You have already completed the Test before. Hence you can not start it again.
Test is loading...
You must sign in or sign up to start the Test.
You have to finish following quiz, to start this Test:
Your results are here!! for" Cisco CCNP CCIE Enterprise ENCOR 350-401 Practice Test 3 "
0 of 65 questions answered correctly
Your time:
Time has elapsed
Your Final Score is : 0
You have attempted : 0
Number of Correct Questions : 0 and scored 0
Number of Incorrect Questions : 0 and Negative marks 0
Average score
Your score
Cisco CCNP CCIE Enterprise ENCOR 350-401
You have attempted: 0
Number of Correct Questions: 0 and scored 0
Number of Incorrect Questions: 0 and Negative marks 0
You can review your answers by clicking on “View Answers” option. Important Note : Open Reference Documentation Links in New Tab (Right Click and Open in New Tab).
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
Answered
Review
Question 1 of 65
1. Question
What is the ACL entry to permit the 172.16.0.0/21 subnet?
Correct
Notice the wildcard mask here for the /21 – in binary it is: 00000000.00000000.00000111.11111111 REFERENCE: http://www.subnet-calculator.com/subnet.php?net_class=B
Incorrect
Notice the wildcard mask here for the /21 – in binary it is: 00000000.00000000.00000111.11111111 REFERENCE: http://www.subnet-calculator.com/subnet.php?net_class=B
Unattempted
Notice the wildcard mask here for the /21 – in binary it is: 00000000.00000000.00000111.11111111 REFERENCE: http://www.subnet-calculator.com/subnet.php?net_class=B
Question 2 of 65
2. Question
What is the top level of the Cisco DNA Center network hierarchy?
Correct
The network hierarchy consists of Sites, Buildings, and Floors. Sites can contain other sites. Be sure to spend some time with the sandbox DNA center that is available from Cisco DevNet. Reference: https://www.cisco.com/c/en/us/td/docs/cloud-systems-management/network-automation-and-management/dna-center/1-3/user_guide/b_cisco_dna_center_ug_1_3/b_cisco_dna_center_ug_1_3_chapter_0110.html
Incorrect
The network hierarchy consists of Sites, Buildings, and Floors. Sites can contain other sites. Be sure to spend some time with the sandbox DNA center that is available from Cisco DevNet. Reference: https://www.cisco.com/c/en/us/td/docs/cloud-systems-management/network-automation-and-management/dna-center/1-3/user_guide/b_cisco_dna_center_ug_1_3/b_cisco_dna_center_ug_1_3_chapter_0110.html
Unattempted
The network hierarchy consists of Sites, Buildings, and Floors. Sites can contain other sites. Be sure to spend some time with the sandbox DNA center that is available from Cisco DevNet. Reference: https://www.cisco.com/c/en/us/td/docs/cloud-systems-management/network-automation-and-management/dna-center/1-3/user_guide/b_cisco_dna_center_ug_1_3/b_cisco_dna_center_ug_1_3_chapter_0110.html
Question 3 of 65
3. Question
Which statement about traffic policing and shaping is true?
Correct
Traffic policing can be a single or dual rate. It can also involve three actions or colors. These are dropping, remarking, or sending. Reference: https://www.cisco.com/c/en/us/support/docs/quality-of-service-qos/qos-policing/19645-policevsshape.html
Incorrect
Traffic policing can be a single or dual rate. It can also involve three actions or colors. These are dropping, remarking, or sending. Reference: https://www.cisco.com/c/en/us/support/docs/quality-of-service-qos/qos-policing/19645-policevsshape.html
Unattempted
Traffic policing can be a single or dual rate. It can also involve three actions or colors. These are dropping, remarking, or sending. Reference: https://www.cisco.com/c/en/us/support/docs/quality-of-service-qos/qos-policing/19645-policevsshape.html
Question 4 of 65
4. Question
Which of the following are examples of directional antenna? (Choose 3)
Correct
The collinear and dipole are both examples of omnidirectional antenna. Reference: https://www.cisco.com/c/en/us/products/collateral/wireless/aironet-antennas-accessories/prod_white_paper0900aecd806a1a3e.html
Incorrect
The collinear and dipole are both examples of omnidirectional antenna. Reference: https://www.cisco.com/c/en/us/products/collateral/wireless/aironet-antennas-accessories/prod_white_paper0900aecd806a1a3e.html
Unattempted
The collinear and dipole are both examples of omnidirectional antenna. Reference: https://www.cisco.com/c/en/us/products/collateral/wireless/aironet-antennas-accessories/prod_white_paper0900aecd806a1a3e.html
Question 5 of 65
5. Question
What keyword indicates PAT is in use with a NAT configuration on a Cisco router?
Correct
The overload keyword is an easy indicator for the presence of PAT in the NAT configuration. For example: ip nat inside source list 1 interface gi0/0 overload Reference: https://www.cisco.com/c/en/us/support/docs/long-reach-ethernet-lre-digital-subscriber-line-xdsl/asymmetric-digital-subscriber-line-adsl/12905-827spat.html
Incorrect
The overload keyword is an easy indicator for the presence of PAT in the NAT configuration. For example: ip nat inside source list 1 interface gi0/0 overload Reference: https://www.cisco.com/c/en/us/support/docs/long-reach-ethernet-lre-digital-subscriber-line-xdsl/asymmetric-digital-subscriber-line-adsl/12905-827spat.html
Unattempted
The overload keyword is an easy indicator for the presence of PAT in the NAT configuration. For example: ip nat inside source list 1 interface gi0/0 overload Reference: https://www.cisco.com/c/en/us/support/docs/long-reach-ethernet-lre-digital-subscriber-line-xdsl/asymmetric-digital-subscriber-line-adsl/12905-827spat.html
Question 6 of 65
6. Question
You are preparing to add a new node to your Cisco DNA Center cluster. What command should you run to verify your configuration before adding the new node?
Correct
Before adding a new node to the cluster, be sure that all the installed packages are deployed on the primary node. You can check this by using SSH to log in to the primary node‘s Cisco DNA Center Management port as the Linux User (maglev) and then running the maglev package status command. All the installed packages should appear in the command output as DEPLOYED. REFERENCE: https://www.cisco.com/c/en/us/td/docs/cloud-systems-management/network-automation-and-management/dna-center/1-3-3-0/install_guide/2ndGen/b_cisco_dna_center_install_guide_1_3_3_0_2ndGen/b_cisco_dna_center_install_guide_1_3_2_0_M5_chapter_0100.html
Incorrect
Before adding a new node to the cluster, be sure that all the installed packages are deployed on the primary node. You can check this by using SSH to log in to the primary node‘s Cisco DNA Center Management port as the Linux User (maglev) and then running the maglev package status command. All the installed packages should appear in the command output as DEPLOYED. REFERENCE: https://www.cisco.com/c/en/us/td/docs/cloud-systems-management/network-automation-and-management/dna-center/1-3-3-0/install_guide/2ndGen/b_cisco_dna_center_install_guide_1_3_3_0_2ndGen/b_cisco_dna_center_install_guide_1_3_2_0_M5_chapter_0100.html
Unattempted
Before adding a new node to the cluster, be sure that all the installed packages are deployed on the primary node. You can check this by using SSH to log in to the primary node‘s Cisco DNA Center Management port as the Linux User (maglev) and then running the maglev package status command. All the installed packages should appear in the command output as DEPLOYED. REFERENCE: https://www.cisco.com/c/en/us/td/docs/cloud-systems-management/network-automation-and-management/dna-center/1-3-3-0/install_guide/2ndGen/b_cisco_dna_center_install_guide_1_3_3_0_2ndGen/b_cisco_dna_center_install_guide_1_3_2_0_M5_chapter_0100.html
Question 7 of 65
7. Question
Examine the configuration shown. Which statement regarding this configuration is false? ip sla 12 udp-jitter 10.10.10.100 5000 frequency 10 exit ip sla schedule 12 start-time now life forever end
Correct
There are actually four data measurements given. There is per-direction jitter, per-direction packet-loss, per-direction delay, and the round-trip delay. REFERENCE: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipsla/configuration/xe-16/sla-xe-16-book.html
Incorrect
There are actually four data measurements given. There is per-direction jitter, per-direction packet-loss, per-direction delay, and the round-trip delay. REFERENCE: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipsla/configuration/xe-16/sla-xe-16-book.html
Unattempted
There are actually four data measurements given. There is per-direction jitter, per-direction packet-loss, per-direction delay, and the round-trip delay. REFERENCE: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipsla/configuration/xe-16/sla-xe-16-book.html
Question 8 of 65
8. Question
Which automation tool is agentless and uses a push model?
Correct
Ansible is known for its simplicity and the fact that it is clientless and uses a push model. Ansible relies on SSH to send automation instructions to remote nodes. Reference: https://www.ansible.com/resources/get-started
Incorrect
Ansible is known for its simplicity and the fact that it is clientless and uses a push model. Ansible relies on SSH to send automation instructions to remote nodes. Reference: https://www.ansible.com/resources/get-started
Unattempted
Ansible is known for its simplicity and the fact that it is clientless and uses a push model. Ansible relies on SSH to send automation instructions to remote nodes. Reference: https://www.ansible.com/resources/get-started
Question 9 of 65
9. Question
Which LISP device is responsible for finding EID-to-RLOC mappings for all traffic destined for LISP-capable sites?
Correct
All of these are valid roles within the LISP architecture. The Ingress Tunnel Router (ITR) has the job of locating the correct mappings when receiving requests that are destined for the LISP site. REFERENCE: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_lisp/configuration/xe-3s/irl-xe-3s-book/irl-overview.html
Incorrect
All of these are valid roles within the LISP architecture. The Ingress Tunnel Router (ITR) has the job of locating the correct mappings when receiving requests that are destined for the LISP site. REFERENCE: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_lisp/configuration/xe-3s/irl-xe-3s-book/irl-overview.html
Unattempted
All of these are valid roles within the LISP architecture. The Ingress Tunnel Router (ITR) has the job of locating the correct mappings when receiving requests that are destined for the LISP site. REFERENCE: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_lisp/configuration/xe-3s/irl-xe-3s-book/irl-overview.html
Question 10 of 65
10. Question
You have discovered that your two VRRP devices are configured with the same priority value of 100. What determines the election of the virtual router master?
Correct
If both VRRP routers are configured with the priority of 100, the virtual router backup with the higher IP address is elected to become the virtual router master. REFERENCE: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipapp_fhrp/configuration/xe-3se/3850/fhp-xe-3se-3850-book/fhp-vrrp.pdf
Incorrect
If both VRRP routers are configured with the priority of 100, the virtual router backup with the higher IP address is elected to become the virtual router master. REFERENCE: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipapp_fhrp/configuration/xe-3se/3850/fhp-xe-3se-3850-book/fhp-vrrp.pdf
Unattempted
If both VRRP routers are configured with the priority of 100, the virtual router backup with the higher IP address is elected to become the virtual router master. REFERENCE: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipapp_fhrp/configuration/xe-3se/3850/fhp-xe-3se-3850-book/fhp-vrrp.pdf
Question 11 of 65
11. Question
If you want to do traffic analysis against wireless clients in an area of your Enterprise using Wireshark, what AP mode should you consider using?
Correct
“The access point starts sniffing the air on a given channel. It captures and forwards all the packets from the clients on that channel to a remote machine that runs Airopeek or Wireshark (packet analyzers for IEEE 802.11 wireless LANs). It includes information on the time stamp, signal strength, packet size, and so on.“ Reference: https://www.cisco.com/c/en/us/td/docs/wireless/controller/7-2/configuration/guide/cg/cg_lwap.html
Incorrect
“The access point starts sniffing the air on a given channel. It captures and forwards all the packets from the clients on that channel to a remote machine that runs Airopeek or Wireshark (packet analyzers for IEEE 802.11 wireless LANs). It includes information on the time stamp, signal strength, packet size, and so on.“ Reference: https://www.cisco.com/c/en/us/td/docs/wireless/controller/7-2/configuration/guide/cg/cg_lwap.html
Unattempted
“The access point starts sniffing the air on a given channel. It captures and forwards all the packets from the clients on that channel to a remote machine that runs Airopeek or Wireshark (packet analyzers for IEEE 802.11 wireless LANs). It includes information on the time stamp, signal strength, packet size, and so on.“ Reference: https://www.cisco.com/c/en/us/td/docs/wireless/controller/7-2/configuration/guide/cg/cg_lwap.html
Question 12 of 65
12. Question
You have decided to increase the availability of your WLC by using LAG on this device. The WLC connects to a Cisco Layer 3 switch. What mode should you use on the switch for the LAG with the WLC?
Correct
Many Cisco switches support three options for the configuration of a LAG (EtherChannel). These options are manual (ON mode); LACP and PAgP. REFERENCE: https://community.cisco.com/t5/wireless-mobility-documents/lag-link-aggregation/ta-p/3128669
Incorrect
Many Cisco switches support three options for the configuration of a LAG (EtherChannel). These options are manual (ON mode); LACP and PAgP. REFERENCE: https://community.cisco.com/t5/wireless-mobility-documents/lag-link-aggregation/ta-p/3128669
Unattempted
Many Cisco switches support three options for the configuration of a LAG (EtherChannel). These options are manual (ON mode); LACP and PAgP. REFERENCE: https://community.cisco.com/t5/wireless-mobility-documents/lag-link-aggregation/ta-p/3128669
Question 13 of 65
13. Question
What decimal value is used for EF traffic marking in DSCP?
Correct
101 110 are the markings for DSCP for EF traffic. This has a value of 46. REFERENCE: https://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus1000/sw/4_0/qos/configuration/guide/nexus1000v_qos/qos_6dscp_val.pdf
Incorrect
101 110 are the markings for DSCP for EF traffic. This has a value of 46. REFERENCE: https://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus1000/sw/4_0/qos/configuration/guide/nexus1000v_qos/qos_6dscp_val.pdf
Unattempted
101 110 are the markings for DSCP for EF traffic. This has a value of 46. REFERENCE: https://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus1000/sw/4_0/qos/configuration/guide/nexus1000v_qos/qos_6dscp_val.pdf
Question 14 of 65
14. Question
Several tests in the IP SLA feature require specialized software on the IP target system. What is this software called?
Correct
Some tests require the target to feature the IP SLA Responder feature. Note that many tests do not require this and the target can be any IP host on the network. REFERENCE: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipsla/configuration/15-mt/sla-15-mt-book/sla_overview-0.html
Incorrect
Some tests require the target to feature the IP SLA Responder feature. Note that many tests do not require this and the target can be any IP host on the network. REFERENCE: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipsla/configuration/15-mt/sla-15-mt-book/sla_overview-0.html
Unattempted
Some tests require the target to feature the IP SLA Responder feature. Note that many tests do not require this and the target can be any IP host on the network. REFERENCE: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipsla/configuration/15-mt/sla-15-mt-book/sla_overview-0.html
Question 15 of 65
15. Question
When configuring a route map that modifies the MED value of a BGP prefix, what keyword is used for MED in the set statement?
The SNR in wireless networking is calculated using the transmit power and what other value?
Correct
The SNR is a calculation from the transmit power (or desired signal) and the noise floor. SNR calculations can be either simple or complex, and it depends on the devices in question and your available data. REFERENCE: https://resources.pcb.cadence.com/blog/2020-what-is-signal-to-noise-ratio-and-how-to-calculate-it
Incorrect
The SNR is a calculation from the transmit power (or desired signal) and the noise floor. SNR calculations can be either simple or complex, and it depends on the devices in question and your available data. REFERENCE: https://resources.pcb.cadence.com/blog/2020-what-is-signal-to-noise-ratio-and-how-to-calculate-it
Unattempted
The SNR is a calculation from the transmit power (or desired signal) and the noise floor. SNR calculations can be either simple or complex, and it depends on the devices in question and your available data. REFERENCE: https://resources.pcb.cadence.com/blog/2020-what-is-signal-to-noise-ratio-and-how-to-calculate-it
Question 17 of 65
17. Question
You are curious about how Ansible is able to access and configure a remote node. What protocol is used for this?
Correct
Ansible is agentless. It does not need to install special software on the managed node. SSH is required to access and configure the remote device. REFERENCE: https://docs.ansible.com/ansible/latest/user_guide/connection_details.html
Incorrect
Ansible is agentless. It does not need to install special software on the managed node. SSH is required to access and configure the remote device. REFERENCE: https://docs.ansible.com/ansible/latest/user_guide/connection_details.html
Unattempted
Ansible is agentless. It does not need to install special software on the managed node. SSH is required to access and configure the remote device. REFERENCE: https://docs.ansible.com/ansible/latest/user_guide/connection_details.html
Question 18 of 65
18. Question
You are interested in using a new security model in your Enterprise network; one that is not based strictly on Layer 2 or Layer 3 addressing. What component of the SD-Access solution accommodates this?
Correct
Security Group Tags in Cisco TrustSec offer many flexible methods of categorization and segmentation. REFERENCE: https://www.cisco.com/c/dam/en/us/td/docs/solutions/CVD/Campus/CVD-Software-Defined-Access-Segmentation-Design-Guide-2018MAY.pdf
Incorrect
Security Group Tags in Cisco TrustSec offer many flexible methods of categorization and segmentation. REFERENCE: https://www.cisco.com/c/dam/en/us/td/docs/solutions/CVD/Campus/CVD-Software-Defined-Access-Segmentation-Design-Guide-2018MAY.pdf
Unattempted
Security Group Tags in Cisco TrustSec offer many flexible methods of categorization and segmentation. REFERENCE: https://www.cisco.com/c/dam/en/us/td/docs/solutions/CVD/Campus/CVD-Software-Defined-Access-Segmentation-Design-Guide-2018MAY.pdf
Question 19 of 65
19. Question
You have client systems in the 10.10.10.0/24 subnet that need to be permitted access to an internal webserver at 10.20.20.100. Which permit entry for an ACL correctly defines this?
Correct
Here the traffic to filter is TCP. The source of the traffic is the subnet 10.10.10.0/24. Note the use of the host keyword to simplify the destination definition. Here we specify the 443 (HTTPS) port on the webserver to be granular with the permissions. REFERENCE: https://www.cisco.com/c/en/us/support/docs/ip/access-lists/26448-ACLsamples.html
Incorrect
Here the traffic to filter is TCP. The source of the traffic is the subnet 10.10.10.0/24. Note the use of the host keyword to simplify the destination definition. Here we specify the 443 (HTTPS) port on the webserver to be granular with the permissions. REFERENCE: https://www.cisco.com/c/en/us/support/docs/ip/access-lists/26448-ACLsamples.html
Unattempted
Here the traffic to filter is TCP. The source of the traffic is the subnet 10.10.10.0/24. Note the use of the host keyword to simplify the destination definition. Here we specify the 443 (HTTPS) port on the webserver to be granular with the permissions. REFERENCE: https://www.cisco.com/c/en/us/support/docs/ip/access-lists/26448-ACLsamples.html
Question 20 of 65
20. Question
When using Cisco DNA Center, templates you create with the Template Editor are associated with what DNA Center component?
Correct
“Before provisioning the template, ensure that the templates are associated with a network profile and the profile is assigned to a site.“ Reference: https://www.cisco.com/c/en/us/td/docs/cloud-systems-management/network-automation-and-management/dna-center/1-3/user_guide/b_cisco_dna_center_ug_1_3/b_cisco_dna_center_ug_1_3_chapter_0111.html
Incorrect
“Before provisioning the template, ensure that the templates are associated with a network profile and the profile is assigned to a site.“ Reference: https://www.cisco.com/c/en/us/td/docs/cloud-systems-management/network-automation-and-management/dna-center/1-3/user_guide/b_cisco_dna_center_ug_1_3/b_cisco_dna_center_ug_1_3_chapter_0111.html
Unattempted
“Before provisioning the template, ensure that the templates are associated with a network profile and the profile is assigned to a site.“ Reference: https://www.cisco.com/c/en/us/td/docs/cloud-systems-management/network-automation-and-management/dna-center/1-3/user_guide/b_cisco_dna_center_ug_1_3/b_cisco_dna_center_ug_1_3_chapter_0111.html
Question 21 of 65
21. Question
What DiffServ QoS component is a combination of CBWFQ and PQ and is often used today in order to accommodate VoIP in the enterprise?
Correct
Low Latency Queuing is the most modern congestion management approach in DiffServ. It uses a strict PQ for VoIP in a CBWFQ structure. The CBWFQ provides service for the many other forms of traffic. Reference: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/qos_conmgt/configuration/xe-3s/qos-conmgt-xe-3s-book/qos-conmgt-llq-pps.pdf
Incorrect
Low Latency Queuing is the most modern congestion management approach in DiffServ. It uses a strict PQ for VoIP in a CBWFQ structure. The CBWFQ provides service for the many other forms of traffic. Reference: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/qos_conmgt/configuration/xe-3s/qos-conmgt-xe-3s-book/qos-conmgt-llq-pps.pdf
Unattempted
Low Latency Queuing is the most modern congestion management approach in DiffServ. It uses a strict PQ for VoIP in a CBWFQ structure. The CBWFQ provides service for the many other forms of traffic. Reference: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/qos_conmgt/configuration/xe-3s/qos-conmgt-xe-3s-book/qos-conmgt-llq-pps.pdf
Question 22 of 65
22. Question
In Layer 3 roaming, what markings are used in order to facilitate successful communications following the wireless client roam? (Choose 2)
Correct
In layer 3 roaming, the original controller marks the client with an “Anchor” entry in its own client database. The database entry is copied to the new controller client database and marked with a “Foreign” entry in the new controller. Reference: https://www.cisco.com/c/en/us/td/docs/wireless/controller/8-5/config-guide/b_cg85/overview.html
Incorrect
In layer 3 roaming, the original controller marks the client with an “Anchor” entry in its own client database. The database entry is copied to the new controller client database and marked with a “Foreign” entry in the new controller. Reference: https://www.cisco.com/c/en/us/td/docs/wireless/controller/8-5/config-guide/b_cg85/overview.html
Unattempted
In layer 3 roaming, the original controller marks the client with an “Anchor” entry in its own client database. The database entry is copied to the new controller client database and marked with a “Foreign” entry in the new controller. Reference: https://www.cisco.com/c/en/us/td/docs/wireless/controller/8-5/config-guide/b_cg85/overview.html
Question 23 of 65
23. Question
Which of the following protocols are most likely to be used in your REST API security? (Choose 2)
Correct
Remember, REST APIs are protected with HTTPS. Two potential protocols, therefore, are AES and SHA-384. Reference: https://en.wikipedia.org/wiki/Transport_Layer_Security
Incorrect
Remember, REST APIs are protected with HTTPS. Two potential protocols, therefore, are AES and SHA-384. Reference: https://en.wikipedia.org/wiki/Transport_Layer_Security
Unattempted
Remember, REST APIs are protected with HTTPS. Two potential protocols, therefore, are AES and SHA-384. Reference: https://en.wikipedia.org/wiki/Transport_Layer_Security
Question 24 of 65
24. Question
You have a user in your network that has an expired token for use with OAuth and your REST API. What response code is returned from the appliance based on the expired token?
Correct
In this case, the device returns a 401 error – this error indicates that the user is unauthorized. Reference: https://www.cisco.com/c/en/us/td/docs/security/firepower/ftd-api/guide/ftd-rest-api/auth-ftd-rest-api.pdf
Incorrect
In this case, the device returns a 401 error – this error indicates that the user is unauthorized. Reference: https://www.cisco.com/c/en/us/td/docs/security/firepower/ftd-api/guide/ftd-rest-api/auth-ftd-rest-api.pdf
Unattempted
In this case, the device returns a 401 error – this error indicates that the user is unauthorized. Reference: https://www.cisco.com/c/en/us/td/docs/security/firepower/ftd-api/guide/ftd-rest-api/auth-ftd-rest-api.pdf
Question 25 of 65
25. Question
When you are engaging in traffic engineering in BGP, you use the following regular expression syntax in your route map: ^65000$ What does this match?
Correct
This regular expression matches those AS paths that begin (far right) with AS 65000. This position in the AS path indicates the prefix originated from that AS. REFERENCE: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_bgp/configuration/15-mt/irg-15-mt-book/irg-external-sp.html#GUID-BDECC44A-630D-4E5B-9FEC-7FC4ACE6130F
Incorrect
This regular expression matches those AS paths that begin (far right) with AS 65000. This position in the AS path indicates the prefix originated from that AS. REFERENCE: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_bgp/configuration/15-mt/irg-15-mt-book/irg-external-sp.html#GUID-BDECC44A-630D-4E5B-9FEC-7FC4ACE6130F
Unattempted
This regular expression matches those AS paths that begin (far right) with AS 65000. This position in the AS path indicates the prefix originated from that AS. REFERENCE: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_bgp/configuration/15-mt/irg-15-mt-book/irg-external-sp.html#GUID-BDECC44A-630D-4E5B-9FEC-7FC4ACE6130F
Question 26 of 65
26. Question
Examine the show command output shown. What feature is in use here?
Correct
This is the results of the show debugging condition command. You can define conditions to restrict debug output. REFERENCE: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/debug/command/a1/db-a1-cr-book/db-c1.html
Incorrect
This is the results of the show debugging condition command. You can define conditions to restrict debug output. REFERENCE: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/debug/command/a1/db-a1-cr-book/db-c1.html
Unattempted
This is the results of the show debugging condition command. You can define conditions to restrict debug output. REFERENCE: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/debug/command/a1/db-a1-cr-book/db-c1.html
Question 27 of 65
27. Question
Examine the attempt at JSON shown here. What is the syntax issue with this data?
Correct
This JSON syntax is missing commas after the key-value pairs.
REFERENCE: https://www.w3schools.com/js/js_json_syntax.asp
Incorrect
This JSON syntax is missing commas after the key-value pairs.
REFERENCE: https://www.w3schools.com/js/js_json_syntax.asp
Unattempted
This JSON syntax is missing commas after the key-value pairs.
REFERENCE: https://www.w3schools.com/js/js_json_syntax.asp
Question 28 of 65
28. Question
Examine the configuration shown in the exhibit. Which statement is true regarding this configuration?
Correct
While not necessarily recommended, you can mix and match configuration styles with OSPF. For example, your local router can use the network command, while the remote router can use the interface-level configuration.
Reference: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_ospf/configuration/15-sy/iro-15-sy-book/iro-imode-ospfv2.html
Incorrect
While not necessarily recommended, you can mix and match configuration styles with OSPF. For example, your local router can use the network command, while the remote router can use the interface-level configuration.
Reference: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_ospf/configuration/15-sy/iro-15-sy-book/iro-imode-ospfv2.html
Unattempted
While not necessarily recommended, you can mix and match configuration styles with OSPF. For example, your local router can use the network command, while the remote router can use the interface-level configuration.
Reference: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_ospf/configuration/15-sy/iro-15-sy-book/iro-imode-ospfv2.html
Question 29 of 65
29. Question
SW1 is configured to mirror frames from its gi0/10 port. The protocol analyzer is directly connected to SW3. What is the monitor session destination on SW1?
Correct
When using RSPAN, the monitor session destination at the mirrored traffic location is the remote SPAN VLAN. Remember, you must create this VLAN in your topology. It is a special purpose VLAN for RSPAN.
At SW3, the monitor session source is the RSPAN VLAN and the destination is the protocol analyzer port.
Reference: https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst4000/8-2glx/configuration/guide/span.html
Incorrect
When using RSPAN, the monitor session destination at the mirrored traffic location is the remote SPAN VLAN. Remember, you must create this VLAN in your topology. It is a special purpose VLAN for RSPAN.
At SW3, the monitor session source is the RSPAN VLAN and the destination is the protocol analyzer port.
Reference: https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst4000/8-2glx/configuration/guide/span.html
Unattempted
When using RSPAN, the monitor session destination at the mirrored traffic location is the remote SPAN VLAN. Remember, you must create this VLAN in your topology. It is a special purpose VLAN for RSPAN.
At SW3, the monitor session source is the RSPAN VLAN and the destination is the protocol analyzer port.
Reference: https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst4000/8-2glx/configuration/guide/span.html
Question 30 of 65
30. Question
What type of antenna is shown in the exhibit?
Correct
“A Yagi–Uda antenna, commonly known as a Yagi antenna, is a directional antenna consisting of multiple parallel elements in a line, usually half-wave dipoles made of metal rods. Yagi–Uda antennas consist of a single driven element connected to the transmitter or receiver with a transmission line, and additional “parasitic elements“ which are not connected to the transmitter or receiver: a so-called reflector and one or more directors.“
Reference: https://www.cisco.com/c/en/us/products/collateral/wireless/aironet-antennas-accessories/prod_white_paper0900aecd806a1a3e.html
Incorrect
“A Yagi–Uda antenna, commonly known as a Yagi antenna, is a directional antenna consisting of multiple parallel elements in a line, usually half-wave dipoles made of metal rods. Yagi–Uda antennas consist of a single driven element connected to the transmitter or receiver with a transmission line, and additional “parasitic elements“ which are not connected to the transmitter or receiver: a so-called reflector and one or more directors.“
Reference: https://www.cisco.com/c/en/us/products/collateral/wireless/aironet-antennas-accessories/prod_white_paper0900aecd806a1a3e.html
Unattempted
“A Yagi–Uda antenna, commonly known as a Yagi antenna, is a directional antenna consisting of multiple parallel elements in a line, usually half-wave dipoles made of metal rods. Yagi–Uda antennas consist of a single driven element connected to the transmitter or receiver with a transmission line, and additional “parasitic elements“ which are not connected to the transmitter or receiver: a so-called reflector and one or more directors.“
Reference: https://www.cisco.com/c/en/us/products/collateral/wireless/aironet-antennas-accessories/prod_white_paper0900aecd806a1a3e.html
Question 31 of 65
31. Question
Examine the SDA components on the left. Which component belongs in location B?
Correct
VXLAN is the data plane technology chosen for the SD-Access solution. Note that it is actually VXLAN will several modifications to accommodate the components of the SD-Access solution. LISP serves at the control plane, while CTS (Cisco TrustSec) is the policy plane.
Reference: https://www.cisco.com/c/en/us/td/docs/solutions/CVD/Campus/cisco-sda-design-guide.html
Incorrect
VXLAN is the data plane technology chosen for the SD-Access solution. Note that it is actually VXLAN will several modifications to accommodate the components of the SD-Access solution. LISP serves at the control plane, while CTS (Cisco TrustSec) is the policy plane.
Reference: https://www.cisco.com/c/en/us/td/docs/solutions/CVD/Campus/cisco-sda-design-guide.html
Unattempted
VXLAN is the data plane technology chosen for the SD-Access solution. Note that it is actually VXLAN will several modifications to accommodate the components of the SD-Access solution. LISP serves at the control plane, while CTS (Cisco TrustSec) is the policy plane.
Reference: https://www.cisco.com/c/en/us/td/docs/solutions/CVD/Campus/cisco-sda-design-guide.html
Question 32 of 65
32. Question
Examine the drag and drop shown. What are the correct pairings?
Correct
The tough one here might be the OMP routing protocol which is used in the SD-WAN solution. Note that BGP is often considered a path vector protocol.
Reference: https://www.cisco.com/c/en/us/td/docs/solutions/CVD/SDWAN/cisco-sdwan-design-guide.html#OrchestrationPlane
Incorrect
The tough one here might be the OMP routing protocol which is used in the SD-WAN solution. Note that BGP is often considered a path vector protocol.
Reference: https://www.cisco.com/c/en/us/td/docs/solutions/CVD/SDWAN/cisco-sdwan-design-guide.html#OrchestrationPlane
Unattempted
The tough one here might be the OMP routing protocol which is used in the SD-WAN solution. Note that BGP is often considered a path vector protocol.
Reference: https://www.cisco.com/c/en/us/td/docs/solutions/CVD/SDWAN/cisco-sdwan-design-guide.html#OrchestrationPlane
Question 33 of 65
33. Question
Examine the configuration shown in the exhibit. What is the most likely use of such a configuration?
Correct
Time ranges are most often used in ACL configurations that need to be tied to time. Other uses include port settings, 802.1X configs, and time-based PoE.
Reference: https://www.cisco.com/c/en/us/support/docs/smb/switches/cisco-small-business-300-series-managed-switches/smb5660-configure-time-range-settings-on-a-switch-through-the-comman.html
Incorrect
Time ranges are most often used in ACL configurations that need to be tied to time. Other uses include port settings, 802.1X configs, and time-based PoE.
Reference: https://www.cisco.com/c/en/us/support/docs/smb/switches/cisco-small-business-300-series-managed-switches/smb5660-configure-time-range-settings-on-a-switch-through-the-comman.html
Unattempted
Time ranges are most often used in ACL configurations that need to be tied to time. Other uses include port settings, 802.1X configs, and time-based PoE.
Reference: https://www.cisco.com/c/en/us/support/docs/smb/switches/cisco-small-business-300-series-managed-switches/smb5660-configure-time-range-settings-on-a-switch-through-the-comman.html
Question 34 of 65
34. Question
What technology available for the LAN today is similar to IPsec but operates at Layer 2?
Correct
MACsec allows unauthorized LAN connections to be identified and excluded from communication within the network. In common with IPsec and TLS, MACsec defines a security infrastructure to provide data confidentiality, data integrity, and data origin authentication. By assuring that a frame comes from the station that claimed to send it, MACSec can mitigate attacks on Layer 2 protocols. REFERENCE: https://www.cisco.com/c/en/us/products/collateral/ios-nx-os-software/identity-based-networking-services/white-paper-c11-737544.html
Incorrect
MACsec allows unauthorized LAN connections to be identified and excluded from communication within the network. In common with IPsec and TLS, MACsec defines a security infrastructure to provide data confidentiality, data integrity, and data origin authentication. By assuring that a frame comes from the station that claimed to send it, MACSec can mitigate attacks on Layer 2 protocols. REFERENCE: https://www.cisco.com/c/en/us/products/collateral/ios-nx-os-software/identity-based-networking-services/white-paper-c11-737544.html
Unattempted
MACsec allows unauthorized LAN connections to be identified and excluded from communication within the network. In common with IPsec and TLS, MACsec defines a security infrastructure to provide data confidentiality, data integrity, and data origin authentication. By assuring that a frame comes from the station that claimed to send it, MACSec can mitigate attacks on Layer 2 protocols. REFERENCE: https://www.cisco.com/c/en/us/products/collateral/ios-nx-os-software/identity-based-networking-services/white-paper-c11-737544.html
Question 35 of 65
35. Question
Which of the following is not considered an advantage of on-prem versus cloud technology?
Correct
The typical enterprise would be hard-pressed to achieve the levels of scalability that can be achieved in the cloud. In fact, the cloud enables flexible elasticity – permitting the dynamic scaling in or out of resources based on demand. Reference: https://www.ibm.com/cloud/learn/benefits-of-cloud-computing
Incorrect
The typical enterprise would be hard-pressed to achieve the levels of scalability that can be achieved in the cloud. In fact, the cloud enables flexible elasticity – permitting the dynamic scaling in or out of resources based on demand. Reference: https://www.ibm.com/cloud/learn/benefits-of-cloud-computing
Unattempted
The typical enterprise would be hard-pressed to achieve the levels of scalability that can be achieved in the cloud. In fact, the cloud enables flexible elasticity – permitting the dynamic scaling in or out of resources based on demand. Reference: https://www.ibm.com/cloud/learn/benefits-of-cloud-computing
Question 36 of 65
36. Question
Your enterprise has invested in six Firepower NGFWs to help protect the network and end systems. What is the most powerful method of managing these systems?
Correct
The Firepower Management Center (FMC) is the recommended tool, especially when multiple devices are to be managed. Local management of a single system is possible using the FDM, if desired. Reference: https://www.cisco.com/c/en/us/td/docs/security/firepower/quick_start/fp1010/firepower-1010-gsg/ftd-fmc.html
Incorrect
The Firepower Management Center (FMC) is the recommended tool, especially when multiple devices are to be managed. Local management of a single system is possible using the FDM, if desired. Reference: https://www.cisco.com/c/en/us/td/docs/security/firepower/quick_start/fp1010/firepower-1010-gsg/ftd-fmc.html
Unattempted
The Firepower Management Center (FMC) is the recommended tool, especially when multiple devices are to be managed. Local management of a single system is possible using the FDM, if desired. Reference: https://www.cisco.com/c/en/us/td/docs/security/firepower/quick_start/fp1010/firepower-1010-gsg/ftd-fmc.html
Question 37 of 65
37. Question
Which of the following statements regarding VRRP are true? (Choose 2)
Correct
Preemption is the default in VRRP and the priority value ranges from 0 to 255. Reference: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipapp_fhrp/configuration/xe-3s/fhp-xe-3s-book/fhp-vrrp.html
Incorrect
Preemption is the default in VRRP and the priority value ranges from 0 to 255. Reference: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipapp_fhrp/configuration/xe-3s/fhp-xe-3s-book/fhp-vrrp.html
Unattempted
Preemption is the default in VRRP and the priority value ranges from 0 to 255. Reference: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipapp_fhrp/configuration/xe-3s/fhp-xe-3s-book/fhp-vrrp.html
Question 38 of 65
38. Question
What form of QoS is most likely to cause TCP retransmissions?
Correct
Traffic policing will often be set to drop traffic above a defined threshold. The dropped traffic will cause TCP retransmissions. REFERENCE: https://www.cisco.com/c/en/us/support/docs/quality-of-service-qos/qos-policing/19645-policevsshape.html
Incorrect
Traffic policing will often be set to drop traffic above a defined threshold. The dropped traffic will cause TCP retransmissions. REFERENCE: https://www.cisco.com/c/en/us/support/docs/quality-of-service-qos/qos-policing/19645-policevsshape.html
Unattempted
Traffic policing will often be set to drop traffic above a defined threshold. The dropped traffic will cause TCP retransmissions. REFERENCE: https://www.cisco.com/c/en/us/support/docs/quality-of-service-qos/qos-policing/19645-policevsshape.html
Question 39 of 65
39. Question
Which of the following characteristics represent OSPF compared to EIGRP? (Choose 2)
Correct
OSPF is a true link-state routing protocol. It uses a very strict hierarchical area structure that consists of a backbone and normal or special areas. EIGRP is a hybrid routing protocol that uses bandwidth and delay fro a composite metric. Reference: https://www.kwtrain.com/blog/ospf-basics-pt1
Incorrect
OSPF is a true link-state routing protocol. It uses a very strict hierarchical area structure that consists of a backbone and normal or special areas. EIGRP is a hybrid routing protocol that uses bandwidth and delay fro a composite metric. Reference: https://www.kwtrain.com/blog/ospf-basics-pt1
Unattempted
OSPF is a true link-state routing protocol. It uses a very strict hierarchical area structure that consists of a backbone and normal or special areas. EIGRP is a hybrid routing protocol that uses bandwidth and delay fro a composite metric. Reference: https://www.kwtrain.com/blog/ospf-basics-pt1
Question 40 of 65
40. Question
Which of the following syslog severity levels are considered more severe than WARNINGS? (Choose 2)
Correct
Debugging are level 7 and are considered the least severe. Emergencies are level 0 and are the most severe. REFERENCE: https://www.cisco.com/c/en/us/td/docs/routers/access/wireless/software/guide/SysMsgLogging.html
Incorrect
Debugging are level 7 and are considered the least severe. Emergencies are level 0 and are the most severe. REFERENCE: https://www.cisco.com/c/en/us/td/docs/routers/access/wireless/software/guide/SysMsgLogging.html
Unattempted
Debugging are level 7 and are considered the least severe. Emergencies are level 0 and are the most severe. REFERENCE: https://www.cisco.com/c/en/us/td/docs/routers/access/wireless/software/guide/SysMsgLogging.html
Question 41 of 65
41. Question
Which of the following is an example of the Northbound APIs used with Cisco DNA Center?
Correct
“The Intent API is a Northbound REST API that exposes specific capabilities of the Cisco DNA Center platform. The Intent API provides policy-based abstraction of business intent, allowing focus on an outcome rather than struggling with individual mechanisms steps. The RESTful Cisco DNA Center Intent API uses HTTPS verbs (GET, POST, PUT, and DELETE) with JSON structures to discover and control the network. Reference: https://developer.cisco.com/docs/dna-center/#!cisco-dna-center-platform-overview/cisco-dna-center-platform-overview
Incorrect
“The Intent API is a Northbound REST API that exposes specific capabilities of the Cisco DNA Center platform. The Intent API provides policy-based abstraction of business intent, allowing focus on an outcome rather than struggling with individual mechanisms steps. The RESTful Cisco DNA Center Intent API uses HTTPS verbs (GET, POST, PUT, and DELETE) with JSON structures to discover and control the network. Reference: https://developer.cisco.com/docs/dna-center/#!cisco-dna-center-platform-overview/cisco-dna-center-platform-overview
Unattempted
“The Intent API is a Northbound REST API that exposes specific capabilities of the Cisco DNA Center platform. The Intent API provides policy-based abstraction of business intent, allowing focus on an outcome rather than struggling with individual mechanisms steps. The RESTful Cisco DNA Center Intent API uses HTTPS verbs (GET, POST, PUT, and DELETE) with JSON structures to discover and control the network. Reference: https://developer.cisco.com/docs/dna-center/#!cisco-dna-center-platform-overview/cisco-dna-center-platform-overview
Question 42 of 65
42. Question
What defines the data structures used by NETCONF and RESTCONF?
Correct
YANG is a standards based data modeling language used to create device configuration requests or the requests for operational (show command) data. It has a structured format similar to a computer program that is human readable. Several applications are available that can be run on a centralized management platform (for example a laptop) to create these configuration and operational data requests. REFERENCE: https://www.cisco.com/c/en/us/support/docs/storage-networking/management/200933-YANG-NETCONF-Configuration-Validation.html
Incorrect
YANG is a standards based data modeling language used to create device configuration requests or the requests for operational (show command) data. It has a structured format similar to a computer program that is human readable. Several applications are available that can be run on a centralized management platform (for example a laptop) to create these configuration and operational data requests. REFERENCE: https://www.cisco.com/c/en/us/support/docs/storage-networking/management/200933-YANG-NETCONF-Configuration-Validation.html
Unattempted
YANG is a standards based data modeling language used to create device configuration requests or the requests for operational (show command) data. It has a structured format similar to a computer program that is human readable. Several applications are available that can be run on a centralized management platform (for example a laptop) to create these configuration and operational data requests. REFERENCE: https://www.cisco.com/c/en/us/support/docs/storage-networking/management/200933-YANG-NETCONF-Configuration-Validation.html
Question 43 of 65
43. Question
You are examining the configuration of a AAA method list on your Cisco router. You notice that the method list ends with the keyword none. What does this indicate?
Correct
The none keyword indicates that no authentication is used. REFERENCE: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_usr_aaa/configuration/15-mt/sec-usr-aaa-15-mt-book/configuring_authentication.html
Incorrect
The none keyword indicates that no authentication is used. REFERENCE: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_usr_aaa/configuration/15-mt/sec-usr-aaa-15-mt-book/configuring_authentication.html
Unattempted
The none keyword indicates that no authentication is used. REFERENCE: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_usr_aaa/configuration/15-mt/sec-usr-aaa-15-mt-book/configuring_authentication.html
Question 44 of 65
44. Question
Which of the following is a core post-infection detection technology of Cisco AMP?
Correct
There are four post-infection technologies – Cognitive Threat Analytics, Device Flow Correlation, Cloud Indication of Compromise, and Endpoint IOC. Reference: https://www.cisco.com/c/dam/en/us/products/collateral/security/amp-for-endpoints/white-paper-c11-740980.pdf
Incorrect
There are four post-infection technologies – Cognitive Threat Analytics, Device Flow Correlation, Cloud Indication of Compromise, and Endpoint IOC. Reference: https://www.cisco.com/c/dam/en/us/products/collateral/security/amp-for-endpoints/white-paper-c11-740980.pdf
Unattempted
There are four post-infection technologies – Cognitive Threat Analytics, Device Flow Correlation, Cloud Indication of Compromise, and Endpoint IOC. Reference: https://www.cisco.com/c/dam/en/us/products/collateral/security/amp-for-endpoints/white-paper-c11-740980.pdf
Question 45 of 65
45. Question
Which of the following are structured data forms that are possible for use with RESTCONF as defined by YANG? (Choose 2)
Correct
RESTCONF uses structured data (XML or JSON) and YANG to provide a REST-like APIs, enabling you to programmatically access different network devices. RESTCONF APIs use HTTPs methods. Reference: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/prog/configuration/169/b_169_programmability_cg/restconf_programmable_interface.html
Incorrect
RESTCONF uses structured data (XML or JSON) and YANG to provide a REST-like APIs, enabling you to programmatically access different network devices. RESTCONF APIs use HTTPs methods. Reference: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/prog/configuration/169/b_169_programmability_cg/restconf_programmable_interface.html
Unattempted
RESTCONF uses structured data (XML or JSON) and YANG to provide a REST-like APIs, enabling you to programmatically access different network devices. RESTCONF APIs use HTTPs methods. Reference: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/prog/configuration/169/b_169_programmability_cg/restconf_programmable_interface.html
Question 46 of 65
46. Question
If you want to incorporate the status of an interface in HSRP, what keyword is critical?
Correct
You can use object tracking to incorporate the status of an interface in the HSRP calculations. For example: standby 10 track 1 decrement 20 In this configuration, there could be an object tracker (ID 1) that is tracking the interface status. Downing of the interface decrements priority by 20. Reference: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipapp/configuration/15-mt/iap-15-mt-book/iap-eot.pdf
Incorrect
You can use object tracking to incorporate the status of an interface in the HSRP calculations. For example: standby 10 track 1 decrement 20 In this configuration, there could be an object tracker (ID 1) that is tracking the interface status. Downing of the interface decrements priority by 20. Reference: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipapp/configuration/15-mt/iap-15-mt-book/iap-eot.pdf
Unattempted
You can use object tracking to incorporate the status of an interface in the HSRP calculations. For example: standby 10 track 1 decrement 20 In this configuration, there could be an object tracker (ID 1) that is tracking the interface status. Downing of the interface decrements priority by 20. Reference: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipapp/configuration/15-mt/iap-15-mt-book/iap-eot.pdf
Question 47 of 65
47. Question
Which of the following statements are valid considering fabric-mode access points in the SD-Access solution? (Choose 2)
Correct
These APs will still use CAPWAP tunnels to the WLC. They will be in local mode. They will directly connect to the fabric edge node. These APs can still honor the access and QoS policies like normal. REFERENCE: https://www.cisco.com/c/en/us/td/docs/solutions/CVD/Campus/cisco-sda-design-guide.html
Incorrect
These APs will still use CAPWAP tunnels to the WLC. They will be in local mode. They will directly connect to the fabric edge node. These APs can still honor the access and QoS policies like normal. REFERENCE: https://www.cisco.com/c/en/us/td/docs/solutions/CVD/Campus/cisco-sda-design-guide.html
Unattempted
These APs will still use CAPWAP tunnels to the WLC. They will be in local mode. They will directly connect to the fabric edge node. These APs can still honor the access and QoS policies like normal. REFERENCE: https://www.cisco.com/c/en/us/td/docs/solutions/CVD/Campus/cisco-sda-design-guide.html
Question 48 of 65
48. Question
What technology uses HTTP methods to provide CRUD operations on a conceptual datastore containing YANG-defined data?
Correct
Note that RESTCONF is not really a replacement for NETCONF. It uses principles of NETCONF and adds the HTTP functionality. REFERENCE: https://tools.ietf.org/html/rfc8040
Incorrect
Note that RESTCONF is not really a replacement for NETCONF. It uses principles of NETCONF and adds the HTTP functionality. REFERENCE: https://tools.ietf.org/html/rfc8040
Unattempted
Note that RESTCONF is not really a replacement for NETCONF. It uses principles of NETCONF and adds the HTTP functionality. REFERENCE: https://tools.ietf.org/html/rfc8040
Question 49 of 65
49. Question
What technology permits the Cisco ISE to share key information (such as TrustSec data) with other Cisco and non-Cisco devices in your Enterprise solutions?
Correct
“A Cisco ISE node with pxGrid persona shares the context-sensitive information from Cisco ISE session directory with other network systems such as ISE ecosystem partner systems and Cisco platforms. The pxGrid framework can also be used to exchange policy and configuration data between nodes like sharing tags and policy objects. TrustSec information like tag definition, value, and description can be passed from Cisco ISE to other Cisco management platforms such as Cisco DNA Center and Cisco Stealthwatch.“ Reference: https://www.cisco.com/c/en/us/td/docs/solutions/CVD/Campus/cisco-sda-design-guide.html
Incorrect
“A Cisco ISE node with pxGrid persona shares the context-sensitive information from Cisco ISE session directory with other network systems such as ISE ecosystem partner systems and Cisco platforms. The pxGrid framework can also be used to exchange policy and configuration data between nodes like sharing tags and policy objects. TrustSec information like tag definition, value, and description can be passed from Cisco ISE to other Cisco management platforms such as Cisco DNA Center and Cisco Stealthwatch.“ Reference: https://www.cisco.com/c/en/us/td/docs/solutions/CVD/Campus/cisco-sda-design-guide.html
Unattempted
“A Cisco ISE node with pxGrid persona shares the context-sensitive information from Cisco ISE session directory with other network systems such as ISE ecosystem partner systems and Cisco platforms. The pxGrid framework can also be used to exchange policy and configuration data between nodes like sharing tags and policy objects. TrustSec information like tag definition, value, and description can be passed from Cisco ISE to other Cisco management platforms such as Cisco DNA Center and Cisco Stealthwatch.“ Reference: https://www.cisco.com/c/en/us/td/docs/solutions/CVD/Campus/cisco-sda-design-guide.html
Question 50 of 65
50. Question
Which of the following statements is false regarding NTP?
Correct
NTP relies upon UDP for its operation. Reference: https://www.cisco.com/c/en/us/td/docs/iosxr/ncs560/timing-and-sync/70x/b-network-sync-70x-ncs560/implementing_ntp.pdf
Incorrect
NTP relies upon UDP for its operation. Reference: https://www.cisco.com/c/en/us/td/docs/iosxr/ncs560/timing-and-sync/70x/b-network-sync-70x-ncs560/implementing_ntp.pdf
Unattempted
NTP relies upon UDP for its operation. Reference: https://www.cisco.com/c/en/us/td/docs/iosxr/ncs560/timing-and-sync/70x/b-network-sync-70x-ncs560/implementing_ntp.pdf
Question 51 of 65
51. Question
What REST API response code would you expect to see if there was a problem with authorization during the REST API usage?
Correct
Remember, the 200 codes are for various successes. The 400 codes involve client issues, while the 500 codes involve server-side issues. Here, the most likely code would be 401 – UNAUTHORIZED. REFERENCE: https://restfulapi.net/http-status-codes/
Incorrect
Remember, the 200 codes are for various successes. The 400 codes involve client issues, while the 500 codes involve server-side issues. Here, the most likely code would be 401 – UNAUTHORIZED. REFERENCE: https://restfulapi.net/http-status-codes/
Unattempted
Remember, the 200 codes are for various successes. The 400 codes involve client issues, while the 500 codes involve server-side issues. Here, the most likely code would be 401 – UNAUTHORIZED. REFERENCE: https://restfulapi.net/http-status-codes/
Question 52 of 65
52. Question
You want to improve the performance of roaming in your FlexConnect infrastructure. Specifically, you want to employ the Fast Transition feature. What technology permits this?
Correct
“802.11r introduces a new concept of roaming where the initial handshake with the new AP is done even before the client roams to the target AP, which is called Fast Transition (FT). The initial handshake allows the client and APs to do the Pairwise Transient Key (PTK) calculation in advance. These PTK keys are applied to the client and AP after the client does the reassociation request or response exchange with new target AP. In a FlexConnect Deployment scenario, 802.11r BSS FT roaming is supported between APs within the same FlexConnect group. To enable seamless roaming, the 802.11r Key Cache is distributed to all the APs in the same FlexConnect Group. The Key Cache distribution is done by the WLC after the client device does the initial FT association through Central Authentication.“ REFERENCE: https://www.cisco.com/c/en/us/td/docs/wireless/controller/technotes/80211r-ft/b-80211r-dg.html
Incorrect
“802.11r introduces a new concept of roaming where the initial handshake with the new AP is done even before the client roams to the target AP, which is called Fast Transition (FT). The initial handshake allows the client and APs to do the Pairwise Transient Key (PTK) calculation in advance. These PTK keys are applied to the client and AP after the client does the reassociation request or response exchange with new target AP. In a FlexConnect Deployment scenario, 802.11r BSS FT roaming is supported between APs within the same FlexConnect group. To enable seamless roaming, the 802.11r Key Cache is distributed to all the APs in the same FlexConnect Group. The Key Cache distribution is done by the WLC after the client device does the initial FT association through Central Authentication.“ REFERENCE: https://www.cisco.com/c/en/us/td/docs/wireless/controller/technotes/80211r-ft/b-80211r-dg.html
Unattempted
“802.11r introduces a new concept of roaming where the initial handshake with the new AP is done even before the client roams to the target AP, which is called Fast Transition (FT). The initial handshake allows the client and APs to do the Pairwise Transient Key (PTK) calculation in advance. These PTK keys are applied to the client and AP after the client does the reassociation request or response exchange with new target AP. In a FlexConnect Deployment scenario, 802.11r BSS FT roaming is supported between APs within the same FlexConnect group. To enable seamless roaming, the 802.11r Key Cache is distributed to all the APs in the same FlexConnect Group. The Key Cache distribution is done by the WLC after the client device does the initial FT association through Central Authentication.“ REFERENCE: https://www.cisco.com/c/en/us/td/docs/wireless/controller/technotes/80211r-ft/b-80211r-dg.html
Question 53 of 65
53. Question
Which of the following commands would be the most useful for monitoring CoPP?
Correct
Remember, like policing under DiffServ, you use a class-map, policy-map, and service-policy approach to the configuration. Here, we use the show policy-map control-plane command to review the CoPP configuration. Reference: https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst6500/ios/15-0SY/configuration/guide/15_0_sy_swcg/control_plane_policing_copp.pdf
Incorrect
Remember, like policing under DiffServ, you use a class-map, policy-map, and service-policy approach to the configuration. Here, we use the show policy-map control-plane command to review the CoPP configuration. Reference: https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst6500/ios/15-0SY/configuration/guide/15_0_sy_swcg/control_plane_policing_copp.pdf
Unattempted
Remember, like policing under DiffServ, you use a class-map, policy-map, and service-policy approach to the configuration. Here, we use the show policy-map control-plane command to review the CoPP configuration. Reference: https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst6500/ios/15-0SY/configuration/guide/15_0_sy_swcg/control_plane_policing_copp.pdf
Question 54 of 65
54. Question
You have a Cisco AP set to bridge mode. You have just performed a factory reset of the device. What mode is the AP in after the reset?
Correct
“If the AP is in Bridge mode, then the same Bridge mode is retained after the factory reset of the AP; if the AP is in FlexConnect, Local, Sniffer, or any other mode, then the AP mode is set to Local mode after the factory reset of the AP. If you press the Reset button on the AP and perform a true factory reset, then the AP moves to a cookie configured mode.“ Reference: https://www.cisco.com/c/en/us/td/docs/wireless/controller/8-10/config-guide/b_cg810/managing_aps.html
Incorrect
“If the AP is in Bridge mode, then the same Bridge mode is retained after the factory reset of the AP; if the AP is in FlexConnect, Local, Sniffer, or any other mode, then the AP mode is set to Local mode after the factory reset of the AP. If you press the Reset button on the AP and perform a true factory reset, then the AP moves to a cookie configured mode.“ Reference: https://www.cisco.com/c/en/us/td/docs/wireless/controller/8-10/config-guide/b_cg810/managing_aps.html
Unattempted
“If the AP is in Bridge mode, then the same Bridge mode is retained after the factory reset of the AP; if the AP is in FlexConnect, Local, Sniffer, or any other mode, then the AP mode is set to Local mode after the factory reset of the AP. If you press the Reset button on the AP and perform a true factory reset, then the AP moves to a cookie configured mode.“ Reference: https://www.cisco.com/c/en/us/td/docs/wireless/controller/8-10/config-guide/b_cg810/managing_aps.html
Question 55 of 65
55. Question
Which of the following statements are correct regarding the RP in multicast? (Choose 2)
Correct
You can arrive at the two correct answers by eliminating the two options that are not correct. The RP can be configured manually, or with AUTO-RP or BSR. Also, note that PIM-DM did not use a concept of an RP. REFERENCE: https://www.cisco.com/c/en/us/td/docs/ios/solutions_docs/ip_multicast/White_papers/rps.html
Incorrect
You can arrive at the two correct answers by eliminating the two options that are not correct. The RP can be configured manually, or with AUTO-RP or BSR. Also, note that PIM-DM did not use a concept of an RP. REFERENCE: https://www.cisco.com/c/en/us/td/docs/ios/solutions_docs/ip_multicast/White_papers/rps.html
Unattempted
You can arrive at the two correct answers by eliminating the two options that are not correct. The RP can be configured manually, or with AUTO-RP or BSR. Also, note that PIM-DM did not use a concept of an RP. REFERENCE: https://www.cisco.com/c/en/us/td/docs/ios/solutions_docs/ip_multicast/White_papers/rps.html
Question 56 of 65
56. Question
When you issue the command show ip vrf, which of the following is not a column shown?
Correct
The show ip vrf command displays three columns of information – Name, Default RD, and Interfaces. REFERENCE: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/mpls/command/mp-cr-book/mp-s2.html#wp3611153965
Incorrect
The show ip vrf command displays three columns of information – Name, Default RD, and Interfaces. REFERENCE: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/mpls/command/mp-cr-book/mp-s2.html#wp3611153965
Unattempted
The show ip vrf command displays three columns of information – Name, Default RD, and Interfaces. REFERENCE: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/mpls/command/mp-cr-book/mp-s2.html#wp3611153965
Question 57 of 65
57. Question
Which of the following is not an Authentication Key Management option for WLAN security?
Correct
SSH is not a valid option here. SSH is for remote connections that are secure. All the other options listed are valid options for WLAN security. REFERENCE: https://www.cisco.com/c/en/us/td/docs/wireless/controller/8-7/config-guide/b_cg87/wlan_security.html
Incorrect
SSH is not a valid option here. SSH is for remote connections that are secure. All the other options listed are valid options for WLAN security. REFERENCE: https://www.cisco.com/c/en/us/td/docs/wireless/controller/8-7/config-guide/b_cg87/wlan_security.html
Unattempted
SSH is not a valid option here. SSH is for remote connections that are secure. All the other options listed are valid options for WLAN security. REFERENCE: https://www.cisco.com/c/en/us/td/docs/wireless/controller/8-7/config-guide/b_cg87/wlan_security.html
Question 58 of 65
58. Question
Which of the following is false regarding traffic shaping versus traffic policing?
What is the role played by the default gateway that is responsible for ensuring load balancing in GLBP? This device can be configured for the load balancing technique used.
Correct
The Active Virtual Gateway (AVG) is responsible for the load balancing, as well as how the load balancing will take place. This system can also simultaneously be an Active Virtual Forwarder (AVF) system. Reference: https://www.cisco.com/en/US/docs/ios/12_2t/12_2t15/feature/guide/ft_glbp.html
Incorrect
The Active Virtual Gateway (AVG) is responsible for the load balancing, as well as how the load balancing will take place. This system can also simultaneously be an Active Virtual Forwarder (AVF) system. Reference: https://www.cisco.com/en/US/docs/ios/12_2t/12_2t15/feature/guide/ft_glbp.html
Unattempted
The Active Virtual Gateway (AVG) is responsible for the load balancing, as well as how the load balancing will take place. This system can also simultaneously be an Active Virtual Forwarder (AVF) system. Reference: https://www.cisco.com/en/US/docs/ios/12_2t/12_2t15/feature/guide/ft_glbp.html
Question 60 of 65
60. Question
Which two of the following statements about wireless SSIDs are true? (Choose 2)
What component of the SD-WAN solution from Cisco Systems distributes routes and policy information via OMP?
Correct
vSmart – “This software-based component is responsible for the centralized control plane of the SD-WAN network. It maintains a secure connection to each WAN Edge router and distributes routes and policy information via the Overlay Management Protocol (OMP), acting as a route reflector. It also orchestrates the secure data plane connectivity between the WAN Edge routers by reflecting crypto key information originating from WAN Edge routers, allowing for a very scalable, IKE-less architecture.“ Reference: https://www.cisco.com/c/en/us/td/docs/solutions/CVD/SDWAN/cisco-sdwan-design-guide.html
Incorrect
vSmart – “This software-based component is responsible for the centralized control plane of the SD-WAN network. It maintains a secure connection to each WAN Edge router and distributes routes and policy information via the Overlay Management Protocol (OMP), acting as a route reflector. It also orchestrates the secure data plane connectivity between the WAN Edge routers by reflecting crypto key information originating from WAN Edge routers, allowing for a very scalable, IKE-less architecture.“ Reference: https://www.cisco.com/c/en/us/td/docs/solutions/CVD/SDWAN/cisco-sdwan-design-guide.html
Unattempted
vSmart – “This software-based component is responsible for the centralized control plane of the SD-WAN network. It maintains a secure connection to each WAN Edge router and distributes routes and policy information via the Overlay Management Protocol (OMP), acting as a route reflector. It also orchestrates the secure data plane connectivity between the WAN Edge routers by reflecting crypto key information originating from WAN Edge routers, allowing for a very scalable, IKE-less architecture.“ Reference: https://www.cisco.com/c/en/us/td/docs/solutions/CVD/SDWAN/cisco-sdwan-design-guide.html
Question 62 of 65
62. Question
Examine the JSON sample shown here. What data type is used with the key of Models? {“Device“: “RGD12“,“Units“: 12,“Inuse“:true,“Models“:[“1250“,“1350“,“1375“]}
Correct
This is the array data type. An array is an ordered collection of values. They begin with [ (left bracket) and end with ] (right bracket). The values are separated by , (commas). REFERENCE: https://restfulapi.net/json-data-types/
Incorrect
This is the array data type. An array is an ordered collection of values. They begin with [ (left bracket) and end with ] (right bracket). The values are separated by , (commas). REFERENCE: https://restfulapi.net/json-data-types/
Unattempted
This is the array data type. An array is an ordered collection of values. They begin with [ (left bracket) and end with ] (right bracket). The values are separated by , (commas). REFERENCE: https://restfulapi.net/json-data-types/
Question 63 of 65
63. Question
You need to create a function in order to script the required automation in your Cisco network solution. How is a function enumerated in Python?
Correct
“The keyword def introduces a function definition. It must be followed by the function name and the parenthesized list of formal parameters. The statements that form the body of the function start at the next line, and must be indented.“ Reference: https://docs.python.org/3/tutorial/controlflow.html#defining-functions
Incorrect
“The keyword def introduces a function definition. It must be followed by the function name and the parenthesized list of formal parameters. The statements that form the body of the function start at the next line, and must be indented.“ Reference: https://docs.python.org/3/tutorial/controlflow.html#defining-functions
Unattempted
“The keyword def introduces a function definition. It must be followed by the function name and the parenthesized list of formal parameters. The statements that form the body of the function start at the next line, and must be indented.“ Reference: https://docs.python.org/3/tutorial/controlflow.html#defining-functions
Question 64 of 65
64. Question
You are interested in providing your WLC address to your Lightweight Access Point using DHCP. What option is used for this?
Correct
Option 43 in DHCP can carry the WLC IP address for the lightweight APs to call upon. REFERENCE: https://www.cisco.com/c/en/us/td/docs/wireless/access_point/1000/installation/guide/1000hig4/1000h_f.pdf
Incorrect
Option 43 in DHCP can carry the WLC IP address for the lightweight APs to call upon. REFERENCE: https://www.cisco.com/c/en/us/td/docs/wireless/access_point/1000/installation/guide/1000hig4/1000h_f.pdf
Unattempted
Option 43 in DHCP can carry the WLC IP address for the lightweight APs to call upon. REFERENCE: https://www.cisco.com/c/en/us/td/docs/wireless/access_point/1000/installation/guide/1000hig4/1000h_f.pdf
Question 65 of 65
65. Question
What is the main function of an alternate port in RSTP?
