Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

CCNP ENCOR > New Questions - Part 9 > Flashcards

New Questions - Part 9 Flashcards

1
Q

Which IPv4 packet field carries the QoS IP classification marking?

A. ID
B. TTL
C. FCS
D. ToS

A

D. ToS

Type of Service

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Configuration Management VS Orchestration

A

Configuration Management
+ Ansible is used for this type of technology.
+ This type of technology enables consistent configuration of infrastructure resources.

Orchestration
+ Puppet is used for this type of technology.
+ This type of technology provides automation across multiple technologies and domains.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Refer to the exhibit.

AAA_Authentication.jpg

A network engineer must log in to the router via the console, but the RADIUS servers are not reachable. Which credentials allow console access?

A. the username “cisco” and the password “cisco123”
B. no username and only the password “test123”
C. no username and only the password “cisco123”
D. the username “cisco” and the password “cisco”

A

C. no username and only the password “cisco123

  1. aaa authentication login group1 group radius line
  2. line con 0
    password 0 cisco123
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

A customer transitions a wired environment to a Cisco SD-Access solution. The customer does not want to integrate the wireless network with the fabric. Which wireless deployment approach enables the two systems to coexist and meets the customer requirement?

A. Deploy a separate network for the wireless environment.
B. Implement a Cisco DNA Center to manage the two networks.
C. Deploy the wireless network over the top of the fabric.
D. Deploy the APs in autonomous mode.

A

C. Deploy the wireless network over the top of the fabric.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Which two solutions are used for backing up a Cisco DNA Center Assurance database? (Choose two)

A. NFS share
B. local server
C. non-linux server
D. remote server
E. bare metal server

A

A. NFS share

D. remote server

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Refer to the exhibit.

establish_BGP_neighborship.jpg

Which command set must be applied on R1 to establish a BGP neighborship with R2 and to allow communication from R1 to reach the networks?

A. router bgp 1200
network 209.165.200.224 mask 255.255.255.224
neighbor 209.165.202.130 remote-as 1201

B. router bgp 1200
network 209.165.201.0 mask 255.255.255.224
neighbor 209.165.202.130 remote-as 1201

C. router bgp 1200
network 209.165.200.224 mask 255.255.255.224
neighbor 209.165.202.130 remote-as 1200

D. router bgp 1200
network 209.165.200.224 mask 255.255.255.224
neighbor 209.165.201.2 remote-as 1200

A

A. router bgp 1200
network 209.165.200.224 mask 255.255.255.224
neighbor 209.165.202.130 remote-as 1201

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

A customer wants to provide wireless access to contractors using a guest portal on Cisco ISE. The portal is also used by employees. A solution is implemented, but contractors receive a certificate error when they attempt to access the portal. Employees can access the portal without any errors. Which change must be implemented to allow the contractors and employees to access the portal?

A. Install a trusted third-party certificate on the Cisco ISE.
B. Install an internal CA signed certificate on the Cisco ISE.
C. Install a trusted third-party certificate on the contractor devices.
D. Install an internal CA signed certificate on the contractor devices.

A

A. Install a trusted third-party certificate on the Cisco ISE.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Refer to the exhibit.

BGP_next_hop.jpg

Which IP address becomes the active next hop for 192.168.102.0/24 when 192.168.101.2 fails?

A. 192.168.101.10
B. 192.168.101.14
C. 192.168.101.6
D. 192.168.101.18

A

D. 192.168.101.18

Path Selection Attributes: (highest) Weight > (highest) Local Preference > Originate > (shortest) AS Path > Origin > (lowest) MED > External > IGP Cost > eBGP Peering > (lowest) Router ID

Besides 192.168.101.2, other next hops have the same weight attribute of 0 so we have to consider Local preference. There are two next hops with LocPrf of 100 which are 192.168.101.18 and 192.168.101.10 (The field of LocPrf is empty means the default Local Preference of 100). Next we compare their AS Path. The next hop 192.168.101.18 has shorter AS Path so it will be the active next hop when the current one fails.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is the API keys option for REST API authentication?

A. a predetermined string that is passed from client to server
B. a one-time encrypted token
C. a username that is stored in the local router database
D. a credential that is transmitted unencrypted

A

A. a predetermined string that is passed from client to server

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Refer the exhibit.

elect_root_bridge.jpg

Which configuration elects SW4 as the root bridge for VLAN 1 and puts G0/2 on SW2 into a blocking state?

A.

SW4(config)#spanning-tree vlan 1 priority 32768
!
SW2(config)#interface G0/2
SW2(config-if)#spanning-tree vlan 1 port-priority 0

B.

SW4(config)#spanning-tree vlan 1 priority 32768
!
SW2(config)#int G0/2
SW2(config-if)#spanning-tree cost 128

C.

SW4(config)#spanning-tree vlan 1 priority 0
!
SW2(config)#int G0/2
SW2(config-if)#spanning-tree cost 128

D.

SW4(config)#spanning-tree vlan 1 priority 0
!
SW2(config)#interface G0/2
SW2(config-if)#spanning-tree vlan 1 port-priority 64
A

C.

SW4(config)#spanning-tree vlan 1 priority 0
!
SW2(config)#int G0/2
SW2(config-if)#spanning-tree cost 128
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Which Python code snippet must be added to the script to save the returned configuration as a JSON-formatted file?

save_JSON_formatted.jpg

A. with open(“ifaces.json”, “w”) as OutFile:
OutFile.write(Response.text)

B. with open(“ifaces.json”, “w”) as OutFile:
OutFile.write(Response.json())

C. with open(“ifaces.json”, “w”) as OutFile:
JSONResponse = json.loads(Response.text)
OutFile.write(JSONResponse)

D. with open(“ifaces.json”, “w”) as OutFile:
OutFile.write(Response)

A

A. with open(“ifaces.json”, “w”) as OutFile:
OutFile.write(Response.text)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Refer to the exhibit.

ERSPAN_config_2.jpg

An engineer must configure an ERSPAN session with the remote end of the session 10.10.0.1. Which commands must be added to complete the configuration?

A.

Device(config)# monitor session 1 type erspan-source
Device(config-mon-erspan-src)# destination
Device(config-mon-erspan-src-dst)#no origin ip address 10.10.0.1
Device(config-mon-erspan-src-dst)#ip address 10.10.0.1

B.

Device(config)# monitor session 1 type erspan-destination
Device(config-mon-erspan-src)# source
Device(config-mon-erspan-src-dst)#origin ip address 10.1.0.1

C.

Device(config)# monitor session 1 type erspan-source
Device(config-mon-erspan-src)# destination
Device(config-mon-erspan-src-dst)#no origin ip address 10.10.0.1
Device(config-mon-erspan-src-dst)#ip destination address 10.10.0.1

D.

Device(config)# monitor session 1 type erspan-source
Device(config-mon-erspan-src)# destination
Device(config-mon-erspan-src-dst)#no vrf 1
A

A.

Device(config)# monitor session 1 type erspan-source
Device(config-mon-erspan-src)# destination
Device(config-mon-erspan-src-dst)#no origin ip address 10.10.0.1
Device(config-mon-erspan-src-dst)#ip address 10.10.0.1
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Refer to the exhibit.

Etherchannel_error_2.jpg

The administrator troubleshoots an Etherchannel that keeps moving to err-disabled. Which two actions must be taken to resolve the issue? (Choose two)

A. Reload the switch to force EtherChannel renegotiation

B. Ensure that interfaces Gi1/0/2 and Gi1/0/3 connect to the same neighboring switch

C. Ensure that the neighbor interfaces of Gi1/0/2 and Gi1/0/3 are configured as members of the same EtherChannel

D. Ensure that the corresponding port channel interface on the neighbor switch is named Port-channel1

E. Ensure that the switchport parameters of Port-channel 1 match the parameters of the port channel on the neighbor switch

A

C. Ensure that the neighbor interfaces of Gi1/0/2 and Gi1/0/3 are configured as members of the same EtherChannel

E. Ensure that the switchport parameters of Port-channel 1 match the parameters of the port channel on the neighbor switch

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Drag and drop the snippets onto the blanks within the code to construct a script that shows all logging that occurred on the appliance from Sunday until 9:00 p.m Thursday. Not all options are used.

EEM_config.jpg

A

1 – 0 21 * * 0-4
2 – 3.0
3 – redirect ftp://cisco:cisco@192.168.1.1

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

On Premise x Cloud

A

On Premises:
+ Infrastructure requires large and regular investments.
+ It requires capacity planning for power and cooling.

Cloud:
+ Capacity easily sales up or down.
+ It enables users to access resources from anywhere.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Which definition describes JWT in regard to REST API security?

A. an encrypted JSON token that is used for authentication
B. an encrypted JSON token that is used for authorization
C. an encoded JSON token that is used to securely exchange information
D. an encoded JSON token that is used for authentication

A

C. an encoded JSON token that is used to securely exchange information

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

EIGRP x OSPF

A

EIGRP
+ sends hello packets every 5 seconds on high-bandwidth links

OSPF
+ cost is based on interface bandwidth
+ uses virtual links to link an area that does not have a connection to the backbone

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

What happens when a FlexConnect AP changes to standalone mode?

A. All controller dependent activities stops working except DFS
B. Only clients on central switching WLANs stay connected
C. All clients roaming continues to work
D. All clients on all WLANs are disconnected

A

A. All controller dependent activities stops working except DFS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Which two Cisco SD-Access components provide communication between traditional network elements and controller layer? (Choose two)

A. network data platform
B. network underlay
C. fabric overlay
D. network control platform
E. partner ecosystem

A

B. network underlay

C. fabric overlay

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

What is one difference between EIGRP and OSPF?

A. OSPF is a Cisco proprietary protocol, and EIGRP is an IETF open standard protocol.

B. EIGRP uses the DUAL distance vector algorithm, and OSPF uses the Dijkstra link-state algorithm

C. EIGRP uses the variance command lot unequal cost load balancing, and OSPF supports unequal cost balancing by default.

D. OSPF uses the DUAL distance vector algorithm, and EIGRP uses the Dijkstra link-state algorithm

A

B. EIGRP uses the DUAL distance vector algorithm, and OSPF uses the Dijkstra link-state algorithm

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Which function does a fabric wireless LAN controller perform in a Cisco SD-Access deployment?

A. performs the assurance engine role for both wired and wireless clients

B. coordinates configuration of autonomous nonfabric access points within the fabric

C. manages fabric-enabled APs and forwards client registration and roaming information to the Control Plane Node

D. is dedicated to onboard clients in fabric-enabled and nonfabric-enabled APs within the fabric

A

C. manages fabric-enabled APs and forwards client registration and roaming information to the Control Plane Node

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Chef x SaltStack

A

Chef
+ communicates using knife tool
+ procedural

SaltStack
+ declarative
+ communicates through SSH

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

Refer to the exhibit.

trunking_native_VLAN_mismatch.jpg

An engineer must set up connectivity between a campus aggregation layer and a branch office access layer. The engineer uses dynamic trunking protocol to establish this connection, however, management traffic on VLAN1 is not passing. Which action resolves the issue and allow communication for all configured VLANs?

A. Allow all VLANs on the trunk links
B. Disable Spanning Tree for the native VLAN
C. Change both interfaces to access ports
D. Configure the correct native VLAN on the remote interface

A

D. Configure the correct native VLAN on the remote interface

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

How must network management traffic be treated when defining QoS policies?

A. as delay-sensitive traffic in a low latency queue
B. using minimal bandwidth guarantee
C. using the same marking as IP routing
D. as best effort

A

A. as delay-sensitive traffic in a low latency queue

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

Refer to the exhibit.

IP_SLA_config.jpg

Which command set is needed to configure and verify router R3 to measure the response time from router R3 to the file server located in the data center?

Option A

ip sla 6
icmp-echo 172.29.139.134 source-ip 172.29.139.132
frequency 300
ip sla schedule 6 start-time now

show ip protocol

Option B

ip sla 6
icmp-echo 172.29.139.134 source-ip 172.29.139.132
frequency 300
ip sla schedule 6 start-time now

Option C

ip sla 6
icmp-echo 10.0.1.3 source-ip 10.0.0.3
frequency 300
ip sla schedule 6 life forever start-time now

show ip sla statistics 6

Option D

ip sla 6
icmp-echo 10.0.1.3 source-ip 10.0.0.3
frequency 300
ip sla schedule 6 life forever start-time now

show ip protocol
A

Option C

ip sla 6
icmp-echo 10.0.1.3 source-ip 10.0.0.3
frequency 300
ip sla schedule 6 life forever start-time now

show ip sla statistics 6
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

What are the main components of Cisco TrustSec?

A. Cisco ISE and Enterprise Directory Services
B. Cisco ISE, network switches, firewalls, and routers
C. Cisco ISE and TACACS+
D. Cisco ASA and Cisco Firepower Threat Defense

A

B. Cisco ISE, network switches, firewalls, and routers

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

Refer to the exhibit.

API_request.jpg

What is the result of the API request?

A. The information for all interfaces is read from the network appliance
B. The native interface information is read from the network appliance
C. The “params” variable sends data fields to the network appliance
D. The “params” variable reads data fields from the network appliance

A

A. The information for all interfaces is read from the network appliance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

What is a TLOC in a Cisco SD-WAN deployment?

A. value that identifies a specific tunnel within the Cisco SD-WAN overlay
B. identifier that represents a specific service offered by nodes within the Cisco SD-WAN overlay
C. attribute that acts as a next hop for network prefixes
D. component set by the administrator to differentiate similar nodes that offer a common service

A

C. attribute that acts as a next hop for network prefixes

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

Which Cisco FlexConnect state allows wireless users that are connected to the network to continue working after the connection to the WLC has been lost?

A. Authentication Down/Switching Down
B. Authentication-Central/Switch-Local
C. Authentication-Down/Switch-Local
D. Authentication-Central/Switch-Central

A

C. Authentication-Down/Switch-Local

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

Refer to the exhibit.

CoPP_config_SSH.jpg

Which commands are required to allow SSH connection to the router?

Option A

Router(config)#access-list 10 permit tcp any eq 22 any
Router(config)#class-map class-ssh
Router(config-cmap)#match access-group 10
Router(config)#policy-map CoPP
Router(config-pmap)#class class-ssh
Router(config-pmap-c)#police 100000 conform-action transmit

Option B

Router(config)#access-list 100 permit udp any any eq 22
Router(config)#access-list 101 permit tcp any any eq 22
Router(config)#class-map class-ssh
Router(config-cmap)#match access-group 101
Router(config)#policy-map CoPP
Router(config-pmap)#police 100000 conform-action transmit

Option C

Router(config)#access-list 100 permit tcp any eq 22 any
Router(config)#class-map class-ssh
Router(config-cmap)#match access-group 10
Router(config)#policy-map CoPP
Router(config-pmap)#class class-ssh
Router(config-pmap-c)#police 100000 conform-action transmit

Option D

Router(config)#access-list 100 permit tcp any any eq 22
Router(config)#access-list 101 permit tcp any any eq 22
Router(config)#class-map class-ssh
Router(config-cmap)#match access-group 101
Router(config)#policy-map CoPP
Router(config-pmap)#class class-ssh
Router(config-pmap-c)#police 100000 conform-action transmit
A

Option D
Router(config)#access-list 100 permit tcp any any eq 22
Router(config)#access-list 101 permit tcp any any eq 22
Router(config)#class-map class-ssh
Router(config-cmap)#match access-group 101
Router(config)#policy-map CoPP
Router(config-pmap)#class class-ssh
Router(config-pmap-c)#police 100000 conform-action transmit

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

Refer to the exhibit.

CoPP_monitor_SNMP.jpg

An engineer must configure and validate a CoPP policy that allows the network management server to monitor router R1 via SNMP while protecting the control plane. Which two commands or command sets must be used? (Choose two)

A. show quality-of-service-profile

B. show ip interface brief

C. access-list 150 permit udp 10.0.1.4 0.0.0.0 host 10.0.1.2 eq snmp

class-map match-all CoPP-management
match access-group 150

policy-map CoPP-policy
class CoPP-management
police 8000 conform-action transmit exceed-action transmit
violate-action transmit

control-plane
service-policy input CoPP-policy

D. show policy-map control-plane

A

C. access-list 150 permit udp 10.0.1.4 0.0.0.0 host 10.0.1.2 eq snmp

class-map match-all CoPP-management
match access-group 150

policy-map CoPP-policy
class CoPP-management
police 8000 conform-action transmit exceed-action transmit
violate-action transmit

control-plane
service-policy input CoPP-policy

D. show policy-map control-plane

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

How do EIGRP metrics compare to OSPF metrics?

A. The EIGRP administrative distance for external routes is 170, and the OSPF administrative distance for external routes is 110
B. EIGRP uses the Dijkstra algorithm, and OSPF uses The DUAL algorithm
C. The EIGRP administrative distance for external routes is 170, and the OSPF administrative distance for external routes is undefined
D. EIGRP metrics are based on a combination of bandwidth and packet loss, and OSPF metrics are based on interface bandwidth

A

A. The EIGRP administrative distance for external routes is 170, and the OSPF administrative distance for external routes is 110

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

A network engineer is configuring OSPF on a router. The engineer wants to prevent having a route to 177.16.0.0/16 learned via OSPF in the routing table and configures a prefix list using the command ip prefix-list OFFICE seq 5 deny 172.16.0.0/16. Which two identical configuration commands must be applied to accomplish the goal? (Choose two)

A. distribute-list prefix OFFICE in under the OSPF process
B. ip prefix-list OFFICE seq 10 permit 0.0.0.0/0 le 32
C. ip prefix-list OFFICE seq 10 permit 0.0.0.0/0 ge 32
D. distribute-list OFFICE out under the OSPF process
E. distribute-list OFFICE in under the OSPF process

A

A. distribute-list prefix OFFICE in under the OSPF process
B. ip prefix-list OFFICE seq 10 permit 0.0.0.0/0 le 32

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

Which two features does the Cisco SD-Access architecture add to a traditional campus network? (Choose two)

A. private VLANs
B. software-defined segmentation
C. SD-WAN
D. identity services
E. modular QoS

A

B. software-defined segmentation

D. identity services

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q

Which feature is used to propagate ARP broadcast, and link-local frames across a Cisco SD-Access fabric to address connectivity needs for silent hosts that require reception of traffic to start communicating?

A. Native Fabric Multicast
B. Layer 2 Flooding
C. SOA Transit
D. Multisite Fabric

A

B. Layer 2 Flooding

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
36
Q

An engineer must configure a new loopback interface on a router and advertise the interface as a /24 in OSPF. Which command set accomplishes this task?

A.

R2(config)#interface Loopback0
R2(config-if)#ip address 172.22.2.1 255.255.255.0
R2(config-if)#ip ospf 100 area 0

B.

R2(config)#interface Loopback0
R2(config-if)#ip address 172.22.2.1 255.255.255.0
R2(config-if)#ip ospf network broadcast
R2(config-if)#ip ospf 100 area 0

C.

R2(config)#interface Loopback0
R2(config-if)#ip address 172.22.2.1 255.255.255.0
R2(config-if)#ip ospf network point-to-multipoint
R2(config-if)#router ospf 100
R2(config-router)#network 172.22.2.0 0.0.0.255 area 0

D.

R2(config)#interface Loopback0
R2(config-if)#ip address 172.22.2.1 255.255.255.0
R2(config-if)#ip ospf network point-to-point
R2(config-if)#ip ospf 100 area 0
A

D.

R2(config)#interface Loopback0
R2(config-if)#ip address 172.22.2.1 255.255.255.0
R2(config-if)#ip ospf network point-to-point
R2(config-if)#ip ospf 100 area 0
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
37
Q

Question 37

What is one characteristic of the Cisco SD-Access control plane?

A. It stores remote routes in a centralized database server
B. Each router processes every possible destination and route
C. It allows host mobility only in the wireless network
D. It is based on VXLAN technology

A

A. It stores remote routes in a centralized database server

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
38
Q

An engineer must configure a router to leak routes between two VRFs. Which configuration must the engineer apply?

Option A
Option B
Option C
Option D

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
39
Q

Refer to the exhibit.

restconf
!
ip http server
ip http authentication local
ip http secure-server
!

Which command must be configured for RESTCONF to operate on port 8888?

A. ip http port 8888
B. restconf port 8888
C. ip http restconf port 8888
D. restconf http port 8888

A

A. ip http port 8888

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
40
Q

If the maximum power level assignment for global TPC 802.11a/n/ac is configured to 10 dBm, which power level effectively doubles the transmit power?

A. 13dBm
B. 14dBm
C. 17dBm
D. 20dBm

A

A. 13dBm

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
41
Q

Which benefit is realized by implementing SSO?

A. IP first-hop redundancy
B. communication between different nodes for cluster setup
C. physical link redundancy
D. minimal network downtime following an RP switchover

A

D. minimal network downtime following an RP switchover

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
42
Q

What is a characteristic of a type 2 hypervisor?

A. ideal for client/end-user system
B. complicated deployment
C. ideal for data center
D. referred to as bare-metal

A

A. ideal for client/end-user system

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
43
Q

Refer to the exhibit.

GRE_config.jpg

An engineer configures routing between all routers and must build a configuration to connect R1 to R3 via a GRE tunnel. Which configuration must be applied?

Option A

R1
interface Tunnel1
ip address 1.1.1.13 255.255.255.0
tunnel source Loopback0
tunnel destination x.y.z.110

R3
interface Tunnel1
ip address 1.1.1.31 255.255.255.0
tunnel source Loopback0
tunnel destination x.y.z.125

Option B

R1
interface Tunnel1
ip address 1.1.1.13 255.255.255.0
tunnel source Loopback0
tunnel destination x.y.z.160

R3
interface Tunnel1
ip address 1.1.1.31 255.255.255.0
tunnel source Loopback0
tunnel destination x.y.z.110

Option C

R1
interface Tunnel1
ip address 1.1.1.13 255.255.255.0
tunnel source Loopback0
tunnel destination x.y.z.110

R3
interface Tunnel1
ip address 1.1.1.31 255.255.255.0
tunnel source Loopback0
tunnel destination x.y.z.160

Option D

R1
interface Tunnel2
ip address 1.1.1.12 255.255.255.0
tunnel source Loopback0
tunnel destination x.y.z.125

R2
interface Tunnel1
ip address 1.1.1.125 255.255.255.0
tunnel source Loopback0
tunnel destination x.y.z.110
interface Tunnel3
ip address 1.1.1.125 255.255.255.0
tunnel source Loopback0
tunnel destination x.y.z.160
A

Option B
R1
interface Tunnel1
ip address 1.1.1.13 255.255.255.0
tunnel source Loopback0
tunnel destination x.y.z.160

R3
interface Tunnel1
ip address 1.1.1.31 255.255.255.0
tunnel source Loopback0
tunnel destination x.y.z.110

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
44
Q

Refer to the exhibit.

OSPF_no_advertise.jpg

An engineer must allow R1 to advertise the 192.168.1.0/24 network to R2. R1 must perform this action without sending OSPF packets to SW1. Which command set should be applied?

A. R1(config)#router ospf 1
R1(config-router)#no passive-interface gig0/0

B. R1(config)#interface gig0/0
R1(config-if)#ip ospf hello-interval 0

C. R1(config)#router ospf 1
R1(config-router)#passive-interface gig0/0

D. R1(config)#interface gig0/0
R1(config-if)#ip ospf hello-interval 65535

A

C. R1(config)#router ospf 1
R1(config-router)#passive-interface gig0/0

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
45
Q

What is an OVF?

A. a package of files that is used to describe a virtual machine or virtual appliance

B. an alternative form of an ISO that is used to install the base operating system of a virtual machine

C. the third step in a P2V migration

D. a package that is similar to an IMG and that contains an OVA file used to build a virtual machine

A

A. a package of files that is used to describe a virtual machine or virtual appliance

46
Q

How do stratum levels relate to the distance from a time source?

A. Stratum 1 devices are connected directly to an authoritative time source
B. Stratum 15 devices are an authoritative time source
C. Stratum 0 devices are connected directly to an authoritative time source
D. Stratum 15 devices are connected directly to an authoritative time source

A

A. Stratum 1 devices are connected directly to an authoritative time source

47
Q

What is one main REST security design principle?

A. confidential algorithms
B. separation of privilege
C. OAuth
D. password hashing

A

B. separation of privilege

48
Q

Refer to the exhibit.

https://192.168.43.103/restconf/data/ietf-interfaces/interfaces/interface-Loopback100

What does the response “204 No Contentmean for the REST API request?

A. Interface loopback 100 is removed from the configuration.
B. Interface loopback 100 is not removed from the configuration.
C. The DELETE method is not supported.
D. Interface loopback 100 is not found in the configuration.

A

A. Interface loopback 100 is removed from the configuration.

49
Q

Which LISP component decapsulates messages and forwards them to the map server responsible for the egress tunnel routers?

A. Map Resolver
B. Router Locator
C. Proxy ETR
D. Ingress Tunnel Router

A

A. Map Resolver

50
Q

Which character formatting is required for DHCP Option 43 to function with current AP models?

A. MD5
B. ASCII
C. Hex
D. Base64

A

C. Hex

51
Q

Where are operations related to software images located in the Cisco DNA Center GUI?

A. Provisioning
B. Services
C. Design
D. Assurance

A

C. Design

52
Q

Which benefit is provided by the Cisco DNA Center telemetry feature?

A. aids in the deployment network configurations
B. inventories network devices
C. improves the user experience
D. provides improved network security

A

B. inventories network devices

53
Q

What is one requirement when mobility tunnels are used between WLCs?

A. There must not be a firewall between the WLCs.
B. The WLCs must use the same DHCP server.
C. WLC IP ranges must be on the same subnet.
D. Mobility tunnels must be created over Layer 3 networks.

A

D. Mobility tunnels must be created over Layer 3 networks.

54
Q

Which two Cisco SD-WAN components exchange OMP information? (Choose two)

A. WAN Edge
B. vAnalytics
C. vBond
D. vSmart
E. vManage

A

A. WAN Edge
D. vSmart

55
Q

Which two prerequisites must be met before Cisco DNA Center can provision a device? (Choose two)

A. Cisco DNA Center must have the software image for the provisioned device in its image repository.

B. The provisioned device must be put into bootloader mode.

C. The provisioned device must be configured with cli and snmp credentials that are known to DNA center.

D. Cisco DNA Center must have IP connectivity to the provisioned device.

E. The provisioned device must recognize Cisco DNA Center as its LLDP neighbor.

A

C. The provisioned device must be configured with cli and snmp credentials that are known to DNA center.

D. Cisco DNA Center must have IP connectivity to the provisioned device.

56
Q

What are two benefits of implementing a traditional WAN instead of an SD-WAN solution? (Choose two)

A. simplified troubleshooting
B. comprehensive configuration standardization
C. faster fault detection
D. lower control plane abstraction
E. lower data plane overhead

A

D. lower control plane abstraction

E. lower data plane overhead

57
Q

Procedural x Declarative

A

Procedural
+ Administrators require deep syntax and context knowledge for the configured entities
+ This model defines a set of commands that must be executed in a certain order for the system to achieve the desired state

Declarative
+ This model states what is wanted but not how it is achieved
+ Puppet is tool that uses this configuration model

58
Q

Ansible x Puppet

A

Ansible
+ assesses the impact of changes before applied
+ agentless automation platform

Puppet
+ provides intent-based networking feedback loop
+ agent or agentless automation platform

59
Q

Drag and drop the characteristics from the left onto the correct places on the right.

SD-Access

A

CTS: Fabric Security Policy
LISP: Fabric control Plane
VXLAN: Fabric data plane
BGP: external connectivity from fabric

Note: CTS is short for Cisco Trust Security

60
Q

What is the recommended minimum SNR for data applications on wireless networks?

A. 10
B. 25
C. 15
D. 20

A

D. 20

61
Q

What does the destination MAC on the outer MAC header identify in a VXLAN packet?

A. the next hop
B. the remote spine
C. the remote switch
D. the leaf switch

A

A. the next hop

62
Q

What is one method for achieving REST API security?

A. using HTTPS and TLS encryption
B. using a MD5 hash to verify the integrity
C. using built-in protocols known as Web Services Security
D. using a combination of XML encryption and XML signatures

A

A. using HTTPS and TLS encryption

63
Q

Which action occurs during a Layer 3 roam?

A. Client receives a new ip address after getting authenticated

B. The client is marked as “Foreign” on the original controller

C. Client database entry is moved from the old controller to the new controller

D. Client traffic is tunneled back to the original controller after a Layer 3 roam occurs

A

D. Client traffic is tunneled back to the original controller after a Layer 3 roam occurs

64
Q

What is a characteristic of the overlay network in the Cisco SD-Access architecture?

A. It uses a traditional routed access design to provide performance and high availability to the network

B. It provides multicast support to enable Layer 2 flooding capability in the Underlay

C. It consists of a group of physical routers and switches that are used to maintain the network

D. It provides isolation among the virtual networks and independence from the physical network

A

D. It provides isolation among the virtual networks and independence from the physical network

65
Q

What is one characteristic of Cisco DNA Center and vManage northbound APIs?

A. They push configuration changes down to devices.
B. They implement the RESTCONF protocol.
C. They exchange XML-formatted content.
D. They implement the NETCONF protocol.

A

C. They exchange XML-formatted content.

66
Q

A company requires a wireless solution to support its main office and multiple branch locations. All sites have local Internet connections and a link to the main office for corporate connectivity. The branch offices are managed centrally. Which solution should the company choose?

A. Cisco DNA Spaces
B. Cisco Mobility Express
C. Cisco Unified Wireless Network
D. Cisco Catalyst switch with embedded controller

A

C. Cisco Unified Wireless Network

67
Q

A system must validate access rights to all its resources and must not rely on a cached permission matrix. If the access level to a given resource is revoked but is not reflected in the permission matrix, the security is violated. Which term refers to this REST security design principle?

A. least common mechanism
B. separation of privilege
C. Economy mechanism
D. Complete mediation

A

D. Complete mediation

68
Q

An administrator is configuring NETCONF using the following XML string. What must the administrator end the request with?

NETCONF_XML.jpg

A. </rpc-reply>
B. </rpc>]]>]]>
C. <pc message-id=”9.0″><notification-off/>
D. </rpc>

A

B. </rpc>]]>]]>

69
Q

Which configuration enables a Cisco router to send information to a TACACS+ server for individual EXEC commands associated with privilege level 15?

A. Router(config)# aaa accounting exec default start-stop group tacacs+

B. Router(config)# aaa authorization exec default group tacacs+

C. Router(config)# aaa accounting commands 15 default start-stop group tacacs+

D. Router(config)# aaa authorization commands 15 default group tacacs+

A

C. Router(config)# aaa accounting commands 15 default start-stop group tacacs+

70
Q

An engineer must configure the wireless endpoints to authenticate using Active Directory credentials in an encrypted tunnel in addition to using a hashed password. Which action is required?

A. Configure PEAP with GTC
B. Configure EAP-TLS with MSCHAP v2
C. Configure PEAP with MSCHAP v2
D. Configure EAP-TLS with GTC

A

C. Configure PEAP with MSCHAP v2

71
Q

Refer to the exhibit.

ping_vrf.jpg

A network engineer checks connectivity between two routers. The Engineer can ping the remote endpoint but cannot see the arp entry. why is there no arp entry?

A. Interface Fastethernet 0/0 is configured in vrf CUST-A so the arp entry is also in that VRF.
B. When VRFs are used, ARP protocol must be enabled in each VRF.
C. When VRFs are used, ARP protocol is disabled in the global routing table.
D. The ping command must be executed in the global routing table.

A

A. Interface Fastethernet 0/0 is configured in vrf CUST-A so the arp entry is also in that VRF.

72
Q

Refer to the exhibit.

AAA_authentication_tacacs.jpg

A network engineer must configure the router to use the ISE-Servers group for authentication. If both ISE servers are unavailable, the local username database must be used. If no usernames are defined in the configuration, then the enable password must be the last to log in. which config must be applied to achieve this result?

A. aaa authentication log error-enable
aaa authentication login default group enable local ISE-Server
B. aaa authentication login default group ISE-Servers local enable.
C. aaa authentication login default group enable local ISE-Server.
D. aaa authorization exec default group ISE-Servers local enable

A

B. aaa authentication login default group ISE-Servers local enable

73
Q

Which python snippet should be used to store the device data structure in a JSON file?

Image

A.

with open(“devices.json”,”w”) as OutFile:
Devices = json.load(OutFile)

B.

OutFile = open(“devices.json”,”w”)
json.dump(Devices, OutFile)
OutFile.Close()

C.

with open(“devices.json”,”w”) as OutFile:
json.dumps(Devices)

D.

OutFile = open(“devices.json”,”w”)
OutFile.write(str(Devices))
OutFile.close()
A

D.

OutFile = open(“devices.json”,”w”)
OutFile.write(str(Devices))
OutFile.close()

OutFile.Close() com o “C” maiúsculo não existe! Por isso, a str(Devices) é a mais correta.

74
Q

Refer to the Exhibit.

traceroute.jpg

Users cannot reach the webserver at 192.168.100.1. what is the root cause of the failure?

A. The gateway cannot translate the server domain.
B. The server is attempting to load balance between links 10.100.100.1 an 10.100.200.1
C. The server is out of service
D. There is loop in the path to the server

A

D. There is loop in the path to the server

75
Q

Drag and drop the configs from the bottom onto the correct places.

EEM.jpg

A
  1. [event syslog pattern]
  2. [“enable”]
  3. [|append flash]
76
Q

Drag and drop the characteristics from the left onto the correct places on the right.

A

MAC Address table
+ used to make layer 2 forwarding decisions
+ records MAC address, port of arrival, vlan and timestamps

TCAM table
+ used to build IP Routing tables
+ stores ACL, QOS and other upper layer information

77
Q

Drag and drop the characteristics from the left onto the correct places on the right.

LISP component 3

A

RLOC: IPV4 or IPV6 address of an egress tunnel router that is internet facing or network core facing

map resolver: receives map-request messages from ITR and searches for appropriate ETR by consulting mapping database

ITR: Encapsulates LISP packets coming from inside of LISP site to destinations outside of the site

78
Q

An engineer must design a wireless network to primarily support 5-GHz clients. The clients do not support the UNII-2c portion of the 5-GHz band. Due to application bandwidth requirements, the engineer uses 40-MHz channels. Which design consideration must be made in this scenario?

A. There are 12 overlapping channels available.
B. There are four non overlapping channel available.
C. There are 25 overlapping channels available.
D. There are six non-overlapping channels available.

A

B. There are four non overlapping channel available.

79
Q

Refer to the exhibit.

BGP_path_seclection.jpg

After configuring the BGP network, an engineer verifies that the path between Server1 and Server2 is functional. Why did RouterSF choose the route from RouterDAL instead of the route from RouterCHI?

A. The Router-ID for Router DAL is lower than the Router-ID for RouterCHI.
B. The route from RouterDAL has a lower MED.
C. BGP is not running on RouterCHI.
D. There is a static route in RouterSF for 10.0.0.0/24.

A

A. The Router-ID for Router DAL is lower than the Router-ID for RouterCHI.

80
Q

What is a characteristic of a Type 1 hypervisor?

A. It is installed on an operating system and supports other operating systems above it.
B. It is completely independent of the operating system.
C. Problems in the base operating system can affect the entire system.
D. It is referred to as a hosted hypervisor.

A

B. It is completely independent of the operating system.

81
Q

Refer to the exhibit.

BGP_advertise_networks.jpg

An engineer must configure an eBGP neighborship to Router B on Router A. The network that is connected to G0/1 on Router A must be advertised to Router B. Which configuration should be applied?

A. router bgp 65001
neighbor 10.0.1.2 remote-as 65002
redistribute static

B. router bgp 65002
neighbor 10.0.1.2 remote-as 65002
network 10.0.2.0 255.255.255.0

C. router bgp 65001
neighbor 10.0.1.2 remote-as 65002
network 10.0.1.0 255.255.255.0

D. router bgp 65001
neighbor 10.0.1.2 remote-as 65002
network 10.0.2.0 255.255.255.0

A

D. router bgp 65001
neighbor 10.0.1.2 remote-as 65002
network 10.0.2.0 255.255.255.0

82
Q

Refer to the exhibit.

ERSPAN_filter.jpg

An engineer configures the trunk and proceeds to configure an ERSPAN session to monitor VLANs 10, 20, and 30. Which command must be added to complete this configuration?

A. Device(config-mon-erspan-src-dst)# mtu 1460
B. Device(config-mon-erspan-src-dst)# no vrf 1
C. Device(config-mon-erspan-src-dst)# erspan id 6
D. Device(config-mon-erspan-src)# no filter vlan 30

A

D. Device(config-mon-erspan-src)# no filter vlan 30

83
Q

Refer to the exhibit.

Python_json_file_output.jpg

How should the script be completed so that each device configuration is saved into a JSON-formatted file under the device name?

A. Append to the body of the for loop:
with open(f”{Hostname}.json”, “w”) as OutFile:
OutFile.write(Response.text)

B. Insert after the for loop:
with open(f”{Hostname}.json”, “w”) as OutFile:
OutFile.write(json.dumps(Response.text))

C. Insert after the for loop:
with open(f”{Hostname}.json”, “w”) as OutFile:
OutFile.write(Response)

D. Insert immediately before the for loop:
with open(f”{Hostname}.json”, “w”) as OutFile:
OutFile.write(json.load(Devices))

A

A.
Append to the body of the for loop:
with open(f”{Hostname}.json”, “w”) as OutFile:
OutFile.write(Response.text)

84
Q

Refer to the exhibit.

eem_critical_level.jpg

Which EEM script generates a critical-level syslog message and saves a copy of the running configuration to the bootflash when an administrator saves the running configuration to the startup configuration?

A.

action 1.0 cli command “enable”
action 2.0 cli command “configure terminal”
action 3.0 cli command “file prompt quiet”
action 4.0 cli command “end”
action 5.0 cli command copy running-config bootflash:/current_config.txt
action 6.0 cli command “configure terminal”
action 7.0 cli command “no file prompt quiet”
action 8.0 syslog priority critical msg “Configuration saved and copied to bootflash”

B.

action 1.0 cli command copy running-config bootflash:/current_config.txt
action 2.0 syslog msg “Configuration saved and copied to bootflash”

C.

action 1.0 cli command copy running-config bootflash:/current_config.txt
action 2.0 syslog priority critical msg “Configuration saved and copied to bootflash”

D.

action 1.0 cli command “enable”
action 2.0 cli command “file prompt quiet”
action 3.0 cli command copy running-config bootflash:/current_config.txt
action 4.0 cli command “no file prompt quiet”
action 5.0 syslog priority critical msg “Configuration saved and copied to bootflash”
A

A. action 1.0 cli command “enable”
action 2.0 cli command “configure terminal”
action 3.0 cli command “file prompt quiet”
action 4.0 cli command “end”
action 5.0 cli command copy running-config bootflash:/current_config.txt
action 6.0 cli command “configure terminal”
action 7.0 cli command “no file prompt quiet”
action 8.0 syslog priority critical msg “Configuration saved and copied to bootflash”

85
Q

Refer to the exhibit.

code_xml.jpg

What is achieved by this code?

A. It displays the loopback interface
B. It renames the loopback interface
C. It deletes the loopback interface
D. It unshuts the loopback interface

A

D. It unshuts the loopback interface

86
Q

Refer to the exhibit.

acl_block_telnet.jpg

A network engineer must block Telnet traffic from hosts in the range of 10.100.2.248 to 10.100.2.255 to the network 10.100.3.0 and permit everything else. Which configuration must the engineer apply?

A.
RouterB(config)# access-list 101 deny tcp 10.100.2.0 0.0.0.248 10.100.3.0 0.0.0.255 eq 22
RouterB(config)# access-list 101 permit any any
RouterB(config)# int g0/0/2
RouterB(config-if)# ip access-group 101 in

B.
RouterB(config)# access-list 101 deny icmp 10.100.2.0 0.0.0.248 10.100.2.0 0.0.0.248
RouterB(config)#access-list 101 permit any any
RouterB(config)#int g0/0/2
RouterB(config-if)# ip access-group 101 in

C.
RouterB(config)# access-list 101 deny tcp 10.100.2.0 0.0.0.248 10.100.3.0 0.0.0.255 eq 23
RouterB(conrig)# access-list 101 permit any any
RouterB(config)# int g0/0/2
RouterB(config-if)# ip access-group 101 in

D.
RouterB(config)# access-list 101 permit tcp 10.100.2.0 0.0.0.252 10.100.3.0 0.0.0.255
RouterB(config)# int g0/0/2
RouterB(config-if)# ip access-group 101 in

A

C.
RouterB(config)# access-list 101 deny tcp 10.100.2.0 0.0.0.248 10.100.3.0 0.0.0.255 eq 23
RouterB(conrig)# access-list 101 permit any any
RouterB(config)# int g0/0/2
RouterB(config-if)# ip access-group 101 in

87
Q

What is a characteristics of a vSwitch?

A. enables VMs to communicate with each other within a virtualized server
B. supports advanced Layer 3 routing protocols that are not offered by a hardware switch
C. has higher performance than a hardware switch
D. operates as a hub and broadcasts the traffic toward all the vPorts

A

A. enables VMs to communicate with each other within a virtualized server

88
Q

Refer to the exhibit.

event manager applet config-alert
event cli pattern “conf t.*” sync yes

A network engineer must be notified when a user switches to configuration mode. Which script should be applied to receive an SNMP trap and a critical-level log message?

A.
action 1.0 snmp-trap strdata “Configuration change alarm”
action 2.0 syslog msg “Configuration change alarm”

B.
action 1.0 snmp-trap strdata “Configuration change critical alarm”

C.
action 1.0 snmp-trap strdata “Configuration change alarm”
action 1.0 syslog priority critical msg “Configuration change alarm”

D.
action 1.0 snmp-trap strdata “Configuration change alarm”
action 1.1 syslog priority critical msg “Configuration change alarm”

A

D.
action 1.0 snmp-trap strdata “Configuration change alarm”
action 1.1 syslog priority critical msg “Configuration change alarm”

89
Q

On Premises x Cloud

A

On-Premises
+ It is responsible for hardware maintenance
+ Scalability requires time and effort

Cloud-Based
+ It provides on-demand scalability
+ Maintenance is handled by a third party

90
Q

Which option works with a DHCP server to return at least one WLAN management interface IP address during the discovery phase and is dependent upon the VCI of the AP?

A. Option 43
B. Option 42
C. Option 125
D. Option 15

A

A. Option 43

91
Q

Refer to the exhibit.

NETCONF_AAA.jpg

An engineer tries to log in to router R1. Which configuration enables a successful login?

A.
R1#username admin privilege 15
aaa authorization exec default local
netconf-yang

B.
R1# netconf-yang
username admin privilege 15 secret cisco123
aaa new-model
aaa authorization exec default local

C.
R1# aaa new-model
aaa authorization exec default local
enable aaa admin privilege 15

D.
R1# username admin privilege 15
aaa authorization exec default local

A

B.
R1# netconf-yang
username admin privilege 15 secret cisco123
aaa new-model
aaa authorization exec default local

92
Q

Which component transports data plane traffic across a Cisco SD-WAN network?

A. vSmart
B. vManage
C. vEdge
D. vBond

A

C. vEdge

93
Q

Which type of tunnel is required between two WLCs to enable intercontroller roaming?

A. mobility
B. LWAPP
C. iPsec
D. CAPWAP

A

A. mobility

94
Q

Refer to the exhibit.

OSPF_avoid_attack.jpg

An attacker can advertise OSPF fake routes from 172.16.20.0 network to the OSPF domain and black hole traffic. Which action must be taken to avoid this attack and still be able to advertise this subnet into OSPF?

A. Configure 172.16.20.0 as a stub network.
B. Configure graceful restart on the 172.16.20.0 interface.
C. Configure a passive interface on R2 toward 172.16.20.0.
D. Apply a policy to filter OSPF packets on R2.

A

C. Configure a passive interface on R2 toward 172.16.20.0.

95
Q

Refer to the exhibit.

ip sla 100
 udp-echo 10.10.10.15 6336
 frequency 30

An engineer has configured an IP SLA for UDP echo’s. Which command is needed to start the IP SLA to test every 30 seconds and continue until stopped?

A. ip sla schedule 100 life forever
B. ip sla schedule 30 start-time now life forever
C. ip sla schedule 100 start-time now life 30
D. ip sla schedule 100 start-time now life forever

A

D. ip sla schedule 100 start-time now life forever

96
Q

Which two characteristics apply to the endpoint security aspect of the Cisco Threat Defense architecture? (Choose two)

A. outbound URL analysis and data transfer controls
B. detect and block ransomware in email attachments
C. cloud-based analysis of threats
D. blocking of fileless malware in real time
E. user context analysis

A

A. outbound URL analysis and data transfer controls

D. blocking of fileless malware in real time

97
Q

What is a characteristics of traffic policing?

A. lacks support for marking or remarking
B. can be applied in both traffic directions
C. must be applied only to outgoing traffic
D. queues out-of-profile packets until the buffer is full

A

B. can be applied in both traffic directions

98
Q

How does NETCONF YANG represent data structures?

A. in an XML tree format
B. as strict data structures defined by RFC 6020
C. in an HTML format
D. as modules within a tree

A

A. in an XML tree format

99
Q

Refer to the exhibit.

python_get_config.jpg

What is generated by the script?

A. the router processes
B. the routing table
C. the cdp neighbors
D. the running configuration

A

D. the running configuration

100
Q

Which VXLAN component is used to encapsulate and decapsulate Ethernet frames?

A. VTEP
B. GRE
C. EVPN
D. VNI

A

A. VTEP

101
Q

A Cisco DNA Center REST API sends a PUT to the /dna/intent/api/v1/network-device endpoint. A response code of 504 is received. What does the code indicate?

A. The response timed out based on a configured interval
B. The user does not have authorization to access this endpoint
C. The username and password are not correct
D. The web server is not available

A

A. The response timed out based on a configured interval

102
Q

Refer to the exhibit.

NAT_load_balancing.jpg

A network engineer must load balance traffic that comes from the NAT Router and is destined to 10.10.110.10, to several FTP servers. Which two commands sets should be applied? (Choose two)

A.

interface gig0/0
ip address 10.10.110.1 255.255.255.0
ip nat inside
interface gig0/1
ip address 172.16.1.1 255.255.255.252
ip nat outside

B.

interface gig0/0
ip address 10.10.110.1 255.255.255.0
ip nat outside
interface gig0/1
ip address 172.16.1.1 255.255.255.252
ip nat inside

C.

ip nat pool ftp-pool 10.10.110.2 10.10.110.9 netmask 255.255.255.0 type rotary
access-list 23 permit 10.10.110.10
ip nat inside destination-list 23 pool ftp-pool

D.

ip nat pool ftp-pool 10.10.110.2 10.10.110.9 netmask 255.255.255.0 type rotary
access-list 23 permit 10.10.110.10
ip nat outside destination-list 23 pool ftp-pool

E.

ip nat pool ftp-pool 10.10.110.2 10.10.110.9 netmask 255.255.255.0
access-list 23 permit 10.10.110.10
ip nat inside destination-list 23 pool ftp-pool
A

A.
interface gig0/0
ip address 10.10.110.1 255.255.255.0
ip nat inside
interface gig0/1
ip address 172.16.1.1 255.255.255.252
ip nat outside

C.
ip nat pool ftp-pool 10.10.110.2 10.10.110.9 netmask 255.255.255.0 type rotary
access-list 23 permit 10.10.110.10
ip nat inside destination-list 23 pool ftp-pool

Explanation
The purpose of this question is when someone tries to access the IP 10.10.110.10, the IP addresses from 10.0.0.2 to 10.0.0.9 will be handed out in a rotary fashion. This performs a basic form of load balancing. In order to do this, we need “type rotary” in the “ip nat pool …” statement -> Answer C is correct.

Also Gi0/0 interface must be the NAT inside interface -> Answer A is correct.

103
Q

A large campus network has deployed two wireless LAN controllers to manage the wireless network. WLC1 and WLC2 have been configured as mobility peers. A client device roams from AP1 on WLC1 to AP2 on WLC2, but the controller’s client interfaces are on different VLANs. How do the wireless LAN controllers handle the inter-subnet roaming?

A. WLC2 marks the client with a foreign entry in its own database. The database entry is copied to the new controller and marked with an anchor entry on WLC1

B. WLC2 marks the client with an anchor entry in its own database. The database entry is copied to the new controller and marked with a foreign entry on WLC1

C. WLC1 marks the client with a foreign entry in its own database. The database entry is copied to the new controller and marked with an anchor entry on WLC2

D. WLC1 marks the client with an anchor entry in its own database. The database entry is copied to the new controller and marked with a foreign entry on WLC2

A

D. WLC1 marks the client with an anchor entry in its own database. The database entry is copied to the new controller and marked with a foreign entry on WLC2

104
Q

Refer to the exhibit.

NAT_ACL.jpg

An administrator troubleshoots intermittent connectivity from internal hosts to an external public server. Some internal hosts can connect to the server while others receive an ICMP Host Unreachable message and these hosts change over time. What is the cause of this issue?

A. The translator does not use address overloading
B. The NAT pool netmask is excessively wide
C. The NAT ACL and NAT pool share the same name
D. The NAT ACL does not match all internal hosts

A

A. The translator does not use address overloading

105
Q

Refer to the exhibit.

OSPF_config.jpg

Which configuration must be added to enable GigabitEthemet 0/1 to participate in OSPF?

A. SF_router (config-router)# network 10.10.1.0 0.0.0.255 area 1

B. SF_router (config)# network 10.10.1.0 0.0.0.255 area 1

C. SF_router (config-router)# network 10.10.1.0 0.0.0.255 area 0

D. SF_router (config-router)# network 10.10.1.0 255.255.255.0 area 0

A

A. SF_router (config-router)# network 10.10.1.0 0.0.0.255 area 1

106
Q

Which configuration creates a CoPP policy that provides unlimited SSH access from client 10.0.0.5 and denies access from all other SSH clients?

Option A

access-list 100 permit tcp host 10.0.0.5 any eq 22
access-list 100 deny tcp any any eq 22
!
class-map match-all telnet_copp
match access-group 100
!
policy-map CoPP
class telnet_copp
police 8000
!
control-plane
service-policy input CoPP
!

Option B

!
access-list 100 permit tcp host 10.0.0.5 any eq 22
access-list 100 deny tcp any any eq 22
!
class-map match-all telnet_copp
match access-group 100
!
policy-map CoPP
class telnet_copp
drop
!
control-plane
service-policy input CoPP
!

Option C

!
access-list 100 deny tcp host 10.0.0.5 any eq 22
access-list 100 permit tcp any any eq 22
!
class-map match-all telnet_copp
match access-group 100
!
policy-map CoPP
class telnet_copp
drop
!
control-plane
service-policy input CoPP
!

Option D

access-list 100 permit tcp any any eq 22
access-list 100 deny tcp host 10.0.0.5 any eq 22
!
class-map match-all telnet_copp
match access-group 100
!
policy-map CoPP
class telnet_copp
police 8000
!
control-plane
service-policy input CoPP
!
A

Option C
!
access-list 100 deny tcp host 10.0.0.5 any eq 22
access-list 100 permit tcp any any eq 22
!
class-map match-all telnet_copp
match access-group 100
!
policy-map CoPP
class telnet_copp
drop
!
control-plane
service-policy input CoPP
!

107
Q

Refer to the exhibit.

python_parse_code.jpg

Which python code parses the response and prints “18:32:21.474 UTC sun Mar 10 2019?

A. print(response[‘result’][0][‘simple_time’])
B. print(response[result’][‘body’][‘simple_time’])
C. print(response[‘body’][‘simple_time’])
D. print(response[‘result’][‘body’][‘simple_time’])

A

D. print(response[‘result’][‘body’][‘simple_time’])

result > body > simple_time

108
Q

The Gig0/0 interface of two routers is directly connected with a 1G Ethernet link. Which configuration must be applied to the interface of both routers to establish an OSPF adjacency without maintaining a DR/BDR relationship?

A. interface Gig0/0
ip ospf network point-to-multipoint

B. interface Gig0/0
ip ospf network non-broadcast

C. interface Gig0/0
ip ospf network broadcast

D. interface Gig0/0
ip ospf network point-to-point

A

D. interface Gig0/0
ip ospf network point-to-point

109
Q

Refer to the exhibit.

Etherchannel_config.jpg

The port channel between the switches does not work as expected. Which action resolves the issue?

A. Interface Gi0/0 on Switch2 must be configured as passive.
B. Interface Gi0/1 on Switch1 must be configured as desirable.
C. Interface Gi0/1 on Switch2 must be configured as active.
D. Trunking must be enabled on both interfaces on Switch2.

A

C. Interface Gi0/1 on Switch2 must be configured as active.

110
Q

By default, which virtual MAC address does HSRP group 14 use?

A. 04.16.19.09.4c.0e
B. 00:05:5e:19:0c:14
C. 00:05:0c:07:ac:14
D. 00:00:0c:07:ac:0e

A

D. 00:00:0c:07:ac:0e

CCNP ENCOR (10 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions