Question Part-1 Flashcards

Question 1

Q

A. The FIB is populated based on RIB content. Most Voted
B. The RIB maintains a mirror image of the FIB.
C. The RIB is used to make IP source prefix-based switching decisions.
D. The FIB is where all IP routing information is stored.

Question 2

Q

What is a benefit of deploying an on-premises infrastructure versus a cloud infrastructure deployment?

A. ability to quickly increase compute power without the need to install additional hardware
B. less power and cooling resources needed to run infrastructure on-premises
C. faster deployment times because additional infrastructure does not need to be purchased
D. lower latency between systems that are physically located near each othe

Question 3

Q

Question 1

Which two security mechanisms are used by Cisco Threat Defense to gain visibility into the most dangerous cyber threats? (Choose two)

A. dynamic enforce policy
B. file reputation
C. virtual private networks
D. Traffic Telemetry
E. VLAN segmentation

Question 4

Q

Which is a fact about Cisco EAP-FAST?

A. It does not require a RADIUS server certificate
B. It requires a client certificate
C. It is an IETF standard.
D. It operates in transparent mode

Answer

A

The EAP-FAST protocol is a publicly accessible IEEE 802.1X EAP type that Cisco developed to support customers that cannot enforce a strong password policy and want to deploy an 802.1X EAP type that does not require digital certificates.

EAP-FAST is also designed for simplicity of deployment since it does not require a certificate on the wireless LAN client or on the RADIUS infrastructure yet incorporates a built-in provisioning mechanism.

Question 5

Q

Which two operations are valid for RESTCONF? (Choose two)

A. HEAD
B. REMOVE
C. PULL
D. GET
E. ADD
F. PUSH

Answer

A

Answer: A D

Explanation

RESTCONF operations include OPTIONS, HEAD, GET, POST, PUT, PATCH, DELETE.

Question 6

Q

Which configuration restricts the amount of SSH that a router accepts to 100 kbps?

Option A
class-map match-all CoPP_SSH
match access-group name CoPP_SSH
!
policy-map CoPP_SSH
class CoPP_SSH
police cir 100000
exceed-action drop
!
!
!
interface GigabitEthernet0/1
ip address 209.165.200.225 255.255.255.0
ip access-group CoPP_SSH out
duplex auto
speed auto
media-type rj45
service-policy input CoPP_SSH
!
ip access-list extended CoPP_SSH
permit tcp any any eq 22
! Option B
class-map match-all CoPP_SSH
match access-group name CoPP_SSH
!
policy-map CoPP_SSH
class CoPP_SSH
police cir CoPP_SSH
exceed-action drop
!
!
!
interface GigabitEthernet0/1
ip address 209.165.200.225 255.255.255.0
ip access-group CoPP_SSH out
duplex auto
speed auto
media-type rj45
service-policy input CoPP_SSH
!
ip access-list extended CoPP_SSH
deny tcp any any eq 22
!
Option C
class-map match-all CoPP_SSH
match access-group name CoPP_SSH
!
policy-map CoPP_SSH
class CoPP_SSH
police cir 100000
exceed-action drop
!
!
!
control-plane
service-policy input CoPP_SSH
!
ip access-list extended CoPP_SSH
permit tcp any any eq 22
! Option D
class-map match-all CoPP_SSH
match access-group name CoPP_SSH
!
policy-map CoPP_SSH
class CoPP_SSH
police cir 100000
exceed-action drop
!
!
!
control-plane transit
service-policy input CoPP_SSH
!
ip access-list extended CoPP_SSH
permit tcp any any eq 22
!
A. Option A
B. Option B
C. Option C
D. Option D

Answer

A

Answer: C

Explanation

CoPP protects the route processor on network devices by treating route processor resources as a separate entity with its own ingress interface (and in some implementations, egress also). CoPP is used to police traffic that is destined to the route processor of the router such as:
+ Routing protocols like OSPF, EIGRP, or BGP.
+ Gateway redundancy protocols like HSRP, VRRP, or GLBP.
+ Network management protocols like telnet, SSH, SNMP, or RADIUS.

Question 7

Q

Answer: C

Explanation

CoPP protects the route processor on network devices by treating route processor resources as a separate entity with its own ingress interface (and in some implementations, egress also). CoPP is used to police traffic that is destined to the route processor of the router such as:
+ Routing protocols like OSPF, EIGRP, or BGP.
+ Gateway redundancy protocols like HSRP, VRRP, or GLBP.
+ Network management protocols like telnet, SSH, SNMP, or RADIUS.

Question 8

Q

What is one primary REST security design principle?

A. password hash
B. fail-safe defaults
C. adding a timestamp in requests
D. OAuth

Question 9

Q

What is the responsibility of a secondary WLC?

A. It shares the traffic load of the LAPs with the primary controller.
B. It avoids congestion on the primary controller by sharing the registration load on the LAPs.
C. It registers the LAPs if the primary controller fails.
D. It enables Layer 2 and Layer 3 roaming between itself and the primary controller.

Question 10

Q

Which action is a LISP ITR responsible for?

A. responding to map-request messages
B. finding EID-to-RLOC mappings
C. accepting registration requests from ETRs
D. forwarding user data traffic

Answer

A

Answer: B

Explanation

Ingress Tunnel Router (ITR) is the device (or function) that is responsible for finding EID-to-RLOC mappings for all traffic destined for LISP-capable sites. After the encapsulation, the original packet become a LISP packet.

Question 11

Q

An engineer modifies the existing ISE guest portal URL to use a static FQDN. Users immediately report that they receive certificate errors when they are redirected to the new page. Which two additional configuration steps are needed to implement the change? (Choose two)

A. Create and sign a new CSR that contains the static FQDN entry
B. Add the FQDN entry under the WLC virtual interface
C. Manually configure the hosts file on each user device
D. Disable HTTPS on the WLC under the Management menu
E. Add a new DNS record to resolve the FQDN to the PSN IP address

Question 12

Q

In a Cisco Catalyst switch equipped with two supervisor modules an administrator must temporally remove the active supervisor from the chassis to perform hardware maintenance on it. Which mechanism ensure that the active supervisor removal is not disruptive to the network operation?

A. NSF/NSR
B. SSO
C. HSRP
D. VRRP

Question 13

Q

Question 17

Which encryption hashing algorithm does NTP use for authentication?

A. SSL
B. AES256
C. AES128
D. MD5

Answer

A

D
Explanation

An example of configuring NTP authentication is shown below:

Router1(config)#ntp authentication-key 2 md5 digitaltut
Router1(config)#ntp authenticate

Question 14

Q

An engineer must provide wireless converge in a square office. The engineer has only one AP and believes that it should be placed it in the middle of the room. Which antenna type should the engineer use?

A. directional
B. polarized
C. Yagi
D. omnidirectional

Answer

A

D

ypes of external antennas:
+ Omnidirectional: Provide 360-degree coverage. Ideal in houses and office areas
+ Directional: Focus the radio signal in a specific direction. Examples are the Yagi and parabolic dish
+ Multiple Input Multiple Output (MIMO) – Uses multiple antennas (up to eight) to increase bandwidth

An omnidirectional antenna is designed to provide a 360-degree radiation pattern. This type of antenna is used when coverage in all directions from the antenna is required.

Question 15

Q

A customer requires their wireless data traffic to egress at the switch port of the access point. Which access point mode supports this?

A. FlexConnect
B. Sniffer
C. Bridge
D. Monitor

Answer

A

Answer: A

Explanation

FlexConnect AP mode enables switching traffic between an SSID and a VLAN locally if the CAPWAP to the WLC is down, even when the AP is at a remote site. It can also be configured to egress at the access point’s LAN port.

Question 16

Q

What is a benefit of YANG modules?

A. tightly coupled models with encoding to improve performance
B. easier multivendor interoperability provided by common or industry models
C. avoidance of ecosystem fragmentation by having fixed modules that cannot be changed
D. single protocol and model coupling to simplify maintenance and support

Question 17

Q

What is contained in the VXLAN header?

A. VXLAN network identifier
B. source and destination RLOC ID
C. endpoint ID
D. original Layer 2 VLAN ID

Question 18

Q

Which two steps are required for a complete Cisco DNA Center upgrade? (Choose two)

A. golden image selection
B. automation backup
C. proxy configuration
D. application updates
E. system update

Answer

A

D E
A complete Cisco DNA Center upgrade includes “System Update” and “Appplication Updates”

Question 19

Q

Which virtualization component creates VMs and performs hardware abstraction that allows multiple VMs to run at the same time?

A. rkt
B. Docker
C. container
D. hypervisor

Question 20

Q

Drag and drop the LISP components from the left onto the function they perform on the right. Not all options are used.

Answer

A

Answer:

+ accepts LISP encapsulated map requests: LISP map resolver
+ learns of EID prefix mapping entries from an ETR: LISP map server
+ receives traffic from LISP sites and sends it to non-LISP sites: LISP proxy ETR
+ receives packets from site-facing interfaces: LISP ITR

Question 21

Q

Which technology is used to provide Layer 2 and Layer 3 logical networks in the Cisco SD-Access architecture?

A. underlay network
B. overlay network
C. VPN routing/forwarding
D. easy virtual network

Question 22

Q

What does Call Admission Control require the client to send in order to reserve the bandwidth?

A. SIP flow information
B. Wi-Fi multimedia
C. traffic specification
D. VoIP media session awareness

Question 23

Q

Which network devices secure API platform?

A. next-generation intrusion detection systems
B. Layer 3 transit network devices
C. content switches
D. web application firewalls

Answer

A

Answer: D

Explanation

Cisco Secure Web Application Firewall (WAF) and bot protection defends your online presence and ensures that website, mobile applications, and APIs are secure, protected, and “always on.”

Question 24

Q

Where is the wireless LAN controller located in a mobility express deployment?

A. There is no wireless LAN controller in the network.
B. The wireless LAN controller is embedded into the access point.
C. The wireless LAN controller exists in the cloud.
D. The wireless LAN controller exists in a server that is dedicated for this purpose.

Answer

A

Answer: B

Explanation

Mobility Express is the ability to use an access point (AP) as a controller instead of a real WLAN controller. But this solution is only suitable for small to midsize, or multi-site branch locations where you might not want to invest in a dedicated WLC. A Mobility Express WLC can support up to 100 APs.

Question 25

Q

What is a characteristic of VXLAN?

A. It uses TCP for transport.
B. It has a 12-byte packet header.
C. It extends Layer 2 and Layer 3 overlay networks over a Layer 2 underlay.
D. It is a multi-tenant solution.

Answer

A

Answer: D

VXLAN header consists of 8 bytes and contains the 24-bit VNI -> Answer B is not correct.
VXLAN uses UDP, not TCP -> Answer A is not correct.
VXLAN is often described as an overlay technology because it allows to stretch Layer 2 connections over an intervening Layer 3 network -> Answer C is not correct.Therefore only answer D is left.

Question 26

Q

An engineer is configuring Local WebAuth on a Cisco Wireless LAN Controller. According to RFC 5737, which virtual IP address must be used in this configuration?

A. 1.1.1.1
B. 192.168.0.1
C. 192.0.2.1
D. 172.20.10.1

Question 27

Q

A large campus network has deployed two wireless LAN controllers to manage the wireless network. WLC1 and WLC2 have been configured as mobility peers. A client device roams from AP1 on WLC1 to AP2 on WLC2, but the controller’s client interfaces are on different VLANs. How do the wireless LAN controllers handle the inter-subnet roaming?

A. WLC2 marks the client with a foreign entry in its own database. The database entry is copied to the new controller and marked with an anchor entry on WLC1
B. WLC2 marks the client with an anchor entry in its own database. The database entry is copied to the new controller and marked with a foreign entry on WLC1
C. WLC1 marks the client with a foreign entry in its own database. The database entry is copied to the new controller and marked with an anchor entry on WLC2
D. WLC1 marks the client with an anchor entry in its own database. The database entry is copied to the new controller and marked with a foreign entry on WLC2

Question 28

Q

What is the function of the fabric control plane node in a Cisco SD-Access deployment?

A. It is responsible for policy application and network segmentation in the fabric.
B. It performs traffic encapsulation and security profiles enforcement in the fabric.
C. It holds a comprehensive database that tracks endpoints and networks in the fabric.
D. It provides integration with legacy nonfabric-enabled environments.

Answer

A

C
Fabric control plane node (C): One or more network elements that implement the LISP Map-Server (MS) and Map-Resolver (MR) functionality. The control plane node’s host tracking database keep track of all endpoints in a fabric site and associates the endpoints to fabric nodes in what is known as an EID-to-RLOC binding in LISP.

Question 29

Q

Which capability does a distributed virtual switch have?

A. use floating static routes
B. provide configuration consistency across the hosts
C. run dynamic routing protocols
D. use advanced IPsec encryption algorithms

Question 30

Q

Which two methods are used to assign security group tags to the user in a Cisco Trust Sec architecture? (Choose two)

A. modular QoS
B. policy routing
C. web authentication
D. DHCP
E. IEEE 802.1x

Answer

A

Answer: C E

Explanation

Cisco ISE assigns the SGT tags to users or devices that are successfully authenticated and authorized through 802.1x, MAB, or WebAuth.

Question 31

Q

Refer to the exhibit.

interface GigabitEthernet1
ip address 10.10.10.1 255.255.255.0
!
access-list 10 permit 10.10.10.1
!
monitor session 10 type erspan-source
source interface Gi1
destination
erspan-id 10
ip address 192.168.1.1
Which command filters the ERSPAN session packets only to interface GigabitEthernet1?

A. source ip 10.10.10.1
B. source interface gigabitethernet1 ip 10.10.10.1
C. filter access-group 10
D. destination ip 10.10.10.1

Question 32

Q

A network engineer configures a WLAN controller with increased security for web access. There is IP connectivity with the WLAN controller, but the engineer cannot start a management session from a web browser. Which action resolves the issue?

A. Use a private or incognito session.
B. Disable Adobe Flash Player
C. Disable JavaScript on the web browser
D. Use a browser that supports 128-bit or larger ciphers.

Answer

A

D
Enable or disable secure web mode with increased security by entering this command:

Question 33

Q

A customer has recently implemented a new wireless infrastructure using WLC-5520S at a site directly next to a large commercial airport Users report that they intermittently lose Wi-Fi connectivity, and troubleshooting reveals it is due to frequent channel changes. Which two actions fix this issue? (Choose two)

A. Remove UNII-2 and Extended UNII-2 channels from the 5 GHz channel list
B. Restore the DCA default settings because this automatically avoids channel interference
C. Disable DFS channels to prevent interference with Doppler radar
D. Enable DFS channels because they are immune to radar interference
E. Configure channels on the UNII-2 and the Extended UNII-2 sub-bands of the 5 GHz band only

Question 34

Q

R1
interface GigabitEthernet0/0
ip address 192.168.250.2 255.255.255.0
standby 20 ip 192.168.250.1
standby 20 priority 120

R2
interface GigabitEthernet0/0
ip address 192.168.250.3 255.255.255.0
standby 20 ip 192.168.250.1
standby 20 priority 110
What are two effects of this configuration? (Choose two)

A. R1 becomes the active router
B. R1 becomes the standby router
C. If R2 goes down, R1 becomes active but reverts to standby when R2 comes back online
D. If R1 goes down, R2 becomes active but reverts to standby when R1 comes back online
E. If R1 goes down, R2 becomes active and remains the active device when R1 comes back online

Question 35

Q

Drag and drop the automation characteristics from the left onto the corresponding tools on the right

Answer

A

Ansible
+ all functions are performed over SSH
+ YAML configuration language
+ based on Python

Chef
+ Ruby syntax in configuration files

Question 36

Q

Which two features does the Cisco SD-Access architecture add to a traditional campus network? (Choose two)

A. private VLANs
B. software-defined segmentation
C. SD-WAN
D. identity services
E. modular QoS

Question 37

Q

What is a benefit of using segmentation with TrustSec?

A. Integrity checks prevent data from being modified in transit.
B. Packets sent between endpoints on a LAN are encrypted using symmetric key cryptography.
C. Security group tags enable network segmentation.
D. Firewall rules are streamlined by using business-level profiles.

Question 38

Q

Which resource must a hypervisor make available to the virtual machines?

A. bandwidth
B. IP address
C. processor
D. secure access

Question 39

Q

An engineer is working with the Cisco DNA Center API. Drag and drop the methods from the left onto the actions that they are used for on the right.

Answer

A

Answer:

+ remove an element using the API: DELETE
+ extract information from the API: GET
+ update an element: PUT
+ create an element: POST

Explanation

A RESTful API uses existing HTTP methodologies defined by the RFC 2616 protocol, such as:

+ GET to retrieve a resource;
+ PUT to change the state of or update a resource, which can be an object, file or block
+ POST to create that resource
+ DELETE to remove it.

Question 40

Q

What is the differences between TCAM and the MAC address table?

A. Router prefix lookups happens in CAM. MAC address table lookups happen in TCAM
B. The MAC address table supports partial matches. TCAM requires an exact match
C. The MAC address table is contained in CAM. ACL and QoS information is stored in TCAM
D. TCAM is used to make Layer 2 forwarding decisions. CAM is used to build routing tables

Question 41

Q

Drag and drop the characteristic from the left onto the orchestration tools that they describe on the right.

Answer

A

Answer:

Ansible:
+ uses playbooks
+ prodedural

Puppet:
+ uses a pull model
+ declarative

Question 42

Q

Which IPv4 packet field carries the QoS IP classification marking?

A. ID
B. TTL
C. FCS
D. ToS

Question 43

Q

Refer to the exhibit.

Device#configure terminal
Device(config)#netconf ssh acl 1
Device(config)#netconf lock-time 100
Device(config)#netconf max-sessions 1
Device(config)#netconf max-message 10
A network engineer must configure NETCONF. After creating the configuration, the engineer gets output from the command show line, but not from show running-config. Which command completes the configuration?

A. Device(config)# no netconf ssh acl 1
B. Device(config)# netconf max-sessions 100
C. Device(config)# netconf lock-time 500
D. Device(config)# netconf max-message 1000

Question 44

Q

An engineer must configure a multicast UDP jitter operation. Which configuration should be applied?

A. Router(config)#ip sla 1
Router(config)#udp jitter 10.0.0.1 source-ip 192.168.1.1

B. Router(config)#ip sla 1
Router(config)#udp-jitter 192.0.2.115 65051 num-packets 20

C. Router(config)#ip sla 1
Router(config)#udp-jitter 192.0.2.115 65051

D. Router(config)#ip sla 1
Router(config)#udp jitter 239.1.1.1 65051 end-point list List source-ip 192.168.1.1

Question 45

Q

Which two mechanisms are used with OAuth 2.0 for enhanced validation? (Choose two)

A. authorization
B. custom headers
C. request management
D. authentication
E. accounting

Question 46

Q

Which two characteristics apply to the endpoint security aspect of the Cisco Threat Defense architecture? (Choose two)

A. outbound URL analysis and data transfer controls
B. detect and block ransomware in email attachments
C. cloud-based analysis of threats
D. blocking of fileless malware in real time
E. user context analysis

Question 47

Q

Drag and drop the characteristics from the left onto the routing protocols they describe on the right.

Answer

A

EIGRP
+ It is an Advanced Distance Vector routing protocol
+ It relies on the Diffused Update Algorithm to calculate the shortest path to a destination
+ It requires an Autonomous System number to create a routing instance for exchanging routing information

OSPF
+ The default Administrative Distance is equal to 110
+ It requires a process ID that is local to the router
+ It uses virtual links to connect two parts of a partitioned backbone through a non-backbone area

Question 48

Q

Which activity requires access to Cisco DNA Center CLI?

A. provisioning a wireless LAN controller
B. creating a configuration template
C. upgrading the Cisco DNA Center software
D. graceful shutdown of Cisco DNA Center

Question 49

Q

How does EIGRP differ from OSPF?

A. EIGRP is more prone to routing loops than OSPF
B. EIGRP supports equal or unequal path cost, and OSPF supports only equal path cost.
C. EIGRP has a full map of the topology, and OSPF only knows directly connected neighbors
D. EIGRP uses more CPU and memory than OSPF

Question 50

Q

What is the function of vBond in a Cisco SDWAN deployment?

A. onboarding of SDWAN routers into the SD-WAN overlay
B. pushing of configuration toward SD-WAN routers
C. initiating connections with SD-WAN routers automatically
D. gathering telemetry data from SD-WAN routers

Question 51

Q

When is GLBP preferred over HSRP?

A. When encrypted helm are required between gateways h a single group
B. When the traffic load needs to be shared between multiple gateways using a single virtual IP
C. When the gateway routers are a mix of Cisco and non-Cisco routers
D. When clients need the gateway MAC address lo Be the same between multiple gateways

Answer

A

Answer: B

An advantage of GLBP over HSRP, VRRP is GLBP can load-balance traffic without any trick

Question 52

Q

A network engineer wants to configure console access to a router without using AAA so that the privileged exec mode is entered directly after a user provide the correct login credentials. Which action achieves this goal?

A. Configure login authentication privileged on line con 0
B. Configure a local username with privilege level 15
C. Configure privilege level 15 on line con 0
D. Configure a RADIUS or TACACS+ server and use it to send the privilege level

Answer

A

C
Putting the privilege-level 15 on the console is one way to work around the issue. And it works – as long as you are comfortable with the fact that everyone who logs in on the console will be immediately placed directly into privilege/enable mode.

Question 53

Q

Which TLV value must be added to Option 43 when DHCP is used to ensure that APs join the WLC?

A. 642
B. 0x77
C. 0xf1
D. AAA

Answer

A

Answer: C

“TLV values for the Option 43 suboption: Type + Length + Value. Type is always the suboption code 0xf1.

Question 54

Q

An engineer must create an EEM applet that sends a syslog message in the event a change happens in the network due to trouble with an OSPF process. Which action should the engineer use?

A. action 1 syslog msg “OSPF ROUTING ERROR”
B. action 1 syslog send “OSPF ROUTING ERROR”
C. action 1 syslog pattern “OSPF ROUTING ERROR”
D. action 1 syslog write “OSPF ROUTING ERROR”

Question 55

Q

Which method does Cisco DNA Center use to allow management of non-Cisco devices through southbound protocols?

A. It creates device packs through the use of an SDK
B. It obtains MIBs from each vendor that details the APIs available.
C. It uses an API call to interrogate the devices and register the returned data.
D. It imports available APIs for the non-Cisco device in a CSV format.

Question 56

Q

What does a YANG model provide?

A. standardized data structure independent of the transport protocols
B. creation of transport protocols and their interaction with the OS
C. user access to interact directly with the CLI of the device to receive or modify network configurations
D. standardized data structure that can be used only with NETCONF or RESTCONF transport protocols

Question 57

Q

Which two operational models enable an AP to scan one or more wireless channels for rouge access points and at the same time provide wireless services to clients? (Choose two)

A. Sniffer
B. Rouge detector
C. Local
D. FlexConnect
E. Monitor

Question 58

Q

What are two benefits of implementing a Cisco SD-WAN architecture? (Choose two)

A. It provides resilient and effective traffic flow using MPLS
B. It improves endpoint protection by integrating embedded and cloud security features
C. It allows configuration of application-aware policies with real time enforcement
D. It simplifies endpoint provisioning through standalone router management
E. It enforces a single, scalable, hub-and-spoke topology

Question 59

Q

Which Python library is used to work with YANG data models via NETCONF?

A. Postman
B. requests
C. ncclient
D. cURL

Question 60

Q

Which two configurations enable R1 and R2 to advertise routes into OSPF? (Choose two)

A. R2
router ospf 0
network 172.16.1.0 255.255.255.0 area 0
network 172.16.2.0 255.255.255.0 area 0

B. R2
router ospf 0
network 172.16.1.0 0.0.0.255 area 0
network 172.16.2.0 255.255.255.0 area 0

C. R1
router ospf 0
network 192.168.1.0 0.0.0.255 area 0
network 192.168.2.0 0.0.0.255 area 0

D. R2
router ospf 0
network 172.16.1.0 0.0.0.255 area 0
network 172.16.2.0 0.0.0.255 area 0

E. R1
router ospf 0
network 192.168.1.0 255.255.255.0 area 0
network 192.168.2.0 255.255.255.0 area 0

Question 61

Q

Which two functions is an edge node responsible for? (Choose two)

A. provides multiple entry and exit points for fabric traffic
B. provides the default exit point for fabric traffic
C. provides the default entry point for fabric traffic
D. provides a host database that maps endpoint IDs to a current location
E. authenticates endpoints

Question 62

Q

Which configuration filters out DOT1X messages in the format shown below from being sent toward Syslog server 10.15.20.33?

Nov 20 13:47:32.553: %DOT1X-5-FAIL: Authentication failed for client (e04f.438e.de4f) on Interface Gi1/0/1 AuditSessionID OAQB50A5000004543910739E
A. logging discriminator DOT1X facility drops DOT1X
logging host 10.15.20.33 discriminator DOT1X

B. logging discriminator DOT1X msg-body drops DOTX
logging host 10.15.20.33 discriminator DOTX

C. logging discriminator DOT1X mnemonics includes DOTX
logging host 10.15.20.33 discriminator DOT1X

D. logging discriminator DOT1X mnemonics includes DOT1X
logging host 10.15.20.33 discriminator DOTX

Question 63

Q

A customer has a pair of Cisco 5520 WLCs set up in an SSO cluster to manage all APs. Guest traffic is anchored to a Cisco 3504 WLC located in a DMZ. Which action is needed to ensure that the EoIP tunnel remains in an UP state in the event of failover on the SSO cluster?

A. Configure back-to-back connectivity on the RP ports
B. Use the mobility MAC when the mobility peer is configured
C. Enable default gateway reachability check
D. Use the same mobility domain on all WLCs

Question 64

Q

What is one difference between Saltstack and Ansible?

A. SaltStack uses an API proxy agent to program Cisco boxes on agent mode, whereas Ansible uses a Telnet connection
B. SaltStack uses the Ansible agent on the box, whereas Ansible uses a Telnet server on the box
C. SaltStack is constructed with minion, whereas Ansible is constructed with YAML
D. SaltStack uses SSH to interact with Cisco devices, whereas Ansible uses an event bus

Answer 23

A

Answer:

+ detects suspicious web activity: Web Security Appliance
+ analyzes network behavior and detects anomalies: StealthWatch
+ uses pxGrid to remediate security threats: Identity Services Engine

Brainscape's Knowledge GenomeTM

Question Part-1 Flashcards

Brainscape's Knowledge Genome^TM