PArt 4 Flashcards

1
Q

Assuming the WLC’s interfaces are not in the same subnet as the RADIUS server, which interface would the WLC use as the source for all RADIUS-related traffic?

A. the controller management interface

B. the controller virtual interface

C. the interface specified on the WLAN configuration

D. any interface configured on the WLC

A

C. the interface specified on the WLAN configuration

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

An engineer must deny Telnet traffic from the loopback interface of router R3 to the loopback interface of router R2 during the weekend hours. All other traffic between the loopback interfaces of routers R3 and R2 must be allowed at all times.
Which command set accomplishes this task?

A. R3(config)#time-range WEEKEND R3(config-time-range)#periodic Saturday Sunday 00:00 to 23:59 R3(config)#access-list 150 deny tcp host 10.3.3.3 host 10.2.2.2 eq 23 time-range WEEKEND R3(config)#access-list 150 permit ip any any time-range WEEKEND R3(config)#interface G0/1 R3(config-if)#ip access-group 150 out

B. R1(config)#time-range WEEKEND R1(config-time-range)#periodic weekend 00:00 to 23:59 R1(config)#access-list 150 deny tcp host 10.3.3.3 host 10.2.2.2 eq 23 time-range WEEKEND R1(config)#access-list 150 permit ip any any R1(config)#interface G0/1 R1(config-if)#ip access-group 150 in

C. R3(config)#time-range WEEKEND R3(config-time-range)#periodic weekend 00:00 to 23:59 R3(config)#access-list 150 permit tcp host 10.3.3.3 host 10.2.2.2 eq 23 time-range WEEKEND R3(config)#access-list 150 permit ip any any time-range WEEKEND R3(config)#interface G0/1 R3(config-if)#ip access-group 150 out

D. R1(config)#time-range WEEKEND R1(config-time-range)#periodic Friday Sunday 00:00 to 00:00 R1(config)#access-list 150 deny tcp host 10.3.3.3 host 10.2.2.2 eq 23 time-range WEEKEND R1(config)#access-list 150 permit ip any any R1(config)#interface G0/1 R1(config-if)#ip access-group 150 in

A

B. R1(config)#time-range WEEKEND R1(config-time-range)#periodic weekend 00:00 to 23:59 R1(config)#access-list 150 deny tcp host 10.3.3.3 host 10.2.2.2 eq 23 time-range WEEKEND R1(config)#access-list 150 permit ip any any R1(config)#interface G0/1 R1(config-if)#ip access-group 150 in

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Refer to the exhibit. PC-1 must access the web server on port 8080. To allow this traffic, which statement must be added to an access control list that is applied on
SW2 port G0/0 in the inbound direction?

A. permit tcp host 172.16.0.2 host 192.168.0.5 eq 8080

B. permit tcp host 192.168.0.5 host 172.16.0.2 eq 8080

C. permit tcp host 192.168.0.5 eq 8080 host 172.16.0.2

D. permit tcp host 192.168.0.5 lt 8080 host 172.16.0.2

A

A. permit tcp host 172.16.0.2 host 192.168.0.5 eq 8080

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Refer to the exhibit. An engineer must create a configuration that executes the show run command and then terminates the session when user CCNP logs in.
Which configuration change is required?

A. Add the access-class keyword to the username command.

B. Add the autocommand keyword to the aaa authentication command.

C. Add the access-class keyword to the aaa authentication command.

D. Add the autocommand keyword to the username command.

A

D. Add the autocommand keyword to the username command.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Refer to the exhibit. An engineer configures CoPP and enters the show command to verify the implementation. What is the result of the configuration?

A. All traffic will be policed based on access-list 120.

B. If traffic exceeds the specified rate, it will be transmitted and remarked.

C. Class-default traffic will be dropped.

D. ICMP will be denied based on this configuration.

A

A. All traffic will be policed based on access-list 120.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q
A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is the effect of this configuration?

A. The device will allow users at 192.168.0.202 to connect to vty lines 0 through 4 using the password ciscotestkey.

B. The device will authenticate all users connecting to vty lines 0 through 4 against TACACS+.

C. The device will allow only users at 192.168.0.202 to connect to vty lines 0 through 4.

D. When users attempt to connect to vty lines 0 through 4, the device will authenticate them against TACACS+ if local authentication fails.

A

B. The device will authenticate all users connecting to vty lines 0 through 4 against TACACS+.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q
A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q
A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

DRAG DROP -
An engineer creates the configuration below. Drag and drop the authentication methods from the left into the order of priority on the right. Not all options are used.

R1#sh run | i aaa -
aaa new-model
aaa authentication login default group ACE group AAA_RADIUS local-case aaa session-id common
R1#
Select and Place:

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Refer to the exhibit.

An engineer must modify the access control list EGRESS to allow all IP traffic from subnet 10.1.10.0/24 to 10.1.2.0/24. The access control list is applied in the outbound direction on router interface GigabitEthernet 0/1.
Which configuration command set will allow this traffic without disrupting existing traffic flows?

(Should be 2 pics here)

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Which configuration restricts the amount of SSH traffic that a router accepts to 100 kbps?

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Refer to the exhibit. What step resolves the authentication issue?

A. use basic authentication

B. change the port to 12446

C. target 192.168.100.82 in the URI

D. restart the vsmart host

A

D. restart the vsmart host

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Security policy requires all idle exec sessions to be terminated in 600 seconds.
Which configuration achieves this goal?

A. line vty 0 15 absolute-timeout 600

B. line vty 0 15 no exec-timeout

C. line vty 0 15 exec-timeout 10 0

D. line vty 0 4 exec-timeout 600

A

C. line vty 0 15 exec-timeout 10 0

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

An engineer must block all traffic from a router to its directly connected subnet 209.165.200.0/24. The engineer applies access control list EGRESS in the outbound direction on the GigabitEthernet0/0 interface of the router. However, the router can still ping hosts on the 209.165.200.0/24 subnet.
Which explanation of this behavior is true?

A. Access control lists that are applied outbound to a router interface do not affect traffic that is sourced from the router.

B. After an access control list is applied to an interface, that interface must be shut and no shut for the access control list to take effect.

C. Only standard access control lists can block traffic from a source IP address.

D. The access control list must contain an explicit deny to block traffic from the router.

A

A. Access control lists that are applied outbound to a router interface do not affect traffic that is sourced from the router.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Refer to the exhibit. An engineer is investigating why guest users are able to access other guest user devices when the users are connected to the customer guest
WLAN. What action resolves this issue?

A. implement P2P blocking

B. implement MFP client protection

C. implement Wi-Fi direct policy

D. implement split tunneling

A

A. implement P2P blocking

17
Q

Refer to the exhibit. An engineer has configured Cisco ISE to assign VLANs to clients based on their method of authentication, but this is not working as expected.
Which action will resolve this issue?

A. enable AAA override

B. set a NAC state

C. utilize RADIUS profiling

D. require a DHCP address assignment

A

C. utilize RADIUS profiling

18
Q

Refer to the exhibit. Which single security feature is recommended to provide Network Access Control in the enterprise?

A. MAB

B. 802.1X

C. WebAuth

D. port security sticky MAC

A

B. 802.1X

19
Q

Refer to the exhibit. After configuring an IPsec VPN, an engineer enters the show command to verify the ISAKMP SA status. What does the status show?

A. VPN peers agreed on parameters for the ISAKMP SA.

B. Peers have exchanged keys, but ISAKMP SA remains unauthenticated.

C. ISAKMP SA is authenticated and can be used for Quick Mode.

D. ISAKMP SA has been created, but it has not continued to form.

A

C. ISAKMP SA is authenticated and can be used for Quick Mode.

20
Q

Refer to the exhibit. An engineer must deny HTTP traffic from host A to host B while allowing all other communication between the hosts. Drag and drop the commands into the configuration to achieve these results. Some commands may be used more than once. Not all commands are used.
Select and Place:

A
21
Q

Which HTTP JSON response does the Python code output give?

A. 7.0(3)|7(4)

B. 7.61

C. NameError: name ג€˜jsonג€™ is not defined

D. KeyError: ג€˜kickstart_ver_strג€™

A

A. 7.0(3)|7(4)

22
Q

A network administrator is preparing a Python script to configure a Cisco IOS XE-based device on the network. The administrator is worried that colleagues will make changes to the device while the script is running.
Which operation of the ncclient manager prevents colleagues from making changes to the devices while the script is running?

A. m.lock(config=’running’)

B. m.lock(target=’running’)

C. m.freeze(target=’running’)

D. m.freeze(config=’running’)

A

B. m.lock(target=’running’)

23
Q

Which outcome is achieved with this Python code?
client.connect (ip, port= 22, username= usr, password= pswd ) stdin, stdout, stderr = client.exec_command ( ג€˜show ip bgp 192.168.101.0 bestpath\n ג€˜ ) print (stdout)

A. connects to a Cisco device using SSH and exports the BGP table for the prefix

B. displays the output of the show command in a formatted way

C. connects to a Cisco device using SSH and exports the routing table information

D. connects to a Cisco device using Telnet and exports the routing table information

A

A. connects to a Cisco device using SSH and exports the BGP table for the prefix

24
Q

Refer to the exhibit. Which JSON syntax is derived from this data?

A. {[{ג€˜First Nameג€™: ג€˜Johnnyג€™, ג€˜Last Nameג€™: ג€˜Tableג€™, ג€˜Hobbiesג€™: [ג€˜Runningג€™, ג€˜Video gamesג€™]}, {ג€˜First Nameג€™: ג€˜Billyג€™, ג€˜Last Nameג€™: ג€˜Smithג€™, ג€˜Hobbiesג€™: [ג€˜Nappingג€™, ג€˜Readingג€™]}]}

B. {ג€˜Personג€™: [{ג€˜First Nameג€™: ג€˜Johnnyג€™, ג€˜Last Nameג€™: ג€˜Tableג€™, ג€˜Hobbiesג€™: ג€˜Runningג€™, ג€˜Video gamesג€™}, {ג€˜First Nameג€™: ג€˜Billyג€™, ג€˜Last Nameג€™: ג€˜Smithג€™, ג€˜Hobbiesג€™: ג€˜Nappingג€™, ג€˜Readingג€™}]}

C. {[{ג€˜First Nameג€™: ג€˜Johnnyג€™, ג€˜Last Nameג€™: ג€˜Tableג€™, ג€˜Hobbiesג€™: ג€˜Runningג€™, ג€˜Hobbiesג€™: ג€˜Video gamesג€™}, {ג€˜First Nameג€™: ג€˜Billyג€™, ג€˜Last Nameג€™: ג€˜Smithג€™, ג€˜Hobbiesג€™: ג€˜Nappingג€™, ג€˜Readingג€™}]}

D. {ג€˜Personג€™: [{ג€˜First Nameג€™: ג€˜Johnnyג€™, ג€˜Last Nameג€™: ג€˜Tableג€™, ג€˜Hobbiesג€™: [ג€˜Runningג€™, ג€˜Video gamesג€™]}, {ג€˜First Nameג€™: ג€˜Billyג€™, ג€˜Last Nameג€™: ג€˜Smithג€™, ג€˜Hobbiesג€™: [ג€˜Nappingג€™, ג€˜Readingג€™]}]}

syntax needs to be fixed

A

D. {ג€˜Personג€™: [{ג€˜First Nameג€™: ג€˜Johnnyג€™, ג€˜Last Nameג€™: ג€˜Tableג€™, ג€˜Hobbiesג€™: [ג€˜Runningג€™, ג€˜Video gamesג€™]}, {ג€˜First Nameג€™: ג€˜Billyג€™, ג€˜Last Nameג€™: ג€˜Smithג€™, ג€˜Hobbiesג€™: [ג€˜Nappingג€™, ג€˜Readingג€™]}]}

syntax needs to be fixed

25
Q

Which data is properly formatted with JSON?

A
26
Q

Based on the output below, which Python code shows the value of the “upTime” key?

A. json_data = response.json() print(json_data[ג€˜responseג€™][0][ג€˜upTimeג€™])

B. json_data = response.json() print(json_data[response][0][upTime])

C. json_data = json.loads(response.text) print(json_data[ג€˜responseג€™][ג€˜familyג€™][ג€˜upTimeג€™])

D. json_data = response.json() print(json_data[ג€˜responseג€™][family][ג€˜upTimeג€™])

A

C. json_data = json.loads(response.text) print(json_data[ג€˜responseג€™][ג€˜familyג€™][ג€˜upTimeג€™])

syntax needs to be fixed

27
Q

Which exhibit displays a valid JSON file?

A
28
Q

What is the JSON syntax that is formed from the data?

A. {Name: Bob Johnson, Age: 75, Alive: true, Favorite Foods: [Cereal, Mustard, Onions]}

B. {ג€Nameג€: ג€Bob Johnsonג€, ג€Ageג€: 75, ג€Aliveג€: true, ג€Favorite Foodsג€: [ג€Cerealג€, ג€Mustardג€, ג€Onionsג€]}

C. {ג€˜Nameג€™: ג€˜Bob Johnsonג€™, ג€˜Ageג€™: 75, ג€˜Aliveג€™: True, ג€˜Favorite Foodsג€™: ג€˜Cerealג€™, ג€˜Mustardג€™, ג€˜Onionsג€™}

D. {ג€Nameג€: ג€Bob Johnsonג€, ג€Ageג€: Seventyfive, ג€Aliveג€: true, ג€Favorite Foodsג€: [ג€Cerealג€, ג€Mustardג€, ג€Onionsג€]}

A

B. {ג€Nameג€: ג€Bob Johnsonג€, ג€Ageג€: 75, ג€Aliveג€: true, ג€Favorite Foodsג€: [ג€Cerealג€, ג€Mustardג€, ג€Onionsג€]}

29
Q

Which JSON syntax is valid?

A. {ג€switchג€: ג€nameג€: ג€dist1ג€, ג€interfacesג€: [ג€gig1ג€, ג€gig2ג€, ג€gig3ג€]}

B. {/ג€switch/ג€: {/ג€name/ג€: ג€dist1ג€, /ג€interfaces/ג€: [ג€gig1ג€, ג€gig2ג€, ג€gig3ג€]}}

C. {ג€switchג€: {ג€nameג€: ג€dist1ג€, ג€interfacesג€: [ג€gig1ג€, ג€gig2ג€, ג€gig3ג€]}}

D. {ג€˜switchג€™: (ג€˜nameג€™: ג€˜dist1ג€™, ג€˜interfacesג€™: [ג€˜gig1ג€™, ג€˜gig2ג€™, ג€˜gig3ג€™])}

A

A. {ג€switchג€: ג€nameג€: ג€dist1ג€, ג€interfacesג€: [ג€gig1ג€, ג€gig2ג€, ג€gig3ג€]}

30
Q

What is the structure of a JSON web token?

A. three parts separated by dots: header, payload, and signature

B. three parts separated by dots: version, header, and signature

C. header and payload

D. payload and signature

A

A. three parts separated by dots: header, payload, and signature

31
Q

A response code of 404 is received while using the REST API on Cisco DNA Center to POST to this URI:
/dna/intent/api/v1/template-programmer/project
What does the code mean?

A. The POST/PUT request was fulfilled and a new resource was created. Information about the resource is in the response body.

B. The request was accepted for processing, but the processing was not completed.

C. The client made a request for a resource that does not exist.

D. The server has not implemented the functionality that is needed to fulfill the request.

A

C. The client made a request for a resource that does not exist.

32
Q

Which two operations are valid for RESTCONF? (Choose two.)

A. PULL

B. PUSH

C. PATCH

D. REMOVE

E. ADD

F. HEAD

A

C. PATCH

F. HEAD

33
Q

Refer to the exhibit. An engineer is using XML in an application to send information to a RESTCONF-enabled device. After sending the request, the engineer gets this response message and an HTTP response code of 400. What do these responses tell the engineer?

A. The Accept header sent was application/xml.

B. POST was used instead of PUT to update.

C. The Content-Type header sent was application/xml.

D. A JSON body was used.

A

C. The Content-Type header sent was application/xml.