300-410 Practice Test Free – 50 Questions to Test Your Knowledge
Are you preparing for the 300-410 certification exam? If so, taking a 300-410 practice test free is one of the best ways to assess your knowledge and improve your chances of passing. In this post, we provide 50 free 300-410 practice questions designed to help you test your skills and identify areas for improvement.
By taking a free 300-410 practice test, you can:
- Familiarize yourself with the exam format and question types
- Identify your strengths and weaknesses
- Gain confidence before the actual exam
50 Free 300-410 Practice Questions
Below, you will find 50 free 300-410 practice questions to help you prepare for the exam. These questions are designed to reflect the real exam structure and difficulty level.
Refer to the exhibit. An engineer is troubleshooting an issue using the debug ip packet command and notices that no time stamps are shown on R4 to establish the event time. Which configuration resolves this issue by showing time stamps regardless of the time zone in R4 logs?A. service timestamps log datetime localtime msec
B. service timestamps debug datetime localtime msec
C. service timestamps log datetime msec show-timezone
D. service timestamps debug datetime msec show-timezone
How do devices operate in MPLS L3VPN topology?A. P routers provide connectivity between PE devices with MPLS switching.
B. P and associated PE routers with IGP populate the VRF table in different VPNs.
C. CE routers connect to the provider network and perform LSP functionality.
D. P routers support PE to PE VPN tunnel without LSP functionality.
Refer to the exhibit. The engineer is reviewing the logs on the DENVER router and notices that this error message repeats constantly:
*Jun 12 13:42:03.399: %TCP-6-BADAUTH: No MD5 digest from 10.40.1.1(27174) to 10.40.1.2(179) tableid - 0
Which action resolves the issue?A. Configure OSPF link authentication on the router with IP address 10.40.1.1.
B. Configure NTP authentication on the router with IP address 10.40.1.1.
C. Configure BGP authentication on the router with IP address 10.40.1.2.
D. Configure BGP authentication on the router with IP address 10.40.1.1.
Refer to the exhibit. R1 is multihomed to ISP1 and ISP2. uRPF strict mode has been configured on both interfaces uplinked to the ISPs. Traffic destined to the Internet over ISP1 returns to R1 via ISP2 and is immediately dropped.
Which configuration changes address this issue and allow return traffic from the other ISP?A. R1(config)#interface fastethernet 0/1R1(config-if)# ip verify unicast source reachable-via any
B. R1(config)#interface fastethernet 0/1R1(config-if)# ip verify unicast source reachable-via any allow-default
C. R1(config)#interface fastethernet 0/0R1(config-if)# no ip verify unicast source reachable-via any allow-default
D. R1(config)#interface fastethernet 0/0R1 (config-if)# ip verify unicast source reachable-via rx
Refer to the exhibit. Routers R1 and R2 exchange routes to each other's loopback through OSPF. Telnet traffic must be blocked from R2 Lo0 to R1 Lo2. Which configuration resolves the issue?A.
B.
C.
D.
Refer to the exhibit. After an engineer configured a new Cisco router as a DHCP server, users reported two primary issues:
• Devices in the HR subnet have intermittent connectivity problems.
• Workstations in the LEGAL subnet cannot obtain IP addresses.
Which configurations must the engineer apply to ROUTER_1 to restore connectivity for the affected devices?A.
B.
C.
D.
What are the two benefits of using BFD? (Choose two.)A. synchronous path determination
B. subsecond failure detection
C. supports ail routing protocols
D. supports UDLD failure
E. forwarding path failure detection
Refer to the exhibit. The default route from R1 must be withdrawn from the routing table if R1 cannot ping 10.1.1.1, but it is not working correctly. Which configuration resolves the issue?A.
B.
C.
D.
Refer to the exhibit. An engineer must troubleshoot an issue affecting the communication from router R2 to the TACACS server. Which configuration resolves the issue?A. R1 (config)#tacacs-server packet maxsize 43974
B. R2(config)#tacacs server advrt -R2 (config-server-tacacs)#key xyz123
C. R2(config)#tacacs-server packet maxsize 43974
D. R1 (config)#tacacs server advrt -R1 (config-server-tacacs)#kty xyz123
What is the purpose of the DHCPv6 Guard?A. It messages between a DHCPv6 server and a DHCPv6 client (or relay agent).
B. It allows DHCPv6 reply and advertisements from (rogue) DHCPv6 servers.
C. It shows that clients of a DHCPv6 server are affected.
D. It blocks DHCPv6 messages from relay agents to a DHCPv6 server.
Refer to the exhibit. An engineer configured SNMP in R1 to be able to save and upload configurations to the SNMP server but failed when they tried to backup R1 configuration on the server. Which configuration resolves the issue?A. snmp server tftp-server-list 66
B. copy running-config tftp://10.66.66.66/r1-confg
C. snmp server tftp-server-list 20
D. copy running-config tftp://10.66.66.66/c: r1-confg
An engineer must configure encrypted packets for a single router OSPF neighborship. Which configuration meets this requirement?A.
B.
C.
D.
What are two features of BFD? (Choose two.)A. reliable
B. replaces hello messages
C. requires routing protocols
D. scalable
E. intensive on CPU for Layer 2 links
Refer to the exhibit. Customer B has decided not to receive any routes from R1 that originated outside the AS 100. Which AS path access list must the engineer choose to meet this requirement?A. ip as-path access-list 1 permit ^10[0-9]*$
B. ip as-path access-list 1 permit ^100$
C. ip as-path access-list 1 permit _100$
D. ip as-path access-list 1 permit _100_
What is the role of LDP in MPLS networks?A. It creates MPLS packet forwarding along with the IGP routes.
B. It enables label binding information to exchange with peer LSRs.
C. It disables label binding information to exchange with peer LSRs.
D. It enables label binding that exchanges route descriptors.
Which Layer 3 VPN attribute allows different customers to connect to the same MPLS network with overlapping IP ranges?A. RT
B. RD
C. VRF
D. MP-BGP
Refer to the exhibit. An engineer configured IP SLA to monitor a next hop on a router for reachability. When the next hop is unreachable, the router is executing tracking and falling over another route, but packet loss is experienced because the reachability is flapping. Which action resolves the issue?A. Increase the frequency of the sla probe to 60.
B. Append delay up 60 down 60 to the track command.
C. Append delay up 0 down 0vto the track command.
D. Increase the timeout of the sla probe to 6000.
Refer to the exhibit. The services at branch B are down. An engineer notices that router A and router B are not exchanging any routes. Which configuration resolves the issue on router B?A.
B.
C.
D.
What is the use of IPv6 snooping?A. captures IPv6 routing protocol packets to analyze
B. requires an external IPv6 packet analyzer
C. required for the operation of IPv6 RA Guard
D. captures any type of user traffic to create a binding table
Refer to the exhibit. An engineer must troubleshoot a connectivity issue impacting the redistribution of the subnet 172.16.2.48/28 into the OSPF domain. Which configuration on router R1 advertises this subnet into the OSPF domain?A. R1(config)#route-map CCNP permit 10R1(config-route-map)#match tag 200R1(conflg-route-map)#exit -R1(config)#router ospf 10 -R1(config-router)#redistribute eigrp 100 subnets route-map CCNP
B. R1(config)#route-map CCNP deny 10R1(conflg-route-map)#match tag 200R1(config)#route-map CCNP permit 10R1(config)#router ospf 10 -R1(conflg-router)#redistrlbute eigrp 100 subnets route-map CCNP
C. R1(config)#route-map CCNP permit 10R1(config-route-map)#match route-type internalR1(config)#router ospf 10 -R1(config-router)#redistribute eigrp 100 subnets route-map CCNP
D. R1(config)#route-map CCNP permit 10R1(config-route-map)#match route-type level-2R1(config)#router ospf 10 -R1(config-router)#redistribute eigrp 100 subnets route-map CCNP
SIMULATION
-
Guidelines
-
This is a lab item in which tasks will be performed on virtual devices.
• Refer to the Tasks tab to view the tasks for this lab item.
• Refer to the Topology tab to access the device console(s) and perform the tasks.
• Console access is available for all required devices by clicking the device icon or using the tab(s) above the console window.
• All necessary preconfigurations have been applied.
• Do not change the enable password or hostname for any device.
• Save your configurations to NVRAM before moving to the next item.
• Click Next at the bottom of the screen to submit this lab and move to the next question.
• When Next is clicked, the lab closes and cannot be reopened.
Topology
-
Tasks
-
Configure IPSec security policy on tunnel interfaces to ensure data confidentiality and integrity where mGRE tunnels are up and running between HUB and SPOKE routers.
1. Configure the ISAKMP policy parameters with the following attributes:
• AES256
• SHA256
• Group2
• lifetime 86400
2. Ensure that GRE IP Header should be encrypted inside the IPSec packet. Verify IPSec security association and ISAKMP encrypted key. Use ISAKMP key "abc123".
3. Configure a flexible ISAKMP Policy on the HUB to add peers that have the dynamic IP addresses where SPOKES must add HUB IP static entry using an encrypted key. Use a single command to configure it. Use IPSec phase-2 transform-set name as T-SET and IPSec Profile name as ’IPSEC-PROFILE’.
Which feature drops packets if the source address is not found in the snooping table?A. IPv6 Destination Guard
B. IPv6 Source Guard
C. Binding Table Recovery
D. IPv6 Prefix Guard
Refer to the exhibit. An engineer must advertise LAN network 192.168.1.0 of router A to router B through OSPF. The engineer notices that router B was configured, but the LAN network of router A is not in the routing table of router B. Which configuration on router A resolves the problem?A.
B.
C.
D.
Refer to the exhibit. An IPv6 ACL is applied to restrict PC1 from communicating with PC2 and allow all other traffic. Which configuration resolves the issue?A. R3(config-ipv6-acl)#no sequence 20R3(config-ipv6-acl)#deny ipv6 host 2001:DB8:0:10::3B host 2001:DB8:A:A::19 sequence 10
B. R3(ccnfig-ipv6-acl)#no sequence 30R3(config-ipv6-acl)#deny ipv6 host 2001:DB8:0:10::3B host 2001:DB8:A:A::19 sequence 10
C. R3(config-lpv6-acl)#no sequence 20R3(config-ipv6-acl)#deny ipv6 host 2001:DB8:0:10::3B any sequence 10
D. R3(config-ipv6-acl)#no sequence 30R3(config-ipv6-acl)#deny ipv6 host 2001:DB8:0:10::3B any sequence 10
Refer to the exhibit. EIGRP adjacency between router A and router C is not working as expected. Which two configurations resolve the issue? (Choose two.)A.
B.
C.
D.
E.
Which control plane process allows the MPLS forwarding state to recover when a secondary RP takes over from a failed primary RP?A. LDP uses SSO to recover from disruption in control plane service.
B. MP-BGP uses control plane services for label prefix bindings in the MPLS forwarding table.
C. FEC uses a control plane service to distribute information between primary and secondary processors.
D. LSP uses NSF to recover from disruption in control plane service.
Refer to the exhibit. Branch 2 hosts cannot receive dynamic IP addresses. Which action resolves the issue?A. Configure the ip helper command on the Layer 2 switch SW2 interfaces.
B. Configure the ip helper command on the Interface GigabltEthernet 0/0 of the DHCP router.
C. Configure the ip helper command on the Interface GigabltEthernet 0/2 of the DHCP router.
D. Configure the ip helper command on the interface GigabltEthernet 0/2 of the R2 router.
Refer to the exhibit. An engineer recently modified the configuration for area 3 to accept only type 1, 2, and 3 LSAs. Immediately after the changes, users connected to router R6 began to report connectivity issues. Which configuration restores connectivity to R6 and meets the requirement?A.
B.
C.
D.
Which feature filters the IPv6 traffic on Layer 2 untrusted ports?A. IPv6 Source Guard
B. Binding Table Recovery
C. IPv6 RA Guard
D. DHCPv6 Guard
Refer to the exhibit. Jitter on the link between R101 and R201 was tested for voice traffic over port 16384 without the control communication on port 1967. Which command enables R201 to receive RTT for the configured IP SLA?A. ip sla responder tcp-connect port 1967
B. ip sla responder udp-echo ipaddress 2.2.2.2 port 16384
C. ip sla responder udp-echo ipaddress 1.1.1.1 port 16384
D. ip sla responder auto-register 1.1.1.1
SIMULATION
-
Guidelines
-
This is a lab item in which tasks will be performed on virtual devices.
• Refer to the Tasks tab to view the tasks for this lab item.
• Refer to the Topology tab to access the device console(s) and perform the tasks.
• Console access is available for all required devices by clicking the device icon or using the tab(s) above the console window.
• All necessary preconfigurations have been applied.
• Do not change the enable password or hostname for any device.
• Save your configurations to NVRAM before moving to the next item.
• Click Next at the bottom of the screen to submit this lab and move to the next question.
• When Next is clicked, the lab closes and cannot be reopened.
Topology
-
Tasks
-
Configure HUB and SPOKE routers according to the topology to achieve these goals:
1. Configure mGRE neighborship by using physical interface IP addresses to provide end-to-end reachability. Verify all router’s tunnel interfaces accordingly.
2. Configure NHRP on HUB router as multipoint dynamic IP to NBMA mapping. SPOKE1 and SPOKE2 routers should be configured by using static NHS and multicast mapping for HUB. Use network-id 10 for NHRP. Verify NHRP neighborship between routers and verify results using ping from PC1 to PC2 and PC3 accordingly.
Which tag is used by the PE router to forward the packet to the correct customer?A. RD
B. extended-community
C. RT
D. VNI
Refer to the exhibit. The engineer configured route redistribution in the network but soon received reports that R2 cannot access 192.168.7.0/24 and 192.168.15.0/24 subnets. Which configuration resolves the issue?A.
B.
C.
D.
Which routing protocol is used by the PE router to advertise routes to a CE router without redistribution or static after removing the RD tag from the P router?A. OSPF
B. BGP IPv4
C. IS-IS
D. MP-BGP
Refer to the exhibit. The default route is not advertised to the neighboring router. Which action resolves the issue?A. Configure the default-information originate command under OSPF
B. Configure OSPF on the Dialer0 interface.
C. Configure the redistribute static metric 200 subnets command under OSPF.
D. Configure the network 0.0.0.0 255.255.255.255 area 0 command under OSPF
Refer to the exhibit. An engineer must ensure that R3 sees only type 1 and 2 LSAs in area 1. Which command must the engineer apply on R2?A. area 1 nssa no-summary
B. area 1 stub
C. area 1 stub nssa
D. area 1 stub no-summary
Users report web connectivity problems on the server (10.1.1.10). Which IP SLA configuration captures the failure details through the network to resolve the issue?A.
B.
C.
D.
DRAG DROP
-
Drag and drop the terminology from the left onto the corresponding definitions on the right.
Refer to the exhibit. An engineer configures router A to mark all inside to outside traffic from network 192.168.1.0. except from host 192.168.1.1. with critical IP precedence. The policy did not work as expected. Which configuration resolves the issue?A.
B.
C.
D.
Which two label distribution methods are used by routers in MPLS? (Choose two.)A. LDP discovery hello message
B. LDP session protection message
C. downstream unsolicited
D. downstream on demand
E. targeted hello message
Refer to the exhibit. HostA and HostB cannot receive IP addresses from the DHCP server. The switches are configured with the DHCP snooping. Which configuration on SW3 resolves the issue?A. ip dhcp relay information option-insert
B. no ip dhcp snooping information option
C. ip dhcp server use subscriber-id client-id
D. ip helper-address 1.0.0.2
Which IPv6 security feature blocks all traffic from an IPv6 host when initially connecting to a switch port except for traffic to gain an IPv6 address and discover IPv6 neighbors?A. IPv6 Source Guard
B. IPv6 DHCP Guard
C. IPv6 Destination Guard
D. IPv6 RA Guard
What is a MPLS PHP label operation?A. Downstream node signals to remove the label.
B. It uses implicit-NULL for traffic congestion from source to destination forwarding.
C. PE removes the outer label before sending to the P router.
D. It improves P router performance by not performing multiple label lookup.
Which two technologies optimize MPLS infrastructure using bandwidth protection services when experiencing slow response? (Choose two.)A. IP LFA
B. MPLS OAM
C. Fast-Reroute
D. VPLS
E. SD-MPLS
What is the function of penultimate hop popping?A. The last P router in the path pops off the transport label before traffic is forwarded toward the PE.
B. The VPN label is popped off at the egress LSR, and unlabeled traffic is forwarded toward the CE.
C. The transport label is popped off at the egress LSR, and unlabeled traffic is forwarded toward the CE.
D. The second to last P router in the path pops off the VPN label before traffic is forwarded to the last P router.
Refer to the exhibit. Spoke routers do not learn about each other's routes in the DMVPN Phase2 network. Which action resolves the issue?A. Disable EIGRP split horizon on the Tunnel0 interface of the hub router.
B. Rectify incorrect wildcard mask configured on the hub router network command.
C. Configure a static route in each spoke to establish a spoke-to-spoke tunnel.
D. Remove default route from spoke routers to establish a spoke-to-spoke tunnel.
Refer to the exhibit. The security department recently installed a monitoring device between routers R3 and R5, which caused a loss of network connectivity for users connected to R5. Troubleshooting revealed that the monitoring device cannot forward multicast packets. The team already updated R5 with the correct configuration. Which configuration must be implemented on R3 to resolve the problem by ensuring R3 as the DR for the R3-R5 segment?A. interface FastEthernet0/0ip address 10.99.53.1 255.255.255.252ip access-group 122 inip ospf network non-broadcastip ospf priority 100!router ospf 10router-id 10.10.3.255network 10.99.53.0 0.0.0.3 area 0neighbor 10.99.53.2!access-list 122 permit 89 host 10.99.53.2 host 10.99.53.1access-list 122 deny 89 any anyaccess-list 122 permit tcp any anyaccess-list 122 permit udp any anyaccess-list 122 permit icmp any any
B. interface FastEthernet0/0ip address 10.99.53.1 255.255.255.252ip access-group 122 inip ospf network non-broadcastip ospf priority 0!router ospf 10router-id 10.10.3.255neighbor 10.99.53.2!access-list 122 permit 88 host 10.99.53.2 host 10.99.53.1access-list 122 deny 88 any anyaccess-list 122 permit tcp any anyaccess-list 122 permit udp any anyaccess-list 122 permit icmp any any
C. interface FastEthernet0/0ip address 10.99.53.1 255.255.255.252ip access-group 122 inip ospf network non-broadcastip ospf priority 0!router ospf 10router-id 10.10.3.255network 10.99.53.0 0.0.0.3 area 0neighbor 10.99.53.2!access-list 122 permit 89 host 10.99.53.2 host 10.99.53.1access-list 122 deny 89 any anyaccess-list 122 permit tcp any anyaccess-list 122 permit udp any anyaccess-list 122 permit icmp any any
D. interface FastEthernet0/0ip address 10.99.53.1 255.255.255.252ip access-group 122 inip ospf network point-to-pointip ospf priority 0!router ospf 10router-id 10.10.3.255network 10.99.53.0 0.0.0.3 area 0neighbor 10.99.53.2!access-list 122 permit 88 host 10.99.53.2 host 10.99.53.1access-list 122 deny 88 any anyaccess-list 122 permit tcp any anyaccess-list 122 permit udp any anyaccess-list 122 permit icmp any any
What is a characteristic of an MPLS LSP tunnel?A. bidirectional tunnel
B. secured bidirectional tunnel
C. hop-by-hop tunnel
D. unidirectional tunnel
Which two reasons would cause an LSP to break between two PE routers? (Choose two.)A. lost LDP adjacency
B. matching labels
C. prefix mismatch
D. IGP hello adjacency
E. MPLS not enabled
Which protocol must be secured with MD-5 authentication across the MPLS cloud to prevent hackers from introducing bogus routers?A. RSVP
B. LSP
C. LDP
D. MP-BGP
Get More 300-410 Practice Questions
If you're looking for more 300-410 practice test free questions, click here to access the full 300-410 practice test.
We regularly update this page with new practice questions, so be sure to check back frequently.
Good luck with your 300-410 certification journey!