New Questions - Part 9 Flashcards by Pedro Ivo Silva

Which IPv4 packet field carries the QoS IP classification marking?

A. ID
B. TTL
C. FCS
D. ToS

D. ToS

Type of Service

How well did you know this?

Not at all

Perfectly

Configuration Management VS Orchestration

Configuration Management
+ Ansible is used for this type of technology.
+ This type of technology enables consistent configuration of infrastructure resources.

Orchestration
+ Puppet is used for this type of technology.
+ This type of technology provides automation across multiple technologies and domains.

How well did you know this?

Not at all

Perfectly

Refer to the exhibit.

AAA_Authentication.jpg

A network engineer must log in to the router via the console, but the RADIUS servers are not reachable. Which credentials allow console access?

A. the username “cisco” and the password “cisco123”
B. no username and only the password “test123”
C. no username and only the password “cisco123”
D. the username “cisco” and the password “cisco”

C. no username and only the password “cisco123”

aaa authentication login group1 group radius line
line con 0
password 0 cisco123

How well did you know this?

Not at all

Perfectly

A customer transitions a wired environment to a Cisco SD-Access solution. The customer does not want to integrate the wireless network with the fabric. Which wireless deployment approach enables the two systems to coexist and meets the customer requirement?

A. Deploy a separate network for the wireless environment.
B. Implement a Cisco DNA Center to manage the two networks.
C. Deploy the wireless network over the top of the fabric.
D. Deploy the APs in autonomous mode.

C. Deploy the wireless network over the top of the fabric.

How well did you know this?

Not at all

Perfectly

Which two solutions are used for backing up a Cisco DNA Center Assurance database? (Choose two)

A. NFS share
B. local server
C. non-linux server
D. remote server
E. bare metal server

A. NFS share

D. remote server

How well did you know this?

Not at all

Perfectly

Refer to the exhibit.

establish_BGP_neighborship.jpg

Which command set must be applied on R1 to establish a BGP neighborship with R2 and to allow communication from R1 to reach the networks?

A. router bgp 1200
network 209.165.200.224 mask 255.255.255.224
neighbor 209.165.202.130 remote-as 1201

B. router bgp 1200
network 209.165.201.0 mask 255.255.255.224
neighbor 209.165.202.130 remote-as 1201

C. router bgp 1200
network 209.165.200.224 mask 255.255.255.224
neighbor 209.165.202.130 remote-as 1200

D. router bgp 1200
network 209.165.200.224 mask 255.255.255.224
neighbor 209.165.201.2 remote-as 1200

A. router bgp 1200
network 209.165.200.224 mask 255.255.255.224
neighbor 209.165.202.130 remote-as 1201

How well did you know this?

Not at all

Perfectly

A customer wants to provide wireless access to contractors using a guest portal on Cisco ISE. The portal is also used by employees. A solution is implemented, but contractors receive a certificate error when they attempt to access the portal. Employees can access the portal without any errors. Which change must be implemented to allow the contractors and employees to access the portal?

A. Install a trusted third-party certificate on the Cisco ISE.
B. Install an internal CA signed certificate on the Cisco ISE.
C. Install a trusted third-party certificate on the contractor devices.
D. Install an internal CA signed certificate on the contractor devices.

A. Install a trusted third-party certificate on the Cisco ISE.

How well did you know this?

Not at all

Perfectly

Refer to the exhibit.

BGP_next_hop.jpg

Which IP address becomes the active next hop for 192.168.102.0/24 when 192.168.101.2 fails?

A. 192.168.101.10
B. 192.168.101.14
C. 192.168.101.6
D. 192.168.101.18

D. 192.168.101.18

Path Selection Attributes: (highest) Weight > (highest) Local Preference > Originate > (shortest) AS Path > Origin > (lowest) MED > External > IGP Cost > eBGP Peering > (lowest) Router ID

Besides 192.168.101.2, other next hops have the same weight attribute of 0 so we have to consider Local preference. There are two next hops with LocPrf of 100 which are 192.168.101.18 and 192.168.101.10 (The field of LocPrf is empty means the default Local Preference of 100). Next we compare their AS Path. The next hop 192.168.101.18 has shorter AS Path so it will be the active next hop when the current one fails.

How well did you know this?

Not at all

Perfectly

What is the API keys option for REST API authentication?

A. a predetermined string that is passed from client to server
B. a one-time encrypted token
C. a username that is stored in the local router database
D. a credential that is transmitted unencrypted

A. a predetermined string that is passed from client to server

How well did you know this?

Not at all

Perfectly

Refer the exhibit.

elect_root_bridge.jpg

Which configuration elects SW4 as the root bridge for VLAN 1 and puts G0/2 on SW2 into a blocking state?

SW4(config)#spanning-tree vlan 1 priority 32768
!
SW2(config)#interface G0/2
SW2(config-if)#spanning-tree vlan 1 port-priority 0

SW4(config)#spanning-tree vlan 1 priority 32768
!
SW2(config)#int G0/2
SW2(config-if)#spanning-tree cost 128

SW4(config)#spanning-tree vlan 1 priority 0
!
SW2(config)#int G0/2
SW2(config-if)#spanning-tree cost 128

SW4(config)#spanning-tree vlan 1 priority 0
!
SW2(config)#interface G0/2
SW2(config-if)#spanning-tree vlan 1 port-priority 64

SW4(config)#spanning-tree vlan 1 priority 0
!
SW2(config)#int G0/2
SW2(config-if)#spanning-tree cost 128

How well did you know this?

Not at all

Perfectly

Which Python code snippet must be added to the script to save the returned configuration as a JSON-formatted file?

save_JSON_formatted.jpg

A. with open(“ifaces.json”, “w”) as OutFile:
OutFile.write(Response.text)

B. with open(“ifaces.json”, “w”) as OutFile:
OutFile.write(Response.json())

C. with open(“ifaces.json”, “w”) as OutFile:
JSONResponse = json.loads(Response.text)
OutFile.write(JSONResponse)

D. with open(“ifaces.json”, “w”) as OutFile:
OutFile.write(Response)

A. with open(“ifaces.json”, “w”) as OutFile:
OutFile.write(Response.text)

How well did you know this?

Not at all

Perfectly

Refer to the exhibit.

ERSPAN_config_2.jpg

An engineer must configure an ERSPAN session with the remote end of the session 10.10.0.1. Which commands must be added to complete the configuration?

Device(config)# monitor session 1 type erspan-source
Device(config-mon-erspan-src)# destination
Device(config-mon-erspan-src-dst)#no origin ip address 10.10.0.1
Device(config-mon-erspan-src-dst)#ip address 10.10.0.1

Device(config)# monitor session 1 type erspan-destination
Device(config-mon-erspan-src)# source
Device(config-mon-erspan-src-dst)#origin ip address 10.1.0.1

Device(config)# monitor session 1 type erspan-source
Device(config-mon-erspan-src)# destination
Device(config-mon-erspan-src-dst)#no origin ip address 10.10.0.1
Device(config-mon-erspan-src-dst)#ip destination address 10.10.0.1

Device(config)# monitor session 1 type erspan-source
Device(config-mon-erspan-src)# destination
Device(config-mon-erspan-src-dst)#no vrf 1

Device(config)# monitor session 1 type erspan-source
Device(config-mon-erspan-src)# destination
Device(config-mon-erspan-src-dst)#no origin ip address 10.10.0.1
Device(config-mon-erspan-src-dst)#ip address 10.10.0.1

How well did you know this?

Not at all

Perfectly

Refer to the exhibit.

Etherchannel_error_2.jpg

The administrator troubleshoots an Etherchannel that keeps moving to err-disabled. Which two actions must be taken to resolve the issue? (Choose two)

A. Reload the switch to force EtherChannel renegotiation

B. Ensure that interfaces Gi1/0/2 and Gi1/0/3 connect to the same neighboring switch

C. Ensure that the neighbor interfaces of Gi1/0/2 and Gi1/0/3 are configured as members of the same EtherChannel

D. Ensure that the corresponding port channel interface on the neighbor switch is named Port-channel1

E. Ensure that the switchport parameters of Port-channel 1 match the parameters of the port channel on the neighbor switch

C. Ensure that the neighbor interfaces of Gi1/0/2 and Gi1/0/3 are configured as members of the same EtherChannel

E. Ensure that the switchport parameters of Port-channel 1 match the parameters of the port channel on the neighbor switch

How well did you know this?

Not at all

Perfectly

Drag and drop the snippets onto the blanks within the code to construct a script that shows all logging that occurred on the appliance from Sunday until 9:00 p.m Thursday. Not all options are used.

EEM_config.jpg

1 – 0 21 * * 0-4
2 – 3.0
3 – redirect ftp://cisco:cisco@192.168.1.1

How well did you know this?

Not at all

Perfectly

On Premise x Cloud

On Premises:
+ Infrastructure requires large and regular investments.
+ It requires capacity planning for power and cooling.

Cloud:
+ Capacity easily sales up or down.
+ It enables users to access resources from anywhere.

How well did you know this?

Not at all

Perfectly

Which definition describes JWT in regard to REST API security?

A. an encrypted JSON token that is used for authentication
B. an encrypted JSON token that is used for authorization
C. an encoded JSON token that is used to securely exchange information
D. an encoded JSON token that is used for authentication

C. an encoded JSON token that is used to securely exchange information

How well did you know this?

Not at all

Perfectly

EIGRP x OSPF

EIGRP
+ sends hello packets every 5 seconds on high-bandwidth links

OSPF
+ cost is based on interface bandwidth
+ uses virtual links to link an area that does not have a connection to the backbone

How well did you know this?

Not at all

Perfectly

What happens when a FlexConnect AP changes to standalone mode?

A. All controller dependent activities stops working except DFS
B. Only clients on central switching WLANs stay connected
C. All clients roaming continues to work
D. All clients on all WLANs are disconnected

A. All controller dependent activities stops working except DFS

How well did you know this?

Not at all

Perfectly

Which two Cisco SD-Access components provide communication between traditional network elements and controller layer? (Choose two)

A. network data platform
B. network underlay
C. fabric overlay
D. network control platform
E. partner ecosystem

B. network underlay

C. fabric overlay

How well did you know this?

Not at all

Perfectly

What is one difference between EIGRP and OSPF?

A. OSPF is a Cisco proprietary protocol, and EIGRP is an IETF open standard protocol.

B. EIGRP uses the DUAL distance vector algorithm, and OSPF uses the Dijkstra link-state algorithm

C. EIGRP uses the variance command lot unequal cost load balancing, and OSPF supports unequal cost balancing by default.

D. OSPF uses the DUAL distance vector algorithm, and EIGRP uses the Dijkstra link-state algorithm

B. EIGRP uses the DUAL distance vector algorithm, and OSPF uses the Dijkstra link-state algorithm

How well did you know this?

Not at all

Perfectly

Which function does a fabric wireless LAN controller perform in a Cisco SD-Access deployment?

A. performs the assurance engine role for both wired and wireless clients

B. coordinates configuration of autonomous nonfabric access points within the fabric

C. manages fabric-enabled APs and forwards client registration and roaming information to the Control Plane Node

D. is dedicated to onboard clients in fabric-enabled and nonfabric-enabled APs within the fabric

C. manages fabric-enabled APs and forwards client registration and roaming information to the Control Plane Node

How well did you know this?

Not at all

Perfectly

Chef x SaltStack

Chef
+ communicates using knife tool
+ procedural

SaltStack
+ declarative
+ communicates through SSH

How well did you know this?

Not at all

Perfectly

Refer to the exhibit.

trunking_native_VLAN_mismatch.jpg

An engineer must set up connectivity between a campus aggregation layer and a branch office access layer. The engineer uses dynamic trunking protocol to establish this connection, however, management traffic on VLAN1 is not passing. Which action resolves the issue and allow communication for all configured VLANs?

A. Allow all VLANs on the trunk links
B. Disable Spanning Tree for the native VLAN
C. Change both interfaces to access ports
D. Configure the correct native VLAN on the remote interface

D. Configure the correct native VLAN on the remote interface

How well did you know this?

Not at all

Perfectly

How must network management traffic be treated when defining QoS policies?

A. as delay-sensitive traffic in a low latency queue
B. using minimal bandwidth guarantee
C. using the same marking as IP routing
D. as best effort

A. as delay-sensitive traffic in a low latency queue

How well did you know this?

Not at all

Perfectly

Refer to the exhibit. [IP_SLA_config.jpg](https://www.digitaltut.com/images/ENCOR/IP_SLA/IP_SLA_config.jpg) Which command set is needed to **configure and verify** router R3 to **measure the response time** from router R3 to the file server located in the data center? **Option A** ``` ip sla 6 icmp-echo 172.29.139.134 source-ip 172.29.139.132 frequency 300 ip sla schedule 6 start-time now show ip protocol ``` **Option B** ``` ip sla 6 icmp-echo 172.29.139.134 source-ip 172.29.139.132 frequency 300 ip sla schedule 6 start-time now ``` **Option C** ``` ip sla 6 icmp-echo 10.0.1.3 source-ip 10.0.0.3 frequency 300 ip sla schedule 6 life forever start-time now show ip sla statistics 6 ``` **Option D** ``` ip sla 6 icmp-echo 10.0.1.3 source-ip 10.0.0.3 frequency 300 ip sla schedule 6 life forever start-time now show ip protocol ```

**Option C** ``` ip sla 6 icmp-echo 10.0.1.3 source-ip 10.0.0.3 frequency 300 ip sla schedule 6 life forever start-time now show ip sla statistics 6 ```

What are the **main components** of Cisco **TrustSec**? A. Cisco ISE and Enterprise Directory Services B. Cisco ISE, network switches, firewalls, and routers C. Cisco ISE and TACACS+ D. Cisco ASA and Cisco Firepower Threat Defense

B. Cisco **ISE**, network **switches**, **firewalls**, and **routers**

Refer to the exhibit. [API_request.jpg](https://www.digitaltut.com/images/ENCOR/Automation/API_request.jpg) What is the **result** of the **API request**? A. The information for all interfaces is read from the network appliance B. The native interface information is read from the network appliance C. The “params” variable sends data fields to the network appliance D. The “params” variable reads data fields from the network appliance

A. The **information for all interfaces is read** from the network appliance

What is a **TLOC** in a Cisco **SD-WAN** deployment? A. value that identifies a specific tunnel within the Cisco SD-WAN overlay B. identifier that represents a specific service offered by nodes within the Cisco SD-WAN overlay C. attribute that acts as a next hop for network prefixes D. component set by the administrator to differentiate similar nodes that offer a common service

C. **attribute** that acts as a **next hop** for network prefixes

Which Cisco **FlexConnect state** allows wireless **users** that are connected to the network **to continue working** after the connection to the **WLC has been lost**? A. Authentication Down/Switching Down B. Authentication-Central/Switch-Local C. Authentication-Down/Switch-Local D. Authentication-Central/Switch-Central

C. Authentication-**Down**/Switch-**Local**

Refer to the exhibit. [CoPP_config_SSH.jpg](https://www.digitaltut.com/images/ENCOR/CoPP/CoPP_config_SSH.jpg) Which **commands** are required **to allow SSH** connection to the router? **Option A** ``` Router(config)#access-list 10 permit tcp any eq 22 any Router(config)#class-map class-ssh Router(config-cmap)#match access-group 10 Router(config)#policy-map CoPP Router(config-pmap)#class class-ssh Router(config-pmap-c)#police 100000 conform-action transmit ``` **Option B** ``` Router(config)#access-list 100 permit udp any any eq 22 Router(config)#access-list 101 permit tcp any any eq 22 Router(config)#class-map class-ssh Router(config-cmap)#match access-group 101 Router(config)#policy-map CoPP Router(config-pmap)#police 100000 conform-action transmit ``` **Option C** ``` Router(config)#access-list 100 permit tcp any eq 22 any Router(config)#class-map class-ssh Router(config-cmap)#match access-group 10 Router(config)#policy-map CoPP Router(config-pmap)#class class-ssh Router(config-pmap-c)#police 100000 conform-action transmit ``` **Option D** ``` Router(config)#access-list 100 permit tcp any any eq 22 Router(config)#access-list 101 permit tcp any any eq 22 Router(config)#class-map class-ssh Router(config-cmap)#match access-group 101 Router(config)#policy-map CoPP Router(config-pmap)#class class-ssh Router(config-pmap-c)#police 100000 conform-action transmit ```

Option D Router(config)#access-list **100** permit **tcp any any eq 22** Router(config)#access-list **101** permit **tcp any any eq 22** Router(config)#class-map class-ssh Router(config-cmap)#match access-group 101 Router(config)#policy-map CoPP Router(config-pmap)#class class-ssh Router(config-pmap-c)#police 100000 conform-action transmit

Refer to the exhibit. [CoPP_monitor_SNMP.jpg](https://www.digitaltut.com/images/ENCOR/CoPP/CoPP_monitor_SNMP.jpg) An engineer must **configure and validate a CoPP policy** that allows the network management server to **monitor** router R1 **via SNMP** while protecting the control plane. Which two commands or command sets must be used? (Choose two) A. show quality-of-service-profile B. show ip interface brief C. access-list 150 permit udp 10.0.1.4 0.0.0.0 host 10.0.1.2 eq snmp class-map match-all CoPP-management match access-group 150 policy-map CoPP-policy class CoPP-management police 8000 conform-action transmit exceed-action transmit violate-action transmit control-plane service-policy input CoPP-policy D. show policy-map control-plane

C. access-list 150 permit udp 10.0.1.4 0.0.0.0 host 10.0.1.2 eq snmp class-map match-all CoPP-management match access-group 150 policy-map CoPP-policy class CoPP-management police 8000 conform-action transmit exceed-action transmit violate-action transmit control-plane service-policy input CoPP-policy D. **show policy-map control-plane**

How do **EIGRP** metrics **compare to OSPF metrics**? A. The EIGRP administrative distance for external routes is 170, and the OSPF administrative distance for external routes is 110 B. EIGRP uses the Dijkstra algorithm, and OSPF uses The DUAL algorithm C. The EIGRP administrative distance for external routes is 170, and the OSPF administrative distance for external routes is undefined D. EIGRP metrics are based on a combination of bandwidth and packet loss, and OSPF metrics are based on interface bandwidth

A. The **EIGRP** administrative distance for **external** routes is **170**, and the **OSPF** administrative distance for **external** routes is **110**

A network engineer is configuring OSPF on a router. The engineer wants to **prevent** having a **route** to 177.16.0.0/16 learned via OSPF in the routing table and configures a **prefix list** using the command ip prefix-list OFFICE seq 5 deny 172.16.0.0/16. Which two **identical configuration** commands must be applied to accomplish the goal? (Choose two) A. distribute-list prefix OFFICE in under the OSPF process B. ip prefix-list OFFICE seq 10 permit 0.0.0.0/0 le 32 C. ip prefix-list OFFICE seq 10 permit 0.0.0.0/0 ge 32 D. distribute-list OFFICE out under the OSPF process E. distribute-list OFFICE in under the OSPF process

A. **distribute-list prefix** OFFICE **in** under the **OSPF** process B. **ip prefix-list** OFFICE seq 10 permit 0.0.0.0/0 **le** 32

Which two **features** does the Cisco **SD-Access architecture add to a traditional campus network**? (Choose two) A. private VLANs B. software-defined segmentation C. SD-WAN D. identity services E. modular QoS

B. **software-defined** segmentation D. **identity services**

Which feature is used to **propagate ARP broadcast**, and link-local frames across a Cisco **SD-Access** fabric to address connectivity needs for silent hosts that require reception of traffic to start communicating? A. Native Fabric Multicast B. Layer 2 Flooding C. SOA Transit D. Multisite Fabric

B. Layer 2 **Flooding**

An engineer must configure a **new loopback** interface on a router and **advertise** the interface as a /24 in OSPF. Which command set accomplishes this task? A. ``` R2(config)#interface Loopback0 R2(config-if)#ip address 172.22.2.1 255.255.255.0 R2(config-if)#ip ospf 100 area 0 ``` B. ``` R2(config)#interface Loopback0 R2(config-if)#ip address 172.22.2.1 255.255.255.0 R2(config-if)#ip ospf network broadcast R2(config-if)#ip ospf 100 area 0 ``` C. ``` R2(config)#interface Loopback0 R2(config-if)#ip address 172.22.2.1 255.255.255.0 R2(config-if)#ip ospf network point-to-multipoint R2(config-if)#router ospf 100 R2(config-router)#network 172.22.2.0 0.0.0.255 area 0 ``` D. ``` R2(config)#interface Loopback0 R2(config-if)#ip address 172.22.2.1 255.255.255.0 R2(config-if)#ip ospf network point-to-point R2(config-if)#ip ospf 100 area 0 ```

D. ``` R2(config)#interface Loopback0 R2(config-if)#ip address 172.22.2.1 255.255.255.0 R2(config-if)#ip ospf network point-to-point R2(config-if)#ip ospf 100 area 0 ```

Question 37 What is one **characteristic** of the Cisco **SD-Access control plane**? A. It stores remote routes in a centralized database server B. Each router processes every possible destination and route C. It allows host mobility only in the wireless network D. It is based on VXLAN technology

A. It **stores remote routes** in a **centralized database** server

An engineer must configure a router to **leak routes between two VRFs**. Which configuration must the engineer apply? [Option A](https://www.digitaltut.com/images/ENCOR/VRF/VRF_leak_route_OptionA.jpg) [Option B](https://www.digitaltut.com/images/ENCOR/VRF/VRF_leak_route_OptionB.jpg) [Option C](https://www.digitaltut.com/images/ENCOR/VRF/VRF_leak_route_OptionC.jpg) [Option D](https://www.digitaltut.com/images/ENCOR/VRF/VRF_leak_route_OptionD.jpg)

[Option C](https://www.digitaltut.com/images/ENCOR/VRF/VRF_leak_route_OptionC.jpg)

Refer to the exhibit. ``` restconf ! ip http server ip http authentication local ip http secure-server ! ``` Which command must be configured for **RESTCONF** to operate on port **8888**? A. ip http port 8888 B. restconf port 8888 C. ip http restconf port 8888 D. restconf http port 8888

A. **ip http port 8888**

If the maximum power level assignment for global TPC 802.11a/n/ac is configured to 10 dBm, which **power level** effectively **doubles** the **transmit power**? A. 13dBm B. 14dBm C. 17dBm D. 20dBm

A. **13dBm**

Which **benefit** is realized by **implementing SSO**? A. IP first-hop redundancy B. communication between different nodes for cluster setup C. physical link redundancy D. minimal network downtime following an RP switchover

D. **minimal** network **downtime** following an **RP switchover**

What is a **characteristic** of a **type 2 hypervisor**? A. ideal for client/end-user system B. complicated deployment C. ideal for data center D. referred to as bare-metal

A. ideal for **client/end-user** system

Refer to the exhibit. [GRE_config.jpg](https://www.digitaltut.com/images/ENCOR/GRE/GRE_config.jpg) An engineer configures routing between all routers and must build a configuration to connect **R1 to R3** via a **GRE tunnel**. Which configuration must be applied? **Option A** ``` R1 interface Tunnel1 ip address 1.1.1.13 255.255.255.0 tunnel source Loopback0 tunnel destination x.y.z.110 R3 interface Tunnel1 ip address 1.1.1.31 255.255.255.0 tunnel source Loopback0 tunnel destination x.y.z.125 ``` **Option B** ``` R1 interface Tunnel1 ip address 1.1.1.13 255.255.255.0 tunnel source Loopback0 tunnel destination x.y.z.160 R3 interface Tunnel1 ip address 1.1.1.31 255.255.255.0 tunnel source Loopback0 tunnel destination x.y.z.110 ``` **Option C** ``` R1 interface Tunnel1 ip address 1.1.1.13 255.255.255.0 tunnel source Loopback0 tunnel destination x.y.z.110 R3 interface Tunnel1 ip address 1.1.1.31 255.255.255.0 tunnel source Loopback0 tunnel destination x.y.z.160 ``` **Option D** ``` R1 interface Tunnel2 ip address 1.1.1.12 255.255.255.0 tunnel source Loopback0 tunnel destination x.y.z.125 R2 interface Tunnel1 ip address 1.1.1.125 255.255.255.0 tunnel source Loopback0 tunnel destination x.y.z.110 interface Tunnel3 ip address 1.1.1.125 255.255.255.0 tunnel source Loopback0 tunnel destination x.y.z.160 ```

Option B **R1** interface Tunnel1 ip address 1.1.1.13 255.255.255.0 tunnel source Loopback0 tunnel destination x.y.z.**160** **R3** interface Tunnel1 ip address 1.1.1.31 255.255.255.0 tunnel source Loopback0 tunnel destination x.y.z.**110**

Refer to the exhibit. [OSPF_no_advertise.jpg](https://www.digitaltut.com/images/ENCOR/OSPF/OSPF_no_advertise.jpg) An engineer must **allow** R1 to **advertise** the 192.168.1.0/24 network to R2. R1 must perform this action **without sending OSPF packets** to SW1. Which command set should be applied? A. R1(config)#router ospf 1 R1(config-router)#no passive-interface gig0/0 B. R1(config)#interface gig0/0 R1(config-if)#ip ospf hello-interval 0 C. R1(config)#router ospf 1 R1(config-router)#passive-interface gig0/0 D. R1(config)#interface gig0/0 R1(config-if)#ip ospf hello-interval 65535

C. R1(config)#router ospf 1 R1(config-router)#**passive-interface gig0/0**

What is an **OVF**? A. a package of files that is used to describe a virtual machine or virtual appliance B. an alternative form of an ISO that is used to install the base operating system of a virtual machine C. the third step in a P2V migration D. a package that is similar to an IMG and that contains an OVA file used to build a virtual machine

A. a **package of files** that is used to describe a **virtual machine** or virtual **appliance**

How do **stratum levels relate to** the distance from a **time source**? A. Stratum 1 devices are connected directly to an authoritative time source B. Stratum 15 devices are an authoritative time source C. Stratum 0 devices are connected directly to an authoritative time source D. Stratum 15 devices are connected directly to an authoritative time source

A. **Stratum 1** devices are **connected** directly to an **authoritative** time source

What is one main **REST security design principle**? A. confidential algorithms B. separation of privilege C. OAuth D. password hashing

B. **separation of privilege**

Refer to the exhibit. https://192.168.43.103/restconf/data/ietf-interfaces/interfaces/interface-Loopback100 What does the response “**204 No Content**” **mean** for the REST API request? A. Interface loopback 100 is removed from the configuration. B. Interface loopback 100 is not removed from the configuration. C. The DELETE method is not supported. D. Interface loopback 100 is not found in the configuration.

A. **Interface loopback 100 is removed** from the configuration.

Which **LISP** component **decapsulates messages and forwards them to the map server** responsible for the egress tunnel routers? A. Map Resolver B. Router Locator C. Proxy ETR D. Ingress Tunnel Router

A. Map **Resolver**

Which character **formatting** is required for **DHCP Option 43** to function with current AP models? A. MD5 B. ASCII C. Hex D. Base64

C. **Hex**

Where are **operations** related to **software** images located in the Cisco **DNA Center GUI**? A. Provisioning B. Services C. Design D. Assurance

C. **Design**

Which **benefit is provided by the Cisco DNA Center** telemetry feature? A. aids in the deployment network configurations B. inventories network devices C. improves the user experience D. provides improved network security

B. **inventories** network **devices**

What is one **requirement** when **mobility tunnels** are used between **WLCs**? A. There must not be a firewall between the WLCs. B. The WLCs must use the same DHCP server. C. WLC IP ranges must be on the same subnet. D. Mobility tunnels must be created over Layer 3 networks.

D. Mobility tunnels must be **created over Layer 3** networks.

Which two Cisco **SD-WAN** components **exchange OMP** information? (Choose two) A. WAN Edge B. vAnalytics C. vBond D. vSmart E. vManage

A. **WAN Edge** D. **vSmart**

Which two prerequisites must be met **before** Cisco **DNA** Center **can provision** a device? (Choose two) A. Cisco DNA Center must have the software image for the provisioned device in its image repository. B. The provisioned device must be put into bootloader mode. C. The provisioned device must be configured with cli and snmp credentials that are known to DNA center. D. Cisco DNA Center must have IP connectivity to the provisioned device. E. The provisioned device must recognize Cisco DNA Center as its LLDP neighbor.

C. The provisioned device must be **configured with cli and snmp** credentials that are known to DNA center. D. Cisco DNA Center must have **IP connectivity** to the provisioned device.

What are two benefits of implementing a **traditional WAN instead of an SD-WAN** solution? (Choose two) A. simplified troubleshooting B. comprehensive configuration standardization C. faster fault detection D. lower control plane abstraction E. lower data plane overhead

D. **lower** control plane abstraction E. **lower** data plane overhead

[Procedural x Declarative](https://www.digitaltut.com/images/ENCOR/Drag_Drop/Procedural_vs_Declarative.jpg)

**Procedural** + Administrators **require deep syntax and context knowledge** for the configured entities + This model **defines a set of commands that must be executed** in a certain order for the system to achieve the desired state **Declarative** + This model **states what is wanted but not how it is achieved** + **Puppet** is tool that uses this configuration model

[Ansible x Puppet](https://www.digitaltut.com/images/ENCOR/Drag_Drop/Ansible_Puppet_3.jpg)

**Ansible** + **assesses the impact** of changes **before** applied + **agentless** automation platform **Puppet** + provides **intent-based networking** feedback loop + **agent or agentless** automation platform

Drag and drop the characteristics from the left onto the correct places on the right. [SD-Access](https://www.digitaltut.com/images/ENCOR/Drag_Drop/VXLAN_BGP_LISP.jpg)

**CTS**: Fabric **Security Policy** **LISP**: Fabric **control Plane** **VXLAN**: Fabric **data plane** **BGP**: **external connectivity** from fabric ## Footnote Note: CTS is short for Cisco Trust Security

What is the recommended **minimum SNR for data** applications on wireless networks? A. 10 B. 25 C. 15 D. 20

D. **20**

What does the **destination MAC** on the outer **MAC header** identify in a **VXLAN** packet? A. the next hop B. the remote spine C. the remote switch D. the leaf switch

A. the **next hop**

What is one method for **achieving REST API security**? A. using HTTPS and TLS encryption B. using a MD5 hash to verify the integrity C. using built-in protocols known as Web Services Security D. using a combination of XML encryption and XML signatures

A. using **HTTPS** and **TLS** encryption

Which **action** occurs **during a Layer 3 roam**? A. Client receives a new ip address after getting authenticated B. The client is marked as “Foreign” on the original controller C. Client database entry is moved from the old controller to the new controller D. Client traffic is tunneled back to the original controller after a Layer 3 roam occurs

D. Client traffic is **tunneled back to the original controller** after a Layer 3 roam occurs

What is a **characteristic** of the **overlay** network in the Cisco SD-Access architecture? A. It uses a traditional routed access design to provide performance and high availability to the network B. It provides multicast support to enable Layer 2 flooding capability in the Underlay C. It consists of a group of physical routers and switches that are used to maintain the network D. It provides isolation among the virtual networks and independence from the physical network

D. **It provides isolation among the virtual networks and independence from the physical network**

What is one characteristic of **Cisco DNA Center and vManage northbound APIs**? A. They push configuration changes down to devices. B. They implement the RESTCONF protocol. C. They exchange XML-formatted content. D. They implement the NETCONF protocol.

C. They exchange **XML-formatted content.**

A company requires a wireless solution to support its **main office** and **multiple branch** locations. All sites have local Internet connections and a link to the main office for corporate connectivity. The branch offices are **managed centrally**. Which solution should the company choose? A. Cisco DNA Spaces B. Cisco Mobility Express C. Cisco Unified Wireless Network D. Cisco Catalyst switch with embedded controller

C. Cisco **Unified Wireless Network**

A system must validate access rights to all its resources and must not rely on a cached permission matrix. If the **access** level to a given resource is **revoked** but is not reflected in the permission matrix, the security is violated. Which term refers to this **REST security** design **principle**? A. least common mechanism B. separation of privilege C. Economy mechanism D. Complete mediation

D. **Complete mediation**

An administrator is configuring **NETCONF** using the following **XML string**. What must the administrator end the request with? [NETCONF_XML.jpg](https://www.digitaltut.com/images/ENCOR/NETCONF_RESTCONF/NETCONF_XML.jpg) A.` ` B. `]]>]]>` C. `

` D. ``

B. `]]>]]>`

Which configuration enables a Cisco router to **send** information to a **TACACS+ server for individual** EXEC **commands** associated with privilege level 15? A. Router(config)# aaa accounting exec default start-stop group tacacs+ B. Router(config)# aaa authorization exec default group tacacs+ C. Router(config)# aaa accounting commands 15 default start-stop group tacacs+ D. Router(config)# aaa authorization commands 15 default group tacacs+

C. Router(config)# aaa **accounting commands 15** default start-stop group tacacs+

An engineer must configure the wireless endpoints to **authenticate** using **Active Directory** credentials in an **encrypted tunnel** in addition to using a **hashed password**. Which action is required? A. Configure PEAP with GTC B. Configure EAP-TLS with MSCHAP v2 C. Configure PEAP with MSCHAP v2 D. Configure EAP-TLS with GTC

C. Configure **PEAP** with **MSCHAP v2**

Refer to the exhibit. [ping_vrf.jpg](https://www.digitaltut.com/images/ENCOR/VRF/ping_vrf.jpg) A network engineer checks connectivity between two routers. The Engineer **can ping** the remote endpoint but **cannot see the arp entry**. why is there no arp entry? A. Interface Fastethernet 0/0 is configured in vrf CUST-A so the arp entry is also in that VRF. B. When VRFs are used, ARP protocol must be enabled in each VRF. C. When VRFs are used, ARP protocol is disabled in the global routing table. D. The ping command must be executed in the global routing table.

A. Interface Fastethernet 0/0 is configured in vrf CUST-A so the **arp entry is also in that VRF**.

Refer to the exhibit. [AAA_authentication_tacacs.jpg](https://www.digitaltut.com/images/ENCOR/AAA/AAA_authentication_tacacs.jpg) A network engineer must configure the router to use the ISE-Servers group for authentication. If both **ISE** servers are **unavailable**, the **local username** database must be used. If **no usernames** are defined in the configuration, then the **enable password** must be the last to log in. which config must be applied to achieve this result? A. aaa authentication log error-enable aaa authentication login default group enable local ISE-Server B. aaa authentication login default group ISE-Servers local enable. C. aaa authentication login default group enable local ISE-Server. D. aaa authorization exec default group ISE-Servers local enable

B. aaa authentication **login** default group **ISE-Servers local enable**

Which python snippet should be used to store the device data structure in a JSON file? [Image](https://i.postimg.cc/RZr3XLWj/Capture.png) A. ``` with open(“devices.json”,”w”) as OutFile: Devices = json.load(OutFile) ``` B. ``` OutFile = open(“devices.json”,”w”) json.dump(Devices, OutFile) OutFile.Close() ``` C. ``` with open(“devices.json”,”w”) as OutFile: json.dumps(Devices) ``` D. ``` OutFile = open(“devices.json”,”w”) OutFile.write(str(Devices)) OutFile.close() ```

D. ``` OutFile = open(“devices.json”,”w”) OutFile.write(str(Devices)) OutFile.close() ``` ## Footnote OutFile.Close() com o "C" maiúsculo não existe! Por isso, a str(Devices) é a mais correta.

Refer to the Exhibit. [traceroute.jpg](https://www.digitaltut.com/images/ENCOR/Troubleshooting/traceroute.jpg) Users **cannot reach** the **webserver** at 192.168.100.1. what is the **root cause** of the failure? A. The gateway cannot translate the server domain. B. The server is attempting to load balance between links 10.100.100.1 an 10.100.200.1 C. The server is out of service D. There is loop in the path to the server

D. **There is loop** in the path to the server

Drag and drop the configs from the bottom onto the correct places. [EEM.jpg](https://www.digitaltut.com/images/ENCOR/Drag_Drop/EEM.jpg)

1. [event syslog pattern] 2. [“enable”] 3. [|append flash]

[Drag and drop the characteristics from the left onto the correct places on the right.](https://www.digitaltut.com/images/ENCOR/Drag_Drop/MAC_address_table_vs_TCAM.jpg)

**MAC Address table** + used to make **layer 2 forwarding** decisions + **records** MAC address, **port** of arrival, **vlan** and **timestamps** **TCAM table** + used to **build IP Routing tables** + stores **ACL**, **QOS** and other upper layer information

Drag and drop the characteristics from the left onto the correct places on the right. [LISP component 3](https://www.digitaltut.com/images/ENCOR/Drag_Drop/LISP_components_3.jpg)

**RLOC**: **IPV4 or IPV6 address** of an egress tunnel **router** that is internet facing or network core facing **map resolver**: **receives map-request** messages from ITR and searches for appropriate ETR by consulting mapping database **ITR**: Encapsulates LISP packets coming **from inside** of LISP site **to** destinations **outside** of the site

An engineer must design a wireless network to primarily support **5-GHz** clients. The clients **do not support** the **UNII-2c** portion of the 5-GHz band. Due to application bandwidth requirements, the engineer uses **40-MHz** channels. Which design consideration must be made in this scenario? A. There are 12 overlapping channels available. B. There are four non overlapping channel available. C. There are 25 overlapping channels available. D. There are six non-overlapping channels available.

B. There are **four non overlapping** channel available.

Refer to the exhibit. [BGP_path_seclection.jpg](https://www.digitaltut.com/images/ENCOR/BGP/BGP_path_seclection.jpg) After configuring the BGP network, an engineer verifies that the **path** between Server1 and Server2 is **functional**. Why did RouterSF choose the **route from RouterDAL** instead of the route from RouterCHI? A. The Router-ID for Router DAL is lower than the Router-ID for RouterCHI. B. The route from RouterDAL has a lower MED. C. BGP is not running on RouterCHI. D. There is a static route in RouterSF for 10.0.0.0/24.

A. The Router-ID for **Router DAL is lower than** the Router-ID for **RouterCHI.**

What is a **characteristic** of a **Type 1** hypervisor? A. It is installed on an operating system and supports other operating systems above it. B. It is completely independent of the operating system. C. Problems in the base operating system can affect the entire system. D. It is referred to as a hosted hypervisor.

B. It is **completely independent** of the operating system.

Refer to the exhibit. [BGP_advertise_networks.jpg](https://www.digitaltut.com/images/ENCOR/BGP/BGP_advertise_networks.jpg) An engineer must configure an **eBGP neighborship** to Router B on Router A. The **network** that is connected to G0/1 on Router A must be **advertised** to Router B. Which configuration should be applied? A. router bgp 65001 neighbor 10.0.1.2 remote-as 65002 redistribute static B. router bgp 65002 neighbor 10.0.1.2 remote-as 65002 network 10.0.2.0 255.255.255.0 C. router bgp 65001 neighbor 10.0.1.2 remote-as 65002 network 10.0.1.0 255.255.255.0 D. router bgp 65001 neighbor 10.0.1.2 remote-as 65002 network 10.0.2.0 255.255.255.0

D. router bgp **65001** neighbor 10.0.1.2 remote-as 65002 **network 10.0.2.0 255.255.255.0**

Refer to the exhibit. [ERSPAN_filter.jpg](https://www.digitaltut.com/images/ENCOR/SPAN/ERSPAN_filter.jpg) An engineer **configures the trunk** and proceeds to configure an **ERSPAN** session to monitor VLANs 10, 20, and 30. Which command must be added to complete this configuration? A. Device(config-mon-erspan-src-dst)# mtu 1460 B. Device(config-mon-erspan-src-dst)# no vrf 1 C. Device(config-mon-erspan-src-dst)# erspan id 6 D. Device(config-mon-erspan-src)# no filter vlan 30

D. Device(config-mon-erspan-src)# **no filter vlan 30**

Refer to the exhibit. [Python_json_file_output.jpg](https://www.digitaltut.com/images/ENCOR/Python/Python_json_file_output.jpg) How should the script be **completed** so that each device configuration is saved into a **JSON-formatted** file under the **device name**? A. Append to the body of the for loop: with open(f”{Hostname}.json”, “w”) as OutFile: OutFile.write(Response.text) B. Insert after the for loop: with open(f”{Hostname}.json”, “w”) as OutFile: OutFile.write(json.dumps(Response.text)) C. Insert after the for loop: with open(f”{Hostname}.json”, “w”) as OutFile: OutFile.write(Response) D. Insert immediately before the for loop: with open(f”{Hostname}.json”, “w”) as OutFile: OutFile.write(json.load(Devices))

A. **Append to the body** of the for loop: with open(f”{Hostname}.json”, “w”) as OutFile: OutFile.write(Response**.text**)

Refer to the exhibit. [eem_critical_level.jpg](https://www.digitaltut.com/images/ENCOR/EEM/eem_critical_level.jpg) Which **EEM** script **generates a critical-level syslog message** and saves a copy of the running configuration to the bootflash when an administrator saves the running configuration to the startup configuration? A. ``` action 1.0 cli command “enable” action 2.0 cli command “configure terminal” action 3.0 cli command “file prompt quiet” action 4.0 cli command “end” action 5.0 cli command copy running-config bootflash:/current_config.txt action 6.0 cli command “configure terminal” action 7.0 cli command “no file prompt quiet” action 8.0 syslog priority critical msg “Configuration saved and copied to bootflash” ``` B. ``` action 1.0 cli command copy running-config bootflash:/current_config.txt action 2.0 syslog msg “Configuration saved and copied to bootflash” ``` C. ``` action 1.0 cli command copy running-config bootflash:/current_config.txt action 2.0 syslog priority critical msg “Configuration saved and copied to bootflash” ``` D. ``` action 1.0 cli command “enable” action 2.0 cli command “file prompt quiet” action 3.0 cli command copy running-config bootflash:/current_config.txt action 4.0 cli command “no file prompt quiet” action 5.0 syslog priority critical msg “Configuration saved and copied to bootflash” ```

A. action **1.0** cli command “enable” action 2.0 cli command “configure terminal” action 3.0 cli command “file prompt quiet” action 4.0 cli command “end” action 5.0 cli command copy running-config bootflash:/current_config.txt action 6.0 cli command “configure terminal” action 7.0 cli command “no file prompt quiet” action **8.0** syslog priority critical msg “Configuration saved and copied to bootflash”

Refer to the exhibit. [code_xml.jpg](https://www.digitaltut.com/images/ENCOR/Automation/code_xml.jpg) What is achieved by this code? A. It displays the loopback interface B. It renames the loopback interface C. It deletes the loopback interface D. It unshuts the loopback interface

D. It **unshuts** the **loopback** interface

Refer to the exhibit. [acl_block_telnet.jpg](https://www.digitaltut.com/images/ENCOR/Access-list/acl_block_telnet.jpg) A network engineer must **block Telnet** traffic from hosts in the range of 10.100.2.248 to 10.100.2.255 to the network 10.100.3.0 and **permit everything else**. Which configuration must the engineer apply? A. RouterB(config)# access-list 101 deny tcp 10.100.2.0 0.0.0.248 10.100.3.0 0.0.0.255 eq 22 RouterB(config)# access-list 101 permit any any RouterB(config)# int g0/0/2 RouterB(config-if)# ip access-group 101 in B. RouterB(config)# access-list 101 deny icmp 10.100.2.0 0.0.0.248 10.100.2.0 0.0.0.248 RouterB(config)#access-list 101 permit any any RouterB(config)#int g0/0/2 RouterB(config-if)# ip access-group 101 in C. RouterB(config)# access-list 101 deny tcp 10.100.2.0 0.0.0.248 10.100.3.0 0.0.0.255 eq 23 RouterB(conrig)# access-list 101 permit any any RouterB(config)# int g0/0/2 RouterB(config-if)# ip access-group 101 in D. RouterB(config)# access-list 101 permit tcp 10.100.2.0 0.0.0.252 10.100.3.0 0.0.0.255 RouterB(config)# int g0/0/2 RouterB(config-if)# ip access-group 101 in

C. RouterB(config)# access-list 101 **deny tcp** 10.100.2.0 0.0.0.248 10.100.3.0 0.0.0.255 **eq 23** RouterB(conrig)# access-list 101 **permit any any** RouterB(config)# int g0/0/2 RouterB(config-if)# ip access-group 101 in

What is a **characteristics** of a **vSwitch**? A. enables VMs to communicate with each other within a virtualized server B. supports advanced Layer 3 routing protocols that are not offered by a hardware switch C. has higher performance than a hardware switch D. operates as a hub and broadcasts the traffic toward all the vPorts

A. enables VMs to **communicate with each** other within a virtualized server

Refer to the exhibit. ``` event manager applet config-alert event cli pattern “conf t.*” sync yes ``` A network engineer **must be notified** when a user switches to configuration mode. Which script should be applied to receive an **SNMP** trap and a **critical-level** log message? A. action 1.0 snmp-trap strdata “Configuration change alarm” action 2.0 syslog msg “Configuration change alarm” B. action 1.0 snmp-trap strdata “Configuration change critical alarm” C. action 1.0 snmp-trap strdata “Configuration change alarm” action 1.0 syslog priority critical msg “Configuration change alarm” D. action 1.0 snmp-trap strdata “Configuration change alarm” action 1.1 syslog priority critical msg “Configuration change alarm”

D. action **1.0** snmp-trap strdata “Configuration change alarm” action **1.1** syslog **priority critical** msg “Configuration change alarm”

[On Premises x Cloud](https://www.digitaltut.com/images/ENCOR/Drag_Drop/On_Premimes_vs_Cloud_2.jpg)

**On-Premises** + It is responsible for hardware maintenance + Scalability requires time and effort **Cloud-Based** + It provides on-demand scalability + Maintenance is handled by a third party

Which option works with a **DHCP** server to return at least one **WLAN management** interface IP address during the discovery phase and is dependent upon the VCI of the AP? A. Option 43 B. Option 42 C. Option 125 D. Option 15

A. Option **43**

Refer to the exhibit. [NETCONF_AAA.jpg](https://www.digitaltut.com/images/ENCOR/NETCONF_RESTCONF/NETCONF_AAA.jpg) An engineer tries to **log in** to router R1. Which configuration enables a successful login? A. R1#username admin privilege 15 aaa authorization exec default local netconf-yang B. R1# netconf-yang username admin privilege 15 secret cisco123 aaa new-model aaa authorization exec default local C. R1# aaa new-model aaa authorization exec default local enable aaa admin privilege 15 D. R1# username admin privilege 15 aaa authorization exec default local

B. R1# **netconf-yang** username admin privilege 15 secret **cisco123** aaa new-model aaa authorization exec default local

Which component transports **data plane** traffic **across** a Cisco **SD-WAN** network? A. vSmart B. vManage C. vEdge D. vBond

C. vEdge

Which **type of tunnel** is required between two WLCs to enable **intercontroller roaming**? A. mobility B. LWAPP C. iPsec D. CAPWAP

A. **mobility**

Refer to the exhibit. [OSPF_avoid_attack.jpg](https://www.digitaltut.com/images/ENCOR/OSPF/OSPF_avoid_attack.jpg) An **attacker** can **advertise** OSPF fake routes from 172.16.20.0 network to the OSPF domain and black hole traffic. Which action must be taken to **avoid** this attack and still be able to advertise this subnet into OSPF? A. Configure 172.16.20.0 as a stub network. B. Configure graceful restart on the 172.16.20.0 interface. C. Configure a passive interface on R2 toward 172.16.20.0. D. Apply a policy to filter OSPF packets on R2.

C. Configure a **passive interface** on R2 toward 172.16.20.0.

Refer to the exhibit. ``` ip sla 100 udp-echo 10.10.10.15 6336 frequency 30 ``` An engineer has configured an **IP SLA** for UDP echo’s. Which command is needed to start the IP SLA to test **every 30 seconds** and continue **until stopped**? A. ip sla schedule 100 life forever B. ip sla schedule 30 start-time now life forever C. ip sla schedule 100 start-time now life 30 D. ip sla schedule 100 start-time now life forever

D. ip sla schedule **100** **start-time** now life **forever**

Which two **characteristics** apply to the **endpoint security** aspect of the Cisco Threat Defense architecture? (Choose two) A. outbound URL analysis and data transfer controls B. detect and block ransomware in email attachments C. cloud-based analysis of threats D. blocking of fileless malware in real time E. user context analysis

A. **outbound URL analysis** and data transfer controls D. **blocking of fileless** malware in real time

What is a characteristics of **traffic policing**? A. lacks support for marking or remarking B. can be applied in both traffic directions C. must be applied only to outgoing traffic D. queues out-of-profile packets until the buffer is full

B. can be applied in **both** traffic **directions**

How does NETCONF YANG represent data structures? A. in an XML tree format B. as strict data structures defined by RFC 6020 C. in an HTML format D. as modules within a tree

A. in an **XML** tree format

Refer to the exhibit. [python_get_config.jpg](https://www.digitaltut.com/images/ENCOR/Python/python_get_config.jpg) What is generated by the script? A. the router processes B. the routing table C. the cdp neighbors D. the running configuration

D. the **running configuration**

Which **VXLAN** component is used to **encapsulate and decapsulate** Ethernet frames? A. VTEP B. GRE C. EVPN D. VNI

A. **VTEP**

A Cisco DNA Center REST API sends a **PUT** to the **/dna/intent/api/v1/network-device** endpoint. A response code of **504** is received. What does the code indicate? A. The response timed out based on a configured interval B. The user does not have authorization to access this endpoint C. The username and password are not correct D. The web server is not available

A. The response **timed out** based on a configured interval

Refer to the exhibit. [NAT_load_balancing.jpg](https://www.digitaltut.com/images/ENCOR/NAT/NAT_load_balancing.jpg) A network engineer must load balance traffic that comes from the NAT Router and is destined to 10.10.110.10, to several FTP servers. Which two commands sets should be applied? (Choose two) A. ``` interface gig0/0 ip address 10.10.110.1 255.255.255.0 ip nat inside interface gig0/1 ip address 172.16.1.1 255.255.255.252 ip nat outside ``` B. ``` interface gig0/0 ip address 10.10.110.1 255.255.255.0 ip nat outside interface gig0/1 ip address 172.16.1.1 255.255.255.252 ip nat inside ``` C. ``` ip nat pool ftp-pool 10.10.110.2 10.10.110.9 netmask 255.255.255.0 type rotary access-list 23 permit 10.10.110.10 ip nat inside destination-list 23 pool ftp-pool ``` D. ``` ip nat pool ftp-pool 10.10.110.2 10.10.110.9 netmask 255.255.255.0 type rotary access-list 23 permit 10.10.110.10 ip nat outside destination-list 23 pool ftp-pool ``` E. ``` ip nat pool ftp-pool 10.10.110.2 10.10.110.9 netmask 255.255.255.0 access-list 23 permit 10.10.110.10 ip nat inside destination-list 23 pool ftp-pool ```

A. interface gig0/0 ip address 10.10.110.1 255.255.255.0 ip nat inside interface gig0/1 ip address 172.16.1.1 255.255.255.252 ip nat outside C. ip nat pool ftp-pool 10.10.110.2 10.10.110.9 netmask 255.255.255.0 type rotary access-list 23 permit 10.10.110.10 ip nat inside destination-list 23 pool ftp-pool ## Footnote **Explanation** The purpose of this question is when someone tries to access the IP 10.10.110.10, the IP addresses from 10.0.0.2 to 10.0.0.9 will be handed out in a rotary fashion. This performs a basic form of load balancing. In order to do this, we need “type rotary” in the “ip nat pool …” statement -> Answer C is correct. Also Gi0/0 interface must be the NAT inside interface -> Answer A is correct.

A large campus network has deployed two wireless LAN controllers to manage the wireless network. WLC1 and WLC2 have been configured as **mobility peers**. A client **device roams** from AP1 on WLC1 to AP2 on WLC2, but the controller’s client interfaces are on **different VLANs**. How do the wireless LAN controllers handle the inter-subnet roaming? A. WLC2 marks the client with a foreign entry in its own database. The database entry is copied to the new controller and marked with an anchor entry on WLC1 B. WLC2 marks the client with an anchor entry in its own database. The database entry is copied to the new controller and marked with a foreign entry on WLC1 C. WLC1 marks the client with a foreign entry in its own database. The database entry is copied to the new controller and marked with an anchor entry on WLC2 D. WLC1 marks the client with an anchor entry in its own database. The database entry is copied to the new controller and marked with a foreign entry on WLC2

D. **WLC1 marks the client with an anchor entry** in its own database. The database entry is copied to the new controller and marked with a **foreign entry on WLC2**

Refer to the exhibit. [NAT_ACL.jpg](https://www.digitaltut.com/images/ENCOR/NAT/NAT_ACL.jpg) An administrator troubleshoots **intermittent connectivity** from internal hosts to an external public server. Some internal hosts can connect to the server while others receive an ICMP Host Unreachable message and these hosts change over time. What is the cause of this issue? A. The translator does not use address overloading B. The NAT pool netmask is excessively wide C. The NAT ACL and NAT pool share the same name D. The NAT ACL does not match all internal hosts

A. The **translator does not use address overloading**

Refer to the exhibit. [OSPF_config.jpg](https://www.digitaltut.com/images/ENCOR/OSPF/OSPF_config.jpg) Which configuration must be added to enable GigabitEthemet 0/1 to **participate in OSPF**? A. SF_router (config-router)# network 10.10.1.0 0.0.0.255 area 1 B. SF_router (config)# network 10.10.1.0 0.0.0.255 area 1 C. SF_router (config-router)# network 10.10.1.0 0.0.0.255 area 0 D. SF_router (config-router)# network 10.10.1.0 255.255.255.0 area 0

A. SF_router (config**-router**)# network 10.10.1.0 **0.0.0.255** **area 1**

Which configuration creates a CoPP policy that provides unlimited SSH access from client 10.0.0.5 and denies access from all other SSH clients? **Option A** ``` access-list 100 permit tcp host 10.0.0.5 any eq 22 access-list 100 deny tcp any any eq 22 ! class-map match-all telnet_copp match access-group 100 ! policy-map CoPP class telnet_copp police 8000 ! control-plane service-policy input CoPP ! ``` **Option B** ``` ! access-list 100 permit tcp host 10.0.0.5 any eq 22 access-list 100 deny tcp any any eq 22 ! class-map match-all telnet_copp match access-group 100 ! policy-map CoPP class telnet_copp drop ! control-plane service-policy input CoPP ! ``` **Option C** ``` ! access-list 100 deny tcp host 10.0.0.5 any eq 22 access-list 100 permit tcp any any eq 22 ! class-map match-all telnet_copp match access-group 100 ! policy-map CoPP class telnet_copp drop ! control-plane service-policy input CoPP ! ``` **Option D** ``` access-list 100 permit tcp any any eq 22 access-list 100 deny tcp host 10.0.0.5 any eq 22 ! class-map match-all telnet_copp match access-group 100 ! policy-map CoPP class telnet_copp police 8000 ! control-plane service-policy input CoPP ! ```

Option C ! access-list 100 **deny** tcp host 10.0.0.5 any eq 22 access-list 100 permit tcp any any eq 22 ! class-map match-all telnet_copp match access-group 100 ! **policy-map CoPP class telnet_copp drop** ! control-plane service-policy input CoPP !

Refer to the exhibit. [python_parse_code.jpg](https://www.digitaltut.com/images/ENCOR/Python/python_parse_code.jpg) Which **python** code parses the response and **prints “18:32:21.474 UTC sun Mar 10 2019**? A. `print(response[‘result’][0][‘simple_time’])` B. `print(response[result’][‘body’][‘simple_time’])` C. `print(response[‘body’][‘simple_time’])` D. `print(response[‘result’][‘body’][‘simple_time’])`

D. `print(response[‘result’][‘body’][‘simple_time’])` **result > body > simple_time**

The Gig0/0 interface of two routers is directly connected with a 1G Ethernet link. Which configuration must be applied to the interface of both routers to establish an **OSPF** adjacency **without** maintaining a **DR/BDR relationship**? A. interface Gig0/0 ip ospf network point-to-multipoint B. interface Gig0/0 ip ospf network non-broadcast C. interface Gig0/0 ip ospf network broadcast D. interface Gig0/0 ip ospf network point-to-point

D. interface Gig0/0 ip ospf network **point-to-point**

Refer to the exhibit. [Etherchannel_config.jpg](https://www.digitaltut.com/images/ENCOR/Etherchannel/Etherchannel_config.jpg) The **port channel** between the switches **does not work** as expected. Which action resolves the issue? A. Interface Gi0/0 on Switch2 must be configured as passive. B. Interface Gi0/1 on Switch1 must be configured as desirable. C. Interface Gi0/1 on Switch2 must be configured as active. D. Trunking must be enabled on both interfaces on Switch2.

C. Interface Gi0/1 on Switch2 must be **configured as active.**

By default, which **virtual MAC** address does **HSRP group** 14 use? A. 04.16.19.09.4c.0e B. 00:05:5e:19:0c:14 C. 00:05:0c:07:ac:14 D. 00:00:0c:07:ac:0e

D. **00:00:0c:07:ac**:0e