100.11
C. Enable synchronization on R1 and R2
D. Change the remote-as number on R1 to 6500

A

D. Change the remote-as number on R1 to 6500

53
Q

Refer to the exhibit.

Etherchannel_internal.jpg

An engineer attempts to bundle interface Gi0/0 into the port channel, but it does not function as expected. Which action resolves the issue?

A. Set LACP max-bundle to 2 on interface Port-channel
B. Configure no shutdown on interface Gi0/0
C. Enable fast LACP PDUs on interface Gi0/0
D. Configure channel-group 1 mode active on interface Gi0/0

A

A. Set LACP max-bundle to 2 on interface Port-channel

54
Q

A network engineer is enabling HTTPS access to the core switch, which requires a certificate to be installed on the switch signed by the corporate certificate authority. Which configuration commands are required to issue a certificate signing request from the core switch?

A. Core-Switch(config)#crypto pki trustpoint Core-Switch
Core-Switch(ca-trustpoint)#enrollment terminal
Core-Switch(config)#crypto pki enroll Core-Switch

B. Core-Switch(config)#crypto pki enroll Core-Switch
Core-Switch(config)#ip http secure-trustpoint Core-Switch

C. Core-Switch(config)#ip http secure-trustpoint Core-Switch
Core-Switch(config)#crypto pki enroll Core-Switch

D. Core-Switch(config)#crypto pki trustpoint Core-Switch
Core-Switch(ca-trustpoint)#enrollment terminal
Core-Switch(config)#ip http secure-trustpoint Core-Switch

A

A. Core-Switch(config)#crypto pki trustpoint Core-Switch
Core-Switch(ca-trustpoint)#enrollment terminal
Core-Switch(config)#crypto pki enroll Core-Switch

55
Q

Refer to the exhibit.

OSPF_area_filter.jpg

An engineer must prevent the R6 loopback from getting into Area 2 and Area 3 from Area 0. Which action must the engineer take?

A. Apply a fitter list inbound on R2 and R9
B. Apply a filter list outbound on R3 and R7
C. Apply a filter list outbound on R7 only
D. Apply a filter list inbound on R3 and R7

A

D. Apply a filter list inbound on R3 and R7

56
Q

Which two parameters are examples of a QoS traffic descriptor? (Choose two)

A. MPLS EXP bits
B. bandwidth
C. DSCP
D. packet size
E. ToS

A

A. MPLS EXP bits

C. DSCP

57
Q

Refer to the exhibit.

NAT.jpg

An engineer must configure static NAT on R1 to allow users HTTP access to the web server on TCP port 80. The web server must be reachable through ISP 1 and ISP 2. Which command set should be applied to R1 to fulfill these requirements?

A.

ip nat inside source static tcp 10.1.1.100 80 209.165.200.225 80 extendable
ip nat inside source static tcp 10.1.1.100 80 209.165.201.1 80 extendable

B.

ip nat inside source static tcp 10.1.1.100 80 209.165.200.225 80
ip nat inside source static tcp 10.1.1.100 80 209.165.201.1 80

C.

ip nat inside source static tcp 10.1.1.100 80 209.165.200.225 80
ip nat inside source static tcp 10.1.1.100 8080 209.165.201.1 8080

D.

ip nat inside source static tcp 10.1.1.100 80 209.165.200.225 80 no-alias
ip nat inside source static tcp 10.1.1.100 80 209.165.201.1 80 no-alias
A

A. ip nat inside source static tcp 10.1.1.100 80 209.165.200.225 80 extendable
ip nat inside source static tcp 10.1.1.100 80 209.165.201.1 80 extendable

58
Q

Based on the router’s API output in JSON format below, which Python code will display the value of the “hostname” key?

Python_json.jpg

A.

json_data = json.loads(response.text)
print(json_data[‘response’][‘family’][‘hostname’])

B.

json_data = response.json()
print(json_data[‘response’][0][‘hostname’])

C.

json_data = response.json()
print(json_data[‘response’][family][hostname’])

D.

json_data = json.loads(response.text)
print(json_data[response][0][hostname])
A

B.

json_data = response.json()
print(json_data[‘response’][0][‘hostname’])
59
Q

Refer to the exhibit.

logging buffered discriminator Disc1
logging monitor discriminator Disc1
logging host 10.1.55.237 discriminator Disc1

A network engineer is enabling logging to a local buffer, to the terminal and to a syslog server for all debugging level logs filtered by facility code 7. Which command is needed to complete this configuration snippet?

A. logging buffered debugging
B. logging discriminator Disc1 severity includes 7
C. logging buffered discriminator Disc1 debugging
D. logging discriminator Disc1 severity includes 7 facility includes fac7

A

D. logging discriminator Disc1 severity includes 7 facility includes fac7

60
Q

Refer to the exhibit.

show_standby.jpg

After configuring HSRP an engineer enters the show standby command. Which two facts are derived from the output? (Choose two)

A. The router with IP 10.10.1.3 is active because it has a higher IP address
B. R2 Fa1/0 regains the primary role when the link comes back up
C. If Fa0/0 is shut down, the HSRP priority on R2 becomes 80
D. R2 is using the default HSRP hello and hold timers
E. R2 becomes the active router after the hold time expires

A

C. If Fa0/0 is shut down, the HSRP priority on R2 becomes 80

D. R2 is using the default HSRP hello and hold timers

61
Q

Refer to the exhibit.

enable secret cisco
username cisco privilege 15 secret cisco
aaa new-model
aaa authentication login default group radius local
aaa authorization network default group radius

The network administrator must be able to perform configuration changes when all the RADIUS servers are unreachable. Which configuration allows all commands to be authorized if the user has successfully authenticated?

A. aaa authorization exec default group radius none
B. aaa authentication login default group radius local none
C. aaa authorization exec default group radius
D. aaa authorization exec default group radius if-authenticated

A

D. aaa authorization exec default group radius if-authenticated

62
Q

Refer to the exhibit.

BGP_select_path.jpg

An engineers reaching network 172.16.10.0/24 via the R1-R2-R4 path. Which configuration forces the traffic to take a path of R1-R3-R4?

Option A

R1(config)#route-map RM_AS_PATH_PREPEND
R1(config-route-map)#set as-path prepend 200 200
R1(config-route-map)#exit
R1(config)#router bgp 100
R1(config-router)#neighbor 12.12.12.2 route-map RM_AS_PATH_PREPEND in
R1(config-router)#end
R1#clear ip bgp 12.12.12.2 soft in

Option B

R1(config)#router bgp 100
R1(config-router)#neighbor 13.13.13.3 weight 1
R1(config-router)#end

Option C

R2(config)#route-map RM_MED permit 10
R2(config-route-map)#set metric 1
R2(config-route-map)#exit
R2(config)#router bgp 200
R2(config-router)#neighbor 12.12.12.1 route-map RM_MED out
R2(config-router)#end
R2#clear ip bgp 12.12.12.1 soft out

Option D

R1(config)#route-map RM_LOCAL_PREF permit 10
R1(config-route-map)#set local-preference 101
R1(config-route-map)#exit
R1(config)#router bgp 100
R1(config-router)#neighbor 13.13.13.3 route-map RM_LOCAL_PREF in
R1(config-router)#end
R1#clear ip bgp 13.13.13.3 soft in
A

Option D

R1(config)#route-map RM_LOCAL_PREF permit 10
R1(config-route-map)#set local-preference 101
R1(config-route-map)#exit
R1(config)#router bgp 100
R1(config-router)#neighbor 13.13.13.3 route-map RM_LOCAL_PREF in
R1(config-router)#end
R1#clear ip bgp 13.13.13.3 soft in
63
Q

In a Cisco SD-Access solution, which protocol is used by an extended node to connect to a single edge node?

A. IS-IS
B. 802.1Q
C. VXLAN
D. CTS

A

B. 802.1Q

64
Q

What is a characteristic of Cisco StackWise technology?

A. It uses proprietary cabling
B. It supports devices that are geographically separated
C. It combines exactly two devices
D. It is supported on the Cisco 4500 series.

A

A. It uses proprietary cabling

65
Q

In a Cisco SD-WAN solution, which two functions are performed by OMP? (Choose two)

A. advertisement of network prefixes and their attributes
B. segmentation and differentiation of traffic
C. gathering of underlay infrastructure data
D. delivery of crypto keys
E. configuration of control and data policies

A

A. advertisement of network prefixes and their attributes

D. delivery of crypto keys

66
Q

Refer to the exhibit.

OSPF_filter_LSA.jpg

An engineer must create a configuration that prevents R3 from receiving the LSA about 172.16.1.4/32. Which configuration set achieves this goal?

A. On R3
ip access-list standard R4_L0
deny host 172.16.1.4
permit any

router ospf 200
distribute-list R4_l0 in

B. On R3
ip prefix-list INTO-AREA1 seq 5 deny 172.16.1.4/32
ip prefix-list INTO-AREA1 seq 10 permit 0.0.0.0/0 le 32

router ospf 200
area 1 filter-list prefix INTO-AREA1 in

C. On R1
ip prefix-list INTO-AREA1 seq 5 deny 172.16.1.4/32
ip prefix-list INTO-AREA1 seq 10 permit 0.0.0.0/0 le 32

router ospf 200
area 1 filter-list prefix INTO-AREA1 in

D. On R1
ip prefix-list INTO-AREA1 seq 5 deny 172.16.1.4/32
ip prefix-list INTO-AREA1 seq 10 permit 0.0.0.0/0 le 32

router ospf 200
area 1 filter-list prefix INTO-AREA1 out

A

C. On R1
ip prefix-list INTO-AREA1 seq 5 deny 172.16.1.4/32
ip prefix-list INTO-AREA1 seq 10 permit 0.0.0.0/0 le 32

router ospf 200
area 1 filter-list prefix INTO-AREA1 in

67
Q

Why would an engineer use YANG?

A. to model data for NETCONF
B. to access data using SNMP
C. to transport data between a controller and a network device
D. to translate JSON into an equivalent XML syntax

A

A. to model data for NETCONF

68
Q

By default, which virtual MAC address does HSRP group 16 use?

A. c0:41:43:64:13:10
B. 00:00:0c:07:ac:10
C. 05:00:0c:07:ac:16
D. 00:05:5c:07:0c:16

A

B. 00:00:0c:07:ac:10

69
Q

How are map-register messages sent in a LISP deployment?

A. egress tunnel routers to map resolvers to determine the appropriate egress tunnel router

B. ingress tunnel routers to map servers to determine the appropriate egress tunnel router

C. egress tunnel routers to map servers to determine the appropriate egress tunnel router

D. ingress tunnel routers to map resolvers to determine the appropriate egress tunnel router

A

C. egress tunnel routers to map servers to determine the appropriate egress tunnel router

70
Q

Which method is used by an AP to join HA controllers and is configured in NVRAM?

A. Primary/Secondary/Tertiary/Backup
B. DNS
C. IP Helper Addresses
D. stored WLC information

A

D. stored WLC information

71
Q

In a Cisco StackWise Virtual environment, which planes are virtually combined in the common logical switch?

A. control and management
B. management and data
C. control, and forwarding
D. control and data

A

A. control and management

72
Q

Refer to the exhibit.

show ospf

An engineer configures OSPF and wants to verify the configuration. Which configuration is applied to this device?

A. R1(config)#interface Gi0/1
R1(config-if)#ip ospf 1 area 0
R1(config-if)#no shutdown

B. R1(config)#router ospf 1
R1(config-router)#network 0.0.0.0.0 0.0.0.0 area 0
R1(config-router)#no passive-interface Gi0/1

C. R1(config)#interface Gi0/1
R1(config-if)#ip ospf enable
R1(config-if)#ip ospf network broadcast
R1(config-if)#no shutdown

D. R1(config)#router ospf 1
R1(config-router)#network 192.168.50.0 0.0.0.255 area 0

A

A. R1(config)#interface Gi0/1
R1(config-if)#ip ospf 1 area 0
R1(config-if)#no shutdown

73
Q

When is the Design workflow used in Cisco DNA Center?

A. in a greenfield deployment, with no existing infrastructure
B. in a greenfield or brownfield deployment, to wipe out existing data
C. in a brownfield deployment, to modify configuration of existing devices in the network
D. in a brownfield deployment, to provision and onboard new network devices

A

A. in a greenfield deployment, with no existing infrastructure

74
Q

A customer wants to use a single SSID to authenticate IoT devices using different passwords. Which Layer 2 security type must be configured in conjunction with Cisco ISE to achieve this requirement?

A. Fast Transition
B. Identity PSK
C. Cisco Centralized Key Management
D. Central Web Authentication

A

B. Identity PSK

75
Q

What does a northbound API accomplish?

A. programmatic control of abstracted network resources through a centralized controller

B. access to controlled network resources from a centralized node

C. communication between SDN controllers and physical switches

D. controlled access to switches from automated security applications

A

A. programmatic control of abstracted network resources through a centralized controller

76
Q

Refer to the exhibit.

Python_yang.jpg

After the code is run on a Cisco IOS-XE router, the response code is 204. What is the result of the script?

A. The configuration fails because another interface is already configured with IP address 10.10.10.1/24.

B. The configuration fails because interface GigabitEthernet2 is missing on the target device.

C. The configuration is successfully sent to the device in cleartext.

D. Interface GigabitEthernet2 is configured with IP address 10.10.10.1/24

A

D. Interface GigabitEthernet2 is configured with IP address 10.10.10.1/24

Explanation
The 204 status code means that the request was received and understood, but that there is no need to send any data back. The server has fulfilled the request but does not need to return an entity-body, and might want to return updated meta information.

Note: HTTP status code of 2xx means “Success”, which indicates that the client’s request was accepted successfully.

77
Q

An administrator must enable Telnet access to Router X using the router username and password database for authentication. Which configuration should be applied?

A.
RouterX(config)#aaa new-model
RouterX(config)#aaa authentication login auth-list local

B.
RouterX(config)#line vty 0 4
RouterX(config-line)#login
RouterX(config-line#end

C.
RouterX(config)#line aux 0
RouterX(config-line)#password cisco
RouterX(config-line#login

D.
RouterX(config)#line vty 0 4
RouterX(config-line)#login local
RouterX(config-line#end

A

D.
RouterX(config)#line vty 0 4
RouterX(config-line)#login local
RouterX(config-line#end

78
Q

Drag and drop the characteristics from the left onto the routing protocols they describe on the right.

OSPF_EIGRP_differences_4.jpg

A

EIGRP
+ Dual Diffusing Update algorithm
+ metrics are bandwidth, delay, reliability, load, and MTU

OSPF
+ cost-based metric
+ Dijiktra algorithm

79
Q

Refer to the exhibit.

OSPF_exchange_information.jpg

CR2 and CR3 are configured with OSPF. Which configuration, when applied to CR1, allows CR1 to exchange OSPF information with CR2 and CR3 but not with other network devices or on new interfaces that are added to CR1?

A.

router ospf 1
network 0.0.0.0 255.255.255.255 area 0
passive-interface GigabitEthernet0/2

B.

router ospf 1
network 10.0.0.0 0.255.255.255 area 0
network 172.16.0.0 0.15.255.255 area 0
passive-interface GigabitEthernet0/2

C.

interface Gi0/2
ip ospf 1 area 0
!
router ospf 1
passive-interface GigabitEthernet0/2

D.

router ospf 1
network 10.165.231.0 0.0.0.255 area 0
network 172.27.206.0 0.0.0.255 area 0
network 172.24.206.0 0.0.0.255 area 0
A

D.
router ospf 1
network 10.165.231.0 0.0.0.255 area 0
network 172.27.206.0 0.0.0.255 area 0
network 172.24.206.0 0.0.0.255 area 0

Explanation
By using the correct and exact network and subnet masks, CR1 will not turn on OSPF on new interfaces and it cannot exchange OSPF with other network devices by other interfaces than Gi0/0 & Gi0/1.

In this question we should understand that these commands make sure CR1 cannot form OSPF neighbor relationship with other routers directly (on a new interface). If it is connected through a switch then surely it can form OSPF neighbor relationship. For example if we add a new router to SW3 in the 10.165.231.0/24 subnet then surely it will create OSPF neighbor relationshipo with CR1.

Answer “router ospf 1
network 0.0.0.0 255.255.255.255 area 0
passive-interface GigabitEthernet0/2″

is not correct because if CR1 has a new interface then OSPF will also be turned on that interface.
Answer “interface Gi0/2
ip ospf 1 area 0
!
router ospf 1
passive-interface GigabitEthernet0/2″

is not correct as OSPF is not run on Gi0/1 and CR1 and CR3 cannot exchange OSPF information.

80
Q

Drag and drop the characteristics from the left onto the infrastructure deployment models they describe on the right.

infrastructure_deployment_models.jpg

A

On-Premises
+ highly customizable
+ infrastructure requires large and regular investments

Cloud
+ easy to scale the capacity up and down
+ highly agile

81
Q

In which two ways does TCAM differ from CAM? (Choose two)

A. CAM is used to make Layer 2 forwarding decisions, and TCAM is used for Layer 3 address lookups.

B. The MAC address table is contained in TCAM, and ACL and QoS information is stored in CAM.

C. CAM is used for software switching mechanisms, and TCAM is used for hardware switching mechanisms.

D. CAM is used by routers for IP address lookups, and TCAM is used to make Layer 2 forwarding decisions.

E. The MAC address table is contained in CAM, and ACL and QoS information is stored in TCAM.

A

A. CAM is used to make Layer 2 forwarding decisions, and TCAM is used for Layer 3 address lookups.

E. The MAC address table is contained in CAM, and ACL and QoS information is stored in TCAM.

82
Q

Refer to the exhibit.

exhibit

An engineer must configure HSRP for VLAN 1000 on SW2. The secondary switch must immediately take over the role of active router if the interlink with the primary switch fails. Which command set completes this task?

Option A

SW2(config-if)#standby version 2
SW2(config-if)#standby 1000 ip 10.23.87.1
SW2(config-if)#standby 1000 priority 95
SW2(config-if)#standby 1000 preempt
SW2(config-if)#standby 1000 track 1000

Option B

SW2(config-if)#standby version 2
SW2(config-if)#standby 1000 ip 10.23.87.1
SW2(config-if)#standby 1000 priority 95
SW2(config-if)#standby 1000 track 1000

Option C

SW2(config-if)#standby version 2
SW2(config-if)#standby 1000 ip 10.23.87.1
SW2(config-if)#standby 1000 priority 95
SW2(config-if)#standby 1000 preempt
SW2(config-if)#standby 1000 track gigabitethernet0/0

Option D

SW2(config-if)#standby 1000 ip 10.23.87.1
SW2(config-if)#standby 1000 priority 95
SW2(config-if)#standby 1000 preempt
SW2(config-if)#standby 1000 track 1000
A

Option A
SW2(config-if)#standby version 2
SW2(config-if)#standby 1000 ip 10.23.87.1
SW2(config-if)#standby 1000 priority 95
SW2(config-if)#standby 1000 preempt
SW2(config-if)#standby 1000 track 1000

83
Q

Refer to the exhibit.

BGP_error.jpg

An engineer attempts to establish BGP peering between router CORP and two ISP routers. What is the root cause for the failure between CORP and ISP#2?

A. Router ISP#2 is configured to use SHA-1 authentication.

B. Router CORP is configured with an extended access control list.

C. There is a password mismatch between router CORP and router ISP#2.

D. MD5 authorization is configured incorrectly on router ISP#2.

A

C. There is a password mismatch between router CORP and router ISP#2.

84
Q

Drag and drop the snippets onto the blanks within the code to construct a script that adds a prefix list to a route map and sets the local preference. Not all options are used.

snippet_add_prefix_list_route_map.jpg

A
  1. “running”: null
  2. “name”:”100″,
  3. “seq_no”:
  4. “match”:
85
Q

Drag and drop the tools from the left onto the agent types on the right.

agent_based_agentless.jpg

A

Agent-based
+ Puppet
+ SaltStack

Agentless
+ Ansible

86
Q

Drag and drop the characteristics from the left onto the infrastructure deployment models on the right.

Infrastructure_deployment_models_3.jpg

A

On-premises
+ costs for this model are considered CapEx
+ This model enables complete control of the servers

Cloud
+ This model improves elasticity of resources
+ This model reduces management overhead by leveraging provider-managed resources

CCNP ENCOR (10 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions