Test 350-401

Question 1:
Which device is responsible for finding EID-to-RLOC mapping when traffic is sent to a LISP-capable site?

A.
map resolver
B.
egress tunnel router
C.
map server
D.
ingress tunnel router

Question 2:
By default, which virtual MAC address does HSRP group 25 use?

A.
04:30:83:88:4c:19
B.
00:00:0c:07:ac:25
C.
05:5c:5e:ac:0c:25
D.
00:00:0c:07:ac:19

Question 3:
Refer to the exhibit.

An engineer must deny Telnet traffic from the loopback interface of router R3 to the loopback interface of router R2 during the weekend hours. All other traffic between the loopback interfaces of routers R3 and R2 must be allowed at all times.
Which command set accomplishes this task?

A.
R3(config)#time-range WEEKEND R3(config-time-range)#periodic Saturday Sunday 00:00 to 23:59 R3(config)#access-list 150 deny tcp host 10.3.3.3 host 10.2.2.2 eq 23 time-range WEEKEND R3(config)#access-list 150 permit ip any any time-range WEEKEND R3(config)#interface G0/1 R3(config-if)#ip access-group 150 out
B.
R1(config)#time-range WEEKEND R1(config-time-range)#periodic weekend 00:00 to 23:59 R1(config)#access-list 150 deny tcp host 10.3.3.3 host 10.2.2.2 eq 23 time-range WEEKEND R1(config)#access-list 150 permit ip any any R1(config)#interface G0/1 R1(config-if)#ip access-group 150 in
C.
R3(config)#time-range WEEKEND R3(config-time-range)#periodic weekend 00:00 to 23:59 R3(config)#access-list 150 permit tcp host 10.3.3.3 host 10.2.2.2 eq 23 time-range WEEKEND R3(config)#access-list 150 permit ip any any time-range WEEKEND R3(config)#interface G0/1 R3(config-if)#ip access-group 150 out
D.
R1(config)#time-range WEEKEND R1(config-time-range)#periodic Friday Sunday 00:00 to 00:00 R1(config)#access-list 150 deny tcp host 10.3.3.3 host 10.2.2.2 eq 23 time-range WEEKEND R1(config)#access-list 150 permit ip any any R1(config)#interface G0/1 R1(config-if)#ip access-group 150 in

Question 4:

Refer to the exhibit. An engineer configures OSPF and wants to verify the configuration. Which configuration is applied to this device?

A.
R1(config)#interface Gi0/1 R1(config-if)#ip ospf enable R1(contig-if)#ip ospf network broadcast R1(config-if)#no shutdown
B.
R1(config)#router ospf 1 R1(config-router)#network 0.0.0.0 0.0.0.0 area 0 R1(config-router)#no passive-interface Gi0/1
C.
R1(config)#interface Gi0/1 R1(config-if)#ip ospf 1 area 0 R1(config-if)#no shutdown
D.
R1(config)#router ospf 1 R1(config-router)#network 192.168.50.0 0.0.0.255 area 0

Question 5:
DRAG DROP -
Drag and drop the characteristics from the left onto the switching mechanisms they describe on the right.
Select and Place:

Question 6:
The login method is configured on the VTY lines of a router with these parameters:
* The first method for authentication is TACACS
* If TACACS is unavailable, login is allowed without any provided credentials
Which configuration accomplishes this task?
A.

Question 7:
In a Cisco SD-WAN solution, which two functions are performed by OMP? (Choose two.)

A.
advertisement of network prefixes and their attributes
B.
configuration of control and data policies
C.
gathering of underlay infrastructure data
D.
delivery of crypto keys
E.
segmentation and differentiation of traffic

Question 8:

Refer to the exhibit. An engineer must implement HSRP between two WAN routers. In the event R1 fails and then regains operational status, it must allow 100 seconds for the routing protocol to converge before preemption takes effect. Which configuration is required?

A.
R2 -interface Gi0/0standby 300 preemptstandby 300 delay sync 100
B.
R1 -interface Gi0/0standby 300 preemptstandby 300 delay minimum 100
C.
R1 -interface Gi0/0standby 300 preemptR2 -interface Gi0/0standby 300 delay sync 100
D.
R1 -interface Gi0/0standby 300 preemptR2 -interface Gi0/0standby 300 delay minimum 100

Question 9:
What are the four stages of obtaining an IP address lease from a DHCP server?

A.
Discover, Offer, Release, Renew
B.
Discover, Obtain, Request, Renew
C.
Determine, Obtain, Release, Acknowledge
D.
Discover, Offer, Request, Acknowledge

Question 10:
Select the devices from the below options that can be fart of Cisco SDWAN Solution. (Choose two.)

A.
ISR 2900
B.
ASR 1000
C.
IR8300
D.
FTD 1120
E.
ASR 9000

Question 11:
An engineer is connected to a Cisco router through a Telnet session. Which command must be issued to view the logging messages from the current session as soon as they are generated by the router?

A.
logging host
B.
terminal monitor
C.
service timestamps log uptime
D.
logging buffer

Question 12:
DRAG DROP
-

Drag and drop the snippets onto the blanks within the code to construct a script that configures a loopback interface with an IP address. Not all options are used.

Question 13:
What are two reasons why broadcast radiation is caused in the virtual machine environment? (Choose two.)

A.
vSwitch must interrupt the server CPU to process the broadcast packet.
B.
The Layer 2 domain can be large in virtual machine environments.
C.
Virtual machines communicate primarily through broadcast mode.
D.
Communication between vSwitch and network switch is broadcast based.
E.
Communication between vSwitch and network switch is multicast based.

Question 14:
Which IP SLA operation requires the IP SLA responder to be configured on the remote end?

A.
UDP jitter
B.
ICMP jitter
C.
TCP connect
D.
ICMP echo

Question 15:
Which component does Cisco Threat Defense use to measure bandwidth, application performance, and utilization?

A.
TrustSec
B.
Advanced Malware Protection for Endpoints
C.
NetFlow
D.
Cisco Umbrella

Question 16:
A client device roams between wireless LAN controllers that are mobility peers. Both controllers have dynamic interfaces on the same client VLAN. Which type of roam is described?

A.
intra-VLAN
B.
inter-controller
C.
intra-controller
D.
inter-subnet

Question 17:
Which method ensures the confidentiality of data exchanged over a REST API?

A.
Use the POST method instead of URL-encoded GET to pass parameters.
B.
Use TLS to secure the underlying HTTP session.
C.
Deploy digest-based authentication to protect the access to the API.
D.
Encode sensitive data using Base64 encoding.

Question 18:
What is a characteristic of traffic shaping?

A.
drops out-of-profile packets
B.
causes TCP retransmits when packets are dropped
C.
can be applied in both traffic directions
D.
queues out-of-profile packets until the buffer is full

Question 19:
Which two advanced security features are available in next-generation firewalls but were not provided by standard firewalls? (Choose two.)

A.
stateful traffic inspection
B.
remote access VPN
C.
network telemetry
D.
intrusion prevention
E.
application control

Question 20:

Refer to the exhibit. Which set of commands on router R1 allow deterministic translation of private hosts PC1, PC2, and PC3 to addresses in the public space?

A.
RouterR1(config)#int f0/0 RouterR1(config)#ip nat inside RouterR1(config)#exit RouterR1(config)#int f0/1 RouterR1(config)#ip nat outside RouterR1(config)#exit RouterR1(config)#access-list 1 10.10.10.0 0.0.0.255 RouterR1(config)#ip nat inside source list 1 interface f0/1 overload
B.
RouterR1(config)#int f0/0 RouterR1(config)#ip nat inside RouterR1(config)#exit RouterR1(config)#int f0/1 RouterR1(config)#ip nat outside RouterR1(config)#exit RouterR1(config)#access-list 1 10.10.10.0 0.0.0.255 RouterR1(config)#ip nat pool POOL 155.1.1.101 155.1.1.103 netmask 255.255.255.0 RouterR1(config)#ip nat inside source list 1 pool POOL
C.
RouterR1(config)#int f0/0 RouterR1(config)#ip nat inside RouterR1(config)#exit RouterR1(config)#int f0/1 RouterR1(config)#ip nat outside RouterR1(config)#exit RouterR1(config)#ip nat inside source static 10.10.10.101 155.1.1.101 RouterR1(config)#ip nat inside source static 10.10.10.102 155.1.1.102 RouterR1(config)#ip nat inside source static 10.10.10.103 155.1.1.103
D.
RouterR1(config)#int f0/0 RouterR1(config)#ip nat outside RouterR1(config)#exit RouterR1(config)#int f0/1 RouterR1(config)#ip nat inside RouterR1(config)#exit RouterR1(config)#ip nat inside source static 10.10.10.101 155.1.1.101 RouterR1(config)#ip nat inside source static 10.10.10.102 155.1.1.102 RouterR1(config)#ip nat inside source static 10.10.10.103 155.1.1.103

Question 21:

Refer to the exhibit. An engineer is configuring an EtherChannel between Switch1 and Switch2 and notices the console message on Switch2. Based on the output, which action resolves this issue?

A.
Configure more member ports on Switch1.
B.
Configure less member ports on Switch2.
C.
Configure the same port channel interface number on both switches.
D.
Configure the same EtherChannel protocol on both switches.

Question 22:

Refer to the exhibit. An engineer implemented several configuration changes and receives the logging message on Switch1. Which action should the engineer take to resolve this issue?

A.
Change Switch2 to switch port mode dynamic auto.
B.
Change the VTP domain to match on both switches.
C.
Change Switch1 to switch port mode dynamic auto.
D.
Change Switch1 to switch port mode dynamic desirable.

Question 23:
How are the different versions of IGMP compatible?

A.
IGMPv2 is compatible only with IGMPv2.
B.
IGMPv3 is compatible only with IGMPv3.
C.
IGMPv2 is compatible only with IGMPv1.
D.
IGMPv3 is compatible only with IGMPv1

Question 24:
A customer has completed the installation of a Wi-Fi 6 greenfield deployment at their new campus. They want to leverage Wi-Fi 6 enhanced speeds on the trusted employee WLAN. To configure the employee WLAN, which two Layer 2 security policies should be used? (Choose two.)

A.
WPA2 (AES)
B.
802.1X
C.
OPEN
D.
WEP
E.
WPA (AES)

Question 25:
Refer to the exhibit.

Based on the configuration in this WLAN security setting, which method can a client use to authenticate to the network?

A.
text string
B.
username and password
C.
RADIUS token
D.
certificate

Question 26:
Which two descriptions of FlexConnect mode for Cisco APs are true? (Choose two.)

A.
APs that operate in FlexConnect mode cannot detect rogue APs.
B.
When connected to the controller, FlexConnect APs can tunnel traffic back to the controller.
C.
FlexConnect mode is used when the APs are set up in a mesh environment and used to bridge between each other.
D.
FlexConnect mode is a feature that is designed to allow specified CAPWAP-enabled APs to exclude themselves from managing data traffic between clients and infrastructure.
E.
FlexConnect mode is a wireless solution for branch office and remote office deployments.

Question 27:

Refer to the exhibit. How does the router handle traffic after the CoPP policy is configured on the router?

A.
Traffic generated by R1 that matches access list SNMP is policed.
B.
Traffic coming to R1 that matches access list SNMP is policed.
C.
Traffic passing through R1 that matches access list SNMP is policed.
D.
Traffic coming to R1 that does not match access list SNMP is dropped.

Question 28:
A client device fails to see the enterprise SSID, but other client devices are connected to it.
What is the cause of this issue?

A.
The client has incorrect credentials stored for the configured broadcast SSID.
B.
The hidden SSID was not manually configured on the client.
C.
The broadcast SSID was not manually configured on the client.
D.
The client has incorrect credentials stored for the configured hidden SSID.

Question 29:
DRAG DROP -
Drag and drop the DHCP messages that are exchanged between a client and an AP into the order they are exchanged on the right.
Select and Place:

Question 30:
Which two methods are used by an AP that is trying to discover a wireless LAN controller? (Choose two.)

A.
Cisco Discovery Protocol neighbor
B.
querying other APs
C.
DHCP Option 43
D.
broadcasting on the local subnet
E.
DNS lookup CISCO-DNA-PRIMARY.localdomain

Question 31:
Which two actions, when applied in the LAN network segment, will facilitate Layer 3 CAPWAP discovery for lightweight AP? (Choose two.)

A.
Utilize DHCP option 43.
B.
Utilize DHCP option 17.
C.
Configure an ip helper-address on the router interface.
D.
Enable port security on the switch port.
E.
Configure WLC IP address on LAN switch

Question 32:
Refer to the exhibit.

An engineer is installing a new pair of routers in a redundant configuration.
Which protocol ensures that traffic is not disrupted in the event of a hardware failure?

A.
HSRPv1
B.
GLBP
C.
VRRP
D.
HSRPv2

Question 33:

Refer to the exhibit. Rapid PVST+ is enabled on all switches. Which command set must be configured on Switch1 to achieve the following results on port fa0/1?
✑ When a device is connected, the port transitions immediately to a forwarding state.
✑ The interface should not send or receive BPDUs.
✑ If a BPDU is received, it continues operating normally.

A.
Switch1(config)# spanning-tree portfast bpdufilter default Switch1(config)# interface f0/1 Switch1(config-if)# spanning-tree portfast
B.
Switch1(config)# spanning-tree portfast bpduguard default Switch 1 (config)# interface f0/1 Switch1 (config-if)# spanning-tree portfast
C.
Switch1(config)# interface f0/1 Switch1(config-if)# spanning-tree portfast
D.
Switch1(config)# interface f0/1 Switch1(config-if)# spanning-tree portfast Switch1 (config-if)# spanning-tree bpduguard enable

Question 34:
Refer to the exhibit.

What happens to access interfaces where VLAN 222 is assigned?

A.
STP BPDU guard is enabled.
B.
A description "RSPAN" is added.
C.
They are placed into an inactive state.
D.
They cannot provide PoE.

Question 35:
Which behavior can be expected when the HSRP version is changed from 1 to 2?

A.
No changes occur because the standby router is upgraded before the active router.
B.
No changes occur because version 1 and 2 use the same virtual MAC OUI.
C.
Each HSRP group reinitializes because the virtual MAC address has changed.
D.
Each HSRP group reinitializes because the multicast address has changed.

Question 36:
Refer to the exhibit.

Link1 is a copper connection and Link2 is a fiber connection. The fiber port must be the primary port for all forwarding. The output of the show spanning-tree command on SW2 shows that the fiber port is blocked by spanning tree. An engineer enters the spanning-tree port-priority 32 command on G0/1 on SW2, but the port remains blocked.
Which command should be entered on the ports that are connected to Link2 to resolve the issue?

A.
Enter spanning-tree port-priority 4 on SW2.
B.
Enter spanning-tree port-priority 32 on SW1.
C.
Enter spanning-tree port-priority 224 on SW1.
D.
Enter spanning-tree port-priority 64 on SW2.

Question 37:
An engineer must configure a new loopback interface on a router and advertise the interface as a /24 in OSPF. Which command set accomplishes this task?

A.
R2(config)#interface Loopback0 R2(config-if)#ip address 172.22.2.1 255.255.255.0 R2(config-if)#ip ospf network broadcast R2(config-if)#ip ospf 100 area 0
B.
R2(config)#interface Loopback0 R2(config-if)#ip address 172.22.2.1 255.255.255.0 R2(config-if)#ip ospf network point-to-point R2(config-if)#ip ospf 100 area 0
C.
R2(config)#interface Loopback0 R2(config-if)#ip address 172.22.2.1 255.255.255.0 R2(config-if)#ip ospf network point-to-multipoint R2(config-if)#router ospf 100
D.
R2(config-router)#network 172.22.2.0 0.0.0.255 area 0 R2(config)#interface Loopback0 R2(config-if)#ip address 172.22.2.1 255.255.255.0 R2(config-if)#ip ospf 100 area 0

Question 38:
How do agent-based versus agentless configuration management tools compare?

A.
Agentless tools use proxy nodes to interface with slave nodes.
B.
Agentless tools require no messaging systems between master and slaves.
C.
Agent-based tools do not require a high-level language interpreter such as Python or Ruby on slave nodes.
D.
Agent-based tools do not require installation of additional software packages on the slave nodes.

Question 39:
Refer to the exhibit.

What is the JSON syntax that is formed from the data?

A.
{Name: Bob Johnson, Age: 75, Alive: true, Favorite Foods: [Cereal, Mustard, Onions]}
B.
{ג€Nameג€: ג€Bob Johnsonג€, ג€Ageג€: 75, ג€Aliveג€: true, ג€Favorite Foodsג€: [ג€Cerealג€, ג€Mustardג€, ג€Onionsג€]}
C.
{'Name': 'Bob Johnson', 'Age': 75, 'Alive': True, 'Favorite Foods': 'Cereal', 'Mustard', 'Onions'}
D.
{ג€Nameג€: ג€Bob Johnsonג€, ג€Ageג€: Seventyfive, ג€Aliveג€: true, ג€Favorite Foodsג€: [ג€Cerealג€, ג€Mustardג€, ג€Onionsג€]}

Question 40:

Refer to the exhibit. An administrator must enable RESTCONF access to a router. Which two commands or command sets must be added to the existing configuration? (Choose two.)

A.
aaa authentication login default localaaa authorization exec default local
B.
restconf
C.
line vty 0 15
D.
netconf-yang
E.
username restconf privilege 0

Question 41:
A network is being migrated from IPv4 to IPv6 using a dual-stack approach. Network management is already 100% IPv6 enabled.
In a dual-stack network with two dual-stack NetFlow collectors, how many flow exporters are needed per network device in the flexible NetFlow configuration?

A.
1
B.
2
C.
4
D.
8

Question 42:
How is MSDP used to interconnect multiple PIM-SM domains?

A.
MSDP allows a rendezvous point to dynamically discover active sources outside of its domain.
B.
MSDP SA request messages are used to request a list of active sources for a specific group.
C.
MSDP depends on BGP or multiprotocol BGP for interdomain operation.
D.
MSDP messages are used to advertise active sources in a domain.

Question 43:
Which device makes the decision for a wireless client to roam?

A.
wireless client
B.
wireless LAN controller
C.
access point
D.
WCS location server

Question 44:
Which measurement is used from a post wireless survey to depict the cell edge of the access points?

A.
SNR
B.
Noise
C.
RSSI
D.
CCI

Question 45:
Which AP mode allows a supported AP to function like a WLAN client would, associating and identifying client connectivity issues?

A.
client mode
B.
SE-connect mode
C.
sensor mode
D.
sniffer mode

Question 46:

Refer to the exhibit. An engineer must allow the FTP traffic from users on 172.16.1.0 /24 to 172.16.2.0 /24 and block all other traffic. Which configuration must be applied?

A.
R1(config)# access-list 120 permit tcp 172.16.1.0 0.0.0.255 21 172.16.2.0 0.0.0.255R1 (config)#interface giga 0/2 -R1 (config-if)#ip access-group 120 in
B.
R1(config)# access-list 120 permit tcp 172.16.1.0 0.0.0.255 172.16.2.0 0.0.0.255 20R1(config)# access-list 120 permit tcp 172.16.1.0 0.0.0.255 172.16.2.0 0.0.0.255 21R1(config)#interface giga 0/2 -R1 (config-if)#ip access-group 120 in
C.
R1 (config)# access-list 120 deny any anyR1(config)# access-list 120 permit tcp 172.16.1.0 0.0.0.255 172.16.2.0 0.0.0.255 21R1 (config)#interface giga 0/0 -R1(config-if)#ip access-group 120 out
D.
R1(config)# access-list 120 permit tcp 172.16.1.0 0.0.0.255 21 172.16.2.0 0.0.0.255R1(config)# access-list 120 permit udp 172.16.1.0 0.0.0.255 21 172.16.2.0 0.0.0.255R1 (config)#interface giga 0/2 -R1(config-if)#ip access-group 120 out

Question 47:
The Radio Resource Management software that is embedded in the Cisco WLC acts as a manager to constantly monitor over-the-air metrics. Which other factor does the Radio Resource Management software detect?

A.
presence of rogue APs or malicious SSIDs
B.
unauthorized wireless network access
C.
repeated attempts to authenticate to a wireless network
D.
end-node vulnerabilities

Question 48:

Refer to the exhibit. What is the result of the IP SLA configuration?

A.
The operation runs 5000 times.
B.
IP SLA is scheduled to run at 3 a.m.
C.
The operation runs 300 times a day.
D.
The rate is configured to repeat every 5 minutes.

Question 49:
Which action occurs during a Layer 3 roam?

A.
The client receives a new IP address after authentication occurs.
B.
The client is marked as "Foreign" on the original controller.
C.
The client database entry is moved from the old controller to the new controller.
D.
Client traffic is tunneled back to the original controller after a Layer 3 roam occurs.

Question 50:
What are two characteristics of vManage APIs? (Choose two.)

A.
Northbound API is based on RESTCONF and JSON.
B.
Southbound API is based on NETCONF and XML.
C.
Southbound API is based on RESTCONF and JSON.
D.
Southbound API is based on OMP and DTLS.
E.
Northbound API is RESTful using JSON.